Privacy Policy
Privacy Policy
Regulation (EU) 2016/679 better known as the European General Data Protection Regulation (GDPR) entered into force on 25 May 2018. The GDPR is a new EU privacy law intended to give you, as a data subject, more control about your personal data, as well as greater security and transparency about how your data is used.
This Privacy Notice explains how we, GreenPak Co-Op Society Ltd, will use and store the information you disclose to us through our website, by email, by telephone or through any social media applications.
In this policy, “the company”, "we", "us" and "our" refers to GreenPak Co-Op Society Ltd.
Who we are
GreenPak Co-Op Society Ltd (working name: GreenPak) is a cooperative society registered in 2010 under Maltese law bearing registration number 98 and operating at 18, St. John’s Street Fgura, Malta. Our business however goes back to 2004 when Green Dot Malta Limited was established and started to operate the GreenPak scheme. This scheme is the pioneer of post-consumer waste recovery in Malta and was taken over by GreenPak Co-Op Society Ltd upon its formation in 2010. GreenPak is owned by the very companies using GreenPak’s compliance services. Businesses trading in Malta are by law required to recover and recycle the resulting packaging waste, waste electrical goods and batteries. GreenPak provides legal compliance to all such organisations.
At GreenPak we are committed to maintaining the trust and confidence of our website visitors or of any other individuals who care to give us their personal data through email, by telephone or through social media applications. In particular, we want you to know that the company values your personal data, has always done so and that the GDPR will not in any way change the ways we collect and use your personal information. On the contrary, in line with the GDPR this Privacy Policy will provide you with additional details such as:
• What data is being collected, how is it collected and where is it kept?
• Why do we need your data and what is the legal basis for processing such data?
• How do we keep your personal information secure?
• Who has access to your data and will the data be shared with third parties?
• How long will the information be stored for?
• What are your rights in relation to the information that the company holds about you? How can you raise a complaint?
What is personal data?
This Privacy Policy concerns solely data which can identify you such as a name, an identification number, location data, an online identifier or any one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. In this policy, “data” and “information” refers to “personal data”.
What information do we collect?
GreenPak processes personal data relating to its website visitors or to any other individuals who give us their personal data through email, by telephone or through social media applications. By “processing” we mean a set of activities that is carried out in relation to your data such as the collection, recording, storage, use and erasure of such data which includes:
Website cookies
Website cookies are small files of letters and numbers created by individuals or entities to store on your browser or the hard drive of your computer if you agree. Cookies therefore contain information that is transferred to your computer’s hard drive.
We use the following first-party cookies on our website that are essential for the website to operate correctly. These cookies are as follows:
- Visitor ID – this cookie is a numeric value that identifies unique visitors and provides coherence and consistency to a site visit;
- Page Number – this cookie identifies the page you are on;
- Session ID – this cookie identifies your website session;
- Test – this cookie checks whether or not your browser supports cookies.
In addition, and in order to ensure that each visitor to our website can use and navigate the site effectively, we collect the following:
- Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet;
- Your login information, browser type and version, time zone setting, browser plug-in types and versions;
- Operating system and platform;
- Information about your visit, including the Uniform Resource Locators (URL) clickstream to, through, and from our site.
Our website may set several types of third-party cookies which we do not control including: Google Analytics, AddThis, Facebook, LinkedIn and Twitter. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access parts of our website that use or link to third-party cookies.
Personal information
Personal information that you may disclose to us include (i) your particulars such as your name and surname, identity card or passport number, postal address, e-mail address, date of birth and gender, (ii) a list of your qualifications, skills, experience and areas of relevant expertise, business sector, business contacts and projects experience, (iii) any other personal data that you wish to disclose directly or indirectly in connection with your queries or communications with us including bank account details.
How do we collect your personal data?
We may collect your personal data in one or more of the following ways:
• Through your disclosure. More often than not the information is disclosed by you and collected through application forms, contact forms, email and other correspondence, social media messages and posts and telephone conversations.
• Through third parties. Personal information may be processed via third-party websites such as Google and through social media applications such as Facebook, LinkedIn and Twitter.
Where do we keep your data?
The company’s website is hosted in the European Union. Our hosting service provider and cloud service providers are based in the European Union and act solely on our instructions vis-à-vis your personal data. Your personal data is stored in a range of different places including:
• in GreenPak's HR management systems, and
• in other IT systems (including GreenPak's email system, internal server and cloud systems).
Why do we need your data and what is the legal basis for its processing?
GreenPak needs to process your personal data for one or more of the following purposes:
• to provide you with information that you have requested or which we think may be relevant to a subject in which you have demonstrated an interest;
• to initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services;
• to fulfil an agreement that we have entered into with you or with the entity that you represent;
• to manage any communication between you and us.
The legal basis for the processing of such data is one or more of the following:
• your consent: we may rely on your consent to process personal data including personal contact information as provided through website forms, email or any other means. Your consent may be required for subscription to our mailing list or when you enter the website to accept the use of first-party or third-party cookies;
• legal obligation: we may be compelled to disclose your data to state authorities to ensure compliance with laws to which we may be subject;
• contractual performance (including taking steps at your request prior to entering into a contract): we may rely on this ground to (i) provide appropriate online or email information about products and services that you have requested, (ii) to process purchase transactions for products and services with customers, and to ensure any transaction issues can be dealt with, (iii) in other instances where processing is necessary for the performance of a contract to which you are a party
• a legitimate interest: in other cases, GreenPak has a legitimate interest in processing your personal data. These cases include: (i) when we provide you with information that you have requested or which we think may be relevant to a subject in which you have previously demonstrated an interest; (ii) when we follow-up to ensure the requested information meets needs and identify further requirements, (iii) when we need to supply documentation should any contractual legal claim arise; (iv) when we need to protect our website and infrastructure from cyber attacks or other threats and to report and deal with any illegal acts, (v) when we communicate with you about any issue that you raise with us or which follows from an interaction between us.
As part of the registration of your initial queries or requests for information through our website, through email or through social media, we invite you to give us your consent to add your email to our mailing list. We use this information for a number of reasons: to give you information about anything you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information including information which we think may be relevant to a subject in which you have previously demonstrated an interest; to check our records are right and to check every now and then that you’re happy and satisfied. We don't rent or trade email lists with other organisations and businesses. We also invite you separately to give us your consent to use your information for direct marketing purposes. In all cases you may unsubscribe at any point using the unsubscribe link on any of our emails.
When cookies are used on our website, these help us to provide you with a good experience when you browse our website and also allow us to improve our site:
• Google Analytics: this is used to collect data about website usage. This data does not include personally identifiable information. You can view the Google Privacy Policy here:
• AddThis: the AddThis cookie is used when you use the ShareThis service on our website to share a link with LinkedIn, Facebook, Twitter, etc. You can read the AddThis Privacy Policy here:
• Facebook: we use a Facebook pixel to obtain information regarding the activities that users engage in while visiting our web pages. For information on Facebook’s Privacy and Cookie policy, visit
How do we keep your personal information secure?
GreenPak takes the security of your data extremely seriously. The company has internal policies and controls in place to try to prevent your data from being lost, accidentally destroyed, misused or disclosed. We employ appropriate technical and organisational measures to ensure a level of security appropriate to the risk including, where appropriate, pseudonymisation and encryption of your personal data, measures to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services and a robust process that regularly tests, assesses and evaluates the effectiveness of technical and organisational measures for ensuring the security of the processing.
Where we engage third parties to process personal data on our behalf, such third parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. Such third parties would also be bound to us by virtue of a written contract.
Our information security management system (ISMS) complies with industry standards. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.
Who has access to your data and will the data be shared with third parties?
Your personal data is not accessed except by other employees in the performance of their duties. Access to HR systems is restricted to staff in senior managerial positions including the CEO and HR personnel (including payroll) and IT staff if access to the data is necessary for performance of their roles.
In line with the GDPR, our company will only transfer your personal data to a country outside the European Union or the European Economic Area when the European Commission has decided that such country ensures an adequate level of protection.
How long will the information be stored for?
We will hold your personal data for a maximum period of ten (10) years following its collection unless we are compelled to retain such data in exceptional circumstances such as to defend or pursue legal claims.
Upon the expiry of the retention period your personal data will be deleted permanently from our HR management systems, cloud and IT systems and any documents containing such data will be shredded in-house and safely destroyed in line with established industrial standards.
What are your rights in relation to your personal data that is in our possession?
Under the GDPR, you have a number of rights that we’d like to make you aware of:
Right to access your data
You may access and obtain a copy of your data on request which data will be given to you in a structured, commonly used and machine-readable format;
Right to rectify your data
You may require us to change or amend incorrect or incomplete data;
Right to restrict processing
You may require us to delete or stop processing your data in certain specific circumstances. These are: (i) when you wish to contest the accuracy of your personal data, in which case processing will be restricted for a period enabling us to verify the accuracy of your data, (ii) when processing is unlawful and you oppose the erasure of such data but instead requests us to restrict its use instead, (iv) when we no longer need the personal data for the purposes of the processing but you require such data for the establishment, exercise or defence of legal claims, (v) when you object to processing pending the verification whether the company’s legitimate grounds override those pertaining to you (i.e. where we rely on our legitimate interests as the legal ground for processing)
When processing is restricted as aforestated, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you obtain restriction of processing pursuant to this Privacy Policy you shall be informed by us before such restriction is lifted.
Right to erasure
You shall have the right to request us to erase your personal data and we shall have the obligation to erase such data without undue delay when: (i) personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) we rely on our legitimate interests as the legal ground for processing and following your objection to such processing it is established that there are no overriding legitimate grounds for the company to process your data, (iii) personal data has been processed unlawfully, (iv) personal data has to be erased for compliance with a legal obligation under EU or Maltese law to which we are subject. Provided in all cases that we may object to your request to erase your personal data in order to comply with a legal obligation which requires processing by EU or Maltese law to which we are subject, or in order to establish, exercise or defend legal claims.
Right to withdraw consent
Where the legal basis for our processing of your personal information is your prior consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
If you would like to exercise any of your rights, you are urged to contact us at our official address or on our email address or phone 21660233 and ask to speak to the Manager.
If you believe that we have not complied with your data protection rights, you may file a complaint to the Office of the Information and Data Protection Commissioner (address: Floor 2, Airways House, Triq Il-Kbira, Sliema, Malta, phone: 2328 7100, website: )
Changes to this Privacy Policy
This Privacy Policy has been reviewed last on 01 June 2018 and will be subject to a periodic review.
Copyright All Rights Reserved 2015  |  Terms of Use  |  Privacy Policy  |  Sitemap