1 Data protection declaration
The digital sales platform (web shop) called DigitAll360° (referred to hereinafter as "DigitAll360°" or "web shop" or our "website"), run by NEOPAC Hungary Ltd., is governed by Hungarian and European data privacy laws, in particular the General Data Protection Regulation (GDPR) of the European Union (EU).
Access to our web shop is provided by means of transport encryption (SSL/TLS).
We are delighted that you have expressed an interest in our company and service. Data protection is particularly important to us. The DigitAll360° website may in principle be used without any indication of personal data. However, if an individual wishes to avail of the services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and no legal basis is provided for the said processing, we will generally request the approval of the data subject.
The processing of personal data such as the name, address, email address or phone number of the data subject is carried out in accordance with the statutory data protection provisions. Our company wishes to inform the public by means of this data protection declaration about the nature, scope and purpose of the personal data that we record, use and process. The data subjects will also be informed about their rights by means of this data protection declaration.
As the data controller, NEOPAC Hungary Ltd. has implemented various technical and organizational measures in order to guarantee complete protection of the personal data processed via this web shop as far as possible. However, Internet based data transfers may present security flaws, which means that absolute protection cannot be guaranteed. Therefore, each data subject will have the right to transmit personal data to us by alternative means, for example by phone.
The data protection declaration drawn up by NEOPAC Hungary Ltd. is based on the concepts used by European legislators and regulators when issuing the General Data Protection Regulation (GDPR). Our data protection declaration is intended to be clear and easy to understand both for the public and for our customers and business partners. In order to guarantee this, we would like to explain the concepts used at the outset.
We use the following concepts among others in this data protection declaration:
a) Personal data
Personal data is all information, which relates to an identified or identifiable individual (referred to hereinafter as the "data subject"). An individual is considered to be identifiable if they can be identified directly or indirectly, in particular by means of association with identifying information such as a name, a reference number, location data, an on-line reference or one or more specific characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of this individual.
b) Data subject
A data subject is any identified or identifiable individual whose personal data is processed by the responsible party.
Processing is any procedure carried out with or without the help of automated processes or any such series of procedures relating to personal data such as collection, recording, organization, ordering, storing, adaptation, amendment, reading, retrieval, use, disclosure by means of transmission, circulation or any other form of provision, comparison, linking, limitation, deletion or destruction.
d) Limitation of processing
The limitation of processing is the marking of saved personal data with the aim of limiting its processing in the future.
Profiling is any kind of automated processing of personal data which consists of this personal data being used to evaluate specific personal aspects concerning an individual, and in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, residence or relocation of this individual.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be associated with a specific individual without additional information, insofar as this additional information is kept separately and is subject to technical and organizational measures, which guarantee that the personal data cannot be associated with an identified or identifiable individual.
g) Data controller
The data controller is a natural or legal entity, authority, facility or other body which makes decisions concerning the processing of personal data either independently or in cooperation with other parties.
The processor is a natural or legal entity, authority, facility or other body, which processes personal data on behalf of the data controller.
A recipient is a natural or legal entity, authority, facility or other body which has been provided with personal data which may or may not be a third party.
j) Third party A third party is a natural or legal entity, authority, facility or other body apart from the data subject, the data controller, the processor and individuals authorized under the direct responsibility of the data controller or processor to process personal data.
Consent is any statement of intent provided on a voluntary basis by the data subject for the specific case involved in an informed, unambiguous manner in the form of a declaration or other clear, affirmative act whereby the data subject states that they agree to the processing of their personal data.
3 Name and address of the data controller
Requests presented by supervisory authorities or data subjects to the data controller are generally sent by email but may also be sent by post:
NEOPAC Hungary Ltd.
Hoffmann utca 1.
4 Information that you provide to us
This is information about you that you provide to us by:
- Completing forms on our web shop (or other forms that we ask you to complete),
- Presenting a business card (or similar),
- Corresponding with us by telephone, post, email or any other means,
- Account information such as your address, be it for delivery reasons or such,
- Billing information.
This information may include, for example, your name, address, email address and telephone number, information on your business relationship with us and information on your professional role, background and interests.
When you make a purchase or attempt to make a purchase through the website, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number. See section 6 below.
Additionally, when you visit the website, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. We also collect information about the individual web pages or products that you view, what websites or search terms referred you to the website, and information about how you interact with the website.
We collect this device information using the following technologies:
"Cookies" are data files that are placed on your device or computer and often include an anonymous unique identifier.
"Log files" track actions occurring on the website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
"Web beacons", "tags", and "pixels" are electronic files used to record information about how you browse the website.See sections 7-8 below. We use the personal data that we collect to
- fulfill any orders placed through the web shop (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations),
- provide you with information or advertising relating to our products or services, in line with the preferences you have shared with us,
- help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our website (for example, by generating analytics about how our customers browse and interact with the website, and to assess the success of our marketing and advertising campaigns),
- comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
5 Other information
We may also obtain certain information from other sources. For example:
- If we have a business relationship with the organization that you represent, your colleagues or other business contacts may provide us with information about you such as your contact data or details of your role in the business relationship.
- We sometimes collect information from external providers or publicly accessible sources on the combating of money laundering, background controls and similar purposes in order to protect our business and comply with our statutory and regulatory obligations.
Data processing based on Hungarian Act CVIII of 2001 on certain aspects of e-commerce and information society services ("E-commerce Act"):
Processed data: name, place and date of birth, mother's name (together as to "identity data of a natural person") and address, which are required to identify the user
Legal basis: E-commerce Act 13/A. § (1)
Objective: to establish a contract for the provision of an information society service, to define its content, to modify it, to monitor its fulfillment, to invoice the fees and to enforce the related claims
Duration: data must be deleted after the non-conclusion of the contract, termination of the contract and invoicing
Processed data: identity data of a natural person related to the use of the information society service, address and data on the date, duration and place of the use of the service
Legal basis: E-commerce Act 13/A. § (2)
Purpose: to invoice the fees arising from the contract for the provision of an information society service
Duration: data must be deleted after non-conclusion of the contract, termination of the contract and invoicing
Processed data: personal data which are technically necessary for the provision of the service, but only to the extent and for the time necessary
Legal basis: E-commerce Act 13/A. § (3)
Purpose: to provide the service
Duration: data must be deleted after the non-conclusion of the contract, the termination of the contract and the invoicing
Processed data: data related to the use of the service (cannot be linked to the user’s identity data and cannot be transferred to a third party without the user's consent)
Legal basis: consent of the user
Objective: to increase the efficiency of the service, to deliver electronic advertising or other targeted content to the user, market research
Duration: data must be deleted if the purpose of data processing has completed or the user so provides (data processing may be prohibited by the user at any time before and during the use of the service)
Customer's data are also stored in SAP enterprise resource planning system. This system is provided by SAP SE, Dietmar-Hopp-Allee 16, 69190 Walldorf/Germany.
Data processors: SAP experts, external consultants
Scope of data transferred: invoicing and accounting part of SAP
Purpose of data processing: operation of the system by providing access to data
Duration: the time specified above, or until the termination of the contract on which the data processing is based
Legal basis: performance of legal obligations and contracts, legitimate interest of the data controller
By using cookies and web beacons, we are able to provide users of this web shop user-friendly services, which would not be possible without the cookie setting.
The data subject may prevent the setting of cookies by our website at any time by means of the corresponding settings in their Internet browser and may permanently block cookie settings in this way. Cookies which have already been set may also be deleted at any time via an Internet browser or other software program. Web beacons may be blocked at any time in the Internet browser settings or with corresponding browser extensions. This is possible with all the common Internet browsers. If the data subject deactivates the cookie settings and blocks web beacons, it is possible that not all the functions of our website will be fully usable.
8 Recording of general data and information
The DigitAll360° web shop records a series of general data and information each time it is accessed by an individual or automated system. This general data and information is stored in a log file on the server. The following information may be recorded:(1) browser type and versions used,
(2) the operating system used by the accessing system,
(3) the website from which an accessing system arrives at our website (so-called referred),
(4) the sub-websites which are controlled by an accessing system on our website,
(5) the data and time of website access,
(6) an Internet protocol address (IP address),
(7) the Internet service provider of the accessing system and
(8) other similar data and information which may avert danger in the event of attacks on our IT systems.
NEOPAC Hungary Ltd. does not draw any conclusions concerning the data subject in the context of the use of this general data and information. This information is used instead to
(1) present the content of our web shop accurately,
(2) optimize the content of our website and associated advertising,
(3) guarantee the long-term functional capability of our IT systems and website technology and
(4) provide the law enforcement agencies with the necessary information for criminal proceedings in the event of a cyber-attack. This anonymously recorded data and information is evaluated statistically by NEOPAC Hungary Ltd. in order to enhance data protection and security within our firm and to guarantee an optimum level of protection for the personal data that we process. The anonymous data in the server log files is stored separately from all the personal data provided by any data subject.
9 Registering on our website
The data subject has the option of registering on the data controller's website by entering personal data (first name, last name, tax/VAT number if exists, email address, password). The registration creates a customer account which provides many benefits to the data subject by storing data, such as keeping addresses and tracking orders. The personal data to be provided to the data controller is determined from the input mask used for the registration. The personal data entered by the data subject will be recorded and filed exclusively for internal use by the data controller and for the purposes of the latter. The data controller may allow for the transmission of personal data to one or more processors, for example a parcel service provider, who will also use the personal data exclusively for internal purposes, for which the data controller will be responsible.
By registering on the data controller's website, the IP address, date and time of registration entered by the Internet service provider (ISP) of the data subject will also be saved. This data is saved so as to ensure that this is the only way of preventing the abuse of our services and may be used, if necessary, to clarify any criminal acts which have been committed. In this respect, it is necessary to save this data for the protection of the data controller. This data may not in principle be transmitted to third parties unless there is a statutory obligation to do to or this transmission is carried out in the context of criminal proceedings.
The registration of the data subject including their voluntary provision of personal data enables the data controller to offer the individual content or services which can only be offered to registered users due to the nature of the matter at hand. Registered individuals have the option of amending the personal data provided at the time of registration at any time or deleting it completely from the data controller's database.
The data controller will provide all data subjects at any time upon request with information as to which of their personal data has been saved. Furthermore, the data controller may delete personal data at the request or indication of the data subject provided that no statutory retention obligations exist to prevent this. All the data controller’s employees will remain available in this context as contact partners for the data subject.
10 Subscribing to our newsletter
Users of the DigitAll360° website will be offered the possibility of subscribing to the newsletter issued by our company. The personal data to be provided to the data controller when signing up for the newsletter is determined from the input mask used in this context.
NEOPAC Hungary Ltd. will keep its customers, business partners and representatives informed on a regular basis via the newsletter of any offers provided by the firm and any other operational details. Our company’s newsletters can in principle only be received by the data subject if
(1) the individual possesses a valid email address and
(2) the individual has signed up to receive the newsletter.
A confirmation email will be sent as part of the double opt-in procedure for legal reasons to the email address first entered by the data subject in order to receive the newsletter. This confirmation email is used to determine whether the owner of the email address has authorized receipt of the newsletter as a data subject.When an individual signs up for a newsletter, we also save the IP address provided by the Internet service provider (ISP) for the computer system used at the time of registration by the data subject as well as the date and time of registration. It is necessary to register this data in order to trace the (potential) misuse of an individual’s email address at a later point and this registration therefore provides legal protection for the data controller.
The personal data recorded when subscribing to the newsletter will only be used for the purpose of sending our newsletter. Moreover, subscribers to the newsletter may be informed by email if this is necessary for the operation of the newsletter services or an associated registration as is the case if a newsletter offer is amended or the technical circumstances surrounding the case are altered. The personal data recorded within the framework of the newsletter services will not be passed on to third parties. The subscription to our newsletter may be cancelled at any time by the data subject. Consent to the storage of personal data provided by the data subject for the purpose of sending the newsletter may be revoked at any time. A corresponding link is provided in each newsletter, which can be used to revoke this consent. There is also an option to unsubscribe from the newsletter at any time directly via the contact form on the data controller’s website or to notify the data controller by alternative means.
All newsletters will be sent by NEOPAC Hungary Ltd. This procedure is carried out via the "MailChimp" service provider whose data protection declaration can be downloaded here.
11 Newsletter tracking
The DigitAll360° newsletters contain so-called web beacons. A web beacon is a miniature graphic image, which is embedded in emails which are sent in HTML format to make log file recording and analysis possible. This allows for the statistical evaluation of the success or failure of on-line marketing campaigns. Thanks to the embedded web beacons, NEOPAC Hungary Ltd. is able to determine whether and when an email has been opened by a data subject and which links have been activated by the individual in the email.
The personal data recorded by means of the web beacons contained in the newsletters is saved and evaluated by the data controller in order to optimize the sending of newsletters and adapt the content of future newsletters more effectively to the interests of the data subjects. This personal data is not passed on to third parties. The data subjects are authorized to revoke the associated declaration of consent granted by means of the double opt-in procedure at any time. The data controller will delete this personal data following revocation. NEOPAC Hungary Ltd. will automatically interpret the suspension of receipt of the newsletter as revocation.
12 Contact possibilities via the website
In accordance with the legal requirements, the DigitAll360° web shop contains information which allows rapid electronic contact to be established with our company and direct communication to be made with us, which also comprises a general email address. If a data subject makes contact with the data controller by email or via a contact form, the personal data transmitted by the individual will be automatically saved. On the contact form, the following personal data are required: name, email address, phone number and text of the message. This personal data transmitted on a voluntary basis by a data subject to the data controller will be saved for processing purposes or in order to make contact with the individual. This personal data will not be passed on to third parties.
13 Chat message function ("Customer Support") in the web shop
NEOPAC Hungary Ltd. offers users the possibility, by means of a chat service (powered by LiveChat) which can be found in the data controller’s web shop, to leave messages and get instant answers. The service provider’s data protection declaration can be found here: https://www.livechat.com/legal/privacy-policy, https://www.livechat.com/legal/gdpr-faq. By using the chat service, the data subject accepts these provisions.
To use the chat service, the following personal data are necessary: name, email address, subject and text of the message. Some other data (such as IP address, browser information, operating system etc.) are also collected and stored, according to the above mentioned rules.
14 Service Providers as Data Processors
Third party shipping providers with whom we share delivery address, contact information and shipment tracking information for the purposes of facilitating the delivery of items purchased and other delivery related communications.
Legal title: fulfillment of contractual requirement
ShippyPro: Italian Valley Srls (business seat: Via Ricasoli 9, Firenze, Italy)
TNT Express Hungary Kft: (business seat: 1185 Budapest, BUD International Airport Terminal 1., Logistic Centre II., Building 283., Officebuilding)
Third party service provider who help us to provide our Services, payment processing services and where we forward the Buyer’s business name, seat and tax number or the consumer’s name, address and ID number:
Legal title: fulfillment of statutory and contractual requirement
Six Payment Services (Europe) S.A. Hungarian Branch Office: https://www.six-payment-services.com/en/services/legal/privacy-statement.html
15 Use of Google Analytics
16 Google AdWords
This website uses Conversion Tracking in order to improve the site and advertising activities.
This web shop uses Google AdWords Conversion Tracking, a web analysis services provided by Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google") in order to improve the site and advertising activities. The Conversion Tracking cookie is set when a user clicks on an ad inserted by Google. These cookies become invalid after a maximum of 90 days and are not used for personal identification purposes. If you visit certain pages of our website within this period, we and Google can see that you have clicked on the ad and have been taken to this page. Every Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The conversion cookie information obtained is used to create conversion statistics for us. We are able to determine the total number of users who have clicked on our ads and have been taken to our website. However, we do not receive any information relating to your personal identification.
If you do not wish to be involved in tracking, you can easily deactivate the Google Conversion Tracking cookie from the user settings of your Internet browser. You will not then be included in the Conversion Tracking statistics.
17 Use of social plug-ins
Our website uses the functions of the LinkedIn network. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
A connection with the LinkedIn servers is created every time one of our pages containing LinkedIn functions is called up. LinkedIn is notified that you have visited one of our pages via its IP address. If you click on the "Recommend Button" on LinkedIn and are logged into your LinkedIn account, LinkedIn is able to correlate your visit to our website with you and your user account. We should point out that, as a site provider, we are not aware of the content of the data transmitted or how it is used by LinkedIn.
Further information can be found in the LinkedIn data protection declaration available at: https://www.linkedin.com/legal/privacy-policy.
Our website uses so-called social plug-ins ("plug-ins") provided by the Twitter micro-blogging service which are operated by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA ("Twitter"). The plug-ins are identified by a Twitter logo, for example in the form of a blue "Twitter bird". An overview of the Twitter plug-ins with their visual appearance is provided here: https://about.twitter.com/en_us/company/brand-resources.html.
If you call up a page on our website, which contains one of these plug-ins, your browser will create a direct connection with the Twitter server. The content of the plug-in will be transmitted from Twitter directly to your browser and incorporated in the page. Through this incorporation, Twitter receives the information that your browser has called up the corresponding page on our web shop even if you do not possess a Twitter profile or are not logged into Twitter. This information (including your IP address) will be transmitted from your browser directly to a Twitter server where it will be saved.
If you are logged into Twitter, Twitter may directly associate the visit to our website with your Twitter account. If you interact with the plug-ins, for example by activating the "Tweet" button, the corresponding information will again be transmitted directly to a Twitter server where it will be saved. The information will also be published in your Twitter account where your contacts are displayed.
The purpose and scope of data collection and the subsequent processing and use of data by Twitter in addition to your associated rights and configuration options to protect your privacy can be obtained from the data protection information provided by Twitter. https://twitter.com/privacy.
If you do not want Twitter to associate the data collected via our website directly to your Twitter account, you must log out of Twitter before visiting our site. You can also completely block the downloading of Twitter plug-ins by means of browser add-ons, e.g. by using the "NoScript" script blocker (https://noscript.net).
Our website uses so-called social plug-ins ("plug-ins") provided by YouTube which are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"). YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The plug-ins are identified by means of a YouTube logo, for example in the form of a "YouTube button".
Each time an individual page is called up on this website operated by the data controller and in which a YouTube component has been integrated (YouTube video), the Internet browser in the IT system of the data subject will be automatically promoted by the corresponding YouTube components to download a presentation of the latter from YouTube. Further information on YouTube can be obtained from https://www.youtube.com/yt/about. Within the framework of this technical procedure, YouTube and Google obtain information about which specific sub-pages of our website the data subject has visited.
If the data subject is logged into YouTube at the same time, YouTube recognizes which specific sub-pages of our website the data subject has visited when a sub-page containing a YouTube video is called up. This information is collected by YouTube and Google and associated with the corresponding YouTube account of the data subject.
YouTube and Google are therefore always notified via the YouTube components that the individual has visited our website if the latter is logged into YouTube when visiting the site; this is the case regardless of whether the data subject clicks on a YouTube video. If the data subject does not want this information to be transmitted to YouTube and Google, they may prevent this transmission by logging out of their YouTube account before calling up our website.
The data protection regulations published by YouTube, which can be consulted at https://www.google.de/intl/de/policies/privacy, provide information on the collection, processing and use of personal data by YouTube and Google.
Our website uses so-called social plug-ins ("plug-ins") provided by Instagram which are operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ("Instagram"). The plug-ins are identified by means of an Instagram logo, for example in the form of an "Instagram camera" add-on. An overview of the Instagram plug-ins with their visual appearance is provided here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
Your browser will create a direct connection with the Instagram servers when you call up a page on our website which contains one of these plug-ins. The content of the plug-in is transmitted by Instagram directly to your browser and incorporated into the page. This incorporation notifies Instagram that your browser has called up the corresponding page on our website even if you do not have an Instagram profile or have not logged into Instagram. This information (including your IP address) is transferred from your browser directly to an Instagram server in the USA where it is stored.
If you are logged into Instagram, Instagram is able to link the visit to our website directly to your Instagram profile. If you interact with the plug-in, for example by activating the "Instagram" button or leaving a comment, this information is also transferred directly to an Instagram server where it is saved. The information is also published on your Instagram profile and can be seen by your contacts.
The purpose and scope of data collection and the subsequent processing and use of data by Instagram in addition to your associated rights and configuration options to protect your privacy can be obtained from the data protection information provided by Instagram: https://help.instagram.com/155833707900388.
If you do not want Instagram to link the data collected via our website directly with your Instagram account, you will need to log out of Instagram before you visit our website. You can also completely block the downloading of Instagram plug-ins by using add-ons for your browser, e.g. using the "NoScript" script blocker (https://noscript.net).
e) Google Maps
This website uses the Google Maps product provided by Google Inc. By using this website, you declare that you agree to the collection, processing and use of the data which is automatically collected by Google Inc, its representatives and third parties. Google may publish summarized statistics concerning the user’s activities or may pass this information on to users and partners such as publishers, advertisers or associated websites.
18 Routine deletion and blocking of personal data
The data controller only processes and stores personal data relating to the data subject for the length of time required for storage purposes or if this is provided for by European legislators and regulators or another legislative body in laws or regulations by which the data controller is bound.
In the absence of a storage purpose or upon expiry of a storage period provided for by European legislators and regulators or another legislative body, personal data is routinely blocked or deleted according to the statutory regulations.
19 Rights of data subjects
If you wish to avail of one of the following rights, please contact us as specified in section 3.
You can also present complaints concerning our processing of your personal data to the Hungarian National Authority for Data Protection and Freedom of Information (H-1125 Budapest, Szilágyi Erzsébet fasor 22/C., phone number: +36-1-391-1400, email address: firstname.lastname@example.org, website: https://naih.hu).
a) Right to obtain confirmation
All data subjects have the right to request confirmation from the data controller as to whether personal data concerning them is being processed. If the data subject wishes to make us of this right to confirmation, he/she may contact our data protection officer at any time.
b) Right to information
All data subjects concerned by the processing of personal data are granted the right to obtain free information at any time from the data controller concerning their stored personal data together with a copy of this information. The European legislators and regulators will also provide the data subject with information on the following:
- The processing purposes
- The categories of personal data to be processed
- The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular in the case of recipients in third countries or international organizations
- If possible, the planned length of time during which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- The existence of a right to correct or delete personal data or to limit processing by the data protection officer or a right to object to this processing
- The existence of a right to lodge a complaint with a supervisory authority
- If the personal data was not recorded by the data subject: All available information concerning the source of the data
- The existence of automated decision-making including profiling according to Article 22 para. 1 and 4 of the GDPR and (at least in these cases) significant information concerning the logic and scope of the desired effects of this processing for the data subject
- The data subject also has the right to be informed whether personal data will be transmitted to a third country or an international organization. If this is the case, the data subject will also have the right to obtain information concerning suitable guarantees associated with this transmission.
If a data subject wishes to avail of this right to information, he/she may contact our data protection officer at any time.
c) Right of rectification
All data subjects concerned by the processing of personal data are granted the right to request the immediate rectification of incorrect personal data that concerns them. The data subject also has the right to request the completion of incomplete personal data, taking the processing purposes into account, including by means of complementary declaration.
If a data subject wishes to avail of this right of rectification, he/she may contact our data protection officer at any time.
d) Right of deletion (right to be forgotten)
All data subjects concerned by the processing of personal data are granted the right to request that the data controller deletes personal data that concerns them immediately if one of the following grounds applies and if processing is not necessary:
- The personal data has been collected other otherwise processed for purposes which are no longer required.
- The data subject revokes his/her consent on which processing according to Article 6 para. 1 a) of the GDPR or Article 9 para. 2 a) GDPR was based and no alternative legal basis exists for processing.
- The data subject objects to processing according to Article 21 para. 1 of the GDPR and no overriding legitimate grounds exist for processing or the data subject objects to processing according to Article 21 para. 2 of the GDPR.
- The personal data has been processed unlawfully.
- The deletion of personal data is required for the fulfillment of a statutory obligation under EU law or the law of the member states by which the data controller is bound.
- The personal data was collected in relation to information society services offered according to Article 8 para. 1 of the GDPR.
- If one of the above-mentioned grounds applies and a data subject wishes to delete personal data stored by NEOPAC Hungary Ltd., he/she may contact our data protection officer at any time.
If personal data has been made public by NEOPAC Hungary Ltd. and our company is obliged to delete personal data accorder in its capacity as data controller according to Article 17 para. 1 of the GDPR, NEOPAC Hungary Ltd. will take appropriate steps, including those of a technical nature taking into account the technology available and implementation costs, in order to notify other data controllers who process the publicized personal information that the data subject has requested that these other data controllers delete all links to this personal data or copies or duplicates of this personal data insofar as processing is not required. Our data protection officer will take the necessary steps in individual cases.
e) Right to limit processing
All data subjects concerned by the processing of personal data are granted the right to request that the data controller limits processing if one of the following circumstances applies:
- The accuracy of the personal data is disputed by the data subject for a period of time which enables the data controller to verify said accuracy.
- Processing is unlawful, the data subject declines the deletion of the personal data and instead requests that its use be limited.
- The data controller no longer requires the personal data for processing purposes but the data subject requires the data in order to present, assert or defend legal claims.
- The data subject has presented an objection against processing according to Article 21 para 1 of the GDPR and it is not yet clear as to whether the legitimate grounds presented by the data controller outweigh those of the data subject.
- If one of the above-mentioned circumstances applies and a data subject wishes to request the limitation of personal data stored by NEOPAC Hungary Ltd., he/she may contact our data protection officer at any time.
f) Right to data portability
All data subjects concerned by the processing of personal data are granted the right to receive the personal data that concerns them, which has been provided by the data subject to the data controller, in a structured, current, machine-readable format. They also have the right to pass on this data to another data controller without restriction by the data controller to whom the personal data was provided insofar as processing is based on consent according to Article 6 para. 1 a) or Article 9 para. 2 a) of the GDPR or on a contract according to Article 6 para. 1 b) of the GDPR and processing was carried out by means of an automated procedure insofar as the processing is not required for the completion of a task which is in the public interest or in the exercise of official authority which has been transferred to the data controller.
When exercising his/her right to data portability according to Article 20 para 1 of the GDPR, the data subject also has the right to arrange for personal data to be transmitted directly from one data controller to another if this is technically feasible and provided that this does not violate the rights and freedom of other individuals.
If the data subject wishes to avail of the right to data portability, he/she may contact our data protection officer at any time.
g) Right to object
All data subjects concerned by the processing of personal data are granted the right to present objections at any time against the processing of personal data that concerns them on the basis of Article 6 paras. e) and f) of the GDPR on grounds which stem from their specific situation. This also applies to profiling underpinned by these provisions.
NEOPAC Hungary Ltd. will no longer process personal data in the case of an objection unless we are able to prove that essential grounds for protection exist which outweigh the interests, rights and freedoms of the data subject or processing serves to present, assert or defend legal claims.
The data subject has the right to present an objection against the processing of personal data at any time if NEOPAC Hungary Ltd. processes said data for direct advertising purposes. This also applies to profiling insofar as it relates to such direct advertising. If the data subject objects to NEOPAC Hungary Ltd. processing data for the purposes of direct advertising, we will no longer process personal data for this purpose.
The data subject also has the right, on grounds stemming from their specific situation, to present an objection against the processing of their personal data by NEOPAC Hungary Ltd. for scientific or historical research purposes or for statistical purposes according to Article 89 para. 1 of the GDPR unless this processing is required in order to fulfill a task which is in the public interest.
If the data subject wishes to avail of the right to object, he/she may contact our data protection officer directly. The data subject may also exercise the right to object by means of an automated procedure, whereby technical specifications will be applied, in the context of the use of information society services, notwithstanding guideline 2002/58/EC.
h) Automated decisions in individual cases including profiling
All data subjects concerned by the processing of personal data are granted the right not to be bound by an exclusive decision based on automated processing (including profiling) which produces a legal effect or otherwise significantly restricts them insofar as the decision (1) is not required for the conclusion or fulfillment of a contract between the data subject and the data controller or (2) is authorized on the basis of the legal provisions of the EU or the member states governing the data controller and these legal provisions contain appropriate measures to maintain rights and freedoms and the legitimate interests of the data subject or (3) has been reached with the specific consent of the data subject.
If the decision (1) is required for the conclusion or fulfillment of a contract between the data subject and the data controller or (2) if it is reached with the specific consent of the data subject, NEOPAC Hungary Ltd. will take appropriate steps to guarantee the rights and freedoms and legitimate interests of the data subject, including at least the right to initiate the intervention of an individual on behalf of the data controller, to present a personal opinion and to challenge the decision. If the data subject wishes to assert rights relating to automated decisions, he/she may contact our data protection officer at any time.
i) Right to revoke consent according to data protection regulations
All data subjects concerned by the processing of personal data are granted the right to revoke consent to the processing of personal data at any time.
If the data subject wishes to avail of the right to revoke consent, he/she may contact our data protection officer at any time.
20 Legal basis for processing
Article 6 a) of the GDPR provides our company with the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is required in order to fulfill a contract to which the data subject is a party, as is the case with processing operations required for the delivery of goods or the provision of another service or return service, processing is carried out on the basis of Article 6 b) of the GDPR. The same applies for processing operations required for the implementation of pre-contractual measures, for example in the case of requests for our products or services. If our firm is bound by a legal obligation whereby the processing of personal data is required, for example for the fulfillment of tax obligations, processing is based on Article 6 c) of the GDPR. In a few rare cases, the processing of personal data may become necessary in order to protect the essential interests of the data subject or another individual. In this case processing would be based on Article 6 d) of the GDPR. Processing operations could ultimately be based on Article 6 f) of the GDPR. This legal basis applies to processing operations which are not covered by any of the legal provisions outlined above if processing is required to protect the legitimate interests of our firm or a third party insofar as the interests do not outweigh the basic rights and basic freedoms of the individual concerned. We are authorized to carry out processing operations of this kind because they have been specifically referred to in European legislation. This legislation states that a legitimate interest can be assumed to exist when the data subject is a customer of the data controller (recital 47 section 2 of the GDPR).
21 Legitimate interest in processing which is tracked by the data controller or a third party
If the processing of personal data is based on Article 6 f) of the GDPR, our legitimate interest is the accomplishment of our business activity for the benefit of the well-being of all our employees and shareholders.
22 Length of time during which personal data is stored
The length of time during which personal data is stored corresponds to the applicable statutory retention period. Upon expiry of the deadline, the corresponding data will be routinely deleted provided that it is no longer required for the fulfillment or initiation of the contract.
23 Statutory or contractual provisions governing the provision of personal data; requirement for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences of failure to provide information
We should point out that the provision of personal data is required by law to a certain extent (e.g. tax regulations) or may stem from contractual regulations (e.g. information on contract partners). In some cases, it may be necessary when a contract is concluded for a data subject to provide us with personal data which we subsequently have to process. The data subject may, for example, be obliged to provide us with personal data when they have concluded a contract with our firm. Failure to provide personal information would result in the contract not being concluded with the individual concerned. The individual concerned must contact one of our employees before providing personal data. Our employee will explain to the individual concerned, based on the case in point, whether the provision of personal data is legally or contractually required or is necessary for the conclusion of the contract, whether there is an obligation to provide personal data and the potential consequences of failure to provide personal data.
24 Existence of automated decision-making
As a responsible company, we refrain from automatic decision-making and profiling.
25 Adaptation of the data protection declaration
We may adapt our data protection declaration at any time by publishing it on this website.
NEOPAC Hungary Ltd., September 2020