A Global Pack Hungary Ltd.

DATA MANAGEMENT GUIDE

Global Pack Hungary GDPR document

1. Introduction:

Global Pack Hungary Limited Liability Company (seated: 1103 Budapest, Noszlopy utca 2.; registration number: Cg.01-09-276889), as data manager (hereinafter Company or Data Manager), handles the data of the Company’s employee during the operation of http://www.globalpack-hr.eu/website, and for the purpose of employing them.
The Company is willing to fully comply with the legal regulations of processing of personal data especially to the regulations of the European Parliament and Council (EU) 2016/679 (hereinafter referred to as Decree or GDPR).

This Data Management Guide was prepared based on the Decree and CXII of 2011 on Information Self-Determination and Freedom of Information.

Contact details of the Data Manager:

Company name:Global Pack Hungary Ltd.
Seated:1103 Budapest, Noszlopy utca 2.
Tax-number:25467800-2-42
Website:http://www.globalpack.uk/
Address:1103 Budapest, Noszlopy utca 2.
E-mail:office@globalpack.hu
Telephone:+36 1 445 3614

2. Interpretative provisions:

  • GDPR (see above);
  • data handling: our Company, which is a set of any operations or operations performed in an automated or non-automated way on personal data or data files, such as collection, recording, systematization, distribution, storage, transformation or alteration, query, insight, use, communication, forwarding, distribution or otherwise by making available to the public, coordination or interconnection, restriction, deletion or destruction;
  • data processing: a provider used by our Company which is a natural or legal person, public authority, agency or any other body that processes personal data on behalf of the data manager;
  • personal data: any information relating to an identified or identifiable natural person (data subject); a natural person can be identified who directly or indirectly, in particular by reference to an identifier, such as name, number, positioning data, online identifier or can be identified by one or more factors relating to the physical, physiological, genetic, intellectual, economic, cultural or social identity;
  • data manager: the natural or legal person, public authority, agency or any other body that defines the purposes and means of the processing of personal data, either alone or in conjunction with others; if the purposes and means of data processing are defined by EU or member state law, the data manager or the specific aspects of the appointment of the data manager may be determined by Union or national law;
  • data processor: the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data manager;
  • the contribution of the data subject: a voluntary, concrete and clear indication of the will of the data subject based on appropriate infomration by which he or she expresses his / her consent to the processing of personal data concerning him or her by means of declaration or expressing an unambiguous act;
  • data subject: the natural person whose data is being handled;
  • data handling incident: damage to security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access of personal data transmitted, stored or otherwise processed;
  • recipient: the natural or legal person, public authority, agency or any other body with which the personal data are communicated, whether or not they are third parties. Public authorities which have access to personal data in accordance with Union or member state law in the context of a specific investigation shall not be considered as recipients.; the handling of such data by these public authorities must be in accordance with the applicable data protection rules in accordance with the purposes of the data processing;
  • third party: the natural or legal person, public authority, agency or any other body which is not the same as the data subject, the data manager, the data processor or the persons authorized to manage personal data under the direct control of the data manager or the data processor.

3. General guidelines for data management

The Data Manager declares that it is responsible for the processing of personal data in accordance with the provisions of the Data Management Guide and observes the GDPR, Infotv. as well as any other applicable legislation, with particular regard to the content of this section:

The processing of personal data must be carried out in a lawful and fair manner and in a transparent manner for the data subject.

Personal data may only be collected for specified, explicit, legitimate and pre-announced purposes.

The purpose of the processing of personal data is appropriate and relevant and can only be as necessary.

Personal data must be accurate and up to date. Inaccurate personal data should be deleted immediately.

The storage of personal data must take place in such a way as to allow the identification of the data subjects for a limited period of time. The storage of personal data for a longer period of time may only take place if the storage is for public-interest archiving, for scientific and historical research or for statistical purposes.

The processing of personal data shall be carried out in such a way as to ensure the proper security of personal data, including the protection of personal data against unauthorized or unlawful handling, accidental loss, destruction or damage, by applying appropriate technical or organizational measures. The principles of data protection should apply to all information relating to an identified or identifiable natural person.

The principles of data protection should apply to all information relating to an identified or identifiable natural person.

4. Important data management information

The purpose, legal basis, data subjects and data processing period of the individual data processing activities carried out by the Company are indicated separately for the activities. The rights of data subjects are described below in this section as they are identical for all data management activities.

Data Manager and its employee and data processors are authorized to get to know the data.

The data subject may request from the Data Manager access, rectification, erasure or restriction of the personal data relating to him or her and may object to the processing of such personal data and his / her right to data portability.

If the data management is based on the consent of the data subject, the person concerned may at any time withdraw his / her data processing consent, but this does not entail the lawfulness of the data processing performed prior to the withdrawal.

The person concerned may exercise his right to lodge a complaint with the supervisory authority.

The data subject has the right that at his / her request, data manager should delete the inaccurate personal data relating to him or her without undue delay, and the data manager shall delete the personal data relating to the data subject without undue delay if the data processing has no other legal basis.

Modifications or deletions of personal data may be initiated by e-mail, telephone or mail at the above-mentioned contact options.

It is important to emphasize that the withdrawal of the data management right from the data subject does not eliminate the payment obligation of the data subject towards the Company.

5. Employee date

The range of persons involved in data management is the range of employee in employment law at the Company.

The Data Manager manages the following data for the affected employee:

GoalTo ensure accounting rules and adequate labor law rules.
Legal basisCompliance with legal obligations.
People involvedEmploye edeemployed by the company
Data management period50 years after termination of the established employment relationship
Data managerGlobal Pack Hungary Ltd.
Data processorsVienna Consult Ltd.; Raiffeisen Bank cPlc.
Data transfersTo Vienna Consult Ltd. to provide accounting and payroll services to the Company. Towards Raiffeisen Bank cPlc. to ensure payment order.
Those entitled to know the dataThe Data manager and staff, the Data processor and staff.
Storage of dataPaper based and electronic
Profile creationnone
Automated decision makingnone
Range of data involved in handling, processing and forwarding in case of Vienna Consult KftBirth name
● Name
● Place of birth
● Date of birth
● Mother’s name
● Tax identification number
● Health insurance identification number
● Payroll data
Range of data involved in handling, processing and forwarding in case of Raiffeisen Bank Plc.Name, bank account number, amount of wage.

6. Invoicing

Data Manager has a billing obligation related to the services given by it, to which Data Manager uses the contribution of Kulcs -Soft Számítástechnikai Plc which is the operator of the billing program, the bookkeeper Vienna Consult Ltd and Raiffeisen Bank cPlc responsible for the banking operations, which organizations are in their own right data management organizations.

Storage method of billing data are electronic: www.kulcs-soft.hu In the field of invoicing, the Data Manager manages the following personal data of the data subject:

  • Name;
  • Address;
  • bank account number;
  • the amount of subscription.
GoalCompliance with legal obligations.
Legal basisCompliance with legal obligations.
People involvedThe range of users of the Company’s services and other agents with legal relationship with the Company.
Data management periodUntil the end of the 8th year after the billing
Data management period after deletionData will be deleted immediately after the data management period expires.
Data ManagerGlobal Pack Hungary Ltd.
Data managers on their ownKulcs-Soft Számítástechnikai Plc.; Raiffeisen Bank cPlc.
Data transfersKulcs-Soft Számítástechnikai Plc.; Raiffeisen Bank cPlc.
Those entitled to know the dataThe Data manager and staff, the Data processor and staff.
Storage of dataPaper based and electronic
Profile creationnone
Automated decision makingnone

7. Cookies

Cookies are placed on the user’s computer by the webpages visited and contain information such as page settings or login status.

Cookies are therefore small files created by websites you visit. Saving your browsing data improves the user experience. Cookies allow the website to remember the site’s settings and offer locally relevant content. The website of the service provider sends a small file (cookie) to the visitor’s computer in order to determine the fact and time of the visit. The service provider informs the visitor of the website about this.

GoalExtra service, identification, tracking of visitors.
Legal basisUser consent is not required if is absolutely necessary for the service provider to use cookies.
People involvedThe visitors of the website
Data managernone
Data managers on their own By using cookies, the data manager does not process personal data.
Method of data storage electronic
Storage of data none
Profile creation none
Automated decision makingnone

Google Analytics

Our website       □ uses            □ does not use Google Analytics application.

In case of using Google Analytics:

Google Analytics compiles reports for its customers based on internal cookies.

On behalf of the website operator, Google uses the information to evaluate how users use the website. As a further service, it prepares reports related to the activity of the website to the website operator so that it can perform additional services.

Data is stored in encrypted format on Google’s servers to make it more difficult to prevent data misuse.

You can disable Google Analytics as follows. Quote from the page:

Site users who do not want Google Analytics to generate a JavaScript report about their data can install the Google Analytics Disable Browser extension. The plugin prohibits Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sending information to Google Analytics. The browser extension can be used in most of the recent browsers. The Google Analytics Disable Browser Add-on does not prevent data from being sent to the site and other Internet analytics services.

https://support.google.com/analytics/answer/6004245?hl=en

Google Privacy Policy: https://policies.google.com/privacy?hl=en

Information on the use and protection of data is available in detail in the links above.

Privacy details:

https://static.googleusercontent.com/media/www.google.com/en//intl/hu/policies/privacy/google_privacy_policy_en.pdf

8. Data Processors

Hosting providers:

Company name:SBB Srpske kablovske mreže
Seated:Bulevar Peka Dapčevića 19,
11010 Beograd, Srbija
Telephone:+381 11 3010 500
E-mail:info@eunet.co.rs
Company name:Google Inc.
Seated:Mountain View, Kalifornia, Egyesült Államok

The data provided by the data subject is stored by the server hosted by the hosting provider. Data can only be accessed by Data Manager staff or server operating personnel, but they are all responsible for the safe handling of the data.

GoalTo ensure the functioning of the website.
Legal basisCof of the data subject.
People involvedPeople visiting the website.
Range of dataPersonal data provided by the data subject.
Data managerThe Company.
Those entitled to know the data The Company and employee.
Data management period and deletion of data Data management lasts until to the end of the website’s operation, or as agreed between the website operator and the hosting provider. The data subject may also, if necessary, request the deletion of his / her data through the hosting provider.
Storage of data Electronic
Data transfer none
Profile creation none
Automated decision makingnone

Payment service provider

Payment transactions executed by the data subject are executed by payment systems provided by the payment service provider referring to the Company’s payment accounts. Data can only be accessed by Data Manager staff or, according to their own data management information, payment service providers and staff, but they are all responsible for the safe management of the data.

Company name:Raiffeisen Bank cPlc.
Seated:1054 Budapest, Akadémia utca 6.
Telephone:+36/80 488 588
E-mail:informacio@raiffeisen.hu
GoalEnsuring cash flow by the Data Manager.
Legal basisCompliance with legal obligations.
People involvedEmployee
Range of data The name, account holding bank, bank account number of the data subject and the amount paid to him / her.
Data manager The Company.
Those entitled to know the data The Company and its employee, as well as the payment service provider and its employee.
Data management period and deletion of data Until the end of the Company’s operation. The payment service provider will delete the data after 10 years.
Storage of data Electronic
Data transfer none
Profile creation none
Automated decision makingnone

Invoicing:

In order to comply with the accounting rules, the Company uses billing services from the following company. When using the service, the company operating the billing program manages the personal data of the data subjects in order to fulfill the agreement with the Data Manager:

Company name:Kulcs-Soft Számítástechnikai Plc.
Seated:1022 Budapest, Törökvészi út 30/A..
Telephone:+36/13365322
E-mail:www.kulcs-soft.hu
Goal Compliance with Accounting Policies.
Legal basis Performance of a contract with the Data Manager.
People involved Employee.
Range of data The name, account holding bank, bank account number of the data subject and the amount paid to him / her.
Data manager The Company.
Those entitled to know the data The Company and its employee, as well as the payment service provider and its employee.
Data management period and deletion of data End of the 8th year after the invoice is issued.
Storage of data Paper based and electronic.
Data transfer none
Profile creation none
Automated decision makingnone

Accounting:

In order to comply with the accounting rules, the Company uses an accounting service from the following company. When using the service, the accountant manages the personal data of the data subjects to fulfill the agreement with the Data Manager:

Company name:Vienna Consult Ltd.
Seated:1119 Budapest, Petzvál József u. 56.
Telephone:+36/1-204-3140
E-mail:www.viennaconsult.hu
Goal Compliance with Accounting Policies.
Legal basis Performance of a contract with the Data Manager.
People involved Employee.
Range of data The name, account holding bank, bank account number of the data subject and the amount paid to him / her.
Data manager The Company.
Those entitled to know the data The Company and its employee, as well as the payment service provider and its employee.
Data management period and deletion of data End of the 8th year after the invoice is issued.
Storage of data Paper based and electronic.
Data transfer none
Profile creation none
Automated decision makingnone

9. Rights related to data management

Right to request information

The data subject may request information from the Data Manager through the contact details provided, on what data, on what legal basis, what data management purpose, from what source and for how long the data is being handled.  Upon the request of the data subject, the Data Manager shall promptly, but not later than within 30 days, inform the data subject through the provided e-mail address.

Right to rectification

The data subject may ask the Data Manager to modify his or her data through the contact details provided. Upon the request of the data subject, the Data Manager shall promptly, but not later than within 30 days, inform the data subject through the provided e-mail address.

Right to delete

The data subject may request the deletion of data from the Company via the contact details provided. Upon the request of the data subject, the Company shall promptly, but not later than within 30 days, inform the data subject through the provided e-mail address.

Right to block data

The data subject may request from the Company the blocking of his / her data through the contact details provided. The blocking lasts until the reason stated by the data subject requires storage of the data. The Company sends information through the e-mail contact provided by the data subejct.

Right to protest

The data subject may object to the data management through the contact details provided. The Company shall examine the objection within the shortest possible time after the submission of the request, but within a maximum of 15 days, and shall decide on its validity,and informs data subject through the provided e-mail address.

Enforceability of data management

Notify the Company in case of unlawful data management experienced by the data subject, so that the legal status can be restored in a short time. The Company will do its best to solve the problem outlined in the interest of the data subject.

If the data subject considers that the legal status cannot be restored, notify the authority through the following contact details:

Nemzeti Adatvédelmi és Információszabadság Hatóság

Mailing address: 1530 Budapest, Pf.: 5.

Adress: 1125 Budapest, Szilágyi Erzsébet fasor 22/c 
Telephone: +36 (1) 391-1400 
Fax: +36 (1) 391-1410 
E-mail: ugyfelszolgalat (at) naih.hu 
URL https://naih.hu 
Coordinates: N 47°30’56”; E 18°59’57”

10. Legislation underpinning data management

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Regulation (EC) No 95/46 ( General Data Protection Regulation).

CXII of 2011 Act on Information Self-Determination and Freedom of Information.

Act C of 2003 on Electronic Communications.

11. Mixed Provisions

Data Managers in their own right are responsible for the data transmitted in the circle specified in this Data Management Guide, who are responsible for the personal data management they carry out in the interest of the Company.

This Data Management Guide is applicable from May 25, 2018 until revocation.

The Data Manager reserves the right to unilaterally, at any time, amend this Data Management Guide at any time with prior notice to the affected parties. Data subjects are informed via a notice posted on http://www.globalpack-hr.eu/ at least eight calendar days prior to the change.