Data protection – made simple
Thank you for visiting our website.
Protecting your personal data is very important to us. We not only aim to provide you with an interesting and comprehensive selection of online content but are also committed to protecting your personal rights at the same time. The EU General Data Protection Regulation (GDPR) and the Telemedia Act (TMA) provide the legal basis for the processing.
The following data protection notice provides an initial insight into how we process your data and is followed by more detailed information structured around topics.
What data do we collect?
- In order to properly display our website, we collect access and device data each time our website is accessed/used.
Controller
The Controller according to Art. 4 (7) of the GDPR is
ALDI International Services GmbH & Co. oHG
Unternehmensgruppe ALDI SÜD
Mintarder Str. 36-40
45481 Mülheim an der Ruhr
E-mail datenschutz(at)aldi-sued.de
The data protection officer of the Controller is:
Kay-Torsten Schuy
E-mail datenschutzbeauftragter(at)aldi-sued.de
We would like to explicitly point out that e-mail content is not exclusively read by our data protection officer when using this e-mail address. If you would like to exchange confidential information, please initially request direct contact via this e-mail address.
Purposes and legal basis
We only collect and use personal data of our users if it is necessary to do so for the purpose of providing a functional website as well as our contents and services and for the needs-based design and enhancement of our service package. This also constitutes our legitimate interest in data processing.
If the processing of personal data is necessary for compliance with a legal obligation, to which our company is subject, Art. 6 para 1 lit. c of the GDPR will serve as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, which are not overridden by the interests, fundamental rights and freedoms of the data subject, Art. 6 para. 1 lit. f of the GDPR will serve as the legal basis for the processing.
If the TMA is applicable for the collection and use of personal data necessary for providing our service package, the processing of personal data will be based on Sections 12 and 15 of the TMA.
Recipient
ALDI SOUTH commissions service providers who help us provide the technical infrastructure, design our websites and perform our services and may thus have access to your personal data.
In order to process your enquiries or commissioned services, it may become necessary to forward your personal data to contractual partners or suppliers of ALDI SOUTH. More detailed information is provided in the relevant modules.
Storage period
Your personal data will be deleted or blocked if and as soon as the purpose of storage as well as any statutory storage periods no longer apply. Data will also be blocked or deleted if the stipulated storage period expires due to the above-mentioned standards unless it is necessary to save the data for the conclusion or performance of a contract.
Data subject rights
You may assert your right to request access to personal data and rectification or erasure of personal data or restriction of processing concerning your data as well as the right to data portability provided that the prerequisites in accordance with Art. 15 et seq. of the GDPR are met.
If you wish to assert any of these rights, please contact:
If you feel that the processing of your personal data infringes statutory provisions, you have the right to lodge a complaint with the responsible supervisory authority.
Data security
We take technical and organisational measures to protect your personal data from loss, unauthorised access and misuse. Your information is transmitted in encrypted form. This protects communication between you and our web server and helps prevent the data from being misused by third parties. We use TLS (Transport Layer Security) for encryption purposes.
Log files
At least the following data is collected and stored in a log file each time our website is accessed or an attempt is made to access our website:
- IP address
- Name of the retrieved file
- Date and time of retrieval
- Transferred data volume
- Notification as to whether data retrieval was successful
- Notification stating the reason for a failed attempt to retrieve data, if applicable
- Operating system and browser software installed on your computer
The processing is based on Art. 6 para. 1 lit. f of the GDPR and Section 15 para. 1, 3 of the TMA for the purpose of providing the website, guaranteeing system stability, ensuring data and operational security and implementing legal requirements.