Thank you for visiting www.transportinformation.eu. The following privacy notice will inform you about the nature and the scope of the processing of your personal data is when you visit our website. Personal data relates to information that is or can be directly attributed to your person. The EU General Data Protection Regulation (GDPR) serves as the legal foundation for data protection.

1. Accessing our website
   Purposes of the processing/legal bases
   When accessing our website, the browser used on your end device will – automatically and without any action on your part – send
   • the IP address of the accessing Internet-enabled device;
   • the date and time of access; to our website server and be stored temporarily in what is known as a log file for the following purposes:
     • to ensure a fault-free connection;
     • to ensure the comfortable use of our website/application; and
     • to analyze system security and stability.

   The legal basis for the processing of the IP address is Article 6(1)(f) GDPR. The purposes of data processing listed above constitute our legitimate interest.

   Recipients/categories of recipient

   In connection with the aforementioned processing, your data will also be processed on our behalf by processors providing IT hosting services and in order to operate and enhance the website. Such processors are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR.

   Storage time/criteria for determining storage time:

   Data will be stored for a period of 30 days and automatically deleted thereafter.

2. Cookies
   Purposes of the processing/legal bases:

   We, Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, are the controller with respect to data processing in connection with the use of cookies and other similar technologies to process usage data on www.transportinformation.eu.

   Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any harm to your end device, nor do they contain any viruses, trojans or other malware. The cookie stores certain information that result in connection with the specific end device being used. This does not, however, mean that we will immediately become aware of your identity.

   Cookies and the other technologies used to process usage data are deployed for the following purposes, depending on the categories of cookie/other technologies:

   • Technically necessary: these are cookies and similar technologies without which you cannot use our services (e.g., for the correct display of our website/functions requested by you).

   For an overview of the cookies and other technologies we use, including the respective purposes of processing, storage periods and any third party providers involved, see our cookie notice below.

   Depending on the purpose, the use of cookies and similar technologies to process usage data can involve processing the following types of personal data:

   Technically necessary:
   • user inputs, in order to remember inputs across multiple sub-pages;
   • security-related events (e.g., identifying repeat failed sign-in attempts).

   The legal basis for using technically necessary cookies is Article 6(1)(b) GDPR, i.e., we process your data in order to provide our services as part of initiating and performing the contract.

   Recipients/categories of recipient:

   In connection with the aforementioned processing, your data will also be processed on our behalf by processors in order to operate and enhance the website. Such processors are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR.

   Storage time/criteria for determining storage time:

   For information on the duration of storage for cookies, see our cookie notice below.

3. Your rights as the data subject
   Overview
   In addition to the right to withdraw any consent you have granted to us, you have the following rights provided the respective statutory conditions are met:
   • right of access to your personal data stored with us pursuant to Article 15 GDPR;
   • right to rectification of inaccurate personal data and the right to have incomplete personal data completed pursuant to Article 16 GDPR;
   • right to erasure of your personal data stored with us pursuant to Article 17 GDPR;
   • right to restriction of processing of your data pursuant to Article 18 GDPR;
   • right to data portability pursuant to Article 20 GDPR;
   • right to object pursuant to Article 21 GDPR.
   Right of access pursuant to Article 15 GDPR

   Pursuant to Article 15(1) of the GDPR, you have the right to request information, free of charge, on the personal data stored about you. This includes in particular:

   • the purposes for which personal data is being processed;
   • the categories of personal data that are being processed;
   • the recipients or categories of recipient to whom personal data concerning you has been or will be disclosed;
   • the planned duration of the storage of the personal data concerning you or, if it is not possible to give any specific details, the criteria used to determine the storage duration;
   • the existence of a right to rectification or erasure of the personal data concerning you, a right to request from the controller that processing be restricted or a right to object to this processing;
   • the right to lodge a complaint with a supervisory authority;
   • all available information regarding the origin of the data if the personal data is not being collected from the data subject;
   • the existence of any automated decision-making processes including profiling pursuant to Article 22(1) and (4) GDPR and – at least in these cases – meaningful information regarding the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

   If personal data is transferred to a third country or an international organization, you have the right to be notified about appropriate safeguards pursuant Article 46 GDPR in connection with the transfer.

   Right to rectification pursuant to Article 16 GDPR

   You have the right to request the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

   • Right to erasure pursuant to Article 17 GDPR
   • You have the right to require us to erase any personal data concerning you without undue delay where one of the following grounds applies:
   • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
   • you withdraw your consent on which the processing pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR was based and there is no other legal basis for the processing;
   • you object to the processing pursuant to Article 21(1) or (2) GDPR, and in the case of Article 21(1) GDPR there are no overriding legitimate grounds for the processing;
   • the personal data was unlawfully processed;
   • the erasure of personal data is necessary in order to comply with a legal obligation;
   • the personal data was collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

   Where we have made the personal data public and are obliged to erase it, taking account available technology and the cost of implementation we will take reasonable steps to inform any third parties processing your data of the fact that you have requested the erasure by such third parties of any links to, or copies or replications of, such personal data.

   Right to restriction of processing pursuant to Article 18 GDPR

   You have the right to require us to restrict the processing where one of the following applies:

   • you contest the accuracy of the personal data;
   • the processing is unlawful, and you request the restriction of the use of the personal data rather than its erasure;
   • the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims; or
   • you have objected to the processing pursuant to Article 21(1) GDPR pending verification of whether the legitimate grounds of the controller override those of the data subject.
   Right to data portability pursuant to Article 20 GDPR
   You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller without hindrance by us, where
   • the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b) GDPR and
   • the processing is carried out by automated means.

   In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to another controller if technically feasible.

   Right to object pursuant to Article 21 GDPR

   Provided the requirements of Article 21(1) GDPR are met, you may object to the data processing on grounds relating to your particular situation.
   The aforementioned general right to object applies to all processing grounds set out in this privacy policy, which are processed on the basis of Article 6(1)(f) GDPR. In contrast to the specific right to object regarding data processing for promotional purposes, we are only obliged to action such general right to object if you cite grounds of overriding importance, e.g., a possible risk to life or health. In addition, you have the option to contact the supervisory authority responsible for Lidl Stiftung & Co. KG or the data protection officer of Lidl Stiftung & Co. KG (cf. section 4).

   Right to lodge a complaint with the data protection supervisory authority pursuant to Article 77 GDPR

   You also have a right to lodge a complaint with the competent data protection supervisory authority at any time. In order to do this, you can contact the data protection supervisory authority of the state where you have your place of residence or the authority of the state where the controller is domiciled.

4. Name and contact details of the controller and contact details of the company's data protection officer

   This privacy policy applies to the processing of data by Lidl Stiftung & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany ("Controller") and for the website www.transportinformation.eu. You can contact the Controller at transportinformation@lidl.com. For questions about data protection with respect to the operation of the website www.transportinformation.eu or the exercise of your rights, contact the company data protection officer of Lidl Stiftung & Co. KG at the aforementioned postal address to the attention of the data protection officer.

   Cookie Policy
   Technically necessary (6)