Privacy Policy - Customer Support Evaluation
Thank you for your interest in participating in our survey on your experience with our customer care.
We take the protection of your personal data very seriously and therefore strive to guarantee your right to retain control over your personal information (informational self-determination). This privacy policy explains which personal data we collect, process and use, when and for what purpose.
Unless otherwise stated in the individual sections (designated as such by headings) of this privacy policy, the controller responsible for processing within the meaning of Article 4(7) of the EU General Data Protection Regulation (GDPR) is:
LIDL Cyprus
Industrial Area
Emporiou Street 19
CY- 7100 Aradippou - Larnaca
Use of the survey tool
2.1 Use of cookies and other similar technologies to process usage data
Purposes of the processing/legal bases:
We, Lidl Stiftung & Co. KG, are the controller with respect to data processing in connection with the use of "cookies" and other similar technologies to process usage data on all (sub-)domains at www.lidl.com.cy
Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any harm to your end device, nor do they contain any viruses, trojans or other malware. The cookie stores certain information that results in connection with the specific end device deployed. This does not, however, mean that we will immediately become aware of your identity.
Technically necessary cookies and other technically necessary technologies are used to process usage data in order to provide our survey.
For an overview of the cookies and other technologies we use, including the respective purposes of processing, storage periods and any third party providers involved, see our cookie list below.
Depending on the purpose, the use of technically necessary cookies and similar necessary technologies to process usage data involves processing the following types of personal data in particular:
- user inputs, in order to remember inputs across multiple sub-pages (e.g., to save your cookie settings);
- security-related events (Detection of fraudulent input behavior);
The legal basis for using technically necessary cookies is Article 6(1)(f) GDPR because we have a (shared) legitimate interest in providing our platform for collecting data to improve our store offerings.
Name | Provider | Type | Purpose | Expiry |
---|---|---|---|---|
force-stream | Salesforce | Required | Used to redirect server requests for sticky sessions. | 3 hours |
force-proxy-stream | Salesforce | Required | Ensure client requests hit the same proxy hosts and are more likely to retrieve content from cache. | 3 hours |
inst | Salesforce | Required | Used to redirect requests to an instance when bookmarks and hardcoded URLs send requests to a different instance. | Session |
inst | Salesforce | Required | This type of redirect can happen after an org migration, a split, or after any URL update. | Session |
_ga | Salesforce | Functional | A third-party cookie that’s used if the site admin chooses to track site users with a Google Analytics tracking ID. | 2 years |
CookieConsentPolicy | Salesforce | Required | Used to apply end-user cookie consent preferences set by our client-side utility. | 1 year |
language | Salesforce | Required | Identifies the language for custom components and flows, which support multiple languages. Without this cookie, translations for custom features can appear incorrectly. | Session |
BrowserID_sec | Salesforce | Required | Used for security protections. | 1 year |
sfdc-stream | Salesforce | Required | Used to properly route server requests within Salesforce infrastructure for sticky sessions. | 3 hours |
BrowserId | Salesforce | Required | Used for security protections. | 1 Year |
Recipients/categories of recipient:
When using cookies and similar technologies to process usage data, we retain specialized service providers, particularly those specializing in customer surveys, to process data.
They process your data on our behalf as processors. Each has been carefully selected and bound by contract in accordance with Article 28 GDPR. All of the companies listed as service providers in our cookie list act as processors on our behalf.
Storage time/criteria for determining storage time:
For information on the duration of storage for cookies, see our cookie list above.
3. Customer Care experience survey
Purposes of the processing/legal bases:
We use our customer care survey to collect data on your subjective experience with our customer care so that we can continuously improve your service experience.
We ask you to provide no personal data during the survey. The survey is created in context of your submitted request to the customer care before. Therefore we are able to connect your survey results with your provided case for reporting purposes.
The legal basis for this is Article 6(1)(f) GDPR, i.e., our shared legitimate interest in improving your experience with our customer care.
Recipients/categories of recipient:
We retain specialized service providers, particularly those specializing in customer surveys, to process data. They process your data on our behalf as processors. Each has been carefully selected and bound by contract in accordance with Article 28 GDPR.
Storage time/criteria for determining storage time:
We delete or anonymize your personal data depending on the related submitted request to customer care. Find enclosed the list of deletion periods counting from closing date:
- Critical requests are anonymized after 150 days. Critical requests are requests related to critical defective products like e.g. burning toaster, which can have impact on the health of customers.
- Authority related cases will be anonymized after 720 days.
- All other requests are anonymized between 45-90 days. 45 days are the minimum for standard requests. For cases that involve criticism we store up to 90 days in case further investigation is needed after final reply from customer care.
4. Data transfers to countries outside the EEA
If we transfer data to recipients in a third country (located outside of the European Economic Area), this will be evident in the information on the recipients/categories of recipient in the description of the respective data processing. Some third countries have been certified by the European Commission through so-called adequacy decisions as having a level of data protection comparable to that offered in the European Economic Area. A list of these countries is available at https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF. Where no comparable data protection standard exists in a given country, we take other measures to ensure that an adequate level of data protection is guaranteed by other means, such as binding corporate rules, the European Commission's standard contractual clauses on the protection of personal data, certificates or recognized codes of conduct. For further information, please contact our data protection officer (section 8).
7. Rights of the data subject
If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.
If the basis of processing is Article 6(1)(f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject in the objection.
If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.
If the data processing is carried out on the basis of consent granted under Article 6(1)(a) GDPR, you may revoke that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.
In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer.
You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.
8. Other questions
If you have any further questions regarding the collection, processing and use of your personal data, please contact our data protection officer:
LIDL Cyprus
Industrial Area
Emporiou Street 19
CY- 7100 Aradippou - Larnaca
Last updated: 9/21/2020