Your company account is blocked and you cannot place orders. If you have questions, please contact your company administrator.

MyLindt Rewards: Privacy Notice

This Privacy Notice was last updated 15 February 2023.

1. Introduction/Controller

This privacy notice applies with regard to the processing of personal data by Lindt & Sprüngli (UK) Ltd, 4 New Square, Feltham, Middlesex, TW14 8HA, telephone: 020 8602 4100, email address: ("Lindt", "we", "our", "us") in connection with the provision of the MyLindt Rewards ("Loyalty Programme").

2. Data protection officer

Our data protection officer can be contacted as follows:

3.Categories of personal data and sources

3.1 Data provided mandatorily

The following data regarding your membership in the Loyalty Programme and use of your customer account ("Customer Account") is mandatorily collected when you register for the Loyalty Programme ("Registration Data") online on [] ("Website") or in person in a Lindt Chocolate Shop and when you use your Loyalty Programme Account after registration:

• Title
• First name
• Last name
• Date of birth
• E-mail address
• Password
• Unique loyalty number and barcode of your MyLindt member card ("Member Card") Information relating to vouchers and benefits (e.g. issuance of vouchers, your spend for the respective calendar year, redemption of vouchers).

3.2 Data provided voluntarily

The provision of the following personal data is voluntary (however, if you do not provide the personal data it may be impossible to provide Lindt offers and invitations that are shared via postal mailings, or any other related Customer Account benefits):

• Postal address including phone number.

3.3 Personal data collected in connection with the use of analytics

The following data, in particular regarding the interactions with Lindt and the Loyalty Programme is (automatically) collected, in particular, when you use your Customer Account online on our Website or in person in a Lindt Chocolate Shop:
• demographic data (e.g., age, gender),
• geographic data (e.g., countries, cities, zip codes),
• psychographic data (e.g., values, lifestyles, personality)
Data how you use Lindt services: This includes, for example, data relating to transaction history, spend and preferences including voucher issuance and redemption, or preferences with regard to Lindt products and purchase channels. This includes in particular how and how often these services are used (e.g., purchases made in Lindt Chocolate Shop or use of Loyalty Programme benefits like vouchers), your location data including IP address and favoured shop location. Also survey feedback on your Loyalty Programme experience, including collection of your name, email address and feedback provided may be collected.
Data regarding the use of digital media of Lindt: This includes, for example, how websites, apps, emails (activity including click rates, conversion rates) and ads of Lindt (including ads on third party websites/in third party apps) are used, among others which pages you visit, which information you see and on which ads you click. Also included are e.g. data on the use of the emails on products and services sent to you on the basis of data protection consent.

4. Processing purposes, legal basis and recipients and categories of recipients

Below you can find a description of the purposes for which we process personal data, including the recipients or categories of recipients to whom we transfer personal data for the purposes mentioned in each case and the relevant legal basis.

Any access to personal data is restricted to those persons who need to know the respective personal data in order to perform their professional duties ("need-to-know principle").

We may transfer your personal data for the respective purposes to the following recipients and categories of recipients:

Private third parties – Affiliated or unaffiliated private bodies other than us.
Data processors – Certain third parties, whether affiliated or unaffiliated, may receive your personal data to process such data on behalf of us under appropriate instructions as necessary for the respective processing purposes, including IT and other administrative services (e.g., billing services, hosting and/or maintenance of IT systems). The data processors will be subject to contractual obligations to implement appropriate technical and organisational security measures to safeguard the personal data, and to process the personal data only as instructed.
Governmental authorities, courts, external advisors, and similar third parties that are public bodies as required or permitted by applicable law.

4.1 We process your personal data in order to fulfil our contract with you or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1) lit. b UK GDPR), including for the following purposes:

• Registration for the Loyalty Programme (online on our Website,, or in person in a Lindt Chocolate Shop) and creation of a Customer Account.
• Provision of the Loyalty Programme to you and facilitation of your membership.
• Processing of data relating to you or your organisation for the purpose of entering into a contract with you.
• Performance of a contractual relationship with you (including fulfilling the contractual obligations, provide our services, invoice processing, communication, customer support, enforcement of any contractual terms).

4.2 We process your personal data based on your consent (Art. 6 (1) lit. a UK GDPR) for the following purposes:

• (Tailored) marketing communication over digital channels such as (electronic) mail (newsletter) and social media, unless these communications are legally permitted without consent, for example where we have collected your contact details during the sale or negotiation for sale of a product or service and we are sending marketing communications to you via email regarding similar products or services. • Measurement and improving the performance of the Website as well as personalisation, measurement, improvement of our and third party advertisements and analytics (also see Section 3.3 "Personal data collected in connection with the use of analytics" and our Cookie Notice (
• Analytical methods including profiling may be used to measure and evaluate your interests. This is done for the purpose of further individualizing the contact with you and to be able to offer you individualized products, Website content, services or advice that correspond as closely as possible to your interests (e.g. direct marketing regarding products relevant for you, individual in-store consulting).
• By processing the data regarding the use of Lindt services (see under 3.3) you can be informed of suitable products and campaigns or be shown available offers in your vicinity (e.g., when being close to a Lindt Chocolate Shop).
• For the processing of data regarding the use of digital media of Lindt (see above under 3.3) so-called analytics tools are used. From the time you consent, such analytics data will no longer be collected under a pseudonym, provided this is possible, but will be linked to your Customer Account if you have one. This also applies to any existing analytics data. By this you can, for example, be provided with suitable offers when shopping in Lindt retails stores or on our Website. On the basis of data regarding the use of digital media of Lindt, it is e.g. analysed how you use emails from Lindt on products and services, i.e. how often you open such emails and which links you click in the emails so you can be provided with appropriate information, e.g., individualized Website content or when visiting a Lindt Chocolate Shop or using our Website.

4.3 We process your personal data in order to comply with legal obligations (Art. 6 (1) lit. c UK GDPR) to which we are subject, including for the following purposes:

• Maintain information security
• Participation in investigations and proceedings (including judicial proceedings) conducted by public authorities or governmental authorities, in particular, for the purpose of detecting, investigating and prosecuting illegal acts.
• Complying with legal retention obligations (see Section 5 "Storage duration and deletion" below).

4.4 We process personal data to the extent necessary for the purposes of the legitimate interests pursued by us or by a third party (Art. 6 (1) lit. f UK GDPR), including for the following purposes:

• Provision of the Loyalty Programme to the extent it is not already necessary perform a contract with you or in order to take steps prior to entering into a contract (e.g., respond to general requests).
• Facilitation of the communication with our customer service in case of questions, returns or complaints.
• Participation in proceedings (including judicial proceedings) conducted by courts, law enforcement agencies, government agencies or public authorities, intergovernmental or supranational bodies, in particular for the purpose of detecting, investigating and prosecuting illegal acts, unless there is a statutory obligation.
• Prevention, detection, investigation, mitigation and remediation of fraud, security breaches and other prohibited or unlawful activities, including the assessment of corresponding risks (including through the use of captchas).
• Registration data is transferred to the legal entity indicated in the course of the registration to enable it to manage access rights to accounts registered under its name and to prevent fraud, misuse and related consequences.
• To send you marketing communications by (electronic) mail (newsletter) or telephone where permitted under applicable law without your prior consent.
To obtain further information regarding the balancing of interest test carried out for the above purposes please contact us using the contact details provided under Section 2 above.

5. Storage duration and deletion

We store personal data as long as it is necessary to fulfil the respective purposes. When we no longer need personal data to comply with contractual or legal obligations, it is deleted from our systems or anonymized. Something else only applies if we have to fulfil legal or official obligations, e.g., statutory retention obligations.

6. Cross-border data transfer

Some of the recipients of your personal data will be located or may have relevant operations outside of your country, the United Kingdom and European Union/European Economic Area, such as in the USA, where the data protection laws may provide a different level of protection compared to the laws in your jurisdiction and with regard to which an adequacy decision under UK data protection laws does not exist. The countries which provide an adequate level of data protection from a UK data protection law perspective currently include the European Union/European Economic Area, Andorra, Argentina, Canada, Faeroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, and the Eastern Republic of Uruguay. With regard to data transfers to such recipients outside of the United Kingdom, European Union/European Economic Area we provide appropriate safeguards, in particular, by way of entering into data transfer agreements including the UK Addendum approved by the Information Commissioner’s Office to the standard contractual clauses adopted by the European Commission (e.g. Standard Contractual Clauses (2021/914/EU)) with the recipients or taking other measures to provide an adequate level of data protection, where this is required under applicable law. We will provide you with a copy of the respective measure we have taken upon request.

7. Automated decision-making

We do not engage in automated decision-making in the context of its processing activities for the provision of the Loyalty Programme.

8. Rights of the data subject

Under applicable data protection law you have the right, in addition to the right to withdraw your consent at any time (the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal) to lodge a complaint with a data protection supervisory authority. In addition, you may be entitled to the following rights (though these rights may be restricted by national law). To exercise your rights, please contact us using the contact details provided under Section 2 above.

8.1 Right of access: You may have the right to obtain from us confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to request access to the personal data. The right of access includes, among other things, the purposes of the processing, the categories of the personal data to be processed, and the recipients or categories of recipient to whom the personal data will be disclosed. However, this right is not unrestricted as the rights of other persons may limit your right of access.

In certain circumstances you have the right to receive a copy of the personal data processed by us. For further copies requested by you, we charge a reasonable fee, where relevant calculated on the basis of administrative costs.

8.2 Right to rectification: You have the right, where relevant, to request the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including through the provision of a supplementary statement.

8.3 Right to erasure (right to be forgotten): Subject to certain preconditions, you have the right to request us to erase personal data concerning you and we may be obliged to erase such personal data.

8.4 Right to restriction of processing: Subject to certain preconditions, you have the right to request that we restrict the processing of your personal data. In that case, the data concerned will be marked and only processed by us for certain purposes.

8.5 Right to data portability: Subject to certain preconditions, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit that data to a different controller without hindrance from us.

8.6 Right to object: Subject to certain preconditions, you have the right to object at any time to the processing of your personal data by us on grounds arising from your particular situation, and we can be required not to process your personal data any longer.

If personal data is processed for direct marketing purposes, you have an additional right to object at any time to the processing of personal data in relation to you for the purpose of such marketing. This also applies to profiling where this is connected to direct marketing. In that case, the personal data will no longer be processed by us for these purposes.