Data Privacy Policies
Plastic Bank is committed to fully comply with the EU’s General Data Protection Regulation (GDPR).
What is Plastic Bank’s policy concerning EU GDPR compliance?
Plastic Bank is committed to fully complying with the EU’s General Data Protection Regulation (GDPR) in all aspects of business. Plastic Bank operates with Data Protection by Design and by Default as a key philosophy, while also maintaining a robust GDPR compliance system and internal data security auditing process.
Plastic Bank is committed to holding the six data protection principles to the highest standards. They are:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitations
- Integrity and confidentiality
Plastic Bank is fully GDPR compliant and takes an extreme compliance approach to meet the strictest standards required by our partners and users based in the EU
- Plastic Bank only uses physical opt-in consent-based data capture for legitimate business reasons.
- We maintain a robust GDPR compliance system and an internal auditing process. The proper GDPR policies and documentation are in place along with the proper GDPR security and data protection measures. This includes state of the art blockchain encryptions, Hyperledger Fabric smart contracts, IBM server and multi-cloud storage, and a custom-designed resilience system with multiple servers on multiple continents.
- Age of consent is appropriately verified through special tools built into our website and application that automatically adjust the required age based on each user’s country. Our school programs utilize in-app family accounts with the consent of a parental guardian.
- We utilize Data Protection Impact Assessments and Legitimate Interest Assessments to document the risk mitigation steps and reasonings to compliantly collect, store, and utilize the data.
- We maintain an updated GDPR compliant cookie protocol only used to optimize the user experience of new and returning visitors to our website.
- We have a storage limitation and retention period policy to anonymize data after 5 years since the last date of user activity or upon request from a discontinued user.
- Our website and app have features to allow a user to withdraw consent at any time.
Our GDPR Continuous Improvement Routines
- Our Director of Technology, Rob Stocks, has been appointed as Data Protection Officer, to proactively oversee Plastic Bank’s GDPR compliance company-wide.
- A GDPR committee consisting of Rob Stocks (DPO), as well as regional and departmental Compliance Officers, conduct an annual GDPR audit with regular GDPR compliance update meetings.
In effort to continuously maintain and improve our GDPR compliance, Plastic Bank maintains the following documents and policies:
- An Updated Data Privacy Agreement accessible through all data collection points
- Official GDPR Policy
- GDPR Compliance Audit Logs
- Historical Data Privacy Archives
- Updated Cookies Policy
- Data Flow Chart
- Data Asset Registry
- GDPR Meeting Tracker
- Data Security Strategy
- Data Protection by Design Outline
- Age of Consent List and System Tracker
- PIPEDA Breach Reporting Criteria
- (DPO) Data Protection Officer Responsibilities
- Legitimate Interest Assessment Forms
- Data Protection Impact Assessment Forms
- Data Subject Access Request Log
- Data Subject Erase Request Log
- Data Processor Compliance Agreement
Last Updated: January 8, 2024
This policy explains how our organization uses and protects the personal data we collect from you when you use our website.
Who is collecting my data?
Plastic Bank does, as part of the Plastic Bank Recycling Corporation, which includes our separately incorporated international Plastic Bank operations in Brazil, the Philippines, Indonesia, Brazil, and Egypt.
What data do we collect?
Data collected varies depending on your interaction with the site.
- Address (purchases)
- Phone Number, Company Name (purchases, contact forms)
- Job Title, industry vertical (contact forms)
- Household and lifestyle data (footprint calculator)
For registered members in our mobile application, we require additional information to comply with our code of conduct, audit trail requirements, “know your client” requirements, and various life improvement program qualifications.
- Name, Birthday, Gender, Phone, Email, Country (registration)
- National ID, City, Personal Picture (profile management)
- Address, Business Name, Business Description, Working Hours (create a business or processor)
- Family Member: Name, Birth Date, Relation , Education, School, Phone (community and school programs)
- GPS Location (find nearest partner, create a business or processor, token cash-out) qualifications
How do we collect your data?
You directly provide us with most of the data we collect. We collect data and process data when you:
- Register online or place an order for any of our products or services.
- Voluntarily complete a contact form or customer survey, or provide feedback on any of our forms or via email.
- Use or view our website via your browser’s cookies.
- Use our Plastic Bank app
How will we use your data?
Within our website platform:
- To process your orders and manage your account.
- To email subscribed users with update newsletters
- To localize the information you see
- To make our programs and impact suggestions relevant to you
- To improve your user experience on our website
- To follow up with prospects who request more information or fill out one of our contact forms
Within our App used in Certified Recycling Ecosystems
- To customize your user experience
- For audit trails
- For benefit programs
- For livelihood enhancement
- For credit scores
- For user impact scores
- For impact claim verification
- To prevent child labour through proof of identity and age of consent
- For verified ethical sourcing and code of conduct compliance
Data sharing with third party service providers
We may employ services from companies and individuals to help us operate our websites as described in the previous section, and to deliver benefits to members of our recycling ecosystems.
All third parties are required to provide us with an appropriate Data Processing Agreement and take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
Where your data is shared with third parties, we always seek to share the minimum amount necessary.
Analytics and other third-party tools
We employ third-party tools to monitor and analyze the use of our websites, and to automate certain processes related to the development and operation of our websites.
- We use Google Analytics to track website traffic. Google Analytics is a web analytics service offered by Google. Google uses the data collected to track and monitor the use of our websites. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en. We also encourage you to review Google’s policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.
- We use HotJar to give us better insights on how visitors use our pages, navigation, and consume information.
Mailchimp. We use Mailchimp to manage our newsletters. For more information on the privacy practices of Mailchimp, please visit https://mailchimp.com/legal/privacy/, and more specifically the “Privacy for Contacts” section https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts
Advertising. We use tracking pixels and cookies to share usage information with various advertising and social media platforms including but not limited to Meta, TikTok, and LinkedIn to target website users and track the effectiveness of our marketing efforts.
Customer Relationship Management: We use Salesforce to manage sales enquiries.
Transaction processing. When we process your order, we may send your data – in conjunction with the resulting information form and location information – to third-party payment processing platforms to exchange funds and prevent fraudulent purchases.
Merchandise delivery. We may share your data with fulfillment partners for delivery of purchases.
Social benefits delivery. We may share your data with third parties including but not limited to the Plastic Bank Foundation to provide social and community benefits to our collection ecosystems.
How do we store & protect your data?
- Shopper profiles and registered Plastic Bank Ambassador data is stored in an encrypted database on our website protected by industry standard firewalls and anti-virus software.
- Newsletter subscriber data is stored and processed by Mailchimp
- Business contacts are stored and processed by Salesforce.
- App user data is stored with our blockchain database in a private cloud.
Plastic Bank and our third party data partners protect your data by following industry standard best practices for maintaining up to date security software on our servers, conducting regular risk assessments, encrypting and securely backing up data. Our staff are trained on the importance of protecting all personal data and we ensure that our vendors and partners have similar practices in place.
Plastic Bank will keep your data for a maximum of 5 years from the last date of user activity or upon a verified request for deletion (see below). We may choose to delete some types of data that are no longer required for our operations or to comply with regulations. Any such deletions will be logged.
What are your data protection rights?
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access & portability – You have the right to request us for copies of your personal data. We may charge you a small fee for this service.
- The right to rectification – You have the right to request that Our Company correct any information you believe is either inaccurate or incomplete.
- The right to restrict data processing and reject automated individual decisions with regards to your data.
- The right to be notified in the event of a breach that might have exposed your data. Plastic Bank abides by the regulations in all of our operating regions with regards to notification and remediation.
How do I see what data you have about me?
If you are a registered web user, you can login to the site and request your data under Privacy in your Settings.
If you are not a registered web user but have subscribed to our newsletter, submitted a contact form, or registered with our app, you can send your request for your data file to [email protected]
How can I request my data to be corrected?
If you would like us to correct errors in the data we have collected and are not able to do so yourself through the website, app, or other services, please contact us through [email protected]
How can I request my data to be deleted?
If you are a registered web user, you can login to the site and request to have your data deleted in the Privacy section of your Settings.