Privacy policy for Lidl Smart Home


Many thanks for using our Lidl Smart Home Devices (hereinafter referred to as: “SH Devices”) and the Lidl Home App (hereinafter referred to as: “Home App”), as well as for your interest in our privacy policy. We would like you to feel comfortable and secure when using our SH Devices and Home App and to see our data protection measures as a customer-oriented mark of quality.

The following privacy policy informs you about the type and scope of the processing of your personal data by Lidl Stiftung & Co. KG (also referred to hereinafter as “Lidl”, “we” or “us”). Personal data is information that can be directly or indirectly attributed to you. The General Data Protection Regulation (GDPR), in particular, serves as the statutory basis for the protection of data.

1.  Overview

Data processing by Lidl in connection with the use of our SH Devices and Home App can essentially be divided up into five categories:

  When you download our Home App the necessary information is transferred to the respective Home App store.

  Registration in the Home App is required for the use of the Home App and subsequent connection and control of the SH Devices. Certain information is required for the registration.

  It is possible to connect our Home App to the SH Devices and to use and control those SH Devices via the Home App. For the preparation of the data and the provision of the functions of the SH Devices personal data is collected and processed in the SH Devices and the Home App.

  To enable you to use numerous features, for example easy use of the feedback function, our Home App needs access to various functions and sensors of your mobile end device.

  When you use our Home App and the SH Devices various information is exchanged between your end device on which you operate the Home App and the SH Devices on the one hand and our server on the other. That data may include personal data. The collected information is used, among other things, to:

  facilitate your use of the SH Devices and their functionalities;

  optimise our Home App and SH Devices; and

  display advertising in the browser of your end device or by way of so-called “push messages”.

2.  Downloading our Home App in the respective app store

When you download our Home App the following data in particular is automatically processed by the respective operator of the app store (Apple App Store or Google Play):

  user name in the app store,

  the e-mail address recorded in the app store,

  the customer number of your app store account,

  the time of the download,

  payment information, and

  the individual device code number.

We have no influence on that data collection and are not responsible for it. You can find further information on this data processing in the privacy policy of the respective app store operator:

  Google Play Store: https://policies.google.com/privacy?hl=de&gl=de

  Apple App Store: https://www.apple.com/legal/privacy/de-ww/

3.  Registration in our Home App

3.1  The purposes of the data processing / legal bases:

To use the functions in our Home App you must first register and set up a user account.

The following data is collected / created by you in every case during registration:

  email address or (if this option is offered in your version) the mobile phone number, which is also your user name and login name

  a user code assigned by us

  country code

  password created in compliance with the technical requirements (which will be stored in encrypted form)

At the time of registration the following data will also be stored:

  the user’s IP address

  the user’s time zone

  the date and time of registration

We process your registration data so that we can authenticate you upon login and follow up requests to reset your password. The other data entered by you in the course of registration or logging in will be processed by us: (1) to verify your authorisation to manage the user account, (2) to enable us to implement the conditions of use of the Home App as well as all related rights and obligations, and (3) to contact you so that, for example, we can send you technical or legal information, updates, security reports or other messages relating to the management of the user account.

If you have provided personal data upon registration in our Home App, we will process it on the basis of Article 6(1) point b) GDPR, as that data is necessary for the performance of the contract on the use of the Home App.

3.2  Storage period / criteria for establishing the storage period

The registration data will be stored until you deactivate or delete the Home App or otherwise notify us that you will no longer use the Home App via the user account that you set up.

4.  Use of our Home App

4.1  The purposes of the data processing / legal bases:

When you use our Home App:

  the IP address of your mobile end device,

  the country code of the number of the mobile end device,

  the date and time of the access,

  the client’s enquiry and its content,

  the http response code, and

  the transferred volume of data

will, automatically and without your cooperation, be transferred to our servers and temporarily stored in a so-called log file for the following purposes:

  the protection of our systems,

  error analysis,

  the prevention of misuse or fraud.

The legal basis for the processing of the IP address is Article 6(1) point f) GDPR. Our legitimate interest arises from the purposes of the data processing listed above.

4.2  Storage period / criteria for establishing the storage period:

The data will be stored for a period of fourteen days and then automatically erased, except where you have consented to the use of your data for a longer period..

5.  Connection of the Home App to SH Devices

When you connect our Home App to SH Devices of your choice, further personal data will be collected. You decide which SH Devices you would like to connect to our Home App and must individually set up that connection for each SH Device that you wish to use via the Home App. They may include, for example, light bulbs, lamps, systems for opening windows or doors, motion detectors, alarm systems, smoke detectors, routers, robots, consumer electronics devices (such as voice recognition systems), thermostats, other services, for example concerning weather information, or any other future products with Smart Home functions.

5.1  Your profile data

After registering in the Home App, you can create various profiles on a voluntary basis, i.e. your user profile, your home, other device users and device groups. This information is stored and made available in the Home App, but is then required for the use and control of the SH Devices and is therefore processed as necessary when using the SH Devices:

  You may select a nickname under Personal Settings, upload an image of your choice (which then appears as the user’s avatar) and enter contact details (e.g. to receive notifications).

  For the correct assignment of the SH Devices you must create at least one Home (you may create several). We will then process the names for the Home and the Rooms you select. The Rooms and Homes are where the SH Devices will be used. We will also process a location identifier (with your address if necessary), an identifier assigned by us (Home ID or Room ID), and a list of the devices.

  You can share your devices with yourself and other device users and define the permissions associated with these shares. In this case we will process the user names of the other users (which they receive when they register the Home App), as well as their User ID, the Device IDs and, if applicable, the freely selectable user name. As far as the functions of the SH devices allow user-specific settings, further user data from the device such as gender, birthday, height, weight and contact information will be processed.

  You can then create device groups, i.e. enable universal control of several SH Devices. In this case we will configure, manage and process data concerning the individual authorised device users, including their User ID, user name, country code and administrator status.

This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.

You can manage and if required erase the profile data in our Home App. We will store your data until you erase the data in our Home App. Even if you disconnect the integration with the respective SH Device in your Home App, your data relating to that SH Device will be erased seven (7) days from the disconnection from the Home App.

5.2  Your usage data

Via our Home App we also process personal data depending on what is necessary for the specific functions and the configuration of the respective SH Devices selected by you. It may, in particular, include the following categories of data:

Data category

Examples

Possible purposes and legitimate reasons

Identification data for the SH Devices

Device numbers (technical identifiers like Device ID, chip ID, serial number, MAC address), status and activation time of your SH Device, basic settings (like time zone), the name you selected for your SH Device, phone number of your mobile device, information about your network (IP address, network key) authorisation code (token etc.)

Recognition of the product and enabling logging in to the network and in the Home App. This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.

Configuration data

Default device settings or user settings, especially scenes, actions, automations or conditions selected by the user (usually a name, identifier, background image, prerequisites, set conditions, sequences and activities are saved)

Required in order to implement the necessary functionalities, insofar as they are available, according to the user’s choice. This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.

Usage data

Information on the time and type of use by you. This means typical log data, including the time and duration of start-up and shutdown (current and previous use), device information (device type, device properties, device status and updates), actions performed/choices of the users during use (selected time zones etc.), information on power consumption etc.

This data may allow inferences to be drawn regarding the user’s behaviour or his/her location within the premises.

Required in order to implement the necessary functionalities. This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.



Content data

Information that your SH Device calculates / generates according to its functionalities and which allows inferences to be drawn regarding your behaviour (e.g. a refrigerator’s shopping lists).

Required in order to implement the necessary functionalities. This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.

Sensor data

Information which is detected, recorded or transmitted by sensors in the SH Devices, for example movements, vibrations, moisture, humidity, times of day, smoke, other external influences, intrusion into residential spaces, audio and video records (for example video recordings)

Required in order to implement the necessary functionalities. This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.



Contact data

Name, e-mail addresses or telephone numbers, insofar as they are created and entered by the user

Required in order to provide the functionalities in the event of alarms and the notifications set up by you. This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.


It is not envisaged that special categories of personal data (i.e. data on racial and ethnic origin, political opinions, religious or ideological convictions, trade union affiliation, genetic data, biometric data for unequivocal identification of a natural person, health data, data on sexual life or sexual orientation) will be collected and processed. However, we cannot guarantee that sensors like cameras etc. will not process such information among other data or that inferences will not be indirectly drawn regarding behaviour from usage data. We will not process such data for our purposes or draw such inferences. Insofar as such data is provided to you as content of an SH Device, you decide on its use yourself.

You will be additionally informed upon the connection and set up of the SH Devices supported by the Home App on the available functions and, if necessary, on the data to be specifically processed for that purpose for the provision of those functions.

For important changes, for example concerning the scope of the service, or in the event of technically necessary changes, we will inform you about this using the e-mail address specified upon registration and/or via our Home App.

You can manage and if required erase the data of your SH Devices in our Home App. We will store your data until you erase the data in our Home App. If you disconnect the integration with the respective SH Device in your Home App, your data relating to that SH Device will be erased seven (7) days from the disconnection from the Home App.

5.3  Voice control using Google Assistant

You have the possibility of controlling your SH Devices by way of voice commands via your Google Assistant. To do so you must connect the SH Devices to your Google Assistant. If you control your SH product via Google Assistant, it will be necessary that personal data be passed on via Google to your SH Device / from your SH Device to Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (“Google”) for issuance via the Google Assistant and that we exchange the data necessary for this with Google.

If you set up voice commands in your Google Assistant for controlling the SH Devices or for accessing information from your SH Device, data (including data from your SH Device and voice data) will be transferred to our servers and processed and the necessary data will subsequently be passed on to Google and used by it for the provision of the service. That data may be personal data. By connecting your Google Assistant account to the Home App and enabling Google Actions in the user menu of the Home App you indicate that the SH Device that you have installed is to be controlled via Google Assistant and information issued via Google Assistant and commission us with that task. You / Google are responsible for the associated data processing by Google. For information on the handling of your personal data at Google please refer to Google’s privacy policy at the following address: https://support.google.com/googlenest/answer/7072285?hl=de and https://policies.google.com/privacy. We have no influence on the data processing by Google.

The processing of your personal data by us occurs on the basis of your consent (Article 6(1) sentence 1 point a) GDPR) as well as for the performance of the contract on the use of our Home App with voice assistants (Article 6(1) sentence 1 point b) GDPR), and exclusively for the purpose of processing the enquiries submitted by you.

6.  Access to functions and sensors of your mobile end device

6.1  The purposes of the data processing / legal bases:

6.1.1  Location data

In some cases our Home App enables operation of the SH Devices with functions that are tailored to the respective location of your mobile device (e.g. starting up a heater or switching on the light if you are within a defined distance from your Home).

In order for us to be able to offer you individual services related to your current location when using our Home App, you must have consented to geolocation (e.g. under "Location Services") in the settings of the operating system of your mobile device. You may decide in settings whether you wish to consent to geolocation always, only when using the app or on a case-by-case basis.

In the event that you try to use one of these functions in the Home App, but have not yet consented to geolocation, we will indicate this in a pop-up notification so that you can adjust your settings if necessary.

You can change or cancel the function at any time in the settings of the operating system for your mobile phone.

The legal basis for the processing of your location data is your consent under Article 6(1) point a) GDPR.

6.1.2  Photographs / media / files on your mobile end device / USB memory content (read, change, erase)

If you create content via our Home App from the use of the SH Devices, for example photographs or videos, depending on the installation location of the Home App and the available memory space they will be stored directly in the memory of your mobile end device or on a connected storage medium.

This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.

6.1.3  Microphones

You can control some of the functions of your SH Devices using the microphone in your mobile phone (e.g. coloured lighting in the rhythm of your music). To be able to use these functions, you must first allow the Home App to access your microphone in the settings of your mobile phone’s operating system. This permission is only required once. You will be notified before you use these functions for the first time. Your microphone will then only remain active when you are using the relevant function in the Home App. If you change functions or close the function, the microphone will be automatically switched off until you use the function again. You will not be asked or requested to activate the microphone again if you had previously allowed the Home App to access the microphone. You can disable access to the microphone at any time in the settings of your mobile phone.

It follows, therefore, that we process the sound sequences recorded by the microphone while it is activated, but only for the purposes of the functions you have activated. These recordings are not stored permanently and are erased without delay.

This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.

6.1.4  WiFi connection information

Our Home App uses the WiFi connection of your mobile end device to create a connection to the Internet.

This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.

6.1.5  Other device functions or device sensors

Via the access to the other device functions and device sensors of your mobile end device our Home App is enabled, in particular, to retrieve data from the Internet and process error reports. In addition it enables our Home App to be run on start-up and the standby status of the device to be deactivated.

This is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you.

6.2  Storage period / criteria for establishing the storage period:

Your location and the data mentioned under section 6 will be erased after a period of seven (7) days, except where you have consented to the use of your data for a longer period.

The microphone recordings are erased without delay.

7.  Device security, usage analysis and Lidl Home newsletter

7.1  Device security and troubleshooting

We process technical device data such as device type (reference number), serial number, error logs, software version of the SH Device and your Home App in order to ensure that the operation of the SH Devices and compatibility with future functions can be guaranteed across generations. The purpose of this is to ensure and monitor that the Home App is compatible with the connected SH Devices and that the SH Devices are fully functional without incompatible version problems. Processing for these purposes may also include the identification, usage and sensor data mentioned under Section 5.1.

Where possible, this data is evaluated in a pseudonymised or anonymised form.

Insofar as we do so to ensure that the Home App and the SH Devices you use remain fully operational, this is processing under Article 6(1) point b) GDPR, as this data is required to provide the services requested by you. Moreover, evaluation of device data for general quality improvement (and product development) is also our legitimate interest in accordance with Article 6(1) point f) GDPR.

After the anonymisation of your personal data inferences can no longer be drawn regarding your person. Furthermore, we store the data for five years to ensure the compatibility of the devices over a longer period.

7.2  Usage analysis and portfolio extension

Where you have given us your consent (using the relevant sliders and settings in the Home App), we will analyse the use of the Home App, the SH Devices and any other devices used by you in order to continue developing our existing products and new products and to understand which products are in demand at which times and in which locations (portfolio expansion and planning). We would also like to develop general recommendations for all customers and groups of customers as to which add-ons are useful and popular.

This is why we evaluate registered devices in order to draw conclusions on the popularity of products in certain customer segments and locations. We also want to compare the number, type and extent of actual use with the equipment sold.

The data we process includes in particular the identification and usage data, general device data and location data (place) mentioned in Section 5.1.

If you have registered with Lidl Plus, we are also able to include the data stored in your customer profile and data concerning the purchased devices in particular. A separate privacy policy applies to the Lidl Plus programme, which you can access at https://www.lidl.de/de/datenschutzhinweise/s7373718 .

Once it has been associated, the data mentioned above will be processed in an anonymous form.

This is processing under Article 6(1) point a) GDPR on the basis of your explicit consent. This consent may be withdrawn at any time with effect for the future. You can withdraw your consent by changing the slider position in the Home App menu under consent management. Your data will no longer be processed after this time; however, we will continue to use the data we had previously evaluated, especially because it is then only available in an anonymised form.

If we anonymise your personal data inferences can no longer be drawn regarding your person. We store this data for seven years in order to accommodate the usual cycles for product development.

7.3  Personalised Lidl Home newsletter

Subject to your explicit consent, we will send you the Lidl home newsletter by email; among other things, it contains product recommendations that are tailored to your interests. Our product recommendations are based firstly on which SH Devices you use and which products would generally match these devices (e.g. if you use a lamp, you will receive suggestions for suitable LEDs). Secondly, we evaluate the buying and usage behaviour of all customers who have already purchased a certain item (e.g. if other customers who use similar devices often use additional devices). By contrast, we do not process personal data for any advertisements for Lidl products displayed in the Home App (via push messages). They are displayed to all users of the Home App.

The data we process includes in particular the identification and usage data, general device data and location data (place) mentioned in Section 5.1. By contrast, we do not process personal data for any advertisements for Lidl products displayed in the Home App (via push messages). They are displayed to all users of the Home App.

The content may include products, promotions, contests and offered by the streaming, retail, online, electricity and gas, car contract, newspaper and magazine, children’s book, fitness and nutrition, telecommunications, photography and travel services and customer satisfaction surveys which may originate from us or our partner companies:

  Lidl Dienstleistung GmbH & Co. KG (Lidl Retail Business, www.lidl.dewww.lidl-kochen.de)

  Lidl Digital International GmbH & Co. KG (www.lidl.dewww.lidl-reisen.de),

  Lidl Stiftung & Co. KG (www.lidlplus.de),

  E.ON Energie Deutschland GmbH (www.lidl-strom.de),

  Gymondo GmbH (www.gymondo.de) und

  Vodafone GmbH (registrierung.lidl-connect.de).

The legal basis for this data processing is your consent under Article 6(1) point a) GDPR.

You may withdraw your consent to the receipt of the personalised Lidl Home newsletter in the Home App at any time with effect for the future. Alternatively, you can also click on the “Unsubscribe” link in each Lidl Home newsletter. We store the aforementioned data for these purposes for one year in each cases in order to understand your current use of our products. If you withdraw your consent to receipt of the Lidl home newsletter, your personal data stored for these purposes will be erased.

8.  Other functions

If you select special offers in our Home App which are described in more detail on the LIDL homepage or elswhere, you can access the corresponding sub-pages of our website www.lidl.de or the partner websites embedded there using the in-app browser (iOS: Safari/ Android: Chrome). Our Home App service and our online content accessible through the in-app browser may also contain links to other websites.

If you access websites via the in-app browser (for example via links), your personal data will be processed on those websites in a manner that deviates from this privacy policy. This privacy policy only applies for our Home App. Please comply with the data protection provisions of the linked websites. We accept no responsibility for any third-party content which is provided for use via links and is specifically marked and do not adopt such content as our own. For illegal, defective or incomplete content and for losses resulting from the use or failure to use the information only the provider of the website to which you were referred shall be liable.

9.  Recipients of the data

Below we would like to inform you about recipients of your data.

9.1  Disclosure of the data to contract processors

To a certain extent we make use of service providers, in compliance with the statutory requirements, by way of contract processing, i.e. processing on the basis of a contract on our behalf, according to our instructions and under our control.

Contract processors are, in particular:

  technical service providers which we use for the provision of the Home App, for example service providers for maintenance, computer centre operation or hosting, and

  technical service providers which we use for the provision of functionalities, for example technically necessary cookies.

  Tuya GmbH

  Hangzhou Tuya Information Technology Co., Ltd.

  Microsoft Nederland.

  Nexmo Ltd.

  The WeatherBit LLC.

  Geetest Wuhan Jiyi Network Technology Co. Ltd.

  Apple Inc.

  Google LLC

In these cases we remain responsible for the data processing; the disclosure of personal data to our contract processors and processing of that data by them is based on the legal basis that permits us to carry out the data processing. A separate legal basis is not required.

9.2  Disclosure to third parties

As already described above, we may transmit your data to Google LLC. if you use the voice assistants (section 5.3).

Furthermore, the data provided by you upon registration will be passed on within the Lidl group of companies for internal administration purposes, including joint customer care, within the limits of what is necessary. Any disclosure of the personal data is justified by the fact that we have a legitimate interest in passing on the data for administrative purposes within our corporate group and your rights and interests in the protection of your personal data in the meaning of Article 6(1) point f) GDPR do not override it.

If it is necessary for the clarification of unlawful/improper use of the Home App or for prosecution, personal data will be forwarded to the prosecuting authorities or other authorities and possibly also to injured third parties or legal advisers. However, this will only occur if there are indications of unlawful conduct or misuse. Disclosure may also occur if this serves the purposes of enforcing conditions of use or other legal claims. We are also legally obliged to provide information to certain public bodies at their request, i.e. prosecuting authorities, governmental authorities prosecuting administrative offences subject to fines and tax authorities. Any disclosure of the personal data is justified by the fact that (1) the processing is necessary for the fulfilment of a legal obligation to which we are subject in accordance with Article 6(1) point f) GDPR in conjunction with national legal requirements on the disclosure of data to prosecuting authorities or (2) we have a legitimate interest in passing on the data to the above-mentioned third parties if there are indications of misuse or for the enforcement of our conditions of use, other conditions or legal claims and your rights and interests in the protection of your personal data in the meaning of Article 6(1) point f) GDPR do not override it.

In the course of the development of our business it may happen that the structure of our company changes in that the legal form is changed or subsidiaries, business units or components are established, purchased or sold. In the event of such transactions customer information may be disclosed together with the part of the company to be transferred. Upon each disclosure of personal data to third parties in the scope described above we will ensure that this occurs in accordance with this privacy policy and the applicable data protection laws. Any disclosure of the personal data is justified by the fact that we have a legitimate interest in adjusting our corporate form if required according to economic and legal circumstances and your rights and interests in the protection of your personal data in the meaning of Article 6(1) point f) GDPR do not override it.

10.  Recipients outside the EU

The technical service providers acting as contract processors, i.e. third parties (see section 10) are in some cases also located in China and the USA. In each case we will ensure an adequate level of data protection, e.g. by agreeing the standard data protection clauses of the EU Commission in accordance with Article 46(2) point c) GDPR. In the event that you wish to exercise your additional rights pursuant to Art. 13(1) point f) GDPR, please contact us at the contact details specified in section 14.

11.  Your rights as a data subject

11.1  Overview

Besides the right to withdraw consent you have granted us you are also entitled to the following further rights, provided that the respective legal requirements are fulfilled:

  The right to information on the data concerning you that we are storing in accordance with Article 15 GDPR and Article 34 of the German Data Protection Act (Bundesdatenschutzgesetz – BDSG).

  The right to the rectification of incorrect data or the completion of incomplete data in accordance with Article 16 GDPR,

  The right to the erasure of the data concerning you that we are storing in accordance with Article 17 GDPR and Article 35 BDSG.

  The right to restriction of the processing of your data in accordance with Article 18 GDPR,

  The right to data portability in accordance with Article 20 GDPR,

  The right of objection under Article 21 GDPR.

11.2  Right to information under Article 15 GDPR

You have the right, under Article 15(1) GDPR, to receive information free of charge at your request on the personal data concerning you that we are storing. In particular, this includes:

  the purposes for which the personal data is processed;

  the categories of personal data which are processed;

  the recipients / categories of recipients to which the personal data relating to you has been disclosed or will yet be disclosed;

  the planned duration of the storage of the personal data relating to you or, if specific information in this respect cannot be provided, criteria for determining the storage period;

  the existence of a right to the rectification or erasure of the personal data relating to you, a right to the restriction of the processing by the controller or a right of objection against that processing;

  the existence of a right to lodge a complaint with a supervisory authority;

  all the available information on the origin of the data if the personal data is not collected from the data subject;

  the existence of an automated decision-making process, including profiling, in accordance with Article 22(1) and (4) GDPR and, at least in those cases, meaningful information on the logic involved as well as the consequences and the desired effects of such processing for the data subject.

If personal data is transmitted to a third state or to an international organisation, you are entitled to a right to information on the appropriate safeguards under Article 46 GDPR in connection with the transmission.

11.3  Right to rectification under Article 16 GDPR

You have the right to request the prompt rectification of incorrect personal data concerning you; You have the right, taking into account the purposes of the processing, to demand the completion of incomplete personal data, including by way of a supplementary declaration.

11.4  Right to erasure under Article 17 GDPR

You have the right to request the prompt erasure of personal data concerning you if one of the following reasons applies:

  The personal data is no longer needed for the purposes for which it was collected or otherwise processed.

  You withdraw your consent on which the processing is based in accordance with Article 6(1) point (a) or Article 9(2) point (a) GDPR and there is no other legal ground for the processing;

  You submit an objection to the processing in accordance with Article 21(1) or (2) GDPR, and in the circumstances referred to in Article 21(1) GDPR no overriding legitimate reasons exist for the processing;

  the personal data has been unlawfully processed;

  the erasure of the personal data is necessary for the fulfilment of a legal obligation;

  the personal data was collected in relation to the offer of information society services in accordance with Article 8(1) GDPR.

If we have made the personal data public and are obliged to erase it, taking into account the available technology and the implementation costs we will take appropriate steps to inform the third parties that process your data that you demand also from them the erasure of all links to that personal data or of any copies or replications of that personal data.

11.5  Right to restriction of the processing under Article 18 GDPR

You have the right to request from us the restriction of the processing if one of the following conditions is fulfilled:

  you dispute the correctness of the personal data;

  the processing is unlawful and instead of erasure you demand restriction of the use of the personal data;

  the controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the purpose of establishing, exercising or defending legal claims;

  you have submitted an objection to the processing in accordance with Article 21(1) GDPR and it has not yet been established whether the legitimate grounds of the controller override those of the data subject.



11.6  Right to data portability under Article 20 GDPR

You have the right to be provided with the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller without any obstruction by us if:

  the processing is based on consent under Article 6(1) point a) or Article 9(2) point a) or on a contract in accordance with Article 6(1) point b) GDPR; and

  the processing is carried out by means of automated procedures.

In exercising your right to data portability you have the right to have the personal data transmitted directly by us to another controller, where technically feasible.

11.7  Right of objection under Article 21 GDPR.

Subject to the conditions under Article 21(1) GDPR you may object to the data processing for reasons that arise from your particular situation.

The above general right of objection applies for all the purposes of processing described in this privacy policy which are based on Article 6(1) point f) GDPR. Unlike in the case of the special right of objection directed at the data processing for advertising purposes, under the GDPR we are only obliged to implement such a general objection if you state reasons of overriding significance for this, for example a possible risk for life or health. You also have the option of contacting the competent supervisory authority for Lidl Stiftung & Co. KG or the data protection officer of Lidl Stiftung & Co. KG.

12.  Contact person

12.1  Contact persons for questions or for exercising your data protection rights

If you have any questions concerning the website or on the exercise of your rights regarding the processing of your data (data protection rights) you may contact our customer service: customer.services@lidl.ie


12.2  Contact person for questions on data protection

If you have further questions on the processing of your data, you may contact Lidl’s company data protection officer (see section 14).

12.3  Right to lodge a complaint with a supervisory authority

You are also entitled to a right to lodge a complaint with the competent supervisory authority at any time. To that end you may contact the data protection supervisory authority of the German state in which you have your place of residence or the authority in Baden-Württemberg as the state in which Lidl Stiftung & Co. KG has its registered office.

13.  Name and contact details of the data controller and contact details of the company data protection officer

This privacy policy applies for the data processing by Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm (the “controller”) and the Lidl Home App. The company data protection officer of Lidl Stiftung & Co. KG can be contacted under the above-mentioned address, attention the data protection officer or at data.controller@lidl.ie