Data protection on www.corporate.lidl.com.cy

(Version 2.0, Status 12.01.2021)

Thank you for visiting www.corporate.lidl.com.cy. The following data protection notice is designed to inform you about how and to what extent your personal data is processed when you visit our website. Personal data is information that identifies you or could identify you directly or indirectly. The statutory basis is, in particular, the General Data Protection Regulation (GDPR), the national legislation on data protection and any subsidiary legislation issued under the same as may be amended from time to time.

1. Accessing our website

Purposes of data processing/legal bases
When you visit our website, your browser will automatically send the following information to the server of our website:

- the IP address of the requesting internet-enabled device,
- the date and time of access,
- the name and URL of the file called up,
- the website / application from which the access was made (referral URL),
- the browser you are using and, if applicable, the operating system of your internet-enabled device and
- the name of your access provider

This information is temporarily stored in a log file for the following purposes:

- Ensuring a smooth connection,
- Ensuring comfortable use of our website/application and
- Evaluation of system security and stability.

The legal basis for data processing is article 6, paragraph 1, letter f) GDPR. Our legitimate interest lies in the purposes of data processing listed above. If data is used for purposes of preparing a contract, the legal basis for the data processing is Article 6, paragraph 1, letter b) GDPR.

Recipients/ categories of recipients
In connection with the aforementioned processing, your data will also be processed on our behalf by processors in the IT hosting services sector. Such processors are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR.

Storage duration/ criteria for determining the storage duration
The data is stored for seven days and automatically deleted thereafter.

2. Use of cookies and similar techniques for processing usage data

Purposes of data processing/legal basis
We at Lidl Cyprus, Industrial Area, 2 Pigasou Street, CY- 7100 Aradippou – Larnaca, use cookiesand other technologies on our website for processing usage data on all (sub-) domains under www.corporate.lidl.com.cy.

Cookies are small text files that are stored on your device (laptop, tablet, smartphone or similar) when you visit our website. Cookies do not cause any damage to your terminal device, do not contain viruses, trojans or other malware. The cookie saves information in relation to your specifically used end device. This does not however mean that we directly obtain knowledge of your identity through this.

The use of cookies and other technologies for processing usage data serves – depending on the category of the cookie or the other technology – the following purposes:

Technically necessary: These are cookies and similar methods without which you cannot use our services (for example, to display our website/functions you have requested correctly).

Convenience: These technologies allow us to consider your actual or perceived preferences for the convenience of using our website. For example, your settings allow us to display our website in a language that is appropriate for you.

Statistics: These techniques allow us to create anonymous statistics on the use of our services. This allows us to determine, for example, how we can better adapt our website to the habits of our users.

You can find an overview of the cookies and other technologies used, together with the respective processing purposes, the storage periods and any third-party providers involved, here

Within the scope of the use of cookies and similar techniques for processing usage data, the following types of personal data are processed in particular, depending on the purpose:

Technically necessary: 
- User input to save the user's consent status for cookies of the current domain (e.g. Cookie Consent).

Comfort:
- Settings for user interface customisation (e.g. selection of preferred language)

Statistics:
- Pseudonymized user profiles with information about the use of the website. These include in particular:
     - Browser type / version,
     - Operating system used,
     - Device used,
     - Referrer-URL (the previously visited page),
     - Host name of the accessing computer (IP address),
     - Time of the server request
     - Individual user ID and
     - Triggered events on the website (surfing behavior).
- The IP address is regularly anonymized, so that a conclusion about your person is generally excluded.

The legal basis for the use of comfort and statistics cookies is your consent (article 6, paragraph 1, letter a) GDPR). The legal basis for the use of technically necessary cookies is legitimate interest, since we have a legitimate interest to present our website and its content in a fully functional format (article 6, paragraph 1, letter f) GDPR).

You can revoke/ adjust your consent at any time with effect for the future without this affecting the lawfulness of the processing based on consent before its withdrawal. To do this, simply click here and make your selection. 

Recipients/Categories of Recipients
Αs part of data processing using cookies and similar techniques for processing usage data, we may use specialised service providers. Such providers process your data on our behalf and are carefully selected and contractually obliged to comply with data protection legislation pursuant to article 28 GDPR. All companies listed in our Cookie Policy as providers act as our data processors. 
As part of our cooperation with Google LLC, the above-mentioned data is usually also processed on servers in the USA for statistical purposes.

Storage duration / criteria for determining the storage duration
You can find the storage duration for cookies in our Cookie Policy. If "persistent" is entered in the "expiration" column, the cookie will be stored permanently until the corresponding consent is withdrawn.

3. Processing of further information

Purpose of data processing/legal basis
In order to maintain an overview of how the information you receive is used as part of our collaboration, we process additional relevant information, including publications, contributions, articles, etc. We obtain your data from generally accessible sources such as, but not limited to, websites or other similar means of communication, such as similar sites or social media platforms.

The legal basis for the processing of personal data for the activity described above is Article 6, paragraph 1, letter f) of the GDPR. Our legitimate interest arises from the data processing purposes mentioned above.

Storage duration/criteria for determining the storage duration

The data (title, date, etc.) are stored for the aforementioned purposes for as long as the publication is active and generally accessible or until you exercise the right to object to the processing of such data, pursuant to Article 21 of the GDPR.

4. Data transfers to recipients in a third country

If we transfer data to recipients in a third country (registered office outside the European Economic Area), you can refer to the information on the recipients/categories of recipients in the description of the respective data processing. For some third countries, the European Commission certifies by means of so-called adequacy decisions a data protection standard that is comparable to the level in the European economic area. A list of these countries can be found at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html  If there is no comparable data protection standard in a country, we ensure that data protection is adequately guaranteed by other measures. This is possible, for example, via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates, or recognized codes of conduct. Please contact our data protection officer (Section 6) if you would like more information.

 5. Your rights

Overview

In addition to the right to withdraw any consent you have granted to us, you have the following additional rights provided the respective statutory conditions are met:

  • The right of access to your personal data stored by us, pursuant to Article 15 GDPR. 
  • The right to request rectification of incorrect data or completion of incomplete data, pursuant to Article 16 GDPR
  • The right to request erasure of your personal data stored by us pursuant to Article 17 GDPR
  • The right to request restriction of processing of your data pursuant to Article 18 GDPR
  • The right to request data portability, pursuant to Article 20 GDPR
  •  The right to object to the processing of your personal data, pursuant to Article 21 GDPR

Right of access pursuant to Article 15 GDPR

Pursuant to Article 15(1) of the GDPR, you have the right to request information, free of charge, on the personal data stored about you. This particularly includes:

  • the purposes for which personal data is being processed;
  • the categories of personal data that are being processed;
  • the recipients or categories of recipient to whom personal data concerning you has been or will be disclosed;
  • the planned duration of the storage of the personal data concerning you or, if it is not possible to give any specific details, the criteria used to determine the storage duration;
  • the existence of a right to rectification or erasure of the personal data concerning you, a right to request from the controller that processing be restricted or a right to object to this processing;
  • the right to lodge a complaint with a supervisory authority;
  • all available information regarding the origin of the data if the personal data is not being collected from the data subject;
  • the existence of any automated decision-making processes including profiling pursuant to Article 22(1) and (4) GDPR and – at least in these cases –meaningful information regarding the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

If personal data is transferred to a third country or an international organization, you have the right to be notified about appropriate safeguards pursuant Article 46 GDPR in connection with the transfer.

Right to rectification pursuant to Article 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure pursuant to Article 17 GDPR

You have the right to require us to erase any personal data concerning you without undue delay where one of the following grounds applies:

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • you withdraw your consent on which the processing pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR was based and there is no other legal ground for the processing;
  • you object to the processing pursuant to Article 21(1) or (2) GDPR, and in the case of Article 21(1) GDPR there are no overriding legitimate grounds for the processing;
  • the personal data was unlawfully processed;
  • the erasure of personal data is necessary in order to comply with a legal obligation;
  • the personal data was collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Where we have made the personal data public and are obliged to erase it, taking account of available technology and the cost of implementation we will take reasonable steps to inform any third parties processing your data of the fact that you have requested the erasure by such third parties of any links to, or copies or replications of, such personal data.

Right to restriction of processing pursuant to Article 18 GDPR

You have the right to require us to restrict the processing where one of the following applies:

  • you contest the accuracy of the personal data;
  • the processing is unlawful, and you request the restriction of the use of the personal data rather than its erasure;
  • the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims or
  • you have objected to the processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.

Right to data portability pursuant to Article 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller without hindrance by us, where

  • the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) GDPR and
  • the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller where technically feasible.

Right to object pursuant to Article 21 GDPR

Provided the requirements of Article 21(1) GDPR are met, you may object to the data processing on grounds relating to your particular situation.

The aforementioned general right to object applies to all processing grounds set out in these data protection information, which are processed on the basis of Article 6(1)(f) GDPR. In contrast to the specific right to object regarding data processing for promotional purposes, we are only obliged to action such general right to object if you cite grounds of overriding importance, e.g. a possible risk to life or health. In addition, you have the option to contact the supervisory authority responsible for Lidl Cyprus or the data protection officer of Lidl Cyprus.

Right to lodge a complaint with the data protection supervisory authority pursuant to Article 77 GDPR

You also have a right to lodge a complaint with the competent data protection supervisory authority at any time. In order to do this, you can contact the data protection supervisory authority where you have your place of residence or habitual residence, place of work or place of the alleged infringement or at the authority of the state in which the controller is headquartered. Competent supervisory authority for data protection in Cyprus is Office of the Commissioner for Personal Data Protection (Iasonos 1, 1082 Nicosia, Cyprus, commissioner@dataprotection.gov.cy)

6. Name and contact details of the controller and contact details of the company's data protection officer

This Data Protection Νotice governs the processing of data by Lidl Cyprus (Industrial Area, 2 Pigasou Street, CY- 7100 Aradippou – Larnaca), ("Controller") and for the website www.corporate.lidl.com.cy. The company data protection officer of Lidl Cyprus can be contacted at the aforementioned address for the attention of the data protection officer or at dataprotection@lidl.com.cy