Data privacy on lidex.lidl.com

(Date 07/15/2019)
 

Thank you for your interest in data privacy on lidex.lidl.com.  We at Schwarz Group want you to feel safe and secure thanks to our high-quality data privacy.  

The following data privacy notice will inform you about how and to what extent we process your personal data when you use the Lidl Data Exchange Platform of the Schwarz Group (hereinafter referred to as:  data exchange platform, platform).  Personal data is information that is or can be linked to you directly or indirectly.  The legal basis for data privacy is, in particular, the General Data Protection Regulation (GDPR).

 

1. Visiting our website and logging on to the file exchange platform

Purpose of data processing/ legal basis:

When visiting the web page of the data exchange platform, the following information is automatically sent from your device’s browser to the server on our platform:
• the IP address of the Internet-capable device that is sending the access request,
• the access date and time,
• the name and URL of the requested file,
• the website/ application from which the access is requested (referrer URL) as well as
• your device’s browser and operating system
In addition, the information is temporarily saved in a so-called Log File for the following purpose:
• ensuring smooth connection
• ensuring satisfactory use of our website application and  
• evaluation of system security and stability. 

The legal basis for processing the IP address is Article 6 Section 1 f) GDPR. Our legitimate interest is embedded in the above-mentioned purpose of data processing.

Retention period/ criteria for determining the retention period:
The data is saved for a period of 30 days and then deleted automatically.

 

2. Use of cookies

Based on Article 5 Section 1 f) GDPR we use so-called session cookies on our website to determine whether you have already logged on to our platform.  Our interest in ensuring the possibilities of use of our platform is legitimate in the sense of the above-mentioned provision.

Cookies are small files that are saved on your device (laptop, tablet, Smart phone, and the like) when you visit our website.  Cookies cause no harm to your device, nor do they contain viruses, Trojans or other malware.  The cookie stores information about your specific device.  This, however, does not mean that we receive any information about your identity.
 

3. Use of the file exchange platform

Purpose of data processing/ legal basis:

The platform is used for exchanging larger amounts of data between employees of the Schwarz Group and their business partners.  For that purpose, the data is encrypted, uploaded on to the platform servers and then saved temporarily.  Using an individually generated link and password for data encoding the user can enable business partners and colleagues to download/ upload data.  
Private use of the file exchange platform is prohibited.
The legal basis for data retention is Article 6 Section 1 f) GDPR.
Retention period/ criteria for determining the retention period:
Where the data processing in Section 4. does not prevent this, your email address and log-in data are automatically deleted after your user account has been deleted.
The uploaded (encrypted) data is saved for a period of 7 days and then deleted automatically.

 

4. Security of the IT systems, fraud prevention

Purpose of data processing/ legal basis:

All behavior that harms the reputation of the Schwarz Group or has the potential or increases the potential to harm company assets or the company infrastructure is prohibited on the platform.  For safety reasons, and in order to avoid prohibited data flow, all activities on the platform are logged, saved and evaluated randomly.  This includes the following data in particular:
• the access date and time,
• the status (successful/ not successful) and time of log-in with user name,
• the type and time of access (upload, download or deletion),
• the name and size of the uploaded file and
• the user account of the file owner and email address of the individual accessing the platform.

The legal basis for the above-mentioned data processing is Article 6 Section 1 f) GDPR. Our legitimate interest is embedded in sustaining system security and stability as well as fighting fraud on the platform.
Retention period/ criteria for determining the retention period:
The data is saved for a period of 180 days and then deleted automatically.
 


5. Rights of affected individuals

You have the following rights where the legal requirements are fulfilled:

• Right to disclosure of your personal data saved with us in accordance with Article 15 GDPR and § 34 BDSG (Federal Data Protection Act),  
• Right to correction of incorrect or completion of incomplete data in accordance with Article 16 GDPR,
• Right to deletion of your data saved with us in accordance with Article 17 GDPR and § 35 BDSG (Federal Data Protection Act),
• Right to limitation of processing of your data in accordance with Article 18 GDPR,
• Right to data portability in accordance with Article 20 GDPR,
• The right to object in accordance with Article 21 GDPR.
• The right to appeal in front of the Data Protection Supervisory Authority in accordance with Article 77 GDPR.

 

6. Name and contact information

Name and contact information of the processing-responsible party as well as contact information of the company Data Protection Officer

Responsible party for the company within the meaning of  Article 4 Section 7 GDPR is Schwarz IT KG, Stiftbergstraße 1, 74172 Neckarsulm.