Privacy Policy
At Lidl, we always put our customers first. We are committed not only to providing you with comprehensive online services, but also to protecting your privacy. This Privacy Policy aims to explain in detail how we collect, use, store, and protect your personal information when you use the services provided by Lidl Ireland GmbH (“Lidl”).
1. Data Controllers and Data Protection Officer
Data Controllers
Unless otherwise specified in the terms, the following two parties are joint data controllers for the processing of personal data on the website and Lidl applications (collectively, the “Services”):
First, Lidl Ireland GmbH, address: Main Road, Tallaght, Dublin 24, Ireland; Second, Lidl Stiftung & Co. KG, address: Stiftsbergstraße 1, 74172 Neckarsulm.
The joint controllers jointly determine the purpose and manner of data processing. You can obtain details about the specifics of their joint responsibility through the contact information below.
Data Protection Officer Contact Information
You can contact the company's Data Protection Officer at the postal address above or via the email address below: At Lidl, we always put our customers first. We are committed not only to providing you with comprehensive online services, but also to protecting your privacy. This Privacy Policy aims to explain in detail how we collect, use, store, and protect your personal information when you use the services provided by Lidl Ireland GmbH (hereinafter referred to as "Lidl").
1. Data Controllers and Data Protection Officer
Data Controllers
Unless otherwise specified in the specific terms, the following two parties are joint data controllers for the processing of personal data on the website www.lidl.ie and the Lidl applications (collectively, the "Services"):
First, Lidl Ireland GmbH, address: Main Road, Tallaght, Dublin 24, Ireland; Second, Lidl Stiftung & Co. KG, address: Stiftsbergstraße 1, 74172 Neckarsulm.
The joint controllers jointly determine the purpose and manner of data processing. For details regarding the specifics of our joint liability agreement, please contact us using the contact information below.
2. Third-Party Data Processors
We may engage third-party service providers to assist in processing your personal data. These service providers (such as customer service departments, research and analysis agencies) are rigorously vetted and have entered into data processing agreements with us in accordance with Article 28 of the General Data Protection Regulation (GDPR). They may only process data according to our instructions and may not use the data for any unauthorized purpose.
3. Data Transfers to Third Countries
In some cases, we may need to transfer your personal data to countries outside the EU/EEA (i.e., “Third Countries”). We ensure that such transfers meet the high standards of protection required by the GDPR:
For countries that have been deemed adequate by the European Commission through an “adequacy decision” (if they possess the appropriate level of protection), transfers may proceed directly.
For US service providers, data may only be transferred if the organization is certified under the EU-US Data Privacy Framework.
In the absence of an adequacy decision, we employ other safeguards, such as standard contractual terms from the European Commission, binding company rules, or accredited certification mechanisms.
For further information, please contact our Data Protection Officer.
4. Data Processing During Service Access
When you access our website or use the Lidl app, your browser or device automatically sends the following information to our servers and temporarily stores it in a log file: the IP address of the device used, the date and time of access, the name and URL of the file accessed, the source website or app (referral URL), browser type and operating system information, and the name of the service provider accessed.
This information is used for the following purposes: ensuring a smooth connection, optimizing the user experience of the website or app, and assessing system security and stability.
If you have geolocation permissions enabled on your device, we may use your real-time location data when processing certain functions (such as the store finder).
Legal Basis: Primarily based on Article 6(1)(f) of the GDPR (legitimate interests), namely, maintaining the proper display of the website, system security, and preventing unauthorized access.
If data processing involves contract preparation, it is based on Article 6(1)(b) of the GDPR.
Storage Period: The log file will be automatically deleted after seven days.
5. Contact Forms, Emails, Telephone, Social Media, and Customer Surveys
Purpose of Data Processing
When you contact us via contact forms, telephone, email, or social media, the personal information you provide will only be used to process your inquiry.
If you participate in a customer survey, the survey will be anonymous, and only the time of participation will be recorded. You may choose to provide additional information in free text or screenshots, but please avoid revealing other people's personal information. If you agree to participate in user research periodically, we will store your name and email address to invite you to telephone interviews, written surveys, or usability tests.
Legal Basis
Inquiry Processing: Pursuant to Article 6(1)(f) (legitimate interests) or Article 6(1)(b) (performance of contracts) of the GDPR.
Surveys and Research: You may withdraw your consent at any time based on your consent, pursuant to Article 6(1)(a) of the GDPR.
Data Subject Rights Claims: Pursuant to Article 6(1)(c) (legal obligations) of the GDPR.
Recipients
Your data may be processed on our behalf by our customer service department and data processors in the field of survey analytics. If your complaint requires further follow-up, your contact information may be forwarded to other companies or service partners within the Lidl Group (e.g., to arrange pickup or repair).
Retention Period
Regular Inquiries: Data will be deleted no more than 95 days after the final response.
Legal Inquiries: If data subject rights are involved, the data will be retained for three years to demonstrate compliance.
Customer Survey Data: The specific retention period will be provided prior to the investigation.
6. Contest Activities
Controller
The controller of contest-related data processing is Lidl Ireland GmbH.
Purpose of Data Processing
Personal information submitted by you for contests you participate in through the website, newsletter, or Lidl app will only be used for contest organization, including identifying winners, notifying winners, and sending prizes.
Legal Basis: Article 6(1)(b) of the GDPR (Performance of Contracts).
Retention Period
Participant data will be deleted after the contest concludes and winners are announced. For physical prizes, winner data will be retained for the statutory warranty period to facilitate returns and exchanges.
7. Advertising Messages
Subscription and Unsubscription
You can subscribe to Lidl's marketing messages (including email, SMS, WhatsApp, and push notifications) through embedded content on the website, mobile app, or social media. We use a "two-confirmation" mechanism to ensure you enter your email address or phone number correctly.
You can withdraw your consent at any time via the unsubscribe link at the end of the email, your Lidl Plus account settings, or by contacting customer service. After withdrawal, your data will be removed from the distribution list within 48 hours.
Legal Basis: Advertising is delivered to existing customers based on your consent (Article 6(1)(a) of the GDPR), or, to the extent permitted by law, based on legitimate interests (Article 6(1)(f) of the GDPR).
Recipients
Advertising partners and professional service providers are contractually bound under Article 28 of the GDPR as data processors.
Retention Period
Distribution list data will be deleted within 48 hours of withdrawing consent.
Registration data will be retained for ten years to demonstrate compliance.
If you object, your contact address will be blocked from future advertising.
7.1 Personalized User Profile
With your explicit consent, we and related companies within the Lidl Group will record your user behavior, including: page areas visited, links clicked, and opening times; items selected or added to your cart; usage duration and frequency; survey participation and coupon redemption; purchase data and in-store shopping frequency (if using Lidl Plus).
This information will be integrated into your profile to provide you with more relevant content through newsletters, SMS, push notifications, in-site advertising, and print advertising, and to optimize our services.
If you have completed the "About Me" section in Lidl Plus, this information will also be used for service customization.
7.2 Advertising Content
Our marketing messages cover the following promotions, products, and services: promotional activities, discounts, contests; Lidl Plus member benefits, streaming services; surveys, product reviews; and content from the Lidl Ireland and Lidl Stiftung websites and apps.
7.3 Push Notifications
Data Processing Purpose
You can register to receive push notifications to receive the latest news, promotional information, and order reminders. Upon registration, your device will generate a push token or device ID and record the login time.
We will perform statistical analysis on push messages to optimize content and delivery timing.
Legal Basis: Your consent (Article 6(1)(a) of the GDPR).
Recipient: The push notification service provider is contractually bound as a data processor.
Storage Period: Data is continuously stored while you have enabled push notifications.
8. Use of Cookies and Similar Technologies
When you visit our website or use the Lidl app, we may store cookies or use similar technologies (such as local storage) on your device. These technologies help us provide, protect, and improve our services.
8.1 Responsible Parties
Lidl Ireland and Lidl Stiftung are the joint controllers of most cookie-related data processing. Some marketing cookies involve joint control relationships with third parties such as Meta, TikTok, Microsoft, and Google.
8.2 Data Processing Purposes
Depending on the type of cookie, the processing purposes include:
Technically necessary: Ensuring essential website functionality, such as login status and language selection.
Convenience: Record your preferences to provide a personalized experience.
Statistics: Analyze usage in pseudonymous form to optimize services (e.g., Google Signals cross-device analysis).
Marketing – Self-promotion: Show ads relevant to your interests and measure ad performance.
8.3 Data Categories Involved
IP address, device identifier; browsing behavior (clicks, scrolling, visit time); user ID (usually pseudonymous, not directly associated with your name, etc.); location information (only with consent).
8.4 Legal Basis
Technically necessary cookies: Article 6(1)(b) of the GDPR (Contractual Performance).
Convenience, statistical, and marketing cookies: Your consent (Article 6(1)(a) of the GDPR).
Third-party processing, such as by Facebook, may be based on their legitimate interests.
8.5 Storage Period
The specific storage period for cookies can be found in our Cookie Statement. Some marketing cookies are retained for up to 13 months (e.g., Criteo), and Facebook custom audience data is retained for no more than 180 days.
8.6 Withdrawal of Consent and Opt-Out
You can withdraw your consent at any time through your browser settings, device settings, or our preferences manager. In the Lidl app, you can turn off tracking in More > Legal Information > Tracking. You can also manage personalized advertising preferences through platforms such as YourAdChoices.
9. Map Services
9.1 Bing Maps
Our website uses Bing Maps to provide interactive maps to help you find Lidl stores. Your IP address will be processed during use and may be transmitted to Microsoft's US servers. Legal basis: Section 6(1)(f) of the GDPR (legitimate interests).
9.2 Google Maps / Apple Maps / Huawei Map kit
In the Lidl app, you can choose to use the map service that comes with your device's operating system. In this case, your IP address will be processed by the respective provider. We cannot control the specific processing method; we recommend that you refer to the corresponding privacy policy. Legal basis: Sections 6(1)(b) and 6(1)(f) of the GDPR (legitimate interests).
10. Google reCAPTCHA
We use Google reCAPTCHA in website forms (such as contest registrations and newsletter subscriptions) to prevent bot abuse. This service analyzes user behavior (such as dwell time and mouse movements) and IP addresses to determine if a visitor is a real person. Data may be transferred to Google's U.S. servers. The legal basis is Section 6(1)(f) of the GDPR (legitimate interests).
11. Links to Other Websites and Apps
Our services may contain links to other Lidl companies, partners, or third-party websites. Clicking these links will take you away from our services. We are not responsible for the data processing of these external websites and recommend that you review their privacy policies.
12. Mobile Device Functions and Sensor Access
With your explicit authorization, we may access the following device functions in the Lidl app:
Location data: for store location.
Storage: for saving shopping lists.
Camera: for scanning QR codes.
Wi-Fi connectivity information: for internet access.
Push notifications: for sending promotional messages.
The legal basis is your consent (Article 6(1)(a) of the GDPR).
13. Embedded Third-Party Content
Our website embeds YouTube videos (using “Extended Privacy Mode”). Data is only transmitted to YouTube (Google) when you play the video. We have no control over its subsequent processing; please see the Google Privacy Policy.
14. Your Rights
Under the GDPR, you have the following rights:
Right to access: to know what personal information we store about you (Article 15 of the GDPR).
Right to correction: to correct inaccurate data (Article 16).
Right to erasure: to request the erasure of your data under certain conditions (Article 17).
Right to restriction of processing: to request the suspension of processing under certain conditions (Article 18).
Media Monitoring
Controller: Lidl Ireland GmbH
Purpose: We analyze your publicly posted Lidl-related posts on public online platforms (such as Facebook and Xing) to understand product awareness, evaluate marketing campaigns, and identify areas for improvement. Processing is limited to publicly available content and may include user IDs.
Legal Basis: Section 6(1)(f) of the GDPR (legitimate interests).
Recipient: Processed by Emplifi, a service provider; data may be transferred to servers in the United States.
Storage Period: Not permanently stored; used solely for analysis; retained for up to two years for annual comparisons if necessary.