Data Protection on Owl Communication Platform

(As of 07.03.2024)

The following privacy notices inform you about the type and extent of the processing of your personal data in the context of your use of the Owl Communication Platform. Personal data is information that can be directly or indirectly attributed to or associated with you. The legal basis for data protection is primarily the General Data Protection Regulation (GDPR).

1. Accessing the Website

Purposes of data processing/ Legal bases:

the date and time of access,
the name and URL of the retrieved file,
the browser language set and
the browser you are using and, if applicable, the operating system of your internet-capable computer

are sent to the server of our website and temporarily stored in a so-called log file for the following purposes:

Ensuring a smooth connection setup,
Ensuring comfortable use of our website/ application, and
Evaluating system security and stability.

The legal basis for processing the IP address is Article 6 (1) (f) GDPR. Our legitimate interest lies in the purposes of data processing listed above.

Recipient/ Categories of recipients:

Your data will also be processed by processors in the field of IT hosting and for operating and developing the website on our behalf in the context of the above data processing. They are carefully selected, audited by us, and contractually obligated according to Article 28 GDPR.

Storage duration/ Criteria for determining the storage duration:

The data will be stored for a period of 7 days and then automatically deleted.

2. Registration to Your User Account

Purposes of data processing/ Legal bases:

To use our platform, you need to register. You will receive access to the platform via email. After you have registered with your email address and password, logging in on the platform is possible.

The access data are exclusively intended for use by the respective authorized user and must be protected from being known by third parties with adequate precautions. Should there be indications of misuse of your account, you must notify us immediately. You are liable for the consequences of unauthorized third-party use, as far as you are responsible for it or the lack of its prevention.

In the course of the registration process, the following data are collected:

Title with first and last name,
Email address,
Name of your own company, and

The data you provide during the registration process must be factually correct. Third-party data may not be used. Should these data change subsequently, you must notify us.

The legal basis for storing your data is Article 6 (1) (b) GDPR, i.e., we process your data as part of contract initiation or contract execution.

Recipient/ Categories of recipients:

Your data will also be processed by processors for operating and developing the website. They are carefully selected, audited by us, and contractually obligated according to Article 28 GDPR.

Storage duration/ Criteria for determining the storage duration:

If you initiate the deletion of the user account, your data will be deleted accordingly. At the latest after withdrawal of your user authorization, for example, if you leave the business partner company, your data will be deleted.

3. Use of the Owl Communication Platform

Purposes of data processing/ Legal bases:

We exclusively use your data for the purpose of processing your request. Please enter only the personal data necessary to answer your request when contacting us.

In this context, the following data are processed in our system:

Username (usually first name, last name)
Phone number
Email address
Name of your own company.

The legal basis for data processing is Article 6 (1) (b) GDPR, i.e., we process your data as part of contract initiation or execution, or Article 6 (1) (f) GDPR. Our and your mutual (legitimate) interest in this data processing arises from the goal of answering your inquiries, possibly solving existing problems, and thus promoting cooperation with you.

Recipient/ Categories of recipients:

Your data will also be processed by processors for operating and developing the platform. They are carefully selected, audited by us, and contractually obligated according to Article 28 GDPR.

Storage duration/ Criteria for determining the storage duration:

All personal information that you provide to us in the context of inquiries via the Owl Communication Platform will be deleted or anonymized by us no later than 90 days after the final response has been given.

4. Cookies

Purposes of data processing/ Legal bases:

We, Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm are responsible for data processing in connection with the use of so-called Cookies and other similar technologies for processing usage data on the Owl Communication Platform.

Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware. The cookie stores information resulting in connection with the specific end device used. However, this does not mean that we immediately become aware of your identity.

The use of cookies and other technologies for processing usage data serves - depending on the category of the cookie or other technology - the following purposes:

Technically necessary: These are cookies and similar methods without which you cannot use our services (e.g., for the correct display of our website/ the functions you want, etc.).

An overview of information on the cookies and other techniques used along with their processing purposes, storage durations, and any third parties involved can be found below.

Depending on the purpose of use, the following types of personal data are processed in the context of the use of cookies and similar techniques for processing usage data:

Technically necessary:

User inputs to retain inputs across multiple sub-pages.
Authentication data to identify a user after logging in, to provide access to authorized content on subsequent visits.
Security-relevant events (e.g., detection of numerous failed login attempts).

The legal basis for the use of technically necessary cookies is Article 6 (1) (b) GDPR, i.e., we process your data for the provision of our services as part of contract initiation or contract execution.

Recipient/ Categories of recipients:

Your data will also be processed by processors for operating and developing the website on our behalf in the context of the above data processing. They are carefully selected, audited by us, and contractually obligated according to Article 28 GDPR.

Storage duration/ Criteria for determining the storage duration:

The storage duration for cookies can be found in our cookie policies below.

5. Your Rights as Data Subject

Overview

In addition to the right to revoke your consents given to us, you have the following further rights if the respective legal requirements are met:

Right to information about your personal data stored by us according to Article 15 GDPR,
Right to correction of incorrect or completion of incomplete data according to Article 16 GDPR,
Right to deletion of your data stored with us according to Article 17 GDPR,
Right to restriction of processing of your data according to Article 18 GDPR,
Right to data portability according to Article 20 GDPR,
Right to object according to Article 21 GDPR.

Right to information according to Article 15 GDPR

You have the right, according to Article 15 (1) GDPR, to request information free of charge about the personal data stored about you. This includes in particular:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage duration;
the existence of a right to correction or deletion of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
the existence of a right of appeal to a supervisory authority;
all available information on the origin of the data if the personal data are not collected from the data subject;
the existence of automated decision-making including profiling according to Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved as well as the scope and intended effects of such processing for the data subject.

If personal data are transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards according to Article 46 GDPR in connection with the transfer.

Right to correction according to Article 16 GDPR

You have the right to demand immediate correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request completion of incomplete personal data – also by means of a supplementary statement.

Right to deletion according to Article 17 GDPR

You have the right to demand that personal data concerning you be deleted immediately if one of the following reasons applies:

the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
you revoke your consent on which the processing was based according to Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing;
you object to the processing according to Article 21 (1) or (2) GDPR, and in the case of Article 21 (1) GDPR, there are no overriding legitimate reasons for the processing;
the personal data have been processed unlawfully;
the deletion of personal data is necessary to fulfil a legal obligation;
the personal data were collected in relation to the offer of information society services according to Article 8 (1) GDPR.

If we have made the personal data public and are obliged to delete them, we take appropriate measures, taking into account the available technology and the implementation costs, to inform third parties processing your data that you have also requested the deletion of all links to these personal data or of copies or replications of these personal data.

Right to restriction of processing according to Article 18 GDPR

You have the right to demand restriction of processing if one of the following conditions is met:

the accuracy of the personal data is contested by you;
the processing is unlawful, and you oppose the deletion of the personal data and request the restriction of their use instead;
the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims or
you have objected to processing pursuant to Article 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Right to data portability according to Article 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format, and you have the right to transmit these data to another controller without hindrance from us, provided that

the processing is based on consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) or on a contract pursuant to Article 6 (1) (b) GDPR and
the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.

Right to object according to Article 21 GDPR

Under the conditions of Article 21 (1) GDPR, data processing may be objected to for reasons arising from your particular situation.

The above-mentioned general right of objection applies to all processing purposes described in these data protection provisions that are processed on the basis of Article 6 (1) (f) GDPR. Unlike the special right of objection directed at data processing for advertising purposes, according to the GDPR, we are only obliged to implement such a general objection if you present us with reasons of overriding importance, e.g., a possible risk to life or health.

Right to complain to the data protection supervisory authority according to Article 77 GDPR

In addition, you have the right to complain to the competent data protection supervisory authority at any time. For this purpose, you can contact the data protection supervisory authority of the federal state in which you reside or the authority of the federal state in which the controller is based.

6. Name and contact details of the controller and contact details of the company data protection officer

These data protection provisions apply to data processing by Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm (“controller”) and for the Owl Communication Platform. The controller can be reached at datenschutz@lidl.com. The company data protection officer of Lidl Stiftung & Co. KG can be reached at the above address, attn. Data Protection Officer, for questions regarding data protection in the context of operating the Owl Communication Platform or for exercising your rights.

Cookie Policies

Technically necessary

Name	Description	Lifespan
__RequestVerificationToken	Used by the antiforgery system.	Session
.AspNet.ApplicationCookie	Used to identify user sessions. A user session begins when a user first browses the portal. And ends when the session is closed.	Session
adxPreviewUnpublishedEntities	Stores the preview ON/OFF mode used in the classic CMS system for portal administrators.	Session
adx-notification	Used in basic form actions to store warning messages that should be displayed on redirection.	Session
ARRAffinity	Automatically added by Azure websites and ensures that requests are load-balanced across different sites.	Session
ASP.NET_SessionId	Used to maintain a logged-in user's session.	Session
ContextLanguageCode	Stores the default language of the user accessing the portal.	Session
Dynamics365PortalAnalytics	Critical service cookie for anonymous analysis of service usage.	90 days
iisDSTObserved	Stores a value indicating whether the current moment is in daylight saving time.	Session
isDSTSupport	Indicates whether a specific date and time fall into the daylight saving time range.	Session
timeZoneCode	Stores the timezonecode field value of the CRM Timezone Definition table for the current timezone.	Session
timezoneoffset	Stores the time zone difference between UTC and the local browser time.	Session