Data Protection & Privacy Statement

Data Protection at Lidl & Kaufland Asia Pte. Limited

(Version 4 last updated 15.05.2026)

Privacy Policy Statement

Lidl & Kaufland Asia Pte. Limited (“Lidl”, or the “Company”) has its principal place of business in Singapore and a branch office in Hong Kong. The Personal Data Protection Act (“PDPA”) in Singapore and the Personal Data (Privacy) Ordinance (“PDPO”) in Hong Kong serve as the legal basis for our processing of your personal data.

This Privacy Policy Statement (the “Privacy Policy”) informs you about our data protection practices and the type and scope of processing (“processing” includes the collection, use, disclosure and transfer) of your personal data conducted by us. Personal data is information that can be assigned directly or indirectly to an identified or identifiable natural person, as defined under applicable data protection laws.

You consent and agree to the data collection and processing described in this Privacy Policy by visiting, accessing, and/or using our websites, portals, applications or digital platforms (together, the “Websites”). Your use of the Websites is voluntary.

This Privacy Policy may change from time to time and your continued use of our Websites is deemed to be acceptance of those changes.

Scope of Privacy Policy

This Privacy Policy applies to Lidl & Kaufland Asia Pte. Limited and any of its affiliates within the Lidl Group in Asia, which may exist from time to time.

This Privacy Policy applies when your personal data is collected by us, such as when you contact us or respond to our requests, enter into commercial discussions and/or transactions with us, visit our Websites or premises, apply for jobs or otherwise share information with us at your own accord. This Privacy Policy also applies to personal data in our possession or under our control, including personal data in the possession of our affiliates within the Lidl Group in Asia and service providers which we have engaged to process personal data on our behalf.

Personal data that you provide us with is treated confidentially. We use your data solely for the Purposes (as defined below). In order to do so, we may use and transfer data that you have provided to us to our affiliates or service providers for those Purposes.

We will not retain your personal data for longer than is necessary to fulfil the purpose for which you have provided your personal data to us, for our business purposes, or to satisfy such other legal or statutory requirements which we need to comply with.

You may write to our data protection officer using the contact details provided below to enquire about this Privacy Policy and our data protection practices.

1. Collection of personal data

We collect personal data about you from various sources, directly and indirectly:

1.1 Information you provide to us
1.2 Information we collect about you automatically
We may automatically collect personal data when you access our websites, mobile apps or other digital platforms. For example:
technical data from your device (e.g. IP address, browser type, time zone setting, location data, and browsing activity)
data collected through cookies or similar technologies when you use our websites, mobile apps or other digital platforms.
For more information about your personal data we collect automatically when you visit our website at www.lidl.asia, please refer to the website data section below.
1.3 Information we receive from other sources

We may also collect personal data provided by third parties who we hire to work on our behalf. For example, service providers supporting our IT systems, background check service providers, KYC service providers, or audit/inspection service providers. Please note we are not responsible for the privacy or security practices of such third parties, and you should consult their privacy policies and contact them directly with any questions about your personal data.

2. Types of personal data we may process

The type of personal data we collect about you depends on the nature of your interactions with us and the purposes of such interactions. Such personal data may include the following:

2.1 Contact Information and Identifiers:
your name;
your contact information such as your telephone number, email address and mailing address;
personal data required to assess your suitability as a business partner or an employee;
personal data required to perform contractual obligations between us;
other personal data you voluntarily provide to us.
2.2 Demographic Information:
age range, birth date;
general location;
gender;
profession or employment related information;
educational background and information;
Social media information;
income bracket or similar information;
home ownership.
2.3 Professional or Employment Related Information
2.4 Internet and Network Activity Information

3. Use of personal data and purpose of processing

We process your personal data when it is necessary for our business purposes (as specified below) or to meet the purposes for which you have submitted the information to us.

Your personal data may be used for one or more of the following purposes ("Purposes"):

communicating with you or other employees in your company;
verifying your identity;
performing contractual obligations between us;
assessing your suitability as an employee, a contractor or a business partner;
handling and responding to your inquiries, suggestions or complaints;
conducting analysis, interviews or surveys to help us better understand our business partners and to improve our operations, services and products;
operating (including allowing access) the Websites, by us and our third-party service providers;
facilitating website access and compiling aggregate statistics on website usage;
conducting evaluations and audit, and follow-ups on evaluations including investigation of compliance violation cases and the corresponding remedial actions where applicable or required;
managing the Company’s business accounts and records; onboarding due diligence and maintaining the Company’s business partnerships; registrations of business partners, fulfilment of the Company’s contractual obligations, onsite visits in the course of business; administering our relationship as applicable;
complying with applicable laws and contract-related requirements and implementation under those requirements, such as to administer technical, quality, safety checks and review to inspect and qualify our business partners for performing work in accordance with applicable quality standards, laws and contractual terms;
assessing compliance risk of business partners, monitoring and ensuring compliance of the Company’s business partners with our applicable internal policies and procedures, contractual, legal and regulatory requirements including investigations of identified compliance violation cases, and derivation of remediation plans, to see whether our business partners have breached legal and/or contractual obligations owed to the Company, and to exercise the Company’s contractual rights where applicable;
communicating within the Company and its intra- group companies within the Schwarz Group, and/or affiliated third parties (such as existing or potential business partners, sub-contractors, third party service providers, counterparties, customers, end-customers or government officials);
managing the Company’s operational risk (such as security and fraud preventions), improving the Company’s operational efficiency and complying with corporate financial responsibilities, including invoicing and payment for products and services; audit requirements (both internal and external) and conducting analysis; research and control;
responding to and complying with requests and legal demands from regulators or other authorities in or outside of Singapore or Hong Kong;
supporting any rights, claim or defence that the Company and group companies within Schwarz Group could face in any legal proceedings before any jurisdictional, and/or administrative authority, arbitration or mediation panel; resolving any disputes; enforcing any of the Company’s agreements; and to cooperate with – or to inform – law enforcement or regulatory authorities to the extent required by law; and
performing other functions and activities incidental to and/or in connection with any direct purposes stated above; and any other legitimate purposes as permitted by applicable laws (e.g., for protection of vital interest of others, and processing information where you have already publicly disclosed within a reasonable scope); as otherwise stated at or about the time your personal data is collected from you with your separate consent.

We only collect, use, and share your personal data where it is appropriate and permitted under applicable laws. In some cases, we may ask for your permission to collect or use your data—for example, when you sign up for marketing updates and use non-essential cookies on our website. Where we rely on your consent, you may withdraw your consent at any time.

We will not process your personal data (including providing your personal data to third parties) for direct marketing purposes without your explicit and prescribed consent in accordance with the stringent requirements of the PDPO and PDPA. If we intend to use your data for direct marketing, we will provide you with a separate notification outlining the specific types of data to be used, the classes of marketing subjects, and an option to opt-out.

4. Disclosure and sharing of personal data

The Company may share your personal data with third parties in the following circumstances:

4.1 Share your personal data with the Company's affiliates
4.2 Share with third parties
In order to carry out certain business partner management activities or internal control tasks, the Company may share some of your personal data with our service providers, and ask them to process specific information according to our instructions, subject to appropriate obligations of confidentiality and security measures, and the provisions of this Privacy Policy, for the following purposes:
Procuring goods and services from the Company’s business partner;
Achieving the Purposes described in this Privacy Policy; and
Fulfilling our obligations or exercising our rights stipulated under this Privacy Policy.
In addition, we may also share your personal data with other entities as required under applicable laws or in the event of a sale or transfer of our business and/or assets.
4.3 Share as required by laws and regulations, government authorities and dispute resolution process

The Company may share your personal data as required by laws and regulations, litigation and dispute resolution orders, or according to the legal requirements of administrative, judicial and other government authorities. To be specific, this includes protecting and safeguarding the statutory rights, privacy and security of ourselves; responding to inquiries or requests from government, regulatory authorities, law enforcement authorities or public authorities; commencing, participating in or defending in the legal proceedings, or limiting the damages to be borne by us; abiding by the law, etc.
We are committed to ensuring that any third parties with whom we share your personal data apply comparable standards of data protection and confidentiality. Where personal data is transferred internationally, we implement appropriate safeguards in accordance with applicable data protection laws.

5. Cross-Border Data Transfer

The Company and its group companies within Schwarz Group operate a global business. The Company may transfer personal data that the Company processes about you to its affiliated companies in countries or regions outside of Singapore or Hong Kong.

Where we transfer your personal data outside of Singapore or Hong Kong, we will take appropriate steps to ascertain whether the foreign recipient is bound by legally enforceable obligations to ensure that your personal data receives a standard of protection that is at least comparable to that provided under the PDPA and the PDPO. The Company transfers your personal data to other countries or regions, the Company will protect such information as described in this Privacy Policy, as disclosed to you at the time of data collection or as described in our program-specific privacy notice (if any).

We implement appropriate safeguards to protect your personal data when it is transferred internationally in line with applicable data protection laws. These may include standard contractual clauses, binding corporate rules, or other lawful mechanisms.

6. Retention of personal data

We retain your personal data only for as long as it is necessary to fulfil the purposes for which it was collected, including to meet legal, regulatory, operational, and business requirements.

Where personal data is no longer required for these purposes, we will take appropriate steps to securely delete or irreversibly anonymize it. In cases where data is anonymized, it will no longer be associated with you and may be used for analytical, research, or business purposes. We regularly review the personal data we hold to ensure it is kept only for as long as necessary.

7. Your rights as a data subject in relation to this Privacy Policy

This section applies to all data processing under this Privacy Policy.

Right to access: You can request a copy of the personal data we hold about you, along with information about how we use it. We will respond to your access request within 30 calendar days (and in any event, no later than 40 calendar days as required under the PDPO).
Right to rectification/correction: If any of your personal data is inaccurate or incomplete, you can ask us to correct or update it.
Right to withdraw consent: If we rely on your consent to use your personal data, you can withdraw it at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent. Please note that if you withdraw your consent, depending on the nature of your request, we may not be in a position to continue to provide our services or products to you, administer any contractual relationship in place, or process your job application. This may result in the termination of any agreements with us.
Right to data portability: Where applicable under local law (such as the Singapore PDPA), you may have the right to ask us to provide your personal data in a commonly used format so that you can transfer it to another service provider.
Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority (such as the Personal Data Protection Commission in Singapore or the Office of the Privacy Commissioner for Personal Data in Hong Kong) if you believe that your data protection rights have been infringed.

If you would like to exercise your rights, please contact us using the details set out in this Privacy Policy. We may ask for additional information to verify your identity before facilitating the exercise of your rights. We reserve the right to charge a reasonable fee for complying with access requests where permitted by applicable law.

8. Personal data collected when accessing our website at www.lidl.asia

8.1 Overview
8.2 Accessing our website
Purposes of data processing/ legal bases:
When you visit our website, your device's browser will automatically and without any action on your part send the following data to the server of our website:
the IP address of the requesting internet-enabled device,
the date and time of access,
the name and URL of the retrieved file,
the website/ application from which the access was made (referrer URL),
the browser you are using and, if applicable, the operating system of your internet-enabled computer and
the name of your access provider
This data is temporarily saved in a so-called log file for the following purposes:
to ensure a smooth connection,
to ensure seamless use of our website/ application,
to evaluate system security and stability.
If you have consented to the so-called geolocation in your browser or in the operating system or other settings of your device, we will use this function to offer you individual services (e.g. the location of the closest job offer) based on your current location. We process your location data exclusively for this purpose.
Where applicable under local law (such as the Singapore PDPA), we rely on the legitimate interests exception to collect and process technical information, such as your IP address, without your explicit consent for the purposes of detecting and preventing fraud, ensuring network security, and protecting our websites from malicious activity.
Retention period/ criteria for determining the retention period:
The data is stored for a period of seven days and then automatically deleted. If you stop using our website, the geolocation data will be deleted.
8.3 Use of cookies and similar techniques to process usage data
Purposes of data processing/ legal bases:
Your consent includes the use of cookies and other technologies to process usage data on all (sub) domains at www.lidl.asia.
Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your device and do not contain any viruses, Trojans or other malware. Information relating to the specific device used is stored in the cookie. However, this does not mean that we gain immediate knowledge of your identity.
The use of cookies and other technologies for processing usage data serves the following purposes, depending on the category of the cookie or other technology:
Technically necessary: These are cookies and similar methods without which you cannot use our services (for example, to display our website correctly/ functions you want to use, to save your login in the login area).
Ease of use: With the help of this technology, we can take into account your actual or presumed preferences for easy use of our website. For example, your settings allow us to display our careers website in a language that works best for you. In addition, we avoid showing you options that may not be available in your region.
Statistics: allow us to compile pseudonymized statistics on the use of our services. This allows us to determine, for example, how we can adapt our website even better to suit the needs of the website users.
Marketing: This allows us to display advertising content that suits you based on the analysis of your usage behavior. Your usage behavior can also be tracked via different websites, browsers or devices using a user ID (unique identifier).
Here you can find an information overview of the cookies and other technologies used along with the respective processing purposes, retention periods and any third-party providers involved.
When using cookies and similar techniques for processing usage data, the following types of personal data are processed in particular depending on the purpose:
Technically necessary:
Consent to cookie preferences.
Ease of use:
Settings that serve to optimize the output of the cards.
Output of recently viewed jobs.
Output of saved jobs.
Statistics:
Pseudonymized user profiles with information about the use of our website. These include in particular:
Browser type/ version,
Operating system used,
Referrer URL (the previously visited page),
Host name of the accessing computer (IP address),
Time of the server request,
individual user ID and
Events triggered on the website (surfing behavior).
The IP address is regularly anonymized so that it cannot be traced back to you. No conclusions can be drawn about your person from the user ID itself.
Marketing:
Pseudonymized user profiles with information about the use of our website. These include in particular:
individual user ID;
potential product interests,
events triggered on the website (surfing behavior).

The IP addresses are regularly anonymized, so that no conclusions can be drawn about your person.

No conclusions can be drawn about your person from the user ID itself. We may share the user ID and the associated usage profiles with third parties via the providers of advertising networks.
You can withdraw/ adjust your consent at any time with effect for the future. Just click here and make your selection. By removing the corresponding checkmark, you simply and easily withdraw your consent for the respective processing purposes.
Recipients/ categories of recipients:
When processing data by means of cookies and similar techniques for processing usage data, we may use specialized service providers, in particular from the area of online marketing. These process your data on our behalf as contract processors, are carefully selected and contractually bound. All companies listed as providers in our Cookie Settings act as processors who provide data processing for us.
As part of our cooperation with Google LLC, the above-mentioned data is usually also processed on servers in the US for statistical and marketing purposes.
Retention period/ criteria for determining the retention period:
The retention period for cookies can be found in our Cookie Settings. If the information “persistent” is indicated in the “Lifespan” column, the cookie is stored permanently until the corresponding consent is withdrawn. The retention period of the session storage is limited to the respective session and ends when the browser is closed.
LinkedIn Pixel:
In addition to us, the joint controllers/users within the meaning of the applicable data protection law responsible for data processing in connection with marketing cookies (see cookies under the "Marketing" category in our Cookie Settings) LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (LinkedIn). As part of our cooperation with our partners on our website, we use their special technologies with your consent to record your browsing behavior so that we can tailor the ads of our customers to you on our website or platform. In connection with this, our partners may also compare the data collected on our website with the data in their own databases.
When exercising your rights as a data subject described below with regard to the data processing described in this paragraph, you can also contact either us or our aforementioned partners.
You can also find further information on the data processing and on exercising your rights as a data subject in the privacy policies of our respective partner: LinkedIn: https://www.linkedin.com/legal/privacy-policy.
8.4 Embedded content

YouTube Videos
We may have integrated YouTube videos into our online content, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", meaning that no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data be transferred. We have no influence on this data transfer.
Further information on the purpose and scope of data processing by YouTube, which also takes place on servers in the US, can be found in the privacy statements of the provider. There you will also find further information about your rights in this regard and setting options to protect your privacy. YouTube address and privacy policy: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; https://www.google.de/intl/de/policies/privacy/.
Bing Maps
We may use Bing Maps on our website. This enables us to display interactive maps directly on the website and allows you to conveniently use the map function to find job offers in your area.
We use Bing Maps for an appealing presentation of our online services and to easily find the locations indicated by us on the website.
By visiting our website, the provider of Bing Maps, Microsoft Corporation, receives the information that you have accessed the corresponding sub-page of our website. To use the functions of Bing Maps, it is necessary to process your IP address as part of Internet communication. This data is usually processed on a Microsoft server in the US.
We have no influence on the specific data processing by Bing Maps. Further information on the purpose and scope of data processing by Bing Maps can be found in the privacy statements of the provider. There you will also find further information about your rights in this regard and setting options to protect your privacy. Address and privacy policy of the provider of Bing Maps: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA.
Social Media Walls
Purposes of the Processing/Legal Bases:
In addition to the information you provide us directly via social network platforms ("platforms"), we also use "social walls" to present content shared by you on platforms relating to the Company. To that end, for instance, as part of individual marketing campaigns or prize draws, publicly available content from platforms that you have posted using a specific hashtag is displayed together on a wall integrated into our website.
Only those posts are processed which you have made freely available to the public (public posts).
The scope of the data collected relates to various content that has been publicly published on platforms (timestamps, post IDs, post texts, images, videos, links, comments, ratings) and is primarily determined by the type and content of the respective post. In addition, attachments and metadata (technical data on publications) of platform content can be shared, as well as corresponding user data (first and last name, user ID, profile URL, profile pictures, website URL).
Data is processed for the purpose of advertising the Company externally, realizing marketing campaigns or prize draws on specific occasions or relating to specific topics purposes.
We have only limited control over the processing of data by the operators of the platforms (the information shared by you). You will find further information on the processing of this data in the relevant operator's privacy policy. You can find a list of privacy policies of operators on whose platforms we use channels here.
Storage Time/Criteria for Determining Storage Time:
The content of the social media walls can be accessed on the respective website for as long as the respective wall is operated in the individual case and data processing is therefore necessary for the intended purpose. If you delete a post that is part of the wall from your own profile or this is no longer publicly visible, the respective post is also no longer part of the wall.

9. Data Processing for Job Applicants via our Recruitment Portal

While Lidl & Kaufland Asia Pte. Limited processes your personal data primarily in accordance with the PDPA (Singapore) and PDPO (Hong Kong) as outlined above, our job application process utilizes a centralized global recruitment portal. This portal is operated and managed by our affiliated company in Germany, Lidl Stiftung & Co. KG. Because the recruitment platform is hosted within the European Union, the processing of personal data submitted through our candidate portal engages the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

The following sections explain how your data is collected, used, and protected when you register for a candidate profile or apply for a position via this portal, and detail your specific rights under the GDPR regarding this processing.

9.1 Recruiting portal and creation of a candidate profile
In the following sections we will inform you about which data we process when you visit the recruiting portal (the page you are directed to after clicking the 'Apply' button) and register / create a candidate profile and / or directly apply for a position. The recruiting portal is managed by Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm, which is responsible for the processing of your data within the framework of the recruiting portal/ candidate profile. The General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) serve as the legal basis for data protection.
What data do we process in the candidate profile?
We process:
the data that you make available to us during registration in the recruiting portal;
this includes at least your e-mail address, password, first name, last name, country/ region of your place of residence;
any data you choose to disclose to us in your uploaded documents (such as CV, references, or cover letter) and data you add to your candidate profile or application.
The processing of your profile data takes place on the basis of the user contract for the recruiting portal according to Art. 6 (1) sentence 1 lit. b) GDPR.
Visibility options and inclusion in a talent pool
If on top of your actual application you are also interested in other suitable vacancies at Lidl Group companies, you can increase your chances of becoming part of #teamlidl by selecting that your candidate profile shall be visible either to all Lidl recruiters worldwide or to Lidl recruiters within your country of residence. These profile visibility options are available when you register/apply as well as under “Data Privacy Settings and Search Options” in your candidate profile on our recruiting portal.
You can choose from the following options for which your profile should be considered:
In addition, for other current and future suitable positions within the international Lidl Group and the potential inclusion in worldwide talent pool(s).
In addition, for other current and future suitable positions in my country of residence and the potential inclusion in talent pool(s) for my country of residence.
Exclusively for positions for which I am actively applying.
Based on your consent, Lidl recruiters worldwide (Option 1) or in your country of residence (Option 2) can view the following information from your candidate profile if your name comes up as a result of a portal-wide search:
First name, last name, candidate ID, e-mail address, telephone number, address, country of residence, selected profile visibility, candidate profile extension (fields that are additionally queried via a data capture form such as degree or earliest availability), assigned tags (keywords such as skills / special knowledge which recruiters can assign to a candidate and use in searches), comments from recruiters on the candidate profile, "application" documents on the profile, affiliation to talent pools (for private talent pools only the talent pools to which the respective recruiter has access will be listed), correspondences and e-mail campaigns sent from the recruiting portal, applications to Lidl
Based on your candidate profile information recruiters might contact you by e-mail and invite you to apply for a position matching your profile. You decide whether you want to apply.
Our recruiters not only look for suitable candidates for currently open positions via the candidate search but also use talent pools to keep special target groups on the radar and to stay connected to them. For example, they form regional talent pools from second-best candidates for positions that are filled more frequently or for specialist functions.
If you register for a talent pool, the data that you provide to us via your candidate profile will be processed based on your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR.
If you select the visibility option worldwide (1) or country of residence (2) and the possible inclusion in a talent pool, your data will also be processed based on Art. 6 (1) sentence 1 lit. a) GDPR.
Details of the profile visibility options
If you select the Option 1 “In addition, for other current and future suitable positions within the international Lidl Group and the potential inclusion in worldwide talent pool(s).”, you consent to your profile being visible to all recruiters of all Lidl national organizations and Regional Distribution Centers as well as Lidl Stiftung & Co. KG. Please refer https://careers.lidl/overview-companies for a list of all Lidl companies whose recruiters have access to your profile.
The selection of “worldwide consideration/visibility” of your candidate profile always entails that you can be added to any of our worldwide talent pools. Worldwide talent pool means that the recruiters who have access to the talent pool can reside outside of your country of residence. If recruiters with access to your candidate profile consider you a candidate worth keeping track of, they can add you to one or several of our worldwide talent pools based on your consent.
If you select the Option 2 “In addition, for other current and future suitable positions in my country of residence and the potential inclusion in talent pool(s) for my country of residence”, you consent to your profile being visible to all recruiters of the Lidl national organization and the associated Regional Distribution Centers in your country of residence.
The selection of “country of residence consideration/visibility” of your candidate profile allows recruiters in your country of residence to add you to any talent pool. Recruiters from outside of your country of residence can neither find your candidate profile via portal-wide searches nor add you to a talent pool.
If you go with Option 3 “Exclusively for positions for which I am actively applying.”, only recruiters in charge of positions for which you actively apply have access to your candidate profile. Your profile cannot be found via portal-wide searches and therefore can neither be added to a talent pool nor be considered for other positions matching your profile.
If you opt for the visibility options worldwide (1) or country of residence (2) and the potential inclusion in a talent pool your data is also processed on the basis of Art. 6 (1) sentence 1 lit. a) GDPR.
Withdrawal of consent
You can revoke your consent to the worldwide or country of residence visibility/consideration of your profile and for participation in the talent pools at any time with effect for the future. To do so, please change your visibility settings directly in your profile in “Data Privacy Settings and Search Options”. The legality of the processing that has already taken place up until the receipt of your withdrawal is not affected by this.
Please note that the change in visibility settings has the following effects:
Worldwide changed to country of residence (1 🡪 2): Only recruiters within your country of residence can find and access your profile and consider you for other suitable positions. If you had been part of a talent pool to which a recruiter from outside of your country of residence had access, this recruiter would no longer be able to access your profile data.
Worldwide or country of residence changed to positions for which I am actively applying (1 or 2 🡪 3): You can no longer be found through portal-wide searches. If you had been part of a talent pool, recruiters would no longer see your name and profile data when calling up the pool. You cannot be considered for other suitable positions.
Note: If data is transmitted to a Lidl company that is headquartered in non-EU/ non-EEA countries ("third countries"), the data protection level in this third country may be lower compared to that in the EU/ EEA, which may mean that the rights of data subjects may not be enforced at all or not in the same way. If we transfer personal data to data recipients outside the EU/ EEA, the transfer will only take place if an adequate level of data protection in the third country has been confirmed by the EU Commission, an appropriate level of data protection has been agreed with the data recipient (e.g. by means of EU standard contractual clauses) or you have given us your express consent.
Registering for a talent pool via data capture forms
When visiting a career fair or after being approached and interviewed by an active sourcer, you have in some countries the opportunity to register in the recruiting portal via a data capture form without having to apply for a specific position, but with the aim to be included in a talent pool and considered for future vacancies that suit your qualifications.
Your data is automatically used to create a candidate profile in the background. In this context, we would like to give you the opportunity to be taken into account for suitable positions in all Lidl companies worldwide. This is why your candidate profile is automatically visible/considered worldwide (Option 1) by default when you register for a talent pool via data capture form. You can change this setting in your profile to limit visibility/consideration to your own country and will receive further information in an email following your registration. Further information on the visibility options (especially option 1) can be found above.
Withdrawal of consent
You can revoke your consent to participate in the talent pools via data capture forms at any time with effect for the future. To do so, please change your visibility settings directly in your profile in “Data Privacy Settings and Search Options”. The legality of the processing that has already taken place up until the receipt of your withdrawal is not affected by this. For more information on the different visibility options and their effects, see 2.2.
E-Mail campaigns
In case you have given us your explicit consent for campaign e-mails on your candidate profile, you can be included in mailings in which information on job opportunities, news from Lidl or invitations to events are shared. The legal basis for this is your consent pursuant to Art. 6 (1) sentence 1 lit. a) GDPR.
Withdrawal of consent
If you no longer want to receive these mailings, you can withdraw your consent to them in your candidate profile by unchecking the box in “Data Privacy Settings and Search Options”. The legality of the processing that has already taken place up until the receipt of your withdrawal is not affected by this. Please note that the consent to e-mail campaigns has no impact on the consideration of your profile for other job opportunities/the potential inclusion in a talent pool.
Logfiles and cookies in the recruiting portal
Cookies and Other Technologies
In our recruiting portal, technically necessary cookies and other technically necessary technologies are used to process usage data (for example, to display our website correctly/ functions you require, to save your login in the login area).
You can find an information overview of the cookies and other technologies used here, along with the respective processing purposes, storage periods and any third-party providers involved.
The legal basis for the use of technically necessary cookies is Article 6 (1) (f) GDPR, i.e. we process your data on the basis of our legitimate interest in being able to present the website with its statements in a fully functional manner.
Log files
Log files are stored for the following purposes:
Ensuring a smooth connection,
Ensuring comfortable use of our website/ application,
Evaluation of system security and stability.
The legal basis for processing the log files is Article 6 (1) (f) GDPR. Our legitimate interest lies in the purposes of data processing listed above.
The transfer of your data to external service providers who support our application process in individual cases will only take place after careful selection and contractual obligation. External IT and consulting service providers as well as companies of the Schwarz Group support us in the provision of the system and may receive access to your data in individual cases as part of the service provision. These are the following service providers:
Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany
Mmmake GmbH, Großgartacher Str. 61, 74080 Heilbronn, Germany
Data retention - How long do we store your personal data?
You can delete your candidate profile and the saved attachments at any time in the profile settings. Deletion is carried out by anonymizing your data, meaning that a connection to your person is no longer possible. You are the owner of your data.
In the event of inactivity, your account will be deleted 12 months after the last login. If you forgo creating an account with a personal password upon applying, the date of your application will be set as the date of the last login. 7 days prior to deletion, you will receive a notification that the deletion of your data is imminent. This approach with corresponding deadlines also applies if you are a member of a talent pool.
If you initiate the deletion yourself, the deletion will take place within 24 hours, provided that this does not conflict with retention requirements or our legitimate interests.
The respective retention obligations vary among the different Lidl national companies and are listed in this Privacy Policy. They commence at the end of the application procedure, i.e., after the receipt of a rejection or the withdrawal of an application.
The candidate profile in the recruiting portal of the Lidl Group should, however, only be deleted if you have no other ongoing application procedures in other Lidl companies. This is because the deletion of the candidate profile leads to the termination of all application procedures within the Lidl corporate group, as your application documents will also be deleted. Should you wish this, we ask you to explicitly inform us.
The deletion of applications depends on the status of the application at the time the candidate profile is deleted/anonymized. Applications that are not yet complete will be deleted overnight. Applications that are already in the status "rejected," "withdrawn," or "hired" are subject to the country-specific retention periods listed in this Privacy Policy and will only be deleted once this period has expired.
If the terms of use are changed, please note that you will be prompted to accept the changed license agreement the next time you log in. If this consent is not given, you will be unable to access your profile and the previous terms of use remain valid. If you reject, your data will be deleted within 24 hours and no longer processed, unless this is contrary to retention requirements or legitimate interests on our end. Existing applications will be treated as withdrawn and will also be deleted according to these deadlines.
The retention period for cookies can be found in our cookie policy. If the information “persistent” is indicated in the “Expiration” column, the cookie is stored permanently until the corresponding consent is revoked. The retention period of the session storage is limited to the respective session and ends when the browser is closed.
Log files are stored for a period of seven days and then automatically deleted.
Are you obliged to provide the data?
There is no legal or contractual obligation on your part to provide us with personal data. However, without the data, we cannot offer you the benefits of our recruiting portal and cannot include you in a talent pool.

9.2 Data processing in the context of an application on the recruitment portal

In the following section, we will explain which data we process from you when you apply for a specific position.

Application to a job posting

In order to apply for a position in the Lidl Group, you must register in the recruiting portal (the page you are directed to after clicking the 'Apply' button). When you register, you create a candidate profile respectively the profile is created in the background to you applying.

After creating your profile, you can upload your application documents and view and change your data, apply for other positions, withdraw individual applications or delete your entire profile, including all current applications. You can delete your profile at any time in the profile settings. Information in your candidate profile including personal data, resume, cover letter and other documents will always be updated based on what you provided for your latest application. This allows you to reuse the personal data, resume, cover letter and other documents from your most recent application and adjust them if needed for your next application.

Please note that we may need additional personal data from you later in the application process in order to complete your application. We will inform you about this in a separate e-mail.

Lidl Stiftung & Co. KG, as the operator of the recruiting portal, processes the data,

which you submit as part of your application,

including any data contained in your attachments (e.g. resume),

on behalf of the Lidl companies advertising the job (e.g. Lidl & Kaufland Asia Pte. Limited), to which you apply, and forwards your data to them if you send your application by clicking on the corresponding button.

The Lidl companies that advertise a position process your data in an application for the purpose of carrying out the application process and for the decision to establish an employment relationship, on the basis of Article 6 (1) sentence 1 lit. b) GDPR to the extent GDPR is applicable, where applicable in conjunction with Article 88 GDPR and the country-specific standards for applicant data protection.

The transfer of your application data to external service providers who support our application process in individual cases will only take place after careful selection and contractual obligation.

External IT and consulting service providers as well as companies of the Schwarz Group support us in the provision of the system and may receive access to your data in individual cases as part of the service provision. These are the following service providers:

Aon Assessment GmbH, Grosser Burstah 18-32, 20457 Hamburg, Deutschland
SAP Deutschland SE & Co. KG, Hasso-Plattner-Ring 7, 69190 Walldorf
Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm
Mmmake GmbH, Großgartacher Str. 61, 74080 Heilbronn

With the help of statistical data (no names and no submitted application documents) from the application processes (e.g. processing times of applications, etc.), the Lidl company advertising the job draws conclusions on the effectiveness of the application process independently of you as data subject and improves the application process on the basis of these findings. With the final feedback on your application, you will receive a link to a voluntary and anonymous candidate survey so that you can share your experience on the recruitment process with us. The legal basis for this data processing is Article 6 (1) sentence 1 lit. f) GDPR to the extent GDPR is applicable. Where applicable under relevant data protection law, the legitimate interest lies in optimizing and simplifying the application process.

In order to conclude employment contracts, we may use the simple electronic signature (Adobe Sign) with the help of the service provider Adobe Software Ireland Limited on the basis of Article 6 (1) sentence 1 lit. f) GDPR to the extent GDPR is applicable. To the extent GDPR is applicable, the legitimate interest consists in an efficient, fast and cost-saving processing of the contract signing.

Application upon recommendation

If your application is recommended within the framework of the "Employees refer employees" program, we process your first and last name, the first and last name of the referring employee and, if applicable, the future personnel number, the position and your start date in order to process the referral bonus for the referring employee. In accordance with Article 6 (1) sentence 1 lit. f GDPR to the extent GDPR is applicable, the basis for this processing is our legitimate interest in fulfilling the contract with the referring employee within the framework of the "Employees refer employees" program. For this purpose, the company that may be hiring you will send information about your status to the company where the referring employee is employed.

Transfer to recipients outside the EU / EEA

If the controller of your personal data is an EU entity and your personal data is transferred to recipients outside the EU/ EEA, the transfer will only take place if an adequate level of data protection in the third country has been confirmed by the EU Commission, an appropriate level of data protection has been agreed with the data recipient (e.g. by means of EU standard contractual clauses) or you have given us your consent.

Application via EasyApply

If you are interested in a job posted on the website, we recommend that you use EasyApply to initially create your profile and to apply in one go. After submitting your application, you will receive an email with further information on how to access your candidate profile in the future.

If you are interested in other positions and an application “with login” is offered on our website, we recommend using it as you will be able to depart from your existing profile information and adjust it if needed for your application. If only EasyApply is offered, seize the opportunity to provide all required/relevant information and documents for that specific position.

Please note that, depending on your visibility settings, recruiters may be aware of your multiple active applications through your candidate profile.

Regardless of how you created your profile you can also change, add or delete information in your user profile at any time, view the status of your application(s), submit additional documents or change your data at a later date.

Submission of applicants via an agency

If an agency submitted your “short application” (first and last name, e-mail address, country/region code, phone number, country/region and CV) for an open position with us, you will be notified about this via e-mail. To the extent GDPR is applicable, the legal basis for the processing of your data is Article 6 (1) sentence 1 lit. b) GDPR, where applicable in conjunction with Article 88 GDPR and the country-specific standards for applicant data protection. If the recruiter in charge of the position wants to proceed with your application, you will be invited to apply and provide additional job-specific information. In case you do not apply within 30 days after the agency has submitted your “short application”, your “short application” will get deleted.

Multiple applications

If you apply for multiple jobs with Lidl companies the recruiters in charge will have access to the following information from your other applications within the limits set by your selected visibility option: date of the application, position title, status of the application, recruiter’s first and last name. The setting that you chose for one application will apply to all applications.

If you select “consideration exclusively for positions for which I am actively applying.” (Option 3) recruiters in charge of other positions, you have applied for will be informed about the fact that your application to their role is not your only application with Lidl, but they will not see any details regarding your other applications.

If you select "consideration for other current and future suitable positions in my country of residence" (Option 2) and you have applied to several jobs within your country of residence, then the information as listed above on these other applications will be available to the recruiters in charge of filling the other positions. They will also have access to the aforementioned information on applications you submitted to Lidl companies outside of your country of residence. However, recruiters in charge of filling positions outside of your country of residence to which you have applied will only see that the application to their role is not your only application with Lidl – they will not see any details regarding other applications.

If you select "consideration for other current and future suitable positions within the international Lidl Group" (Option 1) all recruiters in charge of positions you have applied for will have access to the information as listed above from any of your other applications with any Lidl company.

The legal basis is Article 6 (1) sentence 1 lit. f) GDPR. The legitimate interest lies in adapting the (pre-)selection process and saving you from having to answer the same questions multiple times.

Data retention - How long do we store the personal data of your application?

You can withdraw your application to us at any time. You decide how your data is used.

In the event of rejection or recruitment, the data processed as part of the application process will be deleted after the end of the application process in accordance with the country-specific deadline of the Lidl company to which you have applied. The anonymization is legally equivalent to the deletion.

The period commences after the completion of the application procedure in each case, i.e., after the receipt of a rejection or the withdrawal of an application.

Here you will find an overview of our country-specific deletion periods:

Country	Company	Application status Canceled / withdrawn / contracted
Austria	Lidl Österreich GmbH	7 Months
Belgium	Lidl Belgium GmbH & Co. KG	13 Months
Bosnia and Herzegovina	LIDL BH d.o.o.	12 Months
Bulgaria	Lidl Bulgaria EOOD & Co. KD	6 Months
Croatia	LIDL HRVATSKA d.o.o. k.d.	12 Months
Cyprus	Lidl Cyprus	3 Months
Czech Republic	Lidl Czech Republic s.r.o. Lidl International Holding s.r.o. Lidl E-commerce Logistics s.r.o.	6 Months
Denmark	Lidl Danmark K/S	3 Months
Estonia	Lidl Eesti OÜ	12 Months
France	Lidl SNC	6 Months
Finland	Lidl Suomi Kommandiittiyhtiö	18 Months
GB	Lidl Great Britain Limited	6 Months
Germany	All Lidl companies based in Germany & Lidl Dienstleistung GmbH & Co. KG Lidl Stiftung & Co. KG	3 Months
Greece	Lidl Hellas & Sia O.E.	3 Months
Hong Kong	Lidl & Kaufland Asia Pte. Limited Hong Kong Branch	12 Months
Hungary	Lidl Magyarország Bt.	6 Month
Ireland	Lidl Ireland GmbhH	12 Months
Italy	Lidl Italia S.r.l. a socio unico	3 Months
Latvia	Lidl Latvija SIA	4 Months
Lithuania	UAB Lidl Lietuva	3 Months
Luxembourg	Lidl Belgium GmbH & Co. KG	3 Months
Malta	Lidl Malta Limited	3 Months
Netherlands	Lidl Nederland GmbH	1 Month
Northern Ireland	Lidl Northern Ireland Limited	12 Months
North Macedonia	LIDL North Macedonia DOOEL Skopje	12 Months
Poland	Lidl sp. z o.o. sp. k. Delta Marketing Services sp. z o.o. Lidl Online International Logistics sp. z o.o.	12 Months
Portugal	Lidl & Companhia	12 Months
Romania	Lidl Discount SRL	6 Months
Serbia	Lidl Srbija KD	12 Months
Singapore	Lidl & Kaufland Asia Pte. Limited	12 Months
Slovakia	Lidl Slovenská republika s.r.o.	3 Months
Slovenia	Lidl Slovenija d.o.o. k.d.	3 Months
Spain	Lidl Supermercados, SAU	6 Months
Sweden	Lidl Sverige KB	24 Months
Switzerland	Lidl Schweiz DL AG	12 Months
USA	LIDL US, LLC	7 Years

Are you obliged to provide the data for an application?

There is no legal or contractual obligation on your part to provide us with personal data. Without the data, we cannot contact you or carry out an application process. The data is also required if a contract is signed.

9.3 Your rights as a data subject under GDPR
Your rights as a data subject are set out below to the extent GDPR applies to the processing of your data. Please refer to the Privacy Policy of Lidl & Kaufland Asia Pte. Limited above for your rights as a data subject under Personal Data Protection Act in Singapore and the Personal Data (Privacy) Ordinance in Hong Kong, if your data is processed solely by Lidl & Kaufland Asia Pte. Limited.
Overview
In addition to the right to withdraw your consent, you are entitled to the following additional rights if the respective legal requirements are met under the GDPR:
Right to information about your personal data stored by us in accordance with Article 15 GDPR and § 34 BDSG,
Right to correct incorrect or complete incomplete data in accordance with Article 16 GDPR,
Right to deletion of your data stored by us in accordance with Article 17 GDPR and § 35 BDSG,
Right to restrict the processing of your data in accordance with Article 18 GDPR,
Right to data portability under Article 20 GDPR,
Right of objection under Article 21 GDPR.
Right to information under Article 15 GDPR
In accordance with Article 15 (1) GDPR, you have the right to request information about your personal data stored by us free of charge. This includes in particular:
the purposes for which your personal data is processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom your personal data has been or will be disclosed;
the planned storage duration of your personal data or, if specific information is not possible, criteria for determining the storage period;
the existence of a right to rectify or delete your personal data, a right to restrict the processing by the responsible person or a right to object to this processing;
the existence of a right to lodge a complaint with a supervisory authority;
all available information about the origin of the data if the personal data is not collected from the data subject;
The existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
If personal data is transferred to a third country or to an international organization, you have the right to be informed about the appropriate guarantees under Article 46 GDPR in connection with the transfer.
Right to rectification under Article 16 GDPR
In the event of incorrect data, you have the right to request that we correct your personal data immediately. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of an additional explanation.
Right to deletion according to Article 17 GDPR
You have the right to request that we delete your personal data immediately if one of the following reasons applies:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
You withdraw your consent on which the processing was based in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing;
You object to the processing under Article 21 (1) or (2) GDPR and in the case of Article 21 (1) GDPR, there are no overriding legitimate grounds for processing;
the personal data was processed unlawfully;
The deletion of the personal data is necessary to fulfill a legal obligation;
The personal data was collected in relation to the services offered by the information company in accordance with Article 8 (1) GDPR.
If we have made the personal data public and are obliged to delete it, we will take appropriate measures, taking into account the available technology and implementation costs, to inform the third parties processing your data that you wish for them to also delete all links to or copies of your personal data.
Right to restriction of processing according to Article 18 GDPR
You have the right to request that we limit processing if one of the following conditions is met:
you dispute the accuracy of the personal data;
The processing is unlawful and you request limited use of the personal data instead of the deletion;
the responsible person no longer needs the personal data for processing purposes, but you need them to assert, exercise or defend legal claims or
you have objected to the processing in accordance with Article 21 (1) GDPR, as long as it has not yet been determined whether the legitimate reasons of the person responsible outweigh those of the data subject.
Right to data portability under Article 20 GDPR
You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another responsible person without any hindrance from us, if
the processing is based on consent in accordance with Article 6 (1) (a) or Article 9 (2) (a) or on a contract in accordance with Article 6 (1) (b) GDPR and
The processing is carried out using automated procedures.
When exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another person responsible, insofar as this is technically feasible.
Right to object under Article 21 GDPR
Under the conditions of Article 21 (1) GDPR, you can object to data processing for reasons arising from your particular situation.
The above general right of objection applies to all processing described in these data protection provisions, which are carried out on the basis of Article 6 (1) (f) GDPR. In contrast to the special right to object to data processing for advertising purposes, we are only obliged to implement such a general objection under the GDPR if you give us reasons of overriding importance, e.g. a possible danger to life or health.
Right of appeal to the data protection supervisory authority according to Article 77 GDPR
You also have the right to lodge a complaint with the responsible data protection supervisory authority. You can contact the data protection supervisory authority in the country in which you are resident or the authority of the country in which the responsible Lidl company is located.
9.4 Responsible bodies and contact details (Recruitment Portal)

Below you will find the information on the respective party responsible for data protection specifically concerning the recruitment portal.
Recruiting portal
Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm is responsible for the data processing on the recruiting portal including the candidate profile. The respective Lidl national company, which claims to be the author of the e-mail, is responsible for e-mail campaigns.
All Lidl companies that use Talent pools are jointly responsible for the processing of the candidate data entered into the system via the data capture form. A list of all participating companies including links to their websites with contact details can be found on https://careers.lidl/overview-companies.
A shared responsibility means that all companies involved have jointly defined the purposes and means of data processing. The participating companies are part of a group of companies, so that candidate profiles can be relevant not only for one company, but for all. Therefore, all participating companies have access to profiles. The companies conclude an agreement to define the responsibilities and rights under the GDPR. The Lidl Stiftung & Co. KG primarily serves as a point of contact for information obligations and for the exercise of data subject rights. Please contact them if you would like more information on joint responsibility, such as who has assumed which obligation under the GDPR.

Application process
If you apply for one or more positions at Lidl, the respective company to which you have applied is responsible for the processing of your application data under the applicable data protection law. If you apply to or indicate interest in only jobs with Lidl & Kaufland Asia Pte. Limited, not other Lidl countries, the following entity is responsible for the processing:
Lidl & Kaufland Asia Pte. Limited, 30 Pasir Panjang Road, #12-31/32 Mapletree Business City, Singapore 117440, recruitment@lidl.sg.

10. Contact person for exercising your rights as a data subject

10.1 Contact person for questions or to exercise your rights as data subject:
If you have any questions about the recruiting portal and the exercise of your rights when processing your profile data (data subject rights), please contact:
Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm, talent_sourcing@lidl.com
To exercise your rights when processing your specific application data (data subject rights), you can contact the following persons
Lidl & Kaufland Asia Pte. Limited, 30 Pasir Panjang Road, #12-31/32 Mapletree Business City, Singapore 117440, recruitment@lidl.sg
10.2 Contact person (General Privacy Policy)
If you have any questions about this Privacy Policy or to exercise your rights when processing your personal data, as well as further questions about the processing of your personal data, you can contact the following:
for any questions about this Privacy Policy to exercise your rights in the processing of your data as a data subject, please contact Data Protection Officer (DPO), email address: data.protection@lidl.sg, phone number: +65 6839 1691.
for any questions about your job application, the application process and the exercise of your rights in the processing of your application data as a data subject, please contact: Lidl & Kaufland Asia Pte. Limited, 30 Pasir Panjang Road, #12-31/32 Mapletree Business City, Singapore 117440, email address: recruitment@lidl.sg

11. Changes to our Privacy Policy

We may update this Privacy Policy from time to time without prior notification to you or your prior consent. You may determine if any such revision has taken place by referring to the date on which this Privacy Policy was last updated. Your continued use of our services constitutes your acknowledgement and acceptance of such changes. Where required by applicable laws, we will notify you of any material changes — for example, by email or through a notice on our website.

Data Protection & Privacy Statement

Data Protection at Lidl & Kaufland Asia Pte. Limited

Privacy Policy Statement

Scope of Privacy Policy

1. Collection of personal data

1.1 Information you provide to us

1.2 Information we collect about you automatically

1.3 Information we receive from other sources

2. Types of personal data we may process

2.1 Contact Information and Identifiers:

2.2 Demographic Information:

2.3 Professional or Employment Related Information

2.4 Internet and Network Activity Information

3. Use of personal data and purpose of processing

4. Disclosure and sharing of personal data

4.1 Share your personal data with the Company's affiliates

4.2 Share with third parties

4.3 Share as required by laws and regulations, government authorities and dispute resolution process

5. Cross-Border Data Transfer

6. Retention of personal data

7. Your rights as a data subject in relation to this Privacy Policy

8. Personal data collected when accessing our website at www.lidl.asia

8.1 Overview

8.2 Accessing our website

8.3 Use of cookies and similar techniques to process usage data

8.4 Embedded content

9. Data Processing for Job Applicants via our Recruitment Portal

9.1 Recruiting portal and creation of a candidate profile

9.2 Data processing in the context of an application on the recruitment portal

9.3 Your rights as a data subject under GDPR

9.4 Responsible bodies and contact details (Recruitment Portal)

10. Contact person for exercising your rights as a data subject

10.1 Contact person for questions or to exercise your rights as data subject:

10.2 Contact person (General Privacy Policy)

11. Changes to our Privacy Policy