PLASTRADE Packaging Kft. (hereinafter referred to as ’Data Controller’) is committed to protecting personal data provided by visitors and users (hereinafter referred to as ’User’) of its website (www.plastrade.net) in accordance with provisions of applicable laws, ensuring safe and fair data management.
This Privacy Policy provides a transparent description of the purpose, the legal basis, the method, and the duration of the management of all data provided during the sign up process, the data protection measures, the possibilities for the enforcement of rights, as well as the contact details of the competent appeals authorities.

By using the services, the website (use and sign up are both free of charge), or signing up for the newsletter, the User accepts and considers the provisions of this Privacy Policy binding.

The scope of this Privacy Policy covers all data processing (printed and electronic), all natural and legal persons or organizations contracted with the Data Controller at the extent of the respective confidentiality statement.

This Privacy Policy forms an inseparable part of the sign up. By reading and accepting it, the User expressly consents to that the Data Controller processes the data specified in this Privacy Policy and provided upon sign up. By accepting this Privacy Policy and through double opt-in, the User expressly consents to receive newsletters from the Data Controller. The User may ask the Data Controller at any time to change or delete personal data stored.

01.   Details of the Data Controller

Company: PLASTRADE Packaging Kft.
Business Registration Number: 02-09-063265 | VAT Number: 11019318-2-02
Headquarters: H-7960 Drávasztára, Zrínyi utca 6. | Office: H-1025 Budapest, Szépvölgyi út 52.
Phone: +36 1 886 92 25 | Email Address: plastrade@plastrade.hu | Website: http://www.plastrade.hu

02.   Purpose

Personal data collected will be used for the following purposes:

  • provision of services displayed on the Data Controller’s website in compliance with quality, statutory, and accounting requirements;
  • contact, information;
  • providing customer service;
  • ongoing updating of customer data records;
  • posting notices for non-commercial purposes;
  • enhancing user experience;
  • advertising for (direct) marketing;
  • running competitions;
  • preventing unauthorized access to personal data.

Data processing for the above purposes is only done in compliance with statutory regulations, to the extent and for the time necessary for the realization of the goals, only with personal data necessary for or suitable to achieving the above objectives.

03.   Legal Basis and Legislative Framework

This Privacy Policy applies to the storage and processing of personal data by the Data Controller, provided with the voluntary, definite, unambiguous and express consent of the User in line with EU regulation 2016/679, a.k.a the General Data Protection Regulation (GDPR), as well as Hungarian national laws 1995/CXIX., 2001/CVIII., 2008/XLVII., 2008/XLVIII., 2011/CXII..

The Data Controller acknowledges to be bound by the content of this Privacy Policy and ensures that any data processing is in compliance with applicable laws.
The Data Controller reserves the right to amend this Privacy Policy unilaterally in accordance with the provisions of the law, but must inform the User of any change(s) in advance via the email address provided by the User. In the absence of the User’s feedback (protest, cancelling subscription, etc.), those changes shall be deemed to be accepted.

The User is solely responsible for the authenticity and accuracy of the provided personal data. The User also warrants that the consent of a third party to process his/her personal data has been lawfully obtained from the person concerned.

On behalf of a minor who has not reached the age of 14, as well as the otherwise incapacitated User, the legal representative may give the consent. A minor who has reached the age of 14 but who is under 16 years of age or who is otherwise limitedly incapacitated can agree to the data processing with the consent or subsequent approval of his/her legal representative. A minor User who is 16 years of age can consent independently. In any case, it is the responsibility of the User or the legal representative to guarantee the compliance with applicable laws.

The User may consent to the use of the provided personal data for promotional or other (direct) marketing purposes, which may be withdrawn at any time without restriction or justification. The User has to express his/her consent by checking the respective box(es) when signing up.

04.   Data Subjects

The scope of this Privacy Policy covers all persons whose data are included in data management covered by this Privacy Policy, whose rights or legitimate interests are affected by data handling, i.e. primarily visitors of the website of the Data Controller, users of its various functions or those who have expressively signed up through the website, and participants of various campaigns and competitions launched by the Data Controller.

05.   Processed Data and Source of Collected Data

When signing up online, the User will provide the following personal data:

  • last name and first name;
  • email address or, in case of competitions, (mobile) phone number.

The Data Controller does not assume responsibility for the authenticity of the personal data provided by the User (who is solely responsible).
If the personal data does not correspond to the reality or the reality of the personal data is available, the Data Controller corrects it.

06.   Duration

The Data Controller will handle the collected data until the User requests their deletion or subscribes from the newsletter. However, the data will never be kept for longer than necessary in order to complete the activity for which it was collected in the first place.
The consent to process data (except if required by law) and/or to receive promotional direct marketing can be withdrawn at any time, without explanation and free of charge via the link in the footer of the newsletter or by sending a request to the Data Controller’s email or postal address.

Instead of deleting the data on the request of the User, the Data Controller blocks personal data if, based on the information available, it is assumed that deletion would violate the legitimate interests of the User. The personal data so blocked will only be handled by the Data Controller for as long as the purpose of the data management, that excludes the deletion of those data, is achieved.

The User’s personal data will be deleted by the Data Controller, if

  • their handling is unlawful;
  • the purpose of data management has ceased or the statutory deadline for data storage has expired;
  • ordered by the court or by the National Authority for Data Protection and Freedom of Information;
  • data processing is incomplete or incorrect (and this condition cannot be legally remedied), provided that the deletion is not excluded by law.

The Data Controller may handle the personal data – in the absence of a different provision of the law, without further consent – even after the withdrawal of the User’s consent in order to fulfill its legal obligations and to enforce the legitimate interests of its own or a third party, if the enforcement of these interests are proportional to the limitation of the right to the protection of personal data.

07.   Data Processing

For the purpose of collecting, recording, and storing data, operating the website, as well as performing various marketing activities, the Data Controller uses Data Processors who cannot make any substantive decision on data management, are to process, store, and retain personal data that has come to their knowledge only in accordance with the provisions of the Data Controller, and are not allowed to perform data processing for their own purposes:

  • Aigner Iván e.v. (registration number: 50740457; VAT number: 67772427-1-41; headquarters: 1037 Budapest, Folyondár u. 15/F, Hungary) | newsletters, promotions and marketing, webhosting;
  • Facebook Inc. (1601 Willow Road, Menlo Park, CA 94025, USA; https://www.facebook.com) | apps, content sharing, advertising, remarketing, competition (Facebook);
  • Free Software Foundation Inc. (51 Franklin St, Fifth Floor, Boston, MA 02110, USA; https://wordpress.org) | content management and blogging (WordPress);
  • Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) | Google Analytics (web analytics), Google AdWords (advertising, remarketing);
  • LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland; https://www.linkedin.com) | professional networking (LinkedIn);
  • Rocket Science Group LLC (675 Ponce de Leon Avenue NE, Suite 5000, Atlanta, GA 30308, USA; https://mailchimp.com) | newsletter service (MailChimp);
  • Webonic Kft. (company registration number: 07-09-025725; VAT number: 25138205-2-07; headquarters: 8000 Székesfehérvár, Budai út 14.; https://www.webonic.hu; data handling registration number: NAIH-91865/2015.) | webhosting service.

08.   Data Transmission

The Data Controller transmits personal data provided by the User to a third party only if expressly consented to by the User or if the Data Controller is required to do so by law. If the User’s personal data are to be disclosed to a third party or authority, the Data Controller shall immediately notify the User via email.

In the world of the Internet, to ensure customized information and personalized service, it is important for the Data Controller to individually identify the User’s habits and needs. The purpose of anonymous identification is to improve the quality of services, to analyze the functionality of the website, as well as to understand user habits and preferences (such as searches, page openings, collecting and tracking data on frequently used or recurring functions) for providing relevant content and customized ads.
Under amended Council Directive 2002/58/EC and according to Section 155 (4) of Hungarian Act 2003/C. on electronic communications, when visiting the web site operated by the Data Controller, small data files, called cookies, are placed – with the explicit consent of the User, unless it is indispensable for the use of the website or the services available to it –on the User’s computer. Those improve the user experience and enable an analysis of the User’s preferences (such as language, various display features and information selected by the User, providing anonymous data to a third party). The cookie of a browser (Google Chrome, Internet Explorer, Mozilla Firefox, Safari, etc.) can be rejected by selecting the appropriate settings of the browser used (in the Help or Support section of the browser, as well as on http://www.aboutcookies.org) and deleted from the User’s device. However, the convenience features provided by cookies will not be available.

For shared content on various social networking sites (such as Facebook, Google+, etc.) and for embedded services and applications operated by an external service provider, their operators are considered to be the data controller, thus, their respective terms of use and privacy policies apply. Of course, the Data Controller manages the data transmitted as specified in this Privacy Policy.
When installing an application that is available on a social networking site of the Data Controller, the personal data specified in the relevant privacy policy of its operator will be made available to the Data Processor, based on the the User’s voluntary consent, in accordance with the data protection principles of the operator of the social networking site (as laid out in the Privacy Policy or Data Policy). If a particular application refers to this Privacy Policy, the data management of the Data Controller applies; in other cases, data management corresponding to the service provided by the social networking site (e.g. app removal, posting, etc.) will be governed by the privacy policy of the social networking site’s operator.
Deleting apps can be done in the user settings of the respective social networking site. Details of data management of competitions available on any social networking site of the Data Controller are always determined in the description and rules of the respective competition. Deleting an app of the Data Controller does not necessarily withdraw the User’s consent for receiving direct marketing.

For the operation of its website, the Data Controller uses external companies (Facebook Inc. and Google Inc. – hereinafter referred to as ‘External Company’), independent from the Data Controller, providing web analytics and ad serving services (Facebook, Google Analytics, Google AdMob, Google AdSense, Google AdWords).
The External Company uses cookies and web beacons to help gather information and analyze site traffic. The information stored by the cookie (including the User’s IP address) is stored on the External Company’s servers located in the United States of America. Based on a statutory or information processing mandate, the External Company may transfer the collected data to third parties.
In the context of remarketing, the External Company places cookies on the User’s device that anonymously track and monitor the User’s online behavior, based on which the External Company makes them available advertising on other websites corresponding to his/her online behavior and interests (remarketing lists do not contain the User’s personal information and , therefore, make person identification not possible). The tracking cookie allows the External Company to identify the User on other websites, too.
For more information, read Google’s Privacy Policy and Facebook’s Privacy Policy. Check out Google’s Cookie Policy and Facebook’s Cookie Policy to find out more on processing of collected data, blocking cookies, and customizing ads.

Based on the User’s settings, by using the Data Controller’s website, mobile or tablet apps, the User voluntarily, decisively, unequivocally, and expressly consents to the use of the information related to his person for the purposes and with the methods indicated above. Of course, the User has the choice to ignore all convenience features by refusing the use of cookies.

09.   Data Protection

The Data Controller, together with server operators, is ensuring the security of data and data files managed at its premises guarded 24/7 and accessible only with key by taking necessary technical, operational, and organizational measures with the use of password-protected devices and appropriate antivirus protection in order to protect those against unauthorized access, alteration, transmission, disclosure, (accidental) destruction, corruption, and inaccessibility.
Every member of the Data Controller’s personnel with access to data management and data processing, as well as all natural and legal persons or entities without legal personality being in a contractual relationship with the Data Controller, are bound to preserve the confidentiality of the processed data in compliance with the provisions of the confidentiality statement of their respective agreement.

10.   Request information, Enforcement Claim, and Protest

The User is entitled to request information at any time via the contact details of the Data Controller and to receive – within 30 days of the submission of the request, in an understandable form – personal data relating to him/her, processed by the Data Controller and the Data Processor, as well as information on the purpose, the legal basis, the duration of data processing, the name and contact of the data processor, the legal basis and addressee of data transmission, and the data management activity.
Any legal authority (court, prosecutor’s office, investigating authority, authority dealing with administrative offenses, administrative authority, National Authority for Data Protection and Freedom of Information) or any other authority under or empowered by the law may request the Data Controller to provide information, transmit data, or provide documentation. The Data Controller provides the requesting body – if it indicates the exact purpose and scope of the data – with the personal data indispensable for achieving the purpose of the request.

Any information or deletion request received from the email address previously given to the Data Controller is considered by the Data Controller as a claim from the User. Requests due to abusive activity of a third party, from any other email address or submission in writing are subject to verification of the relation between the identity of the User and his/her personal data (in compliance with applicable law).
Upon the User’s death, any close relative or the beneficiary who has been granted a will shall be able to request deletion of the User’s data by submitting the death certificate or its copy to the Data Controller’s email address.

The person concerned may object to the processing of his/her personal data via any of the Data Controller’s contact details, if the processing (transmission) of personal data is only necessary to enforce the legitimate interests of the Data Controller, the receiver of the data, or a third party (unless data management is ordered by law); the use or transmission of personal data is done for marketing purposes, polling, or scientific research; as well as in other case specified by law.
The Data Controller shall – with simultaneous suspension of data handling – examine the protest within 15 days from the submission of the application and inform the applicant in writing of the outcome thereof. If the protest is warranted, the Data Controller shall stop data processing (including further data collection and transmission), block the data, and inform all parties that were previously transmitted the data in question, as well as those who are obliged to take action in enforcing the right to protest on both the protest and the measures taken (the notice is not necessary, if this does not violate the User’s rightful interest regarding the purpose of the data management).

11.   Enforcement

In the event of alleged infringement of the User’s personal data or disagreement with the decision regarding his/her protest (within 30 days from the date of his/her notice), the User may bring the matter before a court. The court proceeds forthwith.

Remedies and complaints should be lodged to the National Authority for Data Protection and Freedom of Information (H-1125 Budapest, Szilágyi Erzsébet fasor 22/C; mailing address: H-1530 Budapest, Pf. 5; +36 1 391 1400; privacy@naih.hu).

Questions, comments, and requests regarding this Privacy Policy are welcomed and should be sent to our email address: plastrade@plastrade.hu.

Budapest, May 25, 2018

 

Zsuzsanna Papp
Managing Director