Data Privacy Policies
Plastic Bank is committed to fully comply with the EU’s General Data Protection Regulation (GDPR).
What is Plastic Bank’s policy concerning EU GDPR compliance?
Plastic Bank is committed to fully complying with the EU’s General Data Protection Regulation (GDPR) in all aspects of business. Plastic Bank operates with Data Protection by Design and by Default as a key philosophy, while also maintaining a robust GDPR compliance system and internal data security auditing process.
Plastic Bank is committed to holding the six data protection principles to the highest standards. They are:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitations
- Integrity and confidentiality
Plastic Bank is fully GDPR compliant and takes an extreme compliance approach to meet the strictest standards required by our partners and users based in the EU
- Plastic Bank only uses physical opt-in consent-based data capture for legitimate business reasons.
- We maintain a robust GDPR compliance system and an internal auditing process. The proper GDPR policies and documentation are in place along with the proper GDPR security and data protection measures. This includes state of the art blockchain encryptions, Hyperledger Fabric smart contracts, IBM server and multi-cloud storage, and a custom-designed resilience system with multiple servers on multiple continents.
- Age of consent is appropriately verified through special tools built into our website and application that automatically adjust the required age based on each user’s country. Our school programs utilize in-app family accounts with the consent of a parental guardian.
- We utilize Data Protection Impact Assessments and Legitimate Interest Assessments to document the risk mitigation steps and reasonings to compliantly collect, store, and utilize the data.
- We maintain an updated GDPR compliant cookie protocol only used to optimize the user experience of new and returning visitors to our website.
- We have a storage limitation and retention period policy to anonymize data after 5 years since the last date of user activity or upon request from a discontinued user.
- Our website and app have features to allow a user to withdraw consent at any time.
Our GDPR Continuous Improvement Routines
- Our Director of Technology, Rob Stocks, has been appointed as Data Protection Officer, to proactively oversee Plastic Bank’s GDPR compliance company-wide.
- A GDPR committee consisting of Rob Stocks (DPO), as well as regional and departmental Compliance Officers, conduct an annual GDPR audit with regular GDPR compliance update meetings.
In effort to continuously maintain and improve our GDPR compliance, Plastic Bank maintains the following documents and policies:
- An Updated Data Privacy Agreement accessible through all data collection points
- Official GDPR Policy
- GDPR Compliance Audit Logs
- Historical Data Privacy Archives
- Updated Cookies Policy
- Data Flow Chart
- Data Asset Registry
- GDPR Meeting Tracker
- Data Security Strategy
- Data Protection by Design Outline
- Age of Consent List and System Tracker
- PIPEDA Breach Reporting Criteria
- (DPO) Data Protection Officer Responsibilities
- Legitimate Interest Assessment Forms
- Data Protection Impact Assessment Forms
- Data Subject Access Request Log
- Data Subject Erase Request Log
- Data Processor Compliance Agreement
Last Updated: September 16, 2021
This policy explains how our organization uses and protects the personal data we collect from you when you use our website.
Who is collecting my data?
Plastic Bank does, as part of the Plastic Bank Recycling Corporation, which includes our separately incorporated international Plastic Bank operations in Brazil, Haiti, the Philippines, Indonesia, Brazil, and Egypt.
What data do we collect?
Data collected varies depending on your interaction with the site.
- Address (purchases)
- Phone Number, Company Name (purchases, contact forms)
- Job Title, industry vertical (contact forms)
- Household and lifestyle data (footprint calculator)
For registered members in our mobile application, we require additional information to comply with our code of conduct, audit trail requirements, “know your client” requirements, and various life improvement program qualifications.
- Name, Birthday, Gender, Phone, Email, Country (registration)
- National ID, City, Personal Picture (profile management)
- Address, Business Name, Business Description, Working Hours (create a business or processor)
- Family Member: Name, Birth Date, Relation , Education, School, Phone (community and school programs)
- GPS Location (find nearest partner, create a business or processor, token cash-out) qualifications
How do we collect your data?
- You directly provide us with most of the data we collect. We collect data and process data when you:
- Register online or place an order for any of our products or services.
- Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
- Use or view our website via your browser’s cookies.
- Use our Plastic Bank app
How will we use your data?
- Within our website platform:
- To process your orders and manage your account.
- To email subscribed users with update newsletters
- To localize the information you see
- To make our programs and impact suggestions relevant to you
- To improve your user experience on our website
- Within our Certified Recycling Ecosystems:
- To customize your user experience
- For audit trails
- For benefit programs
- For livelihood enhancement
- For credit scores
- For user impact scores
- For impact claim verification
- To prevent child labour through proof of identity and age of consent
- For verified ethical sourcing and code of conduct compliance
When we process your order, we may send your data – in conjunction with the resulting information form and location information – to third-party payment processing platform to exchange funds and prevent fraudulent purchases.
How do we store & protect your data?
- Shopper profiles and registered Plastic Bank Ambassador data is stored in an encrypted database on our website protected by industry standard firewalls and anti-virus software.
- Newsletter subscriber data is stored and processed by Mailchimp
- Business contacts are stored and processed by Salesforce.
- App user data is stored with our blockchain database in a private cloud.
Plastic Bank and our third party data partners protect your data by following industry standard best practices for maintaining up to date security software on our servers, conducting regular risk assessments, encrypting and securely backing up data. Our staff are trained on the importance of protecting all personal data and we ensure that our vendors and partners have similar practices in place.
Plastic Bank will keep your data for a a maximum of 5 years from the last date of user activity or upon a verified request for deletion (see below). We may choose to delete some types of data that are no longer required for our operations or to comply with regulations. Any such deletions will be logged.
What are your data protection rights?
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access & portability – You have the right to request us for copies of your personal data. We may charge you a small fee for this service.
- The right to rectification – You have the right to request that Our Company correct any information you believe is either inaccurate or incomplete.
- The right to restrict data processing and reject automated individual decisions with regards to your data.
- You have the right to be notified in the event of a breach that might have exposed your data. Plastic Bank abides by the regulations in all of our operating regions with regards to notification and remediation.
How do I see what data you have about me?
If you are a registered web user, you can login to the site and request your data under Privacy in your Settings.
If you are not a registered user but have subscribed to our newsletter or submitted a contact form, you can send your request for your data file to [email protected]
How can I request my data to be deleted?
If you are a registered web user, you can login to the site and request to have your data deleted in the Privacy section of your Settings.