How will my data be protected when using the online reporting system?
Data protection provisions – online reporting system
Data protection is important to us
We take the protection of your personal data very seriously. The following data privacy notice will inform you of which personal data we process when you visit this website or report a breach.
1. Controller within the meaning of Art. 4 no. 7 GDPR
The data controller that processes the data within the meaning of Art. 4 no. 7 GDPR is the data recipient indicated to you when you report a breach.
2. Reporting breaches via the online reporting system /Contacting Compliance
Purpose of data processing and legal basis
This online reporting system was set up for reporting compliance-relevant matters. You can use it to report potential compliance breaches that could have serious consequences for the company, including criminal penalties or administrative fines.
You can also use the online reporting system if you have specific questions on compliance matters you would like to have answered by Compliance staff.
The legal basis for this data processing is Art. 6 (1) sentence 1 f) GDPR.
Type of data processed
Use of the online reporting system is voluntary. The data we process depends on the information you provide us with. We normally process the following data:
- Your name and contact details, if you have provided us with this information.
- Whether you are employed with us, if you want to tell us.
- The names of individuals and other personal data related to an individual, depending on what you report to us.
Recipients/ Categories of recipients
The data you have sent us is processed by the controller and only in the Compliance department. As a matter of principle, we rule out any disclosure of the data to third parties. It may be that we need to share the data that you sent us with other departments within the controller or with other Schwarz Group companies if this is necessary to investigate the matter.
Data is also processed on our behalf by processors, such as the operator of this online reporting system, EQS Group AG, Bayreuther Strasse 35, 10789 Berlin, Germany. This processor and any other processors are carefully selected, and are also audited and bound by contract in accordance with Art. 28 GDPR.
We are legally obliged to inform the accused individual that we have received a report concerning them as soon as informing them thereof no longer risks prejudicing the investigation of a report. However, your identity as a whistle-blower is not revealed to the person against whom the compliance allegations were made, to the extent to which this is legally permissible.
Storage period/ Criteria for determining the storage period
Data is stored for as long as is necessary to fulfil the aforementioned purposes, namely to conclude the investigation of the report and carry out anonymised reporting on the nature and origin of the report and the communication channel used to make the report. ,and as is necessary under applicable law. Criteria that determine this period include the complexity of the matter reported, the length of time it takes to investigate it and the subject of the allegation. The data is deleted once the purpose for collection has been fulfilled.
3. Use of the online reporting system
Communication between your device and the online reporting system takes place via an encrypted connection (SSL). Your IP address is not stored. A cookie containing a session ID (session cookie) is stored on your computer for the sole purpose of maintaining the connection to the online reporting system. This cookie is valid for the duration of your session and is then deleted.
4. Your rights as data subject
You have the right, pursuant to Art. 15 (1) GDPR, upon request to receive information free of charge on the personal data about you that have been stored in the controller's system.
If the statutory requirements are met, you also have the right to rectification, erasure and restriction of processing of your personal data.
If data is processed on the basis of Art. 6 (1) e) or f) GDPR, you have the right to object. If you object to data processing, it will not be processed in future unless the controller can prove compelling legitimate grounds for further processing that prevail over the data subject's interest.
If you have provided the data yourself, you have a right to data portability.
If data is processed on the basis of your consent in accordance with Art. 6 (1) a) or Art. 9 (2) a) GDPR, you can withdraw your consent at any time with future effect without affecting the lawfulness of prior processing.
In the above-mentioned cases, if you have any further questions or wish to file a complaint, please contact our Data Protection Officer in writing or by e-mail; see section 5.
You also have the right to file a complaint with the competent data protection supervisory authority.
5. Contact the data protection officer
If you have any further questions concerning the processing of your data or exercising your rights, you can contact the responsible controller's data protection officer:
- Lidl Belgium GmbH & Co. KG
Privacy Officer
Guldensporenpark 90 Blok J
9820 Merelbeke
België/Belgique
privacy@lidl.be
- „ЛИДЛ БЪЛГАРИЯ ЕООД ЕНД КО“ КД
Ул. „3-ти март“ № 1,
2129 с. Равно поле,
България
personaldata.protection@lidl.bg
- Lidl Česká republika v.o.s. / Lidl Holding s.r.o. / Lidl stravenky v.o.s. / Lidl E-Commerce Logistics s.r.o.
Pověřenec pro ochranu osobních údajů
Nárožní 1359/11
158 00 Praha 5
Česká republika
ochranaosobnichudaju@lidl.cz
- Lidl & Companhia
Responsável de Proteção de Dados
Rua Pé de Mouro 18, Linhó
2714-510 SINTRA
Portugal
ProtecaoDados@lidl.pt
- LIDL Cyprus
Υπεύθυνος προστασίας Δεδομένων
Industrial Area
Emporiou Street 19
CY- 7100 Aradippou – Larnaca
Κύπρος
dataprotection@lidl.com.cy
- Lidl Discount S.R.L.
Responsabilul cu Protecția Datelor
Str. Cpt. Av. Alexandru Șerbănescu nr. 58A
Sector 1, București, 014295
protectiadatelor@lidl.ro
- Lidl Danmark K/S
Databeskyttelsesofficeren (DPO)
Profilvej 9
Danmark - 6000 Kolding
Databeskyttelse@Lidl.dk
- Lidl Dienstleistung GmbH & Co. KG
Datenschutz
Bonfelder Str. 2
74206 Bad Wimpfen
Deutschland
datenschutz@lidl.de
- Lidl Eesti OÜ
A. H. Tammsaare tee 47
Kristiine linnaosa, Tallinn
Harjumaa, 11316
Eesti Vabariik
andmekaitse@lidl.ee
- Lidl Hellas & Σια Ο.Ε.
Υπεύθυνος προστασίας Δεδομένων
Ο.Τ. 31, ΔΑ 13 Τ.Θ. 1032,
Τ.Κ. 57 022 Σίνδος-Θεσσαλονίκη
Ελλάδα
dataprotection@lidl.gr
- Lidl Hrvatska d.o.o.k.d
Službenik za zaštitu podataka
Ulica kneza Ljudevita Posavskog 53
10 410 Velika Gorica
Hrvatska
zastita_podataka@lidl.hr
- Lidl Ireland GmbH
Lidl Head Office
Main Road
Tallaght
Dublin 24
Ireland
data.controller@lidl.ie
- Lidl Italia S.r.l.
Responsabile della protezione dei dati
Via Augusto Ruffo 36
37040 - Arcole (VR)
Italia
privacyit@lidl.it
- SIA Lidl Latvia
Datu aizsardzības speciālists
Dzelzavas iela 131
Rīga, LV-1021
datuaizsardziba@lidl.lv
- UAB „Lidl Lietuva“
Viršuliškių skg. 34
LT – 05132, Vilnius
Lietuva
duomenuapsauga@lidl.lt
- Lidl SNC
Service protection des données
Direction Juridique et Compliance
72, avenue Robert Schuman
FR - 94533 RUNGIS CEDEX 1
protection.donnees@lidl.fr
- Lidl Stiftung & Co. KG
Datenschutz
Stiftsbergstraße 1
74167 Neckarsulm
Deutschland
datenschutzbeauftragter@lidl.com
- Lidl Supermercados, S.A.U.
Delegado de Protección de Datos
c/ Beat Oriol, s/n (Pol. Ind. La Granja)
08110 Montcada i Reixac
España
protecciondedatos@lidl.es
- Lidl Suomi Ky
Tietosuojavastaava
Compliance
PL 500
FI-02201 Espoo
Suomi
tietoturva@lidl.fi
- Lidl Magyarország Bt.
Adatvédelmi tisztviselő
Rádl árok 6.
1037 Budapest
Magyarország
adatvedelem@lidl.hu
- Lidl Malta Ltd.
Data Protection Officer
Lidl Italia S.r.l.
Via Augusto Ruffo 36
37040 - Arcole (VR)
Italy
privacymt@lidl.com.mt
- Lidl Nederland GmbH
Havenstraat 71
1271 AD Huizen
Nederland
privacy@lidl.nl
- Lidl Northern Ireland GmbH
Dundrod Road
Nutts Corner
BT29 4SR
Crumlin
Co. Antrim
Northern Ireland
data.controller@lidl.ie
- Lidl Polska Sp. z o.o.
Inspektor ochrony danych
ul. Poznańska 48, Jankowice
62-080 Tarnowo Podgórne
Polska
ochronadanychosobowych@lidl.pl
- LIDL Slovenija d.o.o. k.d.
Pooblaščena oseba za varstvo podatkov
Pod lipami 1
1218 Komenda
Slovenija
skrbnik_OP@lidl.si
- Lidl Slovenská republika, s.r.o.
Zodpovedná osoba za ochranu osobných údajov
Ružinovská 1E
821 02 Bratislava
Slovenská
ochranaosobnychudajov@lidl.sk
- Lidl Sverige kommanditbolag
Dataskyddsombud
Box 6087
175 06 Järfälla
Sverige
dataskydd@lidl.se
- Lidl Great Britain Limited
Lidl House
Data Protection Officer
14 Kingston Road
Surbiton
KT5 9NU
United Kingdom
data.protection@lidl.co.uk