Recertification: 02/2019

Lidl Stiftung & Co. KG provides the IT-based service central cash auditing (ZKP) to corporations of the Lidl group. The underlying central cash auditing software is used to detect fraudulent manipulations of cashing procedures by checkout clerks. Point-of-sale data is analysed by the software in order to identify typical fraud scenarios or suspicious performance indicators. If suspicious cases are identified, then competent sales managers at the corporation from which the respective POS data was received are informed thereof. They may then reveal the checkout clerks behind the associated pseudonyms and initiate disciplinary actions. 

When providing the auditing services, Lidl Stiftung processes pseudonymous data of checkout clerks on behalf of the respective corporations of the Lidl group. Lidl Stiftung maintains documentation which provides comprehensive and understandable information about the functionality of central cash auditing and its data protection implications.

 

Product/Version

LIDL Central Cash Auditing (ZKP)

Function as provided in October 2018

Qualification: IT-based service (processor service)

View the ZKP Certificate

Cert. No.

EP-S-DZ2LYR

Version of Certification Criteria

01/2017

Validity

13/02/2019 - 28/02/2021

Initial Certification: 07/2016

Monitoring

10/2019

06/2020

Public report

ZKP Short Public Report_Recertification 2019/01 Image
ZKP Short Public Report_Recertification 2019/01 Image

ZKP Short Public Report_Initial Certification 2016 Image 
ZKP Short Public Report Initial Certification 2016  Image

Manufacturer/Provider

Lidl Stiftung & Co. KG

Stiftsbergstr. 1
74167 Neckarsulm
Germany

Contact: Mr. Masuda

Best

Central cash auditing as it is conducted by Lidl Stiftung lives up to the principle of proportionality. If potential losses do not exceed specific threshold values, the underlying suspicious cases are not indicated by the central cash auditing software. In addition, Lidl provides for an informational separation of powers: Auditors of Lidl Stiftung are only able to access pseudonymous data, but they cannot identify the checkout clerks behind the pseudonyms (unless they spend disproportionate efforts to identify the respective persons).

Lidl Stiftung maintains up-to-date documentation which deals with all data protection aspects of central cash auditing and provides useful appendices such as an information letter that may be used to inform checkout clerks prior to the roll-out of central cash auditing at a corporation of Lidl group.  

Attention

Not applicable.

Summary

The central cash auditing software is used to detect fraudulent manipulations of cashing procedures by checkout clerks. Point-of-sale data is analysed by the software in order to identify typical fraud scenarios and suspicious performance indicators.   

Central cash auditing is performed by Lidl Stiftung. When inspecting POS data, competent auditors of Lidl Stiftung can only access pseudonymous data. If strong suspicious cases are identified, they are communicated to the respective corporation of the Lidl group. Subsequently, competent sales managers of this corporation conduct further checks which may confirm or refute a suspicion. These sales managers alone are capable of correlating a pseudonym with the checkout clerk behind it.

Central cash auditing is not used for the purpose of performance monitoring or in order to identify need for training of checkout clerks.

Details

Recertification 01/2019:

The recertification took place on the basis of v201701 of the EuroPriSe criteria catalog for IT products and IT-based services. The ToE changed slightly (in comparison with the previous recertification). For details, please cf. the short public report.   

Initial Certification 07/2016:

The target of evaluation (ToE) of this certification is not limited to the central cash auditing software, but it does also cover the following processes which are related to the use of the software:

  • Preparation of POS data for evaluation (which includes the transmission of POS data from stores to Lidl Stiftung),
  • all processing operations that are related to the central cash auditing as such,
  • retransmission of POS data to the respective corporation.  

The following components do not form part of the ToE:

  • Programming of the central cash auditing software, because the programming is performed by a service provider on behalf of Lidl,
  • the management information system which supplies the POS data to be analysed by the central cash auditing software.  

Technical and Legal Evaluator (since 07/2018)

Dr. Irene Karper LL.M.Eur.
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany

Technical and Legal Evaluator (until 06/2018)

Prof. Dr. Friedrich Holl
Hektorstr. 7
10711 Berlin
Germany

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for Lidl Stiftung & Co. KG

© 2008 - 2019 | EuroPriSe GmbH - European Privacy Seal | Handelsregister-Nr. (Commercial Register No.): Bonn HRB 20387

No responsibility for the accuracy of the information. Contact | Privacy Notice | Imprint

Product/Version

REISSWOLF f.i.t.

v1.5; service function as provided in 05/2018

Qualification: IT product and IT-based service (processor service)

View the REISSWOLF f.i.t. certificate

Version of Certification Criteria

11/2011

Cert. No.

EP-S-X5TSCN

Validity

24/05/2018 - 31/05/2020

Monitoring

01/2019

09/2019

Public Report

f.i.t. Short Public Report Image Image 

Manufacturer/Provider

REISSWOLF Systems GmbH

Im Heegen 13
22113 Oststeinbek
Germany

BEST

Access policies can be used to restrict system usage to specific times of the day and/or IP addresses to reduce the attack vector for third-party access. A user session is controlled by means of a cross-tab synchronised session countdown.

ATTENTION

Regarding the processing of personal data on third persons by means of f.i.t., it must be highlighted that the (usually) corporate users of the service qualify as controllers whereas REISSWOLF Systems GmbH acts as a processor on behalf of the users. Customers are advised that the legitimate use of the service may require the collection of the data subject's consent and/or declaration of release from confidentiality.

SUMMARY

REISSWOLF f. i. t. is a web-based archiving system for data storage and access. It serves the purpose of uploading, storing, managing and exchanging data in the sense of a document management system. f.i.t. is a web application that can be used with common internet browsers. 

DETAILS

REISSWOLF f. i. t. is primarily designed for commercial use. It is distributed by REISSWOLF Systems GmbH and operated as Software as a Service (SaaS) in a data center in Germany.

The ToE includes

  • The web-based service REISSWOLF f.i.t. (for details, please cf. the short public report)

It does not include

  • REISSWOLF f.i.t. mobile app
  • REISSWOLF f.i.t. hotfolder
  • Office module
  • Teamviewer
  • Other alternative interfaces to clients

Technical + Legal Evaluator

Ann-Karina Wrede
Innungsstraße 7
21244 Buchholz
Germany

Initial Certification: 05/2018

REISSWOLF f.i.t. provides a web-based service that enables companies to upload, store, manage and exchange data in the sense of a document management system. Users of the service are controllers in respect of personal data on third persons that is processed by means of f.i.t.. The service is designed in a way that facilitates the users' compliance with EU data protection law.

Image

Disclaimer:

This register is kept with the utmost care. However, EuroPriSe does NOT guarantee the accuracy of information found on the Site. Your reliance on information found on the Site is at your own risk.

Image

European Privacy Seal for REISSWOLF f.i.t.