MyLindt Rewards: Privacy Notice
This Privacy Notice was last updated May 28, 2024. |
1. |
Introduction/Controller This privacy notice applies with regard to the processing of personal data by Lindt & Sprungli (Canada) Inc. 900-181 University Ave, Toronto, ON, M5H 3M7, 415-351-8566, ("Lindt", "we", "our", "us") in connection with the provision of the MyLindt Rewards ("Loyalty Program") [https://www.lindt.ca/en/help/terms-and-conditions-mylindt]. |
2. |
Data protection officer Our data protection officer can be contacted as follows: [privacy.cad@lindt.com]. |
3. |
Categories of personal data and sources |
3.1 |
Data provided mandatorily The following data regarding your membership in the Loyalty Program and use of your customer account ("Customer Account") is mandatorily collected when you register for the Loyalty Program ("Registration Data") online on www.lindt.ca ("Website") or in person in a Lindt retail store and when you use your Loyalty Program Account after registration: · Salutation · First name · Last name · E-mail address · Password · Unique loyalty number and barcode of your MyLindt member card ("Member Card") · Information relating to coupons and benefits (e.g. issuance of coupons, your spend for the respective calendar year, redemption of coupons). |
3.2 |
Data provided voluntarily · Date of birth (day, month, year) · Postal address · Phone number |
3.3 |
Personal data collected in connection with the use of analytics The following data, in particular regarding the interactions with Lindt and the Loyalty Program is (automatically) collected, in particular, when you use your Customer Account online on our Website or in person in a Lindt retail store: · demographic data (e.g., age, gender), · geographic data (e.g., countries, cities, zip codes), · psychographic data (e.g., values, lifestyles, personality) · Data regarding how you use Lindt services: This includes, for example, data relating to transaction history, spend and preferences including coupon issuance and redemption, or preferences with regard to Lindt products and purchase channels. This includes in particular how and how often these services are used (e.g., purchases made in Lindt retail stores or use of loyalty program benefits like coupons), your location data including IP address and favoured shop location. Also survey feedback on your Loyalty Program experience, including collection of your name, email address and feedback provided. · Data regarding the use of digital media of Lindt: This includes, for example, how websites, apps, emails (activity including click rates, conversion rates) and ads of Lindt (including ads on third party websites/in third party apps) are used, among others which pages you visit, which information you see and on which ads you click. Also included are e.g. data on the use of the emails on products and services sent to you on the basis of data protection consent.
|
4. |
Processing purposes, legal basis and recipients and categories of recipients |
|
Below you can find a description of the purposes for which we process personal data, including the recipients or categories of recipients to whom we transfer personal data for the purposes mentioned in each case and the relevant legal basis. Any access to personal data is restricted to those persons who need to know the respective personal data in order to perform their professional duties ("need-to-know principle"). We may transfer your personal data for the respective purposes to the following recipients and categories of recipients: · Private third parties – Affiliated or unaffiliated private bodies other than us. · Data processors – Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data on behalf of us under appropriate instructions as necessary for the respective processing purposes, including IT and other administrative services (e.g., billing services, hosting and/or maintenance of IT systems). The data processors will be subject to contractual obligations to implement appropriate technical, physical, and organisational security measures to safeguard the personal data, and to process the personal data only as instructed. · Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law. |
4.1 |
We process your personal data in order to fulfil our contract with you or in order to take steps at the request of the data subject prior to entering into a contract, including for the following purposes: · Registration for the Loyalty Program (online on our Website www.lindt.ca or in person in a Lindt retail store) and creation of a Customer Account. · Provision of the Loyalty Program to you and facilitation of your membership. · Processing of data relating to you or your organisation for the purpose of entering into a contract with you. · Performance of a contractual relationship with you (including fulfilling the contractual obligations, provide our services, invoice processing, communication, customer support, enforcement of any contractual terms). |
4.2 |
We process your personal data based on your consent for the following purposes: · (Tailored) marketing communication by (electronic) mail (newsletter) or telephone, unless these communications are legally permitted without consent. · Measurement and improving the performance of the Website as well as personalisation, measurement, improvement of our and third party advertisements and analytics (also see Section 3.3 "Personal data collected in connection with the use of analytics" and our Cookie Notice (https://www.lindt.ca/en/cookie-notice). · Analytical methods including profiling may be used to measure and evaluate your interests. This is done for the purpose of further individualizing the contact with you and to be able to offer you individualized products, Website content, services or advice that correspond as closely as possible to your interests (e.g. direct marketing regarding products relevant for you, individual in-store consulting). · By processing the data regarding the use of Lindt services (see under 3.3) you can be informed of suitable products and campaigns or be shown available offers in your vicinity (e.g., when being close to a Lindt retail store). · For the processing of data regarding the use of digital media of Lindt (see above under 3.3) so-called analytics tools are used. From the time you consent, such analytics data will no longer be collected under a pseudonym, provided this is possible, but will be linked to your Customer Account if you have one. This also applies to any existing analytics data. By this you can, for example, be provided with suitable offers when shopping in Lindt retails stores or on our Website. On the basis of data regarding the use of digital media of Lindt, it is e.g. analysed how you use emails from Lindt on products and services, i.e. how often you open such emails and which links you click in the emails so you can be provided with appropriate information, e.g., individualized Website content or when visiting a Lindt retail store. |
4.3 |
We process your personal data in order to comply with legal obligations to which we are subject, including for the following purposes: · Maintain information security · Participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities, in particular, for the purpose of detecting, investigating and prosecuting illegal acts. · Complying with legal retention obligations (see Section 5 "Storage duration and deletion" below). |
4.4 |
We process personal data to the extent necessary for the purposes of the legitimate interests pursued by us or by a third party, including for the following purposes: · Provision of the Loyalty Program to the extent it is not already necessary to perform a contract with you or in order to take steps prior to entering into a contract (e.g., respond to general requests). · Facilitation of the communication with our customer service in case of questions, returns or complaints. · Participation in proceedings (including judicial proceedings) conducted by courts, law enforcement agencies, government agencies or public authorities, intergovernmental or supranational bodies, in particular for the purpose of detecting, investigating and prosecuting illegal acts, unless there is a statutory obligation. · Prevention, detection, investigation, mitigation and remediation of fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks (including through the use of captchas). · Registration data is processed to manage access rights to Customer Accounts and to prevent fraud, misuse and related consequences. |
5. |
Storage duration and deletion We store personal data as long as it is necessary to fulfil the respective purposes. When we no longer need personal data to comply with contractual or legal obligations, it is deleted from our systems or anonymized. Something else only applies if we have to fulfil legal or official obligations, e.g., statutory retention obligations. |
6. |
Cross-border data transfer Some of the recipients of your personal data will be located or may have relevant operations outside of your province of residence or Canada, such as in the USA or the EU, where the data protection laws may provide a different level of protection compared to the laws in your jurisdiction. With regard to data transfers to such recipients outside of Canada we provide appropriate safeguards, in particular, by way of entering into data transfer agreements with the recipients or taking other measures to provide an adequate level of data protection, where this is required under applicable law. We will provide you with a copy of the respective measure we have taken upon request. |
7. |
Automated decision-making We do not engage in automated decision-making in the context of its processing activities for the provision of the Loyalty Program. |
8. |
Rights of the data subject Under applicable data protection law you have the right, in addition to the right to withdraw your consent at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal) to lodge a complaint with a data protection supervisory authority. In addition, you may be entitled to the following rights (though these rights may be restricted by provincial or national law). To exercise your rights, please contact us using the contact details provided under Section 2 above. |
8.1 |
Right of access: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. The right of access includes, among other things, the purposes of the processing, the categories of the personal data to be processed, and the recipients or categories of recipient to whom the personal data will be disclosed. However, this right is not unrestricted as the rights of other persons may limit your right of access. In certain circumstances you have the right to receive a copy of the personal data processed by us. For further copies requested by you, we charge a reasonable fee, where relevant calculated on the basis of administrative costs. |
8.2 |
Right to rectification: You have the right, where relevant, to request the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including through the provision of a supplementary statement. |
8.3 |
Right to erasure (right to be forgotten): Subject to certain preconditions, you have the right to request us to erase personal data concerning you and we may be obliged to erase such personal data. |
8.4 |
Right to restriction of processing: Subject to certain preconditions, you have the right to request that we restrict the processing of your personal data. In that case, the data concerned will be marked and only processed by us for certain purposes. |
8.5 |
Right to data portability: Subject to certain preconditions, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to a different controller without hindrance from us. |
8.6 |
Right to object: Subject to certain preconditions, you have the right to object at any time to the processing of your personal data, including identification or location data or data used for profiling, by us on grounds arising from your particular situation, and we can be required not to process your personal data any longer. Objecting to the processing of certain categories of your personal data may be deemed a termination. For further details on termination in connection with the Loyalty Program please refer to our Terms and Conditions [https://www.lindt.ca/en/help/terms-and-conditions-mylindt]. If personal data is processed for direct marketing purposes, you have an additional right to object at any time to the processing of personal data in relation to you for the purpose of such marketing. This also applies to profiling where this is connected to direct marketing. In that case, the personal data will no longer be processed by us for these purposes. |