Have your say 2nd edition

Privacy policy

Thank you for your interest in the data protection on our website “Customer Experience Survey”.

 

The protection of your personal data is very important to us. We therefore strive to ensure your right to informational self-determination.

 

The following privacy policy will inform you of how and to what extent Lidl Malta Limited (hereinafter also ‘Lidl’), having registered office in Triq il-Karmnu, Luqa LQA 1311, Malta (as a Data Controller), processes your personal data. ‘Personal data’ refers to information that can be directly or indirectly attributable to or assigned to you (as a Data Subject).

 

The processing of personal data in this context is carried out in accordance with the Regulation (EU) 2016/679 (hereinafter ‘GDPR’) and the national legislation on data protection namely, the Maltese Data Protection Act (Chapter 586 of the Laws of Malta) and any subsidiary legislation issued under the same as may be amended from time to time.

 

1. Data Controller

Unless otherwise stated in the sections of this privacy policy, the Data Controller pursuant to article 4, paragraph 1, number 7) of the GDPR is:

 

Lidl Malta Ltd.

with registered office in Triq il-Karmnu

Luqa LQA 1311, Malta

e-mail: privacymt@lidl.com.mt

 

2. Use of the evaluation form

2.1. Access to our website

Purpose of data processing and legal basis:

 

When you visit our website, the browser used on your device sends the following information automatically and without any action on your part to our website’s server:

  • the IP address of the requesting web-enabled device,
  • the date and time of access,
  • the name and URL of the viewed file,
  • the website/application from which access is made (referrer URL),
  • the browser you are using and, if applicable, the operating system of your Internet-enabled; computer and the name of your access provider,
  • in general, your browsing data in accordance with the Cookie Policy available at section 2.2 of this privacy policy.

 The aforementioned personal data are temporarily stored in a so-called log file for the following purposes:

  • to browse the website,
  • to ensure a smooth connection and that our website is easy to use,
  • to evaluate system security and stability,
  • to comply with legal obligations.

 

The processing of the aforementioned personal data is necessary as essential in order to provide the service requested by you through the features available on our website (article 6, paragraph 1, letter b) GDPR) and fulfil the obligation to comply with the applicable legislation (article 6, paragraph 1, letter c) GDPR).

 

Recipients / Categories of recipients:

 

For the aforementioned purposes, your personal data may be transferred to the following categories of recipients: (i) third-party suppliers of assistance and advice for Lidl with reference (e.g.) to the following sectors: technological, accounting, administrative, legal, insurance, IT; (ii) companies of the group to which Lidl belongs; (iii) subjects and authorities which right of access to personal data is recognized by law, regulations or provisions issued by the competent authorities. Depending on the specific case, these recipients will process such personal data as data controllers or processors.

 

Storage period / Criteria for determining the storage period:

 

The collected data will be stored for a period of time equal to 7 days and subsequently automatically deleted, except in case where the storage for a further period is required for any claims, requests from the competent authorities or for compliance with a legal obligation.

2.2. Use of cookies and similar technologies for processing usage data

Data Controller, purpose of data processing and legal basis:

 

Lidl Malta Ltd., with registered office in Triq il-Karmnu, Luqa LQA 1311, Malta, as Data Controller, makes use of the so-called cookies and other similar technologies for processing usage data on all (sub-) domains under www.lidl.com.mt.

 

Cookies are small text files that are placed on your device (laptop, tablet, smartphone or similar) when you visit our websites. Cookies do not cause any damage to your device, do not contain viruses, trojans or other types of malware. In the cookie, information is stored which is related to the specific device you use. This does not mean though, that we are directly informed about your identity. The other similar technologies for processing usage data are in particular the pixel tracker and the local storage.

 

The use of cookies and other technologies serves the following purposes, depending on the category of the cookie or other technology:

 

  • Technically necessary: These are cookies and similar technologies, without which you cannot use our services (e.g. to display our website/functions you have requested correctly). 
  • Statistics: These technologies enable us to compile anonymous statistics on the use of our services in order to tailor them to your needs. This enables us to determine, for instance, how we can adapt our websites even better to the habits of the users.

You can find an overview of the cookies and other similar technologies used, including the respective processing purpose, the storage period and any third-party provider involved, here.

 

Within the scope of the use of cookies and similar technologies, depending on the purpose, the following categories of personal data are processed:

 

Technically necessary:

 

  • User entries to remember the input over several sub-pages (e.g. saving the cookie relating to the consent you have provided).

 

Statistics:

 

  • Individual user ID,
  • Number of visits to the website (daily / weekly),
  • Duration of the visit to the site / completion of the survey,
  • Pseudonymized user profiles with information about the use of our websites. In fact, the cookie provides the following information:

o    browser-type/ -version,

o    the operating system used,

o    referrer URL (the previously visited website),

o    host name of the accessing computer (IP address),

o    time of the server request,

o    individual user ID and

o    triggered events on the website (browsing patterns).

•    The IP address is anonymized, so that it cannot be traced back to your person (so-called IP darkening).

•    We only combine the user ID with other data from you (e.g. name, email address, etc.) with your express consent. Based solely on the user ID itself, we cannot draw any conclusions about your person.

 

The legal basis for the use of statistical cookies and of similar technologies is based on article 6, paragraph 1, letter a) GDPR. The legal basis for the use of technically necessary cookies and similar technologies is article 6, paragraph 1, letter b) GDPR, i.e. considering that it is necessary in order to provide you with our services.

 

You can withdraw / adjust your consent for future processing at any point, without impacting the lawfulness of the processing based on the consent until the moment of withdraw. Simply click here to select again the visited store and choose which cookies to accept. If the selection of cookies is changed before the survey is completed, the answers entered will be deleted and it will be possible to restart the survey.

 

Cookies can also be blocked at a general level. However, this block would have an impact on the use of the website and the services offered therein. All the latest browsers allow you to change the settings on cookies that are usually found in the menu of your browser under 'options' or 'preferences'. To understand how to set them up, you can consult the following links:

 

Google Chrome
Mozilla Firefox
Internet Explorer
Safari browser

 

For information on how to manage cookies through other browsers, it is useful to consult the online help files. If this information is not sufficient, we advise you to consult the "Help" section of the browser for more details.

 

List of cookies:

 

Category

Name

Provider

Type

Purpose

Duration

 

Statistics

Session

lidl.mcxplatform.de

Session

The cookie is used to identify if the browser used has enabled or disabled cookies

When the browser is closed

 

Statistics

mcxSurveyFingerprintDaily

lidl.mcxplatform.de

HTTP 

 

The cookie is added to track the number of times the survey is accessed from that specific device within 1 day

End of the day from the opening of the survey (the time follows the browser time 23:59:59)

 

Statistics

mcxSurveyFingerprint

lidl.mcxplatform.de

HTTP

The cookie is added to track the number of times the survey is accessed from that specific device within 7 day

Seven days from the opening of the survey (the time follows the browser time 23:59:59)

 

Tecnical

McxAuth.ProdDe

mcxplatform.de

Session

CrossDomain cookie used by MaritzCX to allow authenticated users to receive their survey after completing it

When the browser is closed

 
 

Statistics

startTime

lidl.mcxplatform.de

Session

The cookie is added to calculate the time taken to complete the survey from the start of the survey

When the browser is closed

 

 

Recipients / Categories of recipients:

 

Within the scope of data processing by means of cookies and similar technologies, we use specialised service providers, especially from the sector of customer survey. These service providers have been carefully selected and contractually obliged to process your data on our behalf as processors in accordance with article 28 GDPR. All the companies identified as service providers within our list of cookiesact as data processors.

 

Storage period / Criteria to determine the storage period:

 

The storage period of each cookie and other similar technology is available on our list of cookies.

 

3. Customer survey on the shopping experience

Purpose of data processing and legal basis:

 

Within the customer survey we collect personal data relating to your shopping experience. The aim is to continuously improve the shopping experience in our stores.

 

We ask the receipt number to ensure that every receipt is used only once within the customer survey. On the basis of the receipt number it is not possible to trace back to your person, not even in case of debit or credit card payment.

 

The legal basis for this specific processing is article 6, paragraph 1, letter b) GDPR.

 

Recipients / Categories of recipients:

 

For the aforementioned purposes, your personal data may be transferred to the following categories of recipients: (i) third-party suppliers of assistance and advice for Lidl with reference (e.g.) to the following sectors: technological, accounting, administrative, legal, insurance, IT; (ii) companies of the group to which Lidl belongs; (iii) subjects and authorities which right of access to personal data is recognized by law, regulations or provisions issued by the competent authorities. Depending on the specific case, these recipients will process such personal data as data controllers or processors.

 

Storage period / Criteria for determining the storage period:

 

The data storage period for this survey is 12 months. All personal data and the date of purchase are aggregated at the beginning of the respective month in which the survey was carried out, so that the survey data cannot be temporally and personally correlated.

4. Contact with the Costumer Service

Purpose of data processing and legal basis:

 

Should you request to be contacted by our Customer Service and therefore provide your personal data such as name, surname, e-mail address or telephone number, these data will be processed for the sole purpose of fulfilling your request. For this specific data processing, article 6, paragraph 1, letter b) GDPR is the legal basis.

 

Recipients / Categories of recipients:

For the aforementioned purposes, your personal data may be transferred to the following categories of recipients: (i) third-party suppliers of assistance and advice for Lidl with reference (e.g.) to the following sectors: technological, accounting, administrative, legal, insurance, IT; (ii) companies of the group to which Lidl belongs; (iii) subjects and authorities which right of access to personal data is recognized by law, regulations or provisions issued by the competent authorities. Depending on the specific case, these recipients will process such personal data as data controllers or processors.

 

Storage period / Criteria for determining the storage period:

 

Your personal data will be stored as long as necessary to pursue the purposes set out in the present privacy policy and will be deleted, no later than 90 days after the final response is sent (closure of the case), or anonymized except in case where the storage for a further period is required for any claims, requests from the competent authorities or for compliance with a legal obligation. In our experience, we generally receive no further inquiries to our responses after 90 days.

5. Prize draws

Purpose of data processing and legal basis:

 

Where in the context of prize draws personal data referable to the participants are saved (e.g. name, surname, e-mail address, landline or mobile phone number), these will be processed exclusively to execute the prize draw itself. The legal basis for data processing is article 6, paragraph 1, letter b) of the GDPR.

 

Recipients / Categories of recipients:

For the purpose of managing the prize draws, we use specialised service providers. These service providers have been carefully selected and contractually obliged to process your data on our behalf as processors in accordance with article 28 GDPR.

 

Storage period / Criteria for determining the storage period:

 

The personal will be stored as long as imposed by the existing legislation in the context of the processing in question. Once the purposes of the prize draw have been achieved, personal data will be deleted.

6. Transfers of personal data to third countries

The recipients / categories of recipients, including those located in a third country, outside the European Union (EU) or the European Economic Area (EEA), are indicated in correspondence with each type of processing activity described in this privacy policy. Some third countries are certified by the European Commission through the so-called adequacy decisions, when they guarantee a level of protection of personal data comparable to that within the EU and the EEA. The list of these third countries is available at the following link https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. If a comparable level of protection is not guaranteed in a third country, it will be our concern to verify that the level of protection of personal data is adequately guaranteed through other measures. These are for example binding corporate rules, standard data protection clauses adopted by the Commission, certificates or codes of conduct. For more information, please contact our Data Protection Officer.

7. Your rights as Data Subject

Pursuant to article 15, paragraph 1 of the GDPR you have the right to request, free of charge, the disclosure of various information regarding the personal data being processed by the Data Controller.

 

Furthermore, where legal requirements are met, you also have the right of rectification (article 16 GDPR), erasure (article 17 GDPR) and to restriction of processing (article 18 GDPR) of your personal data.

 

Where the processing of personal data is based on article 6, paragraph 1, letter e) (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority) or on article 6, paragraph 1, letter f) (processing is necessary for the purposes of the legitimate interests)of the GDPR or if the processing is carried out for direct marketing purpose, you have the right to object in accordance with article 21 of the GDPR. Where an objection is entered, the processing of data ceases, unless we as Data Controller provide compelling and legitimate grounds requiring the continuation of the data processing, which outweigh the objections raised.

 

If you have personally provided the data processed, you have the right to data portability pursuant to article 20 of the RGPD.

 

Insofar as the data processing is based on consent pursuant to article 6, paragraph 1, letter a) or article 9, paragraph 2, letter a) of the GDPR, you have the right to withdraw consent at any time with future effect, without affecting the lawfulness of processing based on consent before its withdrawal.

 

In the aforementioned cases, for any queries or complaints, please contact the Data Controller in writing or by e-mail at the e-mail address privacymt@lidl.com.mt or to the further contact details indicated below.

 

Additionally, you have the right to lodge complaints with the appropriate Data Protection Supervisory Authority (Information and Data Protection Commissioner).

8. Further questions

If you have any further questions concerning the processing of your data, you can contact our Data Protection Officer at the following address:

 

Lidl Malta Ltd.

with registered office in Triq il-Karmnu

Luqa LQA 1311, Malta

e-mail: privacymt@lidl.com.mt