Privacy Policy
INTRODUCTION
Euro-Pack Logistics Ltd. (hereinafter referred to as: the Company or Data Controller) is committed to protecting the personal data of visitors to the website (hereinafter referred to as: Visitor or Data Subject), and considers it of utmost importance to respect the Visitors’ right to informational self-determination. The Company treats personal data confidentially and takes all administrative, IT, physical security, technical and organizational measures to guarantee the security of the data, and is committed to protecting your personal data.
The Company, as data controller, processes the personal data provided by the Visitor through the website in accordance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information (Info Act), and other applicable legal provisions.
Through this Website Privacy Notice (hereinafter: Notice), the Company informs Visitors about the personal data it processes, the practices it follows in the processing of personal data, the measures taken to protect personal data, and the exercise of Data Subjects’ rights.
DATA CONTROLLER
Name: Euro-Pack Logistics Ltd.
Registered seat: 2225 Üllő, Zöldmező utca 1.
Tax number: 11790396-2-13
E-mail: office@euro-pack.hu
Phone number: +36 70 605 6215
Postal address: 2225 Üllő, Zöldmező utca 1.
Data Protection Officer:
E-mail: office@euro-pack.hu
Other contact details: […]
DEFINITIONS
The following terms are defined in Article 4 of the GDPR.
Personal data: any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Special categories of personal data: within the category of personal data, the GDPR also defines a subcategory, namely special categories of personal data, which require a higher level of protection compared to general personal data. The GDPR sets stricter conditions for processing such data. These include, but are not limited to: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic and biometric data for uniquely identifying a natural person, health data, and data concerning a natural person’s sex life or sexual orientation.
Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Erasure: rendering data unrecognisable in such a way that restoration is no longer possible.
Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry shall not be regarded as recipients.
Data subject: any identified or identifiable natural person (see definition of "Personal data" above).
Consent of the data subject: any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Children’s consent: where the child is below the age of 16 years, processing of personal data shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
Supervisory authority: an independent public authority established by a Member State pursuant to Article 51 of the GDPR.
Supervisory authority in Hungary: National Authority for Data Protection and Freedom of Information (NAIH) (address: 1055 Budapest, Falk Miksa utca 9-11., website: www.naih.hu, e-mail: ugyfelszolgalat@naih.hu, phone: +36-1-391-1400, +36-30-683-5969, +36-30-549-6838, fax: +36-1-391-1410).
EEA state: a Member State of the European Union and any other state that is a party to the Agreement on the European Economic Area, and any state whose citizens enjoy the same legal status as EEA citizens by virtue of an international agreement between the European Union and its Member States and a non-EEA state.
Third country: any state that is not an EEA state.
PURPOSE OF DATA PROCESSING
The Company primarily collects Visitors’ personal data for the purpose of direct business relations, based on contract, legitimate interest, or consent, about which the Company provides additional specific information to Data Subjects as necessary. On this website, the Company processes personal data exclusively for the purpose of maintaining contact (see Section V) and via cookies (see Section VIII) for the purposes specified therein. The Visitor may at any time object to the processing of their personal data, as well as exercise their rights and remedies (see Section X).
The Company draws attention to the fact that only persons who have reached the age of 16 may provide consent on their own. For persons under the age of 16, consent may only be given by the holder of parental responsibility.
Your data will be retained until withdrawal of consent, objection (unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims), or until the purpose has been fulfilled. Where statutory obligations apply, data will be retained until the statutory retention period has expired.
CONTACT
If you have questions and wish to contact the Company, you can do so through the Contact menu placed on this website. The Company processes personal data in this context on the basis of its legitimate interest under Article 6(1)(f) of the GDPR: the Company has a legitimate interest in maintaining contact with Visitors following their inquiry.
The purpose of processing is to respond to any questions the Visitor may have.
The Company informs Visitors that courts, prosecutors, investigative authorities, administrative authorities, the National Authority for Data Protection and Freedom of Information, the Hungarian National Bank, or other bodies authorized by law may request information, disclosure of data, transfer of data, or provision of documents from the Data Controller. The Company hereby draws attention to the fact that personal data will only be disclosed to authorities if the authority specifies the exact purpose and scope of data, and only to the extent strictly necessary to achieve that purpose.
The Data Subject in this context is any natural person who establishes contact with the Company and provides personal data for this purpose.
Categories of data processed: name, date and time of sending, e-mail address, other personal data provided by the Visitor in the message, content of the message.
Recipients of the personal data are those natural persons at the Company who are designated to communicate with Visitors on behalf of the Company.
No automated decision-making or profiling takes place during processing.
The Company deletes personal data processed in the context of contact within […] from the date of data provision.
The Company draws the Visitor’s attention to the fact that sensitive data (e.g. health data) should not be provided for contact purposes, as the Data Controller does not process such data for communication. If the Visitor voluntarily provides personal data via the Contact menu that are not necessary for communication, the Company will immediately delete such data. Until their deletion, the Company processes such data temporarily on the basis of the Data Subject’s consent under Article 6(1)(a) of the GDPR.
The Company also draws attention to the fact that the Contact menu is not intended for complaint handling. Complaints relating to the Company’s activities, products or services must be submitted via other available contact channels.
In the course of contact-related processing, the Controller uses the following processor:
Name: Euro-Pack Logistics Ltd.
Registered seat: 2225 Üllő, Zöldmező utca 1.
DATA SHARING
Visitors’ personal data may only be transferred with the Visitor’s consent, for the enforcement of the Controller’s or a third party’s legitimate interests, or based on legal authorization, to the extent defined therein. The Controller will in all cases inform the Data Subject about the data transfer.
The Visitor’s personal data will not be transferred to third countries outside the European Union or to international organizations. The Company will separately inform the Data Subject if it intends to transfer personal data to a service provider established outside the European Economic Area.
The hosting provider of the website also has access to the data processed on the website.
Hosting provider name: Perfect Nova Hungary Zrt.
Hosting provider seat: 2161 Csomád, Levente utca 14/a.
Hosting provider e-mail: info@perfectnova.hu
METHOD OF DATA STORAGE, DATA SECURITY
The Company carries out electronic data processing in a manner that meets data security requirements, ensuring that access to the data is limited to specific purposes, under controlled circumstances, and only by persons who require such access for the performance of their duties. The Company protects its IT systems with firewalls and antivirus software.
Taking into account the state of the art, the Company implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with data processing.
If, in the Company’s opinion, a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the Company shall inform the Data Subject of the personal data breach without undue delay and communicate the information referred to in Article 33(3)(b), (c) and (d) of the GDPR.
COOKIE USE
Cookie: a small data package placed on the Visitor’s digital device, particularly but not exclusively on their computer, mobile phone, or tablet, when opening a given website. The purpose of cookies is to operate or increase the efficiency of the website, and to send information to the website owner. Cookies provide the Company with information about Visitors’ website usage habits. With the help of cookies, the Company can tailor the website to the Visitors’ habits and thus make the site more user-friendly.
Types of cookies:
Persistent cookies: remain in the browser until the Visitor deletes them manually or until they expire;
Necessary cookies: essential for the operation of the website;
Session cookies: temporary cookies, automatically deleted when the browser is closed;
First-party cookies: placed by the Company on the website, and can only be read by this website.
Detailed information about the cookies (and similar technologies) used by the Company can be found in the Company’s [Cookie Notice], available here.
The necessary cookies for the operation of the website are processed by the Company on the basis of Article 6(1)(f) GDPR (legitimate interest of the Controller), while other cookies are processed on the basis of Article 6(1)(a) GDPR (voluntary consent of the data subject). Visitors themselves must decide whether to accept cookies or not. By default, cookies based on consent are not enabled in the settings interface. In most cases, use of the Company’s website does not require enabling cookies.
DATA SUBJECT RIGHTS AND REMEDIES
Right of access: the Data Subject has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in Article 15 of the GDPR.
Right to rectification: the Data Subject has the right to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data Subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure: the Data Subject has the right to obtain from the Controller the erasure of personal data concerning him or her without undue delay, and the Controller has the obligation to erase personal data without undue delay under the conditions set out in Article 17 of the GDPR.
Right to restriction of processing: the Data Subject has the right to obtain from the Controller restriction of processing under the conditions set out in Article 18 of the GDPR.
Right to data portability: the Data Subject has the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine-readable format, and has the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided, where the conditions set out in Article 20 of the GDPR apply.
Right to object: the Data Subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her based on Article 6(1)(e) or (f), including profiling based on those provisions. In such a case, the Controller may no longer process the personal data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal claims.
Automated decision-making, including profiling: the Data Subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
Right to withdraw consent: the Data Subject has the right to withdraw his or her consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
REMEDIES
If the Data Subject considers that the processing of personal data concerning him or her infringes the provisions of the GDPR, he or she has the right to lodge a complaint with the competent supervisory authority (in Hungary: National Authority for Data Protection and Freedom of Information; website: www.naih.hu, address: H-1055 Budapest, Falk Miksa utca 9-11., postal address: 1363 Budapest, Pf. 9., phone: +36 (1) 391-1400, fax: +36 (1) 391-1410, e-mail: ugyfelszolgalat@naih.hu).
The Data Subject may also apply to the competent court against the Controller in relation to the lawfulness of the processing of his or her data, under Article 22 of the Info Act.
OTHER DATA PROCESSING
For any data processing not listed in this Privacy Notice, the Company will provide separate information to the Data Subject prior to the start of the processing.
FACEBOOK (META) REMARKETING
The Controller runs so-called remarketing advertisements through the advertising systems of Meta Platform Ireland Ltd. (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) (“Meta” or “Facebook”). Meta collects and receives data from the Website and other online locations using cookies, web beacons and similar technologies. Using this data, Facebook provides measurement services and customises advertisements. Such targeted advertisements may also appear on other websites that are part of Meta’s partner network.
The Website uses the so-called “Facebook pixel/plugin” operated by Meta’s social network (pixel or plugin). With the help of the Facebook pixel, Meta can treat Website visitors as a target group for displaying advertisements (so-called Facebook ads). Accordingly, the Company uses the Facebook pixel to ensure that the Facebook ads it embeds are shown only to those Facebook users who have shown interest in the Company’s offers, thereby ensuring that Facebook ads match users’ potential interests and are not disruptive. The Facebook pixel also allows the Company to analyse the effectiveness of its ads appearing on Facebook for statistical and market research purposes, as it can see whether users arrived at the Website by clicking on a Facebook ad.
Plugins embedded on the Website are disabled by default. The plugins are operated by the social service providers (Meta Platform Ireland Limited or its subsidiaries), who also act as data controllers. If the Visitor does not enable the use of marketing cookies on the Website, the Company will not allow data transfer to Meta through the plugins. In disabled mode, the plugins do not establish a connection with Meta’s servers.
If the Visitor enables the use of marketing cookies and thus social plugins on the Website, their browser will connect directly to Meta’s servers. By enabling the function, the Visitor consents to the collection and transfer of the data defined under the “Cookie Settings” tab through the plugin. Consent may be withdrawn at any time by disabling marketing cookies or by clicking “reject all” in the cookie settings. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal. When enabled, the data collected by the plugins are sent directly from the Visitor’s browser to Meta. Through the enabled plugin, Meta is directly informed that the Visitor’s browser accessed the relevant page of the Website, even if the Visitor does not have a Facebook account or is not logged in at the time. When the plugin is active, the Visitor’s IP address and other information collected by the plugin are transmitted directly by the browser to Meta’s server, where they are recorded.
Furthermore, if the Visitor enables marketing cookies/plugins on the Website, Meta also receives information about the Visitor’s activities outside Facebook, including device information, websites visited, purchases made, ads viewed, and how the Visitor uses the Company’s services, as well as whether the Visitor has a Facebook account or is logged in. Similarly, for example, if the Visitor writes a post on the Website, the information will be stored on Meta’s server and appear in their Facebook account. Meta, as controller, is entitled to process the personal data collected and transferred through the plugins in accordance with its own policies. Meta uses cookies and similar technologies in the plugins, more detailed information of which can be found in Meta’s cookie policy: https://www.facebook.com/privacy/policies/cookies.
If the Visitor is logged into their Facebook account while browsing the Website, Meta can directly link the Website visit to the Facebook account once plugin use is enabled. Even if the Visitor is not registered and/or does not have a Facebook account, once the plugin is enabled, Meta may still receive and store the Visitor’s IP address, along with additional information related to the browser and operating system collected by the plugin.
Upon opening the Website and granting consent, Meta directly embeds the Facebook pixel, which may place a cookie (a small file) on the Visitor’s device. If the Visitor later logs into Facebook, or while already logged in visits Meta’s pages, the visit to the Website will be recorded in the Visitor’s Facebook profile. The data obtained about Visitors are anonymous to the Company, meaning it cannot identify the Visitors. However, Meta stores and processes the data, which may then be linked to the relevant user profile. The Company has no influence over exactly which data Meta collects with the plugin and how it uses them. Meta processes the data in accordance with its own privacy policy. Further information on the operation of the remarketing pixel and Facebook ads in general can be found in Meta’s privacy policy: https://www.facebook.com/about/privacy.
The Company and Meta qualify as joint controllers: Meta primarily determines the purposes of processing personal data of users visiting the Company’s Facebook page, while the Company participates in determining the purposes of processing through its page settings. The Company and Meta are also joint controllers regarding the processing of analytical data. More information on joint controllership can be found here: https://hu-hu.facebook.com/legal/terms/page_controller_addendum. Meta’s general privacy notice is available here: https://hu.facebook.com/privacy/explanation.
The Visitor can refuse the use of data based on their activities on non-Facebook websites or applications for the purpose of displaying Meta ads via Meta’s settings page. In the United States, refusal can be made via the Digital Advertising Alliance (https://optout.aboutads.info/?c=2&lang=EN), in Canada via the Digital Advertising Alliance of Canada (https://optout.aboutads.info/?c=2&lang=EN), in Europe via the European Interactive Digital Advertising Alliance (https://youronlinechoices.eu/), or through the Visitor’s mobile device settings. Ad personalisation and settings for data used for displaying ads can also be managed via Facebook’s Ad Preferences page: https://www.facebook.com/adpreferences/?entry_product=account_settings_menu.
The Controller assumes no responsibility for the sharing settings chosen by the Visitor or for the scope of data made available in connection with the use of the Facebook profile.
Further details of personal data processing by the Company, as well as the rights of the Data Subject, can be found in the Website’s Privacy Notice and the Cookie Notice.
PROCESSING OF PERSONAL DATA OF VISITORS TO THE FACEBOOK PAGE AND FOLLOWERS OF THE FACEBOOK PAGE
If the Visitor visits the Company’s Facebook page or contacts the Company via this page, the personal data provided by the Visitor are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, GDPR) and Act CXII of 2011 on the Right of Informational Self-Determination and Freedom of Information, as set out in this notice.
Scope of data processed, purpose and legal basis of processing
The purpose of the Company’s presence on the Facebook social network and the related processing is to share, publish, and market content found on the Website or on the Company’s Facebook page. In addition, the Company processes the personal data of visitors and followers of the Facebook page in order to respond to their comments, posts, and messages/contact requests.
The Controller communicates with Data Subjects via its Facebook page only if the Data Subject contacts the Controller through the Company’s Facebook page.
The data subjects are natural persons over 18 years of age who voluntarily follow, share, or like the Company’s Facebook page or its content. The Company does not process personal data of natural persons under 18 years of age.
The Company processes the following data of visitors and followers of the Facebook page: public Facebook profile name; publicly available data in the Facebook profile; other personal data possibly contained in messages, posts, or comments. If the Data Subject uses the Controller’s services with a Facebook account, depending on their own settings, certain profile data (e.g. username, e-mail address, phone number, gender, age, Facebook usage information, marital status, photos, etc.) may be made available to the Controller through Facebook.
The Company only processes public data of Data Subjects and solely for the purpose of responding. The personal data are not collected for any other purpose.