As of: September 2023
My Lidl Account is a service (hereinafter "My Lidl Account" or the "Service") of the Lidl group of companies (hereinafter referred to as " group of companies") operated by Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74167 Neckarsulm ("Lidl Stiftung", "we", "us"). The password-protected My Lidl Account enables you to view, access, manage and edit your data in a central location (hereinafter "Portal"). Furthermore, it also offers you a single sign-on service (hereinafter "SSO"), through which you can use various digital offers of the group of companies with a one-off registration.
Lidl Stiftung processes the data required for the purposes of the Service as the responsible party insofar as it collects, aggregates, evaluates and transmits the data to other companies of the Lidl group of companies for the performance of the Service.
The list contains only the relevant and current Lidl companies. In the future, other companies may also be added to this list if SB Lidl KG directly or indirectly owns shares in the respective company and they participate in the Service. This data transfer is limited to constellations in which the respective Lidl company requires your data in order to be able to offer the respective target service or to support us as a service provider within the scope of My Lidl Account (see below for details).
SSO enables you, after one-time registration with an online service of the group of companies (e.g. online shops, click and collect service, apps, etc., hereinafter referred to as "target service"), to use this target service with the same user name and password, provided that SSO is implemented in the respective target service.
The Portal allows you to view, access, manage and display the information stored in your My Lidl Account in one central place, if the Portal is implemented in the respective target service. The Service displays the customer master data and information described in section 1 (About me, Lidl Liddle Club, payment history).
Registration for My Lidl Account
We also collect data such as: Your IP address, your mouse movements, the duration of your stay on the My Lidl Account registration website, online identifiers such as device ID, browser details, i.e. browser name and version, name and version of the operating system of the device on which the browser is installed and network-based location data of your device when logging in.
Furthermore, we also store and process certain data in so-called log files if you have visited the registration page. In particular, a log file provides information about the date and time of the registration/login attempt and whether it was successful, the e-mail address provided and the IP address.
Use of the About me function
If you voluntarily enter certain information about your circumstances and interests as well as the birth date of your child in the "About Me" section of the Portal, we will also store this data for your overview.
Linking with Lidl Liddle Club
If you have also registered with our Family Club, we store information on the benefits granted and display this in the Portal.
Analysis of user behaviour / cookies
When cookies and similar technologies are used to process usage data (in particular local storage), files are stored locally on your end device (laptop, tablet, smartphone or similar) when you use our Services. These files do not cause any damage to your end device and do not contain any viruses, Trojans or other malware. Information is stored in them in connection with the end devices you use and the actions you take when using them. However, this does not mean that we gain direct knowledge of your identity. Cookies send different information, e.g. the IP address of your device, to a web server.
You can find an overview of the cookies used together with the respective processing purposes, the storage periods and any integrated third-party providers here.
When you contact Lidl Customer Service, they can access the information from your My Lidl Account to help you as efficiently as possible.
Purpose of registration, login and account management
In order to provide you with the greatest possible convenience in your user experience, we process your personal data in My Lidl Account, to enable you to avoid having to re-enter your personal data for the usage of the Service.
The legal basis for data processing is thus Article 6, paragraph 1, letter b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship between you and us.
This also applies to any additional personal data we receive from target services in connection with the use of your My Lidl Account.
Purpose of securing your customer profile
In the context of registration and/or login, we use Google reCaptcha, a service provided by Google. Our legitimate interest here lies in the protection of your data and our systems. In this context, an analysis of various information is used to determine whether the data entry is made by a human or by an automated program. This analysis begins automatically as soon as you open the My Lidl Account registration website. For the analysis, Google reCaptcha evaluates various information (e.g. IP address, your time spent on the page or mouse movements made by the user). The information generated is transferred to a Google server in the USA and processed there. The collection and analysis do not enable us or Google to identify you. In particular, the information will not be merged by Google with personal data of you. For more information on Google reCaptcha, please visit https://policies.google.com/privacy?hl=en or https://policies.google.com/terms?hl=en. The legal basis for this is Article 6 Paragraph 1 lit f GDPR.
Purpose of the processing of your technical user data for abuse prevention
We use your IP address as well as the online identifiers described above, logfiles and your network-based location to prevent abuse and prevent and detect any security breaches and other prohibited or unlawful activities. For example, if you login from a new/unknown device, we may notify you of such a login attempt. The processing of this data is based on our legitimate interest in monitoring and improving the information security of our service (Article 6, paragraph 1, letter f) GDPR).
Purpose of the data overview and management in the Portal
SSO provides you with a cross-portal identity that is recognized and verified by the connected target services. In this way, your master data and information from the "About me" and "Lidl Liddle Club" functions mentioned in section 1 can also be viewed by you from the connected target services in the Portal and can be used for the respective target services within the scope of what is required for the respective purpose. The Portal also allows you to easily and centrally manage the data you have stored there and your My Lidl Account. For example, you can correct and partially delete your master data, change your password, and view some information about your purchases and orders made via the respective target services. Furthermore, the Portal offers you the possibility to use the stored data when using the respective target service. For example, during the checkout process in the Lidl Online Shop, you can automatically use your address stored in the Portal without having to enter it again.
Purpose of the processing of "About me" to determine your product interests and the optimization of our online offers
Should you voluntarily store certain information about your circumstances and interests in the "About Me" area, we will also display this data for your overview in your My Lidl Account.
If you have registered to use the Lidl Plus service, we will also use your information in "About me" for the purpose of personalized advertising targeting as part of the Lidl Plus service, as provided for in the usage agreement for the Lidl Plus service. Thus, the legal basis for this is Article 6, paragraph 1, letter b) GDPR, i.e. you provide us with the data on the basis of the contractual relationship with the use of Lidl Plus between you and us.
Purpose of processing customer requests
If you contact our customer service to process any problems with this area of the My Lidl Account, we will use your data stored there to process your respective request. The legal basis for this is Article 6, paragraph 1, letter b) GDPR, as the processing is necessary to provide you with the agreed Service, or to restore a contractual condition in accordance with the usage agreement.
If you contact Lidl customer service regarding concerns with target services, we will give your data stored in My Lidl Account to the respective target service so that they can process your concern as efficiently as possible. The legal basis for this is Article 6, paragraph 1, letter b) GDPR, i.e. we thereby fulfil our contract with you.
- Technically necessary: These are cookies and similar methods without which you cannot use our services (for example, to display our website correctly, including the font and colour/, to provide the functions you want and to take account of your settings, such as the choices you have made about cookies and similar technologies, to save your registration in the login area, etc.).
- Statistics: These techniques enable us to compile anonymous statistics of the use of our services. This enables us, for example, to determine how we can adapt our website even better to the habits of users.
Transfer to operators of the target services
If you use your My Lidl Account to use a target service, we will pass on your data on to the operator of the respective target service for the purpose of processing purchase contracts or other services that have been ordered via the target services covered by My Lidl Account. The latter receives those data that are required for the provision of the service ordered, insofar as these have been stored by you in the Portal or displayed to the portal by another target service, i.e. depending on the offer:
- Verification of log-in data (e-mail address, password, telephone number if applicable).
- Master data (name, address, date of birth)
- Stored payment methods
- Information about your participation in the Family Club program
- Information stored in the "About Me" section about your circumstances and interests
We also pass on your customer master data to those companies of the group of companies whom you contacted in the context of customer service inquiries regarding target services connected to My Lidl Account.
Transfer to service providers
In addition, we use service providers to process your data. The companies acting on our behalf are carefully selected and commissioned in writing. They are bound by our instructions and are inspected by us before the start of data processing and regularly thereafter. These companies never pursue their own purposes with your personal data. In this context, we forward your data to recipients who provide us with:
- storage capacity, database systems or similar,
- fraud prevention services,
- technical support and
- marketing advice.
We exclude any further transfer of your data to third parties.
Transfer to third countries
To ensure the confidentiality of your personal data, our employees involved in data processing are prohibited from collecting, processing or using personal data without authorization. Our carefully selected employees, who are sensitive to data protection law, are contractually obligated to maintain data secrecy at the beginning of their employment. This obligation continues after termination of the employment relationship.
We generally store your data for as long as you are a registered user of the My Lidl Account.
Of course, upon request, we will provide you with the information pursuant to Article 15 GDPR (in particular, the data stored about you, the recipient or categories of recipients to whom data are disclosed, the purpose of storage, etc.). We will provide this information free of charge. In addition, you have the right, under the respective legal conditions, to have incorrect data corrected as well as to have your personal data deleted, restricted from processing and transferred. Furthermore, you have a right to lodge a complaint with the competent supervisory authority.
In cases where the data processing is based on Article 6, paragraph 1, letter f) GDPR or is carried out for the purpose of direct marketing, you have the right to object to the processing.
Insofar as the processing is based on your consent, you have the right to withdraw this at any time with effect for the future.
If you provide this data yourself, you are not obliged to provide the above voluntary information. Without this data, however, we are not able to fully provide you with the My Lidl account service and to fully provide you with the target services based on it. Only optional data fields are marked as such in the My Lidl Account.