Why should I submit a report?

We seek to be a reliable and trustworthy partner for you. Compliance with applicable laws is of key significance for this. Therefore it is important to us that we target and counteract potential misconduct as early as possible. To do so, we depend on concerns being reported.

Which issues can be addressed through the online reporting system?

The online reporting system was set up for reporting compliance-related issues.

Firstly, you can use this tool to report potential compliance violations resulting in serious consequences for the company. This includes criminal and civil penalties. Therefore, we are particularly interested in information on the following topics:

1. Financial misconduct and property offences
2. Competition and antitrust violations
3. Breaches of data protection laws
4. Violations of human rights, social and environmental standards
5. Suspicion of money laundering
6. Other serious violations

You can also use the online reporting system to clarify specific compliance-related questions with members of the compliance department.

Please note that other matters (e. g. customer magazine not received, complaints) cannot be processed through this system. In such cases, please contact the customer hotline or the customer service on site.

What is the process for reporting a concern or asking a question, how do I set up a postbox?

To submit a report, start by clicking the “Submit Report” button at the top of the introduction page.

The reporting process consists of 4 steps:

1. Initially, you will be asked to read some information on the protection of your anonymity and to answer a security query (a so-called CAPTCHA).
2. On the following page, you will be asked to determine the category of your report.
3. Please outline your concerns or your question in your own words on the reporting page and answer questions by selecting given responses. Upon submission of your report, you will receive a reference number as proof that you submitted this report.
4. Finally, you will be asked to set up your own secure postbox to receive feedback and, where applicable, updates on the progress of your submission.

Should you already have a secure postbox, you can access it directly via the "Login" button. Here, as well, you will have to answer the security query first.

When and how will I receive feedback?

The online reporting system places utmost importance on protecting the whistle-blower.

When setting up your secure postbox, please select your own username and password. Your report will be kept anonymous through encryption and other special security routines. If possible, please do not use a PC provided by your company to submit your report.

Within seven days upon submission, a confirmation of receipt of your report will be sent to your secure postbox together with feedback as to what will happen with your report. Should we need to clarify any details, we will contact you with specific questions.

How will my data be protected when using the online reporting system?

Data protection provisions – online reporting system

Data protection is important to us

We take the protection of your personal data very seriously. The following data privacy notice will inform you of which personal data we process when you visit this website or report a breach.

1. Controller within the meaning of Art. 4 no. 7 GDPR

The data controller that processes the data within the meaning of Art. 4 no. 7 GDPR is the data recipient indicated to you when you report a breach.

2. Reporting breaches via the online reporting system /Contacting Compliance

Purpose of data processing and legal basis

This online reporting system was set up for reporting compliance-relevant matters. You can use it to report potential compliance breaches that could have serious consequences for the company, including criminal penalties or administrative fines.

You can also use the online reporting system if you have specific questions on compliance matters you would like to have answered by Compliance staff.

The legal basis for this data processing is Art. 6 (1) sentence 1 f) GDPR.

Type of data processed

Use of the online reporting system is voluntary. The data we process depends on the information you provide us with. We normally process the following data:

• Your name and contact details, if you have provided us with this information.
• Whether you are employed with us, if you want to tell us.
• The names of individuals and other personal data related to an individual, depending on what you report to us.

Recipients/ Categories of recipients

The data you have sent us is processed by the controller and only in the Compliance department. As a matter of principle, we rule out any disclosure of the data to third parties. It may be that we need to share the data that you sent us with other departments within the controller or with other Schwarz Group companies if this is necessary to investigate the matter.

Data is also processed on our behalf by processors, such as the operator of this online reporting system, EQS Group GmbH, Bayreuther Strasse 35, 10789 Berlin, Germany. This processor and any other processors are carefully selected, and are also audited and bound by contract in accordance with Art. 28 GDPR.

We are legally obliged to inform the accused individual that we have received a report concerning them as soon as informing them thereof no longer risks prejudicing the investigation of a report. However, your identity as a whistle-blower is not revealed to the person against whom the compliance allegations were made, to the extent to which this is legally permissible.

Storage period/ Criteria for determining the storage period

Data is stored for as long as is necessary to fulfil the aforementioned purposes, namely to conclude the investigation of the report and carry out anonymised reporting on the nature and origin of the report and the communication channel used to make the report. ,and as is necessary under applicable law. Criteria that determine this period include the complexity of the matter reported, the length of time it takes to investigate it and the subject of the allegation. The data is deleted once the purpose for collection has been fulfilled.

3. Use of the online reporting system

Communication between your device and the online reporting system takes place via an encrypted connection (SSL). Your IP address is not stored. A cookie containing a session ID (session cookie) is stored on your computer for the sole purpose of maintaining the connection to the online reporting system. This cookie is valid for the duration of your session and is then deleted.

4. Your rights as data subject

You have the right, pursuant to Art. 15 (1) GDPR, upon request to receive information free of charge on the personal data about you that have been stored in the controller's system.

If the statutory requirements are met, you also have the right to rectification, erasure and restriction of processing of your personal data.

If data is processed on the basis of Art. 6 (1) e) or f) GDPR, you have the right to object. If you object to data processing, it will not be processed in future unless the controller can prove compelling legitimate grounds for further processing that prevail over the data subject's interest.

If you have provided the data yourself, you have a right to data portability.

If data is processed on the basis of your consent in accordance with Art. 6 (1) a) or Art. 9 (2) a) GDPR, you can withdraw your consent at any time with future effect without affecting the lawfulness of prior processing.

In the above-mentioned cases, if you have any further questions or wish to file a complaint, please contact our Data Protection Officer in writing or by e-mail; see section 5.

You also have the right to file a complaint with the competent data protection supervisory authority.

5. Contact the data protection officer

If you have any further questions concerning the processing of your data or exercising your rights, you can contact the responsible controller's data protection officer:

• Lidl Belgium GmbH & Co. KG
  Privacy Officer
  Guldensporenpark 90 Blok J
  9820 Merelbeke
  België/Belgique
  privacy@lidl.be

• „ЛИДЛ БЪЛГАРИЯ ЕООД ЕНД КО“ КД
  Ул. „3-ти март“ № 1,
  2129 с. Равно поле,
  България
  personaldata.protection@lidl.bg

• Lidl Česká republika v.o.s. / Lidl Holding s.r.o. / Lidl stravenky v.o.s. / Lidl E-Commerce Logistics s.r.o.
  Pověřenec pro ochranu osobních údajů
  Nárožní 1359/11
  158 00 Praha 5
  Česká republika
  ochranaosobnichudaju@lidl.cz

• Lidl & Companhia
  Responsável de Proteção de Dados
  Rua Pé de Mouro 18, Linhó
  2714-510 SINTRA
  Portugal
  ProtecaoDados@lidl.pt

• LIDL Cyprus
  Υπεύθυνος προστασίας Δεδομένων
  Industrial Area
  Emporiou Street 19
  CY- 7100 Aradippou – Larnaca
  Κύπρος
  dataprotection@lidl.com.cy

• Lidl Discount S.R.L.
  Responsabilul cu Protecția Datelor
  Str. Cpt. Av. Alexandru Șerbănescu nr. 58A
  Sector 1, București, 014295
  protectiadatelor@lidl.ro

• Lidl Danmark K/S
  Databeskyttelsesofficeren (DPO)
  Profilvej 9
  Danmark - 6000 Kolding
  Databeskyttelse@Lidl.dk

• Lidl Dienstleistung GmbH & Co. KG
  Datenschutz
  Bonfelder Str. 2
  74206 Bad Wimpfen
  Deutschland
  datenschutz@lidl.de

• Lidl Eesti OÜ
  A. H. Tammsaare tee 47
  Kristiine linnaosa, Tallinn
  Harjumaa, 11316
  Eesti Vabariik
  andmekaitse@lidl.ee

• Lidl Hellas & Σια Ο.Ε.
  Υπεύθυνος προστασίας Δεδομένων
  Ο.Τ. 31, ΔΑ 13 Τ.Θ. 1032,
  Τ.Κ. 57 022 Σίνδος-Θεσσαλονίκη
  Ελλάδα
  dataprotection@lidl.gr

• Lidl Hrvatska d.o.o.k.d
  Službenik za zaštitu podataka
  Ulica kneza Ljudevita Posavskog 53
  10 410 Velika Gorica
  Hrvatska
  zastita_podataka@lidl.hr

• Lidl Ireland GmbH
  Lidl Head Office
  Main Road
  Tallaght
  Dublin 24
  Ireland
  data.controller@lidl.ie

• Lidl Italia S.r.l.
  Responsabile della protezione dei dati
  Via Augusto Ruffo 36
  37040 - Arcole (VR)
  Italia
  privacyit@lidl.it

• SIA Lidl Latvia
  Datu aizsardzības speciālists
  Dzelzavas iela 131
  Rīga, LV-1021
  datuaizsardziba@lidl.lv

• UAB „Lidl Lietuva“
  Viršuliškių skg. 34
  LT – 05132, Vilnius
  Lietuva
  duomenuapsauga@lidl.lt

• Lidl SNC
  Service protection des données
  Direction Juridique et Compliance
  72, avenue Robert Schuman
  FR - 94533 RUNGIS CEDEX 1
  protection.donnees@lidl.fr

• Lidl Stiftung & Co. KG
  Datenschutz
  Stiftsbergstraße 1
  74167 Neckarsulm
  Deutschland
  datenschutzbeauftragter@lidl.com

• Lidl Supermercados, S.A.U.
  Delegado de Protección de Datos
  c/ Beat Oriol, s/n (Pol. Ind. La Granja)
  08110 Montcada i Reixac
  España
  protecciondedatos@lidl.es

• Lidl Suomi Ky
  Tietosuojavastaava
  Compliance
  PL 500
  FI-02201 Espoo
  Suomi
  tietoturva@lidl.fi

• Lidl Magyarország Bt.
  Adatvédelmi tisztviselő
  Rádl árok 6.
  1037 Budapest
  Magyarország
  adatvedelem@lidl.hu

• Lidl Malta Ltd.
  Data Protection Officer
  Lidl Italia S.r.l.
  Via Augusto Ruffo 36
  37040 - Arcole (VR)
  Italy
  privacymt@lidl.com.mt

• Lidl Nederland GmbH
  Havenstraat 71
  1271 AD Huizen
  Nederland
  privacy@lidl.nl

• Lidl Northern Ireland GmbH
  Dundrod Road
  Nutts Corner
  BT29 4SR
  Crumlin
  Co. Antrim
  Northern Ireland
  data.controller@lidl.ie

• Lidl Polska Sp. z o.o.
  Inspektor ochrony danych
  ul. Poznańska 48, Jankowice
  62-080 Tarnowo Podgórne
  Polska
  ochronadanychosobowych@lidl.pl

• LIDL Slovenija d.o.o. k.d.
  Pooblaščena oseba za varstvo podatkov
  Pod lipami 1
  1218 Komenda
  Slovenija
  skrbnik_OP@lidl.si

• Lidl Slovenská republika, s.r.o.
  Zodpovedná osoba za ochranu osobných údajov
  Ružinovská 1E
  821 02 Bratislava
  Slovenská
  ochranaosobnychudajov@lidl.sk

• Lidl Sverige kommanditbolag
  Dataskyddsombud
  Box 6087
  175 06 Järfälla
  Sverige
  dataskydd@lidl.se

• Lidl Great Britain Limited
  Lidl House
  Data Protection Officer
  14 Kingston Road
  Surbiton
  KT5 9NU
  United Kingdom
  data.protection@lidl.co.uk