Data Protection in the Parkside Application

(Version 4 dated 29-04-2024)

Thank you for using our Parkside tools and accessories (hereinafter "PS Tools") and the Parkside application (hereinafter the "PS App") and your interest in our Privacy Policy. We want you to feel comfortable and safe when you use our PS Tools and PS App, and to know that one of the things that sets us apart is our commitment to protecting our customers' data.

The following Privacy Policy is designed to inform you about the nature and scope of the processing of your personal data by Lidl Stiftung & Co. KG (also referred to in this policy as "Lidl", "we" and "us"). Personal data is information that could identify you directly or indirectly. The statutory basis for data protection is, in particular, the EU General Data Protection Regulation (GDPR).

1. Overview

Lidl processes data when our PS Tools and the PS App are used, and this processing can essentially be divided into five categories:

  • When you download our PS App, the required information is transmitted to the respective PS App store.
  • You need to register in the PS App in order to use the PS App and then connect to and control PS Tools. Certain information is required for registration.
  • Our PS App can be connected to PS Tools, and these PS Tools can then be used and controlled using the PS App. To process the data and provide the functions of the PS Tools, personal data is collected and processed in the PS App.
  • In order to enable various features, for example simple use of the feedback function, our PS App requires access to various functions on your mobile device.
  • When you use our PS App and PS Tools, various information is shared with our server by the device on which you are using the PS App and by the PS Tools. This may also involve personal data. The information collected in this way is used to:

2. Downloading our PS App in the Relevant App Store

When you download our App, personal data is automatically processed by the operators of the respective app stores (Apple App Store or Google Play).

We have no influence on, and bear no responsibility for, the collection of this data. You will find further information on the processing of this data in the relevant app store operator's privacy policy.


•    Google Play Store: https://policies.google.com/privacy?hl=en&gl=gb
•    Apple App Store: https://www.apple.com/legal/privacy/en-ww/

3.1 Purposes of the Processing/Legal Bases:

When you use our PS App, the following information will be sent – automatically and without any action on your part –

  • number of users and sessions;
  • session duration;
  • operating system;
  • device model;
  • region;
  • initial start-up;
  • app executions;
  • app updates;
  • in-app purchases;

to our server and stored temporarily in what is known as a log file for the following purposes:

  • to protect our systems;
  • for troubleshooting purposes; and
  • to prevent improper and/or fraudulent activity.

The legal basis for the processing of the IP address is point (f) of the first sentence of Article 6(1) GDPR. The purposes of data processing listed above constitute our legitimate interest.

3.2 Recipients/Categories of Recipient:

In the context of our cooperation with our processors for support with respect to the aforementioned purposes, your data is generally also processed on servers located in the USA. Please see clause 11 for more information on how we ensure the security of data transfers to recipients in a third country.

3.3 Storage Time/Criteria for Determining Storage Time:

Data will be stored for up to 26 months and automatically deleted thereafter.

4. Access to Functions on your Mobile Device

4.1 Purposes of the Processing/Legal Bases:

4.1.1 WLAN Connection Information

Our PS App uses the WLAN connection used by your mobile device in order to establish a connection with the Internet.

This constitutes processing as described in point (b) of the first sentence of Article 6(1) GDPR, because this data is required in order to provide the services requested by you.

4.1.2 Mobile Data

Our PS App uses the mobile data on your mobile device in order to establish a connection with the Internet.

This constitutes processing as described in point (b) of the first sentence of Article 6(1) GDPR, because this data is required in order to provide the services requested by you.

4.1.3 Bluetooth - Finding and Pairing with Nearby Devices

This permission is required in order to find and pair with nearby PS Bluetooth devices.

This constitutes processing as described in point (b) of the first sentence of Article 6(1) GDPR, because this data is required in order to provide the services requested by you.

4.1.4 Other Device Functions/Sensors

Granting our App access to other functions on your mobile device allows the PS App to, in particular, retrieve data from the Internet and process error messages. It also allows our PS App to run on start-up and enables sleep mode to be disabled.

This constitutes processing as described in point (b) of the first sentence of Article 6(1) GDPR, because this data is required in order to provide the services requested by you.

4.2 Recipients/Categories of Recipient:

We use service providers to process your data. These service providers provide us with storage capacity, database systems or the like, and technical support. All of our processors are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR.

4.3 Storage Time/Criteria for Determining Storage Time:

Access to the data referred to in clause 4 is immediately blocked when the PS App is uninstalled.

5. Registration in our PS App

5.1 Purposes of the Processing/Legal Bases:

To be able to use the functions of our PS App, you must first register and create a user account.

The following data is always collected or created by you during the registration process:

  • e-mail address;
  • a user ID assigned by us;
  • country code; and
  • a password created by you in accordance with technical requirements (encrypted).

To ensure that no mistakes are made when entering the e-mail address, we use the "double opt-in" procedure: once you enter your e-mail address in the registration field, we will send a code to this e-mail address. Your registration will only be complete once you have entered this code in the PS App.

The following data is also stored at the time of registration:

  • IP address;
  • user's time zone; and
  • date and time of registration.

We process your registration data so we can verify your identity when you log in and follow up on requests to reset your password. We process the other data entered by you during the registration process or when logging in so that we can:

  • verify that you have permission to manage the user account;
  • ensure compliance with the PS App Terms of Use and exercise and perform all associated rights and obligations; and
  • contact you, for example to send you technical or legal information, updates, security notifications or other messages relating to the management of your user account.

If you have entered personal data in our PS App during the registration process, we process this data on the basis of point (b) of the first sentence of Article 6(1) GDPR, because this data is required for the performance of the contract governing use of the PS App (the Terms of Use).

We use service providers to process your data. These service providers provide us with storage capacity, database systems or the like, and technical support. All of our processors are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR.

Please see clause 11 for more information on how we ensure the security of data transfers to recipients in a third country.

5.3 Storage Time/Criteria for Determining Storage Time:

Log files are anonymized after one year.

After your personal data has been anonymized, it can no longer be used to identify you.

6. Connecting the PS App to PS Tools

Additional personal data is collected if you connect our PS App to PS Tools of your choosing.

6.1 Purposes of the Processing/Legal Bases:

We then process additional personal data via our PS App depending on what data is necessary for the specific functions of the relevant PS Tool and your chosen configuration. This data may particularly include the following categories of data:

•    Tool Data

DescriptionPurpose of data processingJustification
Information about PS Tools that have been activated, factory information for active tools, information on current versions on the tools and master product data Product identification Point (b) of the first sentence of Article 6(1) GDPR. The data is required in order to provide the services requested by you in accordance with the Terms of Use.


•    Configuration Data

DescriptionPurpose of data processingJustification
Information about tool classification, tool activation times and information about user-defined actions and automated processes.Required in order to provide the necessary functions, where available, as selected by the user.Point (b) of the first sentence of Article 6(1) GDPR. The data is required in order to provide the services requested by you in accordance with the Terms of Use.


•    User Data

DescriptionPurpose of data processingJustification

User profile information such as user name and time zone and consents given by the user.

Required in order to provide the services selected by you.Points (a) and (b) of the first sentence of Article 6(1) GDPR. The data is required in order to provide the services requested by you in accordance with the Terms of Use or on the basis of your consent.


•    Device Log Files

DescriptionPurpose of data processingJustification
Information relating to device log filesRequired in order to provide the necessary functions.Point (b) of the first sentence of Article 6(1) GDPR. The data is required in order to provide the services requested by you in accordance with the Terms of Use.


•    Automation Data

DescriptionPurpose of data processingJustification
Information about the conditions, default settings and actions selected by the user. Required in order to provide the necessary functions.Point (b) of the first sentence of Article 6(1) GDPR. The data is required in order to provide the services requested by you in accordance with the Terms of Use.


•    Linking Data

DescriptionPurpose of data processingJustification
Information to link the various categories of dataRequired in order to provide the functions.Point (b) of the first sentence of Article 6(1) GDPR. The data is required in order to provide the services requested by you in accordance with the Terms of Use.

 

You will be notified of the available functions when you connect and configure the PS Tools supported by the PS App.

We do not use the aforementioned data to analyze usage, which means we are unable to determine your behavior or your location. We process the data only after you have requested the services.

We use service providers to process your data. These service providers provide us with storage capacity, database systems or the like, and technical support. All of our processors are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR.

In the context of our cooperation with our processors for support with respect to the aforementioned purposes, your data is generally also processed on servers located in China. Please see clause 11 for more information on how we ensure the security of data transfers to recipients in a third country.

6.3 Storage Time/Criteria for Determining Storage Time:

You can manage your PS Tool data in our PS App and delete it if needed.

Log files are anonymized after one year.

Your data is anonymized from the time of deletion.

After your personal data has been anonymized, it can no longer be used to identify you.

If you disconnect a PS Tool in your PS App, your data relating to that PS Tool will be deleted within seven days of disconnecting from the PS App.

7. Analysis of Usage Data and Expansion of Product Range

7.1 Purposes of the Processing/Legal Bases:

If you have given us your consent (using the slide bar and settings in the PS App), we will analyze your use of the PS App, the PS Tools and, where applicable, other devices used by you in order to upgrade our existing products and develop new products, and to understand which products are in demand at what times and where (expansion of product range and planning). We also wish to develop general recommendations for all of our customers or specific groups of customers regarding useful and popular add-ons.

We therefore analyze registered tools to draw conclusions about the popularity of products. We also like to compare the number, type and volume of tools actually used with the tools sold. For this purpose, we particularly process general tool data.

This constitutes processing as described in point (a) of the first sentence of Article 6(1) GDPR on the basis of your express consent. . Your data will no longer be processed from that time on. However, previously analyzed data will continue to be used, because it will only remain available in anonymous form.

If you have given consent for data processing on one or more occasion, we store this collated data and the fact that you have given your consent. In this way we meet our statutory duty to demonstrate the lawfulness of the data processing based on consent (point (c) of the first sentence of Article 6(1), Article 5(2) GDPR). If you do not give your consent, we store information to the effect that you have not consented to data processing.

7.2 Recipients/Categories of Recipient:

In connection with the aforementioned processing, your data will also be processed on our behalf by processors in the IT sector. Such processors are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR.

In the context of our cooperation with our processors in the IT sector with respect to the aforementioned purposes, your data is generally also processed on servers located in China. Please see clause 11 for more information on how we ensure the security of data transfers to recipients in a third country.

7.3 Storage Time/Criteria for Determining Storage Time:

Log files are anonymized after one year.

All other data is stored until you initiate the deletion of your data in the PS App or you exercise your right to have your data erased (see clause 12). Your data is anonymized from the time of deletion.

After your personal data has been anonymized, it can no longer be used to identify you.

8. Device Safety and Troubleshooting

8.1

We process technical device data to ensure the operation of the PS Tools regardless of generation and to enable compatibility with future functions. This is intended to ensure and allow us to monitor whether the PS App is compatible with the connected PS Tools and the PS Tools are fully functional without version-related compatibility issues. The processing of data for these purposes may also include other data, such as user data and device log files.

In order to be able to ensure the functionality of the PS App and PS Tools you use, this constitutes processing as described in point (b) of the first sentence of Article 6(1) GDPR, because this data is required in order to provide the services requested by you.

8.2 Recipients/Categories of Recipient:

In connection with the aforementioned processing, your data will also be processed on our behalf by processors in the IT sector. Such processors are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR.

In the context of our cooperation with our processors in the IT sector with respect to the aforementioned purposes, your data is generally also processed on servers located in China. Please see clause 11 for more information on how we ensure the security of data transfers to recipients in a third country.

8.3 Storage Time/Criteria for Determining Storage Time:

Log files are anonymized after one year.

All other data is stored until you initiate the deletion of your data in the PS App or you exercise your right to have your data erased (see clause 12). Your data is anonymized from the time of deletion.

After your personal data has been anonymized, it can no longer be used to identify you.

Where possible, this data is analyzed in pseudonymized or anonymized form. After your personal data has been anonymized, it can no longer be used to identify you. We otherwise store the data for five years to ensure the tools remain compatible for an extended period.

9. Making Contact

Purposes of the Processing/Legal Bases:

We naturally treat as confidential all personal data you send to us through the PS App in order to exercise your rights as the data subject (particularly your right of access and erasure, see clause 12). We use your data solely for the limited purpose of processing your inquiry.

If you contact us by e-mail, telephone or by submitting the contact form, we will connect you with Lidl's Customer Service, or your matter will be referred to Lidl's Customer Service. To do this we will send the telephone number you used or the data provided in the contact form so it can be forwarded to Customer Service.

The legal basis for the data processing is point (f) or point (b) of the first sentence of Article 6(1)GDPR. Our shared (legitimate) interest in this data processing arises from the objective of answering any inquiries and resolving any issues you may have and thus ensuring and improving your level of satisfaction as a customer or other user of our PS App.

Recipients/Categories of Recipient:

As a rule, we do not transfer the data to third parties. In exceptional cases, we will have a processor, e.g., from the IT sector, process the data on our behalf. Such processors are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR.

If you call and wish to be connected to Customer Service, Customer Service will receive your telephone number. If you use our contact form, Customer Service will receive the data you entered in the form.

Information on how Lidl processes your data is available here:


•    Lidl: https://www.lidl.co.uk/c/customer-privacy-notice/s10022952 
 

Storage Time/Criteria for Determining Storage Time:

We usually delete or anonymize all personal data we receive from you when you make inquiries (positive/negative comments or suggestions) by e-mail or through the contact form no later than 95 days after the final response is sent. Based on experience, we generally do not receive any questions concerning our responses after 95 days.

 

10. Other Functions

If you select special offers through our PS App that are, for example, described in greater detail on the Parkside website or the LIDL Homepage , you will be redirected through the in-app browser to the relevant sub-pages of our websites www.parkside-diy.com, Food, Non-food, Wine and Recipes | Lidl GB, or the partner website located there. Our PS App offering and the online content you can access through the in-app browser may also contain links to other websites.

If you access websites (or click on links) via the in-app browser, your personal data will be processed by these websites in derogation from this Privacy Policy. This Privacy Policy applies solely to our PS App. Please note the privacy policies of the linked websites. We do not assume liability for third-party content that is provided via links and is clearly designated as such; neither do we claim this content as our own. The service provider of the website to which you are redirected holds sole liability for illegal, incorrect or incomplete content and for damage arising due to the use or non-use of the information.

11. Data Transfers to Recipients in a Third Country

If we transfer data to recipients in a third country (located outside of the European Economic Area), this will be evident in the information on data transfers to recipients in a third country in the description of the respective data processing. We have agreed to  the European Commission's standard contractual clauses on the protection of personal data with all recipients in third countries, unless the receiving country has already been recognized by the EU as providing an adequate level of data protection. For further information, please contact our data protection officer (clause 14).

12. Your Rights as the Data Subject

12.1        General

In addition to the right to withdraw any consent you have granted to us, you have the following additional rights provided the respective statutory conditions are met:

  • right of access to your personal data stored with us pursuant to Article 15 GDPR;
  • right to rectification of inaccurate personal data and the right to have incomplete personal data completed pursuant to Article 16 GDPR;
  • right to erasure of your personal data stored with us pursuant to Article 17 GDPR;
  • right to a restriction of processing of your data pursuant to Article 18 GDPR;
  • right to data portability pursuant to Article 20 GDPR; and
  • right to object pursuant to Article 21 GDPR.

12.2 Right of Access pursuant to Article 15 GDPR

Pursuant to Article 15(1) of the GDPR, you have the right to request information, free of charge, on the personal data stored about you by us. This particularly includes:

  • the purposes for which personal data is being processed;
  • the categories of personal data that are being processed;
  • the recipients or categories of recipient to whom personal data concerning you has been or will be disclosed;
  • the planned duration of the storage of the personal data concerning you or, if it is not possible to give any specific details, the criteria used to determine the storage duration;
  • the existence of a right to rectification or erasure of the personal data concerning you, a right to request from the controller that processing be restricted or a right to object to this processing;
  • the right to lodge a complaint with a supervisory authority;
  • all available information regarding the origin of the data if the personal data is not being collected from you;
  • the existence of any automated decision-making processes including profiling pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information regarding the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

If personal data is transferred to a third country or an international organization, you have the right to be notified about appropriate safeguards pursuant Article 46 GDPR in connection with the transfer.

12.3 Right to Rectification pursuant to Article 16 GDPR

You have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

12.4 Right to Erasure pursuant to Article 17 GDPR

You have the right to require us to erase any personal data concerning you without undue delay where one of the following grounds applies:

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • you withdraw your consent on which the processing pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR was based and there is no other legal ground for the processing;
  • you object to the processing pursuant to Article 21(1) or (2) GDPR, and in the case of Article 21(1) GDPR there are no overriding legitimate grounds for the processing;
  • the personal data was unlawfully processed;
  • the erasure of personal data is necessary in order to comply with a legal obligation;
  • the personal data was collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Where we have made the personal data public and are obliged to erase it, taking account of available technology and the cost of implementation we will take reasonable steps to inform any third parties processing your data of the fact that you have requested the erasure by such third parties of any links to, or copies or replications of, such personal data.

12.5 Right to Restriction of Processing pursuant to Article 18 GDPR

You have the right to require us to restrict the processing where one of the following applies:

  • you contest the accuracy of the personal data;
  • the processing is unlawful and you request the restriction of the use of the personal data rather than its erasure;
  • the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims; or
  • you have objected to the processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.

12.6 Right to Data Portability pursuant to Article 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller without hindrance by us, where:

  • the processing is based on consent pursuant to point (a) of the first sentence of Article 6(1) or Article 9(2)(a) or on a contract pursuant to point (b) of the first sentence of Article 6(1) GDPR; and
  • the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller where technically feasible.

12.7 Right to Object pursuant to Article 21 GDPR

Provided the requirements of Article 21(1) GDPR are met, you may object to the data processing on grounds relating to your particular situation.

The aforementioned general right to object applies to all purposes of processing set out in this Privacy Policy where the processing occurs on the basis of Article 6(1)(f) GDPR. In contrast to the specific right to object regarding data processing for promotional purposes, we are only obliged to action such general right to object if you cite grounds of overriding importance, e.g., a possible risk to life or health. In addition you have the option to contact the supervisory authority responsible for Lidl Stiftung & Co. KG or the data protection officer of Lidl Stiftung & Co. KG.

12.8 Right to Complain to the Data Protection Supervisory Authority

You also have a right to lodge a complaint with the competent data protection supervisory authority at any time. In order to do this you can contact the data protection supervisory authority of the German Land where you have your place of residence or the authority of the Land of Baden-Württemberg as the Land where Lidl Stiftung & Co. KG is headquartered.

13. Contact Person

Points of Contact in the Event of Questions or in order to Exercise your Rights as a Data Subject:

If you have any questions regarding the PS App or in order to exercise your rights as the data subject in connection with the processing of your data, please contact our Customer Service:

•    Germany: datenschutz@parkside-diy.com
•    Spain: protecciondedatos@parkside-diy.com
•    Czech Republic: ochranaosobnichudaju@parkside-diy.com
•    Poland: ochronadanychosobowych@parkside-diy.com 
•    Slovakia: ochranaosobnychudajov@parkside-diy.com
•    Belgium/Luxembourg: privacy@parkside-diy.com
•    Netherlands: gegevensbescherming@parkside-diy.com
•    France: protectiondesdonnees@parkside-diy.com 
•    Slovenia: varstvopodatkov@parkside-diy.com  
•    Hungary: adatvedelem@parkside-diy.com
•    Northern Ireland/Ireland: dataprotection@parkside-diy.com 
•    Austria: Datenschutz_aut@parkside-diy.com 
•    Lithuania: privatumas@parkside-diy.com 
•    Croatia: zastitapodataka@parkside-diy.com  
•    Greece: prosopikadedomena@parkside-diy.com  
•    Cyprus: dataprotection_cy@parkside-diy.com 
•    Finland: tietosuoja@parkside-diy.com 
•    Italy/Malta: Personaldata@parkside-diy.com  
•    United Kingdom: Privacy_gb@parkside-diy.com  
•    Portugal: privacidade@parkside-diy.com 
•    Sweden: dataskydd@parkside-diy.com 
•    Switzerland: datenschutz_ch@parkside-diy.com 
•    Bulgaria: Privacy_bg@parkside-diy.com 
•    Romania: protectiadatelor@parkside-diy.com  
•    Serbia: privatnost@parkside-diy.com  
•    Estonia: andmekaitse@parkside-diy.com  
•    Latvia: datuaizsardziba@parkside-diy.com 

Should you have any further questions regarding the processing of your data, please contact the company data protection officer of Lidl (see clause 14).


14. Name and Contact Details of the Controller and Contact Details of the Company's Data Protection Officer

These data protection provisions apply to the processing of data by Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany ("Controller") and the PS App. The company data protection officer of Lidl Stiftung & Co. KG can be contacted at the aforementioned address for the attention of the data protection officer, or at the e-mail addresses listed in clause 13.