Privacy Policy

DATA PROTECTION IS IMPORTANT TO US

Privacy Policy for the Corporate Website for Lidl North Macedonia additionally for the communication with press office for business partners, Journalists and others parties. 

 

Thank you for your interest in data protection at Lidl North Macedonia DOOEL (hereinafter "Lidl", "we", "us"). We at Lidl want you to feel comfortable and safe when you visit our website, and to know that one of the things that sets us apart is our commitment to protecting our customers' data. The following privacy policy tells you how and to what extent your personal data is processed when you visit the website corporate.lidl.mk and in the relationship with our contracted suppliers and the producers and other parties involved in the supply chains of our food and non-food suppliers. Personal data is information that identifies you or could identify you directly or indirectly. The statutory basis for data protection is, in particular, the Personal data protection Law - PDPL (or EU General Data Protection Regulation - GDPR). 

 

Overview

Data processing by Lidl North Macedonia DOOEL:

  • When you access the website, various information is exchanged between your end device and our server. This may also involve personal data. The information collected in this way is used to optimize our website or, if you have given your consent to do so, to analyze your behavior on the website.

Accessing our website 

Purposes of the processing/legal bases:

When accessing our website, the browser used on your end device will – automatically and without any action on your part – send:

  • the IP address of the accessing Internet-enabled device;
  • the date and time of access;
  • the name and URL of the requested file;
  • the website/application from which the access occurred (referrer URL);
  • the browser and, where relevant, the operating system of your Internet-enabled computer as well as the name of your access provider 

to our website server and be stored temporarily in what is known as a log-file for the following purposes:

  • to ensure a fault-free connection;
  • to ensure the user-friendliness of our website/application;
  • to analyze system security and stability.

The legal basis for the processing of the data listed is Article 10(1)(6) PDPL (Art.6(1)(f) GDPR). The purposes of data processing listed above constitute our legitimate interest.

Recipients/categories of recipient:

In connection with the aforementioned processing, your data will also be processed on our behalf by processors in the IT hosting services sector. Such processors are carefully selected, audited by us and bound by contract in accordance with Article 32 PDPL (Art.28 GDPR).

Storage time/criteria for determining storage time:

Data will be stored for a period of seven days and automatically deleted thereafter.

Use of cookies and other similar technologies to process usage data

Purposes of the processing/legal bases:

We, Lidl North Macedonia DOOEL, Kiro Gligorov Blvd 2, 1000 Skopje, North Macedonia are the controller with respect to data processing in connection with the use of "cookies" and other similar technologies to process usage data on all (sub-)domains at corporate.lidl.mk.

Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any harm to your end device, nor do they contain any viruses, trojans or other malware. The cookie stores certain information that results in connection with the specific end device deployed. This does not, however, mean that we will immediately become aware of your identity.

Cookies and the other technologies used to process usage data are deployed for the following purposes, depending on the categories of cookie/other technologies:

  • Technically necessary: these are cookies and similar technologies without which you cannot use our services (e.g., for the correct display of our website/functions requested by you, etc.).
  • Preferences: using these methods, we can take into account your actual or perceived preferences to enhance the user experience. For example, we can use your settings to display our website in a language relevant to you.
  • Statistics: these technologies enable us to tailor the design of our services by producing anonymized statistics about how they are used. For example, we can use them to determine how better to adapt our website to user habits. For an overview of the cookies and other technologies we use, including the respective purposes of processing, storage periods and any third party providers involved, see our cookie policy.

Depending on the purpose, the use of cookies and similar technologies to process usage data involves processing the following types of personal data in particular:

Technically necessary:

  • user inputs to store the user's consent status for the current domain (e.g., cookie consent);
  • security-related events (e.g., identifying repeat failed sign-in attempts);
  • data to play back multimedia content (e.g., playing (product) videos selected by you).

Preferences:

  • Settings to customize the user interface (e.g., selecting the preferred language); 

Statistics:

  • Pseudonymized usage profiles containing information on the use of the website. These contain in particular:
    • browser type/browser version;
    • operating system used;
    • device used;
    • referrer URL (i.e., the previously visited page);
    • host name of the accessing computer (IP address);
    • time of the server request;
    • individual user ID; and
    • events triggered on the website (web browsing behavior).
  • The IP address is routinely anonymized, which in principle means it is no longer possible to identify you.

The legal basis for using preference and statistics cookies is your consent given pursuant to Article 10(1)(1) PDPL (Art.6(1)(a) GDPR).

The legal basis for using technically necessary cookies is Article 10(1)(6) PDPL (Art.6(1)(f) GDPR) because we have a legitimate interest in offering you a functional website.

You may withdraw/modify your consent at any time with effect for the future without this affecting the lawfulness of the processing based on consent before its withdrawal. Click here to make your selection.

Recipients/categories of recipient:

When using cookies and similar technologies to process usage data, we may on occasion retain specialized service providers to process data. They process your data on our behalf as processors. Each has been carefully selected and bound by contract in accordance with Article 32 PDPL (Art.28 GDPR). ). All of the companies listed as service providers in our cookie policy act as processors on our behalf. In the context of our cooperation with Google LLC, the aforementioned data is generally also processed for statistical purposes on servers located in the U.S.

Storage time/criteria for determining storage time:

For information on the storage time for cookies, see our cookie policy. If "persistent" is entered in the "expiration" column, the cookie will be stored permanently until the corresponding consent is withdrawn.

Customer service

Purposes of the processing/legal bases:

We treat all personal data which you provide us with on the contact form, by telephone, e-mail or via social media (e.g., when you contact customer service) confidentially. We use your data solely for the limited purpose of processing your inquiry. The legal basis for the data processing is Article 10(1)(6) PDPL and Article 10(1)(2) PDPL (Art.6(1)(f) and Art.6(1)(b) GDPR).

Our shared (legitimate) interest in this data processing arises from the objective of answering any inquiries and resolving any issues you may have and thus ensuring and improving your level of satisfaction as a customer or other user of our website. 

Recipients/categories of recipient: 

When responding to your requests, we will also have processors specializing in customer service process your data on our behalf. Such processors are carefully selected, audited by us and bound by contract in accordance with Article 32 PDPL (Art.28 GDPR). Furthermore, it may be necessary for us to pass on excerpts of your inquiry to contractual partners (e.g., suppliers in the case of product-specific inquiries) for the purpose of processing your inquiry. In these cases, your inquiry will be anonymized in advance, meaning that third parties will not be able to identify you. Should it be necessary to pass on your personal data in individual cases, we will notify you in advance and obtain your consent. We will not pass on your personal data to third parties unless you have given your express consent for this

Storage time/criteria for determining storage time:

We delete or anonymize all personal data we receive from you when you make inquiries (positive/negative comments or suggestions) via the website or by e-mail no later than 90 days after the final response is sent. Based on experience, we generally do not receive any questions concerning our responses after 90 days. If you assert your rights as a data subject (see section VI below), your personal data will be stored for three years after the final response in order to document the fact that we provided you with comprehensive information and that the legal requirements have been met.

Data transfers to recipients in a third country

If we transfer data to recipients in a third country (located outside of the European Economic Area), this will be evident in the information on the recipients/categories of recipient in the description of the respective data processing. Some third countries have been certified by the European Commission through so-called adequacy decisions as having a level of data protection comparable to that offered in the European Economic Area. A list of these countries is available at https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en. Where no comparable data protection standard exists in a given country, we take other measures to ensure that an adequate level of data protection is guaranteed by other means, such as binding corporate rules, the European Commission's standard contractual clauses on the protection of personal data, certificates or recognized codes of conduct. For further information, please contact our data protection officer (clause 9).

Rights of data subjects

In addition to the right to withdraw any consent you have granted to us, you have the following additional rights provided the respective statutory conditions are met:

  • right of access to your personal data stored with us pursuant to Article 19 PDPL (Art.15 GDPR);
  • right to rectification of inaccurate personal data and the right to have incomplete personal data completed pursuant to Article 20 PDPL (Art.16 GDPR);
  • right to erasure of your personal data stored with us pursuant to Article 21 PDPL (Art.17 GDPR);
  • right to a restriction of processing of your data pursuant to Article 22 PDPL (Art.18 GDPR);
  • right to data portability pursuant to Article 24 PDPL (Art.20 GDPR);
  • right to object pursuant to Article 25 PDPL (Art.21 GDPR);

1. Right of access pursuant to Article 19 PDPL (Art.15 GDPR) Pursuant to Article 19(1) of the PDPL (Art.15(1) of the GDPR)

You have the right to request information, free of charge, on the personal data stored about you. This includes in particular:

  • the purposes for which personal data is being processed;
  • the categories of personal data that are being processed;
  • the recipients or categories of recipient to whom personal data concerning you has been or will be disclosed;
  • the planned duration of the storage of the personal data concerning you or, if it is not possible to give any specific details, the criteria used to determine the storage duration;
  • the existence of a right to rectification or erasure of the personal data concerning you, a right to request from the controller that processing be restricted or a right to object to this processing;
  • the right to lodge a complaint with a supervisory authority;
  • all available information regarding the origin of the data if the personal data is not being collected from the data subject;
  • the existence of any automated decision-making processes including profiling pursuant to Article 26(1) and (4) PDPL (Art.22(1) and (4) GDPR) and – at least in these cases – meaningful information regarding the logic involved as well as the significance and the envisaged consequences of such processing for the data subject. 

If personal data is transferred to a third country or an international organization, you have the right to be notified about appropriate safeguards pursuant Article 50 PDPL (Art.46 GDPR) in connection with the transfer.

2. Right to rectification pursuant to Article 20 PDPL (Art.16 GDPR)

You have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to erasure pursuant to Article 21 PDPL (Art.17 GDPR)

You have the right to require us to erase any personal data concerning you without undue delay where one of the following grounds applies:

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • you withdraw your consent on which the processing pursuant to Article 10(1)(1) or  Article 13(2)(1) PDPL (Art.6(1)(a) or Art.9(2)(a) GDPR) was based and there is no other legal basis for the processing;
  • you object to the processing pursuant to Article 25(1) or (2) PDPL (Art.21(1) or (2) GDPR), and in the case of Article 25(1) PDPL (Art.21(1) GDPR) there are no overriding legitimate grounds for the processing;
  • the personal data was unlawfully processed;
  • the erasure of personal data is necessary in order to comply with a legal obligation;
  • the personal data was collected in relation to the offer of information society services referred to in Article 12(1) PDPL (Art.8(1) GDPR). 

Where we have made the personal data public and are obliged to erase it, taking account of available technology and the cost of implementation we will take reasonable steps to inform any third parties processing your data of the fact that you have requested the erasure by such third parties of any links to, or copies or replications of, such personal data.

4. Right to restriction of processing pursuant to Article 22 PDPL (Art.18 GDPR)

You have the right to require us to restrict the processing where one of the following applies:

  • you contest the accuracy of the personal data;
  • the processing is unlawful and you request the restriction of the use of the personal data rather than its erasure;
  • the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims; or
  • you have objected to the processing pursuant to Article 25(1) PDPL (Art.21(1) GDPR) pending verification of whether the legitimate grounds of the controller override those of the data subject.

5. Right to data portability pursuant to Article 24 PDPL (Art.20 GDPR)

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller without hindrance by us, where

  • the processing is based on consent pursuant to Article 10(1)(1) or 13(2)(1) PDPL (Art.6(1)(a) or Art.9(2)(a) GDPR) or on a contract pursuant to Article 10(1)(2) PDPL (Art.6(1)(b) GDPR) and
  • the processing is carried out by automated means. In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller where technically feasible.

6. Right to object pursuant to Article 25 PDPL (Art.21 GDPR)

Provided the requirements of Article 25(1) PDPL (Art.21(1) GDPR) are met, you may object to the data processing on grounds relating to your particular situation. 

The aforementioned general right to object applies to all processing grounds set out in this privacy policy, which are processed on the basis of Article 10(1)(6) PDPL (Art.6(1)(f) GDPR). In contrast to the specific right to object regarding data processing for promotional purposes, we are only obliged to action such general right to object if you cite grounds of overriding importance, e.g., a possible risk to life or health. In addition you have the option to contact the supervisory authority responsible for Lidl North Macedonia DOOEL or the data protection officer of Lidl North Macedonia DOOEL.

7. Right to lodge a complaint with the data protection supervisory authority pursuant to Article 97 PDPL (Art.77 GDPR)

You also have a right to lodge a complaint with the competent data protection supervisory authority at any time. In order to do this you can contact the Personal data protection Agency supervisory authority of the Republic of North Macedonia where you have place of residence, or the authority of the country North Macedonia as the Land where  Lidl North Macedonia DOOEL is headquartered.

8. Exercising your rights

Points of contact in the event of questions or in order to exercise your data protection rights - In order to exercise your rights in the processing of your data (data protection rights) please contact: data.protection@lidl.mk

9. Controller and data protection officer

This privacy policy applies to the processing of data by Lidl North Macedonia DOOEL, Kiro Gligorov Blvd 2, 1000 Skopje, North Macedonia ("Controller") and for the website corporate.lidl.mk. You can contact the Controller at corporate.affairs.mk@lidl.mk. For questions about data protection with respect to the operation of the website corporate.lidl.mk, please contact the company data protection officer of Lidl North Macedonia DOOEL at the aforementioned address to the attention of the data protection officer or at data.protection@lidl.mk.