Data Privacy Policies
Plastic Bank is committed to fully comply with the EU’s General Data Protection Regulation (GDPR).
Plastic Bank is committed to fully complying with the EU’s General Data Protection Regulation (GDPR) in all aspects of business. Plastic Bank operates with Data Protection by Design and by Default as a key philosophy, while also maintaining a robust GDPR compliance system and internal data security auditing process.
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitations
- Integrity and confidentiality
- Plastic Bank only uses physical opt-in consent-based data capture for legitimate business reasons.
- We maintain a robust GDPR compliance system and an internal auditing process. The proper GDPR policies and documentation are in place along with the proper GDPR security and data protection measures. This includes state of the art blockchain encryptions, Hyperledger Fabric smart contracts, IBM server and multi-cloud storage, and a custom-designed resilience system with multiple servers on multiple continents.
- Age of consent is appropriately verified through special tools built into our website and application that automatically adjust the required age based on each user's country. Our school programs utilize in-app family accounts with the consent of a parental guardian.
- We utilize Data Protection Impact Assessments and Legitimate Interest Assessments to document the risk mitigation steps and reasonings to compliantly collect, store, and utilize the data.
- We maintain an updated GDPR compliant cookie protocol only used to optimize the user experience of new and returning visitors to our website.
- We have a storage limitation and retention period policy to anonymize data after 5 years since the last date of user activity or upon request from a discontinued user.
- Our website and app have features to allow a user to withdraw consent at any time.
- Our Director of Technology, Rob Stocks, has been appointed as Data Protection Officer, to proactively oversee Plastic Bank’s GDPR compliance company-wide.
- A GDPR committee consisting of Rob Stocks (DPO), as well as regional and departmental Compliance Officers, conduct an annual GDPR audit with regular GDPR compliance update meetings.
- An Updated Data Privacy Agreement accessible through all data collection points
- Official GDPR Policy
- GDPR Compliance Audit Logs
- Historical Data Privacy Archives
- Updated Cookies Policy
- Data Flow Chart
- Data Asset Registry
- GDPR Meeting Tracker
- Data Security Strategy
- Data Protection by Design Outline
- Age of Consent List and System Tracker
- PIPEDA Breach Reporting Criteria
- (DPO) Data Protection Officer Responsibilities
- Legitimate Interest Assessment Forms
- Data Protection Impact Assessment Forms
- Data Subject Access Request Log
- Data Subject Erase Request Log
- Data Processor Compliance Agreement
This policy explains how our organization uses and protects the personal data we collect from you when you use our website.
Version 2.1, Last Updated: October 24,2022
Plastic Bank does, as part of the Plastic Bank Recycling Corporation, which includes our separately incorporated international Plastic Bank operations in Brazil, Haiti, the Philippines, Indonesia, Brazil, and Egypt.
Data collected varies depending on your interaction with the site.
- Address (purchases)
- Phone Number, Company Name (purchases, contact forms)
- Job Title, industry vertical (contact forms)
- Household and lifestyle data (footprint calculator)
For registered members in our mobile application, we require additional information to comply with our code of conduct, audit trail requirements, “know your client” requirements, and various life improvement program qualifications.
- Name, Birthday, Gender, Phone, Email, Country (registration)
- National ID, City, Personal Picture (profile management)
- Address, Business Name, Business Description, Working Hours (create a business or processor)
- Family Member: Name, Birth Date, Relation , Education, School, Phone (community and school programs)
- GPS Location (find nearest partner, create a business or processor, token cash-out) qualifications
You directly provide us with most of the data we collect. We collect data and process data when you:
- Register online or place an order for any of our products or services.
- Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
- Use or view our website via your browser’s cookies.
- Use our Plastic Bank app
- Within our website platform:
- To process your orders and manage your account.
- To email subscribed users with update newsletters
- To localize the information you see
- To make our programs and impact suggestions relevant to you
- To improve your user experience on our website
- Within our Certified Recycling Ecosystems:
- To customize your user experience
- For audit trails
- For benefit programs
- For livelihood enhancement
- For credit scores
- For user impact scores
- For impact claim verification
- To prevent child labour through proof of identity and age of consent
- For verified ethical sourcing and code of conduct compliance
When we process your order, we may send your data - in conjunction with the resulting information form and location information - to third-party payment processing platform to exchange funds and prevent fraudulent purchases.
- Shopper profiles and registered Plastic Bank Ambassador data is stored in an encrypted database on our website protected by industry standard firewalls and anti-virus software.
- Newsletter subscriber data is stored and processed by Mailchimp
- Business contacts are stored and processed by Salesforce.
- App user data is stored with our blockchain database in a private cloud.
Plastic Bank and our third party data partners protect your data by following industry standard best practices for maintaining up to date security software on our servers, conducting regular risk assessments, encrypting and securely backing up data. Our staff are trained on the importance of protecting all personal data and we ensure that our vendors and partners have similar practices in place.
Plastic Bank will keep your data for a a maximum of 5 years from the last date of user activity or upon a verified request for deletion (see below). We may choose to delete some types of data that are no longer required for our operations or to comply with regulations. Any such deletions will be logged.
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access & portability - You have the right to request us for copies of your personal data. We may charge you a small fee for this service.
- The right to rectification - You have the right to request that Our Company correct any information you believe is either inaccurate or incomplete.
- The right to restrict data processing and reject automated individual decisions with regards to your data.
- You have the right to be notified in the event of a breach that might have exposed your data. Plastic Bank abides by the regulations in all of our operating regions with regards to notification and remediation.
If you are a registered web user, you can login to the site and request your data under Privacy in your Settings.
If you are not a registered user but have subscribed to our newsletter or submitted a contact form, you can send your request for your data file to [email protected]
If you are a registered web user, you can login to the site and request to have your data deleted in the Privacy section of your Settings.
If you are not a registered user but have subscribed to our newsletter or submitted a contact form, you can send your request for deletion to [email protected]
To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.
A cookie is a small data file that a website will occasionally save to your device when you visit the site. It allows the website to remember your actions and preference (ie. login, language, display preferences, etc.) over a period of time so that you don't have to re-enter the data every time you visit or traverse the site.
The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.
- Whether or not you have replied to a pop-up survey that asks you if the content was helpful or not
The cookies used on our website are grouped into the following categories.
You can control and/or delete cookies as you wish. For more information, please refer to aboutcookies.org. You can delete all cookies already on your device, and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site, and some functionalities may not work as intended.
You can manage your Cookie Consent for PlasticBank.com by clicking on "Cookie Settings" in the toolbar here: [wt_cli_manage_consent]