PLASTRADE Packaging Kft. (hereinafter referred to as ’Data Controller’) is committed to protecting personal data provided by visitors and users (hereinafter referred to as ’User’) of its website (www.plastrade.net) in accordance with provisions of applicable laws, ensuring safe and fair data management.
01. Details of the Data Controller
Company: PLASTRADE Packaging Kft.
Business Registration Number: 02-09-063265 | VAT Number: 11019318-2-02
Headquarters: H-7960 Drávasztára, Zrínyi utca 6. | Office: H-1025 Budapest, Szépvölgyi út 52.
Phone: +36 1 886 92 25 | Email Address: email@example.com | Website: http://www.plastrade.hu
Personal data collected will be used for the following purposes:
- provision of services displayed on the Data Controller’s website in compliance with quality, statutory, and accounting requirements;
- contact, information;
- providing customer service;
- ongoing updating of customer data records;
- posting notices for non-commercial purposes;
- enhancing user experience;
- advertising for (direct) marketing;
- running competitions;
- preventing unauthorized access to personal data.
Data processing for the above purposes is only done in compliance with statutory regulations, to the extent and for the time necessary for the realization of the goals, only with personal data necessary for or suitable to achieving the above objectives.
03. Legal Basis and Legislative Framework
The User is solely responsible for the authenticity and accuracy of the provided personal data. The User also warrants that the consent of a third party to process his/her personal data has been lawfully obtained from the person concerned.
On behalf of a minor who has not reached the age of 14, as well as the otherwise incapacitated User, the legal representative may give the consent. A minor who has reached the age of 14 but who is under 16 years of age or who is otherwise limitedly incapacitated can agree to the data processing with the consent or subsequent approval of his/her legal representative. A minor User who is 16 years of age can consent independently. In any case, it is the responsibility of the User or the legal representative to guarantee the compliance with applicable laws.
The User may consent to the use of the provided personal data for promotional or other (direct) marketing purposes, which may be withdrawn at any time without restriction or justification. The User has to express his/her consent by checking the respective box(es) when signing up.
04. Data Subjects
05. Processed Data and Source of Collected Data
When signing up online, the User will provide the following personal data:
- last name and first name;
- email address or, in case of competitions, (mobile) phone number.
The Data Controller does not assume responsibility for the authenticity of the personal data provided by the User (who is solely responsible).
If the personal data does not correspond to the reality or the reality of the personal data is available, the Data Controller corrects it.
The Data Controller will handle the collected data until the User requests their deletion or subscribes from the newsletter. However, the data will never be kept for longer than necessary in order to complete the activity for which it was collected in the first place.
The consent to process data (except if required by law) and/or to receive promotional direct marketing can be withdrawn at any time, without explanation and free of charge via the link in the footer of the newsletter or by sending a request to the Data Controller’s email or postal address.
Instead of deleting the data on the request of the User, the Data Controller blocks personal data if, based on the information available, it is assumed that deletion would violate the legitimate interests of the User. The personal data so blocked will only be handled by the Data Controller for as long as the purpose of the data management, that excludes the deletion of those data, is achieved.
The User’s personal data will be deleted by the Data Controller, if
- their handling is unlawful;
- the purpose of data management has ceased or the statutory deadline for data storage has expired;
- ordered by the court or by the National Authority for Data Protection and Freedom of Information;
- data processing is incomplete or incorrect (and this condition cannot be legally remedied), provided that the deletion is not excluded by law.
The Data Controller may handle the personal data – in the absence of a different provision of the law, without further consent – even after the withdrawal of the User’s consent in order to fulfill its legal obligations and to enforce the legitimate interests of its own or a third party, if the enforcement of these interests are proportional to the limitation of the right to the protection of personal data.
07. Data Processing
For the purpose of collecting, recording, and storing data, operating the website, as well as performing various marketing activities, the Data Controller uses Data Processors who cannot make any substantive decision on data management, are to process, store, and retain personal data that has come to their knowledge only in accordance with the provisions of the Data Controller, and are not allowed to perform data processing for their own purposes:
- Aigner Iván e.v. (registration number: 50740457; VAT number: 67772427-1-41; headquarters: 1037 Budapest, Folyondár u. 15/F, Hungary) | newsletters, promotions and marketing, webhosting;
- Facebook Inc. (1601 Willow Road, Menlo Park, CA 94025, USA; https://www.facebook.com) | apps, content sharing, advertising, remarketing, competition (Facebook);
- Free Software Foundation Inc. (51 Franklin St, Fifth Floor, Boston, MA 02110, USA; https://wordpress.org) | content management and blogging (WordPress);
- Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) | Google Analytics (web analytics), Google AdWords (advertising, remarketing);
- LinkedIn Ireland Unlimited Company (Wilton Plaza, Wilton Place, Dublin 2, Ireland; https://www.linkedin.com) | professional networking (LinkedIn);
- Rocket Science Group LLC (675 Ponce de Leon Avenue NE, Suite 5000, Atlanta, GA 30308, USA; https://mailchimp.com) | newsletter service (MailChimp);
- Webonic Kft. (company registration number: 07-09-025725; VAT number: 25138205-2-07; headquarters: 8000 Székesfehérvár, Budai út 14.; https://www.webonic.hu; data handling registration number: NAIH-91865/2015.) | webhosting service.
08. Data Transmission
The Data Controller transmits personal data provided by the User to a third party only if expressly consented to by the User or if the Data Controller is required to do so by law. If the User’s personal data are to be disclosed to a third party or authority, the Data Controller shall immediately notify the User via email.
In the world of the Internet, to ensure customized information and personalized service, it is important for the Data Controller to individually identify the User’s habits and needs. The purpose of anonymous identification is to improve the quality of services, to analyze the functionality of the website, as well as to understand user habits and preferences (such as searches, page openings, collecting and tracking data on frequently used or recurring functions) for providing relevant content and customized ads.
Under amended Council Directive 2002/58/EC and according to Section 155 (4) of Hungarian Act 2003/C. on electronic communications, when visiting the web site operated by the Data Controller, small data files, called cookies, are placed – with the explicit consent of the User, unless it is indispensable for the use of the website or the services available to it –on the User’s computer. Those improve the user experience and enable an analysis of the User’s preferences (such as language, various display features and information selected by the User, providing anonymous data to a third party). The cookie of a browser (Google Chrome, Internet Explorer, Mozilla Firefox, Safari, etc.) can be rejected by selecting the appropriate settings of the browser used (in the Help or Support section of the browser, as well as on http://www.aboutcookies.org) and deleted from the User’s device. However, the convenience features provided by cookies will not be available.
Deleting apps can be done in the user settings of the respective social networking site. Details of data management of competitions available on any social networking site of the Data Controller are always determined in the description and rules of the respective competition. Deleting an app of the Data Controller does not necessarily withdraw the User’s consent for receiving direct marketing.
For the operation of its website, the Data Controller uses external companies (Facebook Inc. and Google Inc. – hereinafter referred to as ‘External Company’), independent from the Data Controller, providing web analytics and ad serving services (Facebook, Google Analytics, Google AdMob, Google AdSense, Google AdWords).
In the context of remarketing, the External Company places cookies on the User’s device that anonymously track and monitor the User’s online behavior, based on which the External Company makes them available advertising on other websites corresponding to his/her online behavior and interests (remarketing lists do not contain the User’s personal information and , therefore, make person identification not possible). The tracking cookie allows the External Company to identify the User on other websites, too.
09. Data Protection
The Data Controller, together with server operators, is ensuring the security of data and data files managed at its premises guarded 24/7 and accessible only with key by taking necessary technical, operational, and organizational measures with the use of password-protected devices and appropriate antivirus protection in order to protect those against unauthorized access, alteration, transmission, disclosure, (accidental) destruction, corruption, and inaccessibility.
Every member of the Data Controller’s personnel with access to data management and data processing, as well as all natural and legal persons or entities without legal personality being in a contractual relationship with the Data Controller, are bound to preserve the confidentiality of the processed data in compliance with the provisions of the confidentiality statement of their respective agreement.
10. Request information, Enforcement Claim, and Protest
The User is entitled to request information at any time via the contact details of the Data Controller and to receive – within 30 days of the submission of the request, in an understandable form – personal data relating to him/her, processed by the Data Controller and the Data Processor, as well as information on the purpose, the legal basis, the duration of data processing, the name and contact of the data processor, the legal basis and addressee of data transmission, and the data management activity.
Any legal authority (court, prosecutor’s office, investigating authority, authority dealing with administrative offenses, administrative authority, National Authority for Data Protection and Freedom of Information) or any other authority under or empowered by the law may request the Data Controller to provide information, transmit data, or provide documentation. The Data Controller provides the requesting body – if it indicates the exact purpose and scope of the data – with the personal data indispensable for achieving the purpose of the request.
Any information or deletion request received from the email address previously given to the Data Controller is considered by the Data Controller as a claim from the User. Requests due to abusive activity of a third party, from any other email address or submission in writing are subject to verification of the relation between the identity of the User and his/her personal data (in compliance with applicable law).
Upon the User’s death, any close relative or the beneficiary who has been granted a will shall be able to request deletion of the User’s data by submitting the death certificate or its copy to the Data Controller’s email address.
The person concerned may object to the processing of his/her personal data via any of the Data Controller’s contact details, if the processing (transmission) of personal data is only necessary to enforce the legitimate interests of the Data Controller, the receiver of the data, or a third party (unless data management is ordered by law); the use or transmission of personal data is done for marketing purposes, polling, or scientific research; as well as in other case specified by law.
The Data Controller shall – with simultaneous suspension of data handling – examine the protest within 15 days from the submission of the application and inform the applicant in writing of the outcome thereof. If the protest is warranted, the Data Controller shall stop data processing (including further data collection and transmission), block the data, and inform all parties that were previously transmitted the data in question, as well as those who are obliged to take action in enforcing the right to protest on both the protest and the measures taken (the notice is not necessary, if this does not violate the User’s rightful interest regarding the purpose of the data management).
In the event of alleged infringement of the User’s personal data or disagreement with the decision regarding his/her protest (within 30 days from the date of his/her notice), the User may bring the matter before a court. The court proceeds forthwith.
Remedies and complaints should be lodged to the National Authority for Data Protection and Freedom of Information (H-1125 Budapest, Szilágyi Erzsébet fasor 22/C; mailing address: H-1530 Budapest, Pf. 5; +36 1 391 1400; firstname.lastname@example.org).
Budapest, May 25, 2018