Data Privacy Policy

Plastic Bank is committed to fully comply with the EU’s General Data Protection Regulation (GDPR)

What is Plastic Bank’s policy concerning EU GDPR compliance?

Plastic Bank is committed to fully complying with the EU’s General Data Protection Regulation (GDPR) in all aspects of business. Plastic Bank operates with Data Protection by Design and by Default as a key philosophy, while also maintaining a robust GDPR compliance system and internal data security auditing process.

Plastic Bank is committed to holding the six data protection principles to the highest standards. They are:

Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitations
Integrity and confidentiality

Plastic Bank is fully GDPR compliant and takes an extreme compliance approach to meet the strictest standards required by our partners and users based in the EU

Plastic Bank only uses physical opt-in consent-based data capture for legitimate business reasons.
The privacy policy is accessible at all data inputs and transparently includes all of the GDPR requirements and reasonings for collecting, storing, and using the data.
We maintain a robust GDPR compliance system and an internal auditing process. The proper GDPR policies and documentation are in place along with the proper GDPR security and data protection measures. This includes state of the art blockchain encryptions, Hyperledger Fabric smart contracts, IBM server and multi-cloud storage, and a custom-designed resilience system with multiple servers on multiple continents.
Age of consent is appropriately verified through special tools built into our website and application that automatically adjust the required age based on each user’s country. Our school programs utilize in-app family accounts with the consent of a parental guardian.
We utilize Data Protection Impact Assessments and Legitimate Interest Assessments to document the risk mitigation steps and reasonings to compliantly collect, store, and utilize the data.
We maintain an updated GDPR compliant cookie protocol only used to optimize the user experience of new and returning visitors to our website.
We have a storage limitation and retention period policy to anonymize data after 5 years since the last date of user activity or upon request from a discontinued user.
Our website and app have features to allow a user to withdraw consent at any time.

Our GDPR Continuous Improvement Routines

Our Director of Technology, Rob Stocks, has been appointed as Data Protection Officer, to proactively oversee Plastic Bank’s GDPR compliance company-wide.
A GDPR committee consisting of Rob Stocks (DPO), as well as regional and departmental Compliance Officers, conduct an annual GDPR audit with regular GDPR compliance update meetings.

In effort to continuously maintain and improve our GDPR compliance, Plastic Bank maintains the following documents and policies:

An Updated Data Privacy Agreement accessible through all data collection points
Official GDPR Policy
GDPR Compliance Audit Logs
Historical Data Privacy Archives
Updated Cookies Policy
Data Flow Chart
Data Asset Registry
GDPR Meeting Tracker
Data Security Strategy
Data Protection by Design Outline
Age of Consent List and System Tracker
PIPEDA Breach Reporting Criteria
(DPO) Data Protection Officer Responsibilities
Legitimate Interest Assessment Forms
Data Protection Impact Assessment Forms
Employee Data Privacy Policy
Data Subject Access Request Log
Data Subject Erase Request Log
Data Processor Compliance Agreement

Data Security & Privacy Policy v2.2

Last Updated: January 8, 2024
This policy explains how our organization uses and protects the personal data we collect from you when you use our website.

Who is collecting my data?

Plastic Bank does, as part of the Plastic Bank Recycling Corporation, which includes our separately incorporated international Plastic Bank operations in Brazil, the Philippines, Indonesia, Brazil, and Egypt.

What data do we collect?

Web Site:
Data collected varies depending on your interaction with the site.

Name
Email
Country
Address (purchases)
Phone Number, Company Name (purchases, contact forms)
Job Title, industry vertical (contact forms)
Household and lifestyle data (footprint calculator)

App:

For registered members in our mobile application, we require additional information to comply with our code of conduct, audit trail requirements, “know your client” requirements, and various life improvement program qualifications.

Name, Birthday, Gender, Phone, Email, Country (registration)
National ID, City, Personal Picture (profile management)
Address, Business Name, Business Description, Working Hours (create a business or processor)
Family Member: Name, Birth Date, Relation , Education, School, Phone (community and school programs)
GPS Location (find nearest partner, create a business or processor, token cash-out) qualifications

How do we collect your data?

You directly provide us with most of the data we collect. We collect data and process data when you:

Register online or place an order for any of our products or services.
Voluntarily complete a contact form or customer survey, or provide feedback on any of our forms or via email.
Use or view our website via your browser’s cookies.
Use our Plastic Bank app

How will we use your data?

Within our website platform:

To process your orders and manage your account.
To email subscribed users with update newsletters
To localize the information you see
To make our programs and impact suggestions relevant to you
To improve your user experience on our website
To follow up with prospects who request more information or fill out one of our contact forms

Within our App used in Certified Recycling Ecosystems

To customize your user experience
For audit trails
For benefit programs
For livelihood enhancement
For credit scores
For user impact scores
For impact claim verification
To prevent child labour through proof of identity and age of consent
For verified ethical sourcing and code of conduct compliance

Data sharing with third party service providers

We may employ services from companies and individuals to help us operate our websites as described in the previous section, and to deliver benefits to members of our recycling ecosystems.

All third parties are required to provide us with an appropriate Data Processing Agreement and take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.

Where your data is shared with third parties, we always seek to share the minimum amount necessary.

Analytics and other third-party tools

We employ third-party tools to monitor and analyze the use of our websites, and to automate certain processes related to the development and operation of our websites.

User Analytics.

We use Google Analytics to track website traffic. Google Analytics is a web analytics service offered by Google. Google uses the data collected to track and monitor the use of our websites. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en. We also encourage you to review Google’s policy for safeguarding your data: https://support.google.com/analytics/answer/6004245.
We use HotJar to give us better insights on how visitors use our pages, navigation, and consume information.

Mailchimp. We use Mailchimp to manage our newsletters. For more information on the privacy practices of Mailchimp, please visit https://mailchimp.com/legal/privacy/, and more specifically the “Privacy for Contacts” section https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts

Advertising. We use tracking pixels and cookies to share usage information with various advertising and social media platforms including but not limited to Meta, TikTok, and LinkedIn to target website users and track the effectiveness of our marketing efforts.

Customer Relationship Management: We use Salesforce to manage sales enquiries.

Fulfillment

Transaction processing. When we process your order, we may send your data – in conjunction with the resulting information form and location information – to third-party payment processing platforms to exchange funds and prevent fraudulent purchases.

Merchandise delivery. We may share your data with fulfillment partners for delivery of purchases.

Social benefits delivery. We may share your data with third parties including but not limited to the Plastic Bank Foundation to provide social and community benefits to our collection ecosystems.

How do we store & protect your data?

Shopper profiles and registered Plastic Bank Ambassador data is stored in an encrypted database on our website protected by industry standard firewalls and anti-virus software.
Newsletter subscriber data is stored and processed by Mailchimp
Business contacts are stored and processed by Salesforce.
App user data is stored with our blockchain database in a private cloud.

Plastic Bank and our third party data partners protect your data by following industry standard best practices for maintaining up to date security software on our servers, conducting regular risk assessments, encrypting and securely backing up data. Our staff are trained on the importance of protecting all personal data and we ensure that our vendors and partners have similar practices in place.

Plastic Bank will keep your data for a maximum of 5 years from the last date of user activity or upon a verified request for deletion (see below). We may choose to delete some types of data that are no longer required for our operations or to comply with regulations. Any such deletions will be logged.

What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access & portability – You have the right to request us for copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that Our Company correct any information you believe is either inaccurate or incomplete.
The right to restrict data processing and reject automated individual decisions with regards to your data.
The right to be notified in the event of a breach that might have exposed your data. Plastic Bank abides by the regulations in all of our operating regions with regards to notification and remediation.

How do I see what data you have about me?

If you are a registered web user, you can login to the site and request your data under Privacy in your Settings.

If you are not a registered web user but have subscribed to our newsletter, submitted a contact form, or registered with our app, you can send your request for your data file to [email protected]

How can I request my data to be corrected?

If you would like us to correct errors in the data we have collected and are not able to do so yourself through the website, app, or other services, please contact us through [email protected]

How can I request my data to be deleted?

If you are a registered web user, you can login to the site and request to have your data deleted in the Privacy section of your Settings.

If you are not a registered user but have subscribed to our newsletter, submitted a contact form, or registered with our app, you can send your request for deletion to [email protected]

To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.

What are cookies?

This Cookie Policy explains what cookies are and how we use them, the types of cookies we use i.e, the information we collect using cookies and how that information is used, and how to manage the cookie settings.

Cookies are small text files that are used to store small pieces of information. They are stored on your device when the website is loaded on your browser.These cookies help us make the website function properly, make it more secure, provide better user experience, and understand how the website performs and to analyze what works and where it needs improvement.

The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.

How do we use cookies?

As most of the online services, our website uses first-party and third-party cookies for several purposes. First-party cookies are mostly necessary for the website to function the right way, and they do not collect any of your personally identifiable data.

The third-party cookies used on our website are mainly for understanding how the website performs, how you interact with our website, keeping our services secure, providing advertisements that are relevant to you, and all in all providing you with a better and improved user experience and help speed up your future interactions with our website.

A number of our pages use cookies to remember:

Whether or not you have replied to a pop-up survey that asks you if the content was helpful or not
Whether or not you have agreed to our use of cookies on this site

Some videos embedded in our pages use cookies to anonymously gather statistics on how you got there and what video you viewed. Cookies are also stored for Google Analytics, so we can monitor how our message is spreading. Enabling these cookies is not strictly necessary for our website to work, but it will provide you with a better browsing experience. You are free to delete or block our cookies at any time, however, some features of our site may not work as intended.

What types of cookies do we use?

The cookies used on our website are grouped into the following categories.

Cookie	Duration	Description
PHPSESSID	session	This cookie is native to PHP applications. The cookie stores and identifies a user's unique session ID to manage user sessions on the website. The cookie is a session cookie and will be deleted when all the browser windows are closed.
wt_consent	1 year	Used for remembering users’ consent preferences to be respected on subsequent site visits. It does not collect or store personal information about visitors to the site.
rc::a	never	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c	session	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
__cf_bm	1 hour	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
_cfuvid	session	Calendly sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
OptanonConsent	1 year	OneTrust sets this cookie to store details about the site's cookie category and check whether visitors have given or withdrawn consent from the use of each category.
m	1 year 1 month 4 days	Stripe sets this cookie for fraud prevention purposes. It identifies the device used to access the website, allowing the website to be formatted accordingly.
wordpress_test_cookie	session	WordPress sets this cookie to determine whether cookies are enabled on the users' browsers.
JSESSIONID	session	New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.
__stripe_mid	1 year	Stripe sets this cookie to process payments.
__stripe_sid	1 hour	Stripe sets this cookie to process payments.

Cookie	Duration	Description
mailchimp_landing_site	1 month	MailChimp sets the cookie to record which page the user first visited.
_vis_opt_s	3 months 8 days	Visual Website Optimizer sets this cookie to detect if there are new to or returning to a particular test.
_vis_opt_test_cookie	session	Visual Website Optimizer creates this cookie to determine whether or not cookies are enabled on the user's browser.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	6 months	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.

Cookie	Duration	Description
_vwo_uuid_v2	1 year	This cookie is set by Visual Website Optimiser and calculates unique traffic on a website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_udata	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSession_*	1 hour	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
ifso_visit_counts	1 year	If So sets this cookie to store number of visits.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_fbp	3 months	Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
CLID	1 year	Microsoft Clarity set this cookie to store information about how visitors interact with the website. The cookie helps to provide an analysis report. The data collection includes the number of visitors, where they visit the website, and the pages visited.
MR	7 days	This cookie, set by Bing, is used to collect user information for analytics purposes.
SM	session	Microsoft Clarity cookie set this cookie for synchronizing the MUID across Microsoft domains.
_clck	1 year	Microsoft Clarity sets this cookie to retain the browser's Clarity User ID and settings exclusive to that website. This guarantees that actions taken during subsequent visits to the same website will be linked to the same user ID.
_clsk	1 day	Microsoft Clarity sets this cookie to store and consolidate a user's pageviews into a single session recording.
_vis_opt_exp_4_combi	3 months 8 days	Visual Website Optimizer (VWO) sets this cookie to keep track of which test variant a user is placed in.

Cookie	Duration	Description
_vwo_uuid	1 year 1 month 4 days	Visual Website Optimizer sets this cookie to generate a unique id for every visitor and for its report segmentation feature. The cookie also allows to view data in a more refined manner.
_vwo_ds	3 months	This cookie stores persistent user-level data for VWO Insights.
_vwo_sn	1 hour	This cookie stores session-level information.
_uetsid	1 day	Bing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid	1 year 24 days	Bing Ads sets this cookie to engage with a user that has previously visited the website.
SRM_B	1 year 24 days	Used by Microsoft Advertising as a unique ID for visitors.
_calendly_session	21 days	Calendly, a Meeting Schedulers, sets this cookie to allow the meeting scheduler to function within the website and to add events into the visitor’s calendar.

Cookie	Duration	Description
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
_ttp	1 year 24 days	TikTok set this cookie to track and improve the performance of advertising campaigns, as well as to personalise the user experience.
sa-user-id	1 year	StackAdapt sets this cookie as a third party advertising cookie to record information about a user's website activity, such as the pages visited and the locations viewed, to enable us to provide users with interest-based content and personalised advertisements on external websites.
sa-user-id-v2	1 year	StackAdapt sets this cookie as a third party advertising cookie to record information about a user's website activity, such as the pages visited and the locations viewed, to enable us to provide users with interest-based content and personalised advertisements on external websites.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
IDE	1 year 24 days	Google DoubleClick IDE cookies store information about how the user uses the website to present them with relevant ads according to the user profile.
_tt_enable_cookie	1 year 24 days	Tiktok set this cookie to collect data about behaviour and activities on the website and to measure the effectiveness of the advertising.
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and verify ads' clicks on the Bing search engine. The cookie helps in reporting and personalization as well.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
sa-user-id-v3	1 year	Description is currently not available.
cookies.js	session	No description available.
ifso_last_viewed	session	No description available.
ifso_viewing_triggers	session	Description is currently not available.
cf_clearance	1 year	Description is currently not available.
_uiq_id.1011230506.1edb	1 year 1 month	Description is currently not available.
hubRedirect	1 hour	Description is currently not available.
MSPTC	1 year 24 days	Description is currently not available.
_vis_opt_exp_4_combi_choose	3 months 8 days	Description is currently not available.

Manage cookie preferences

You can change your cookie preferences any time by clicking the Cookie Settings button at the lower left of the screen. This will let you revisit the cookie consent banner and change your preferences or withdraw your consent right away. In addition to this, different browsers provide different methods to block and delete cookies used by websites. You can change the settings of your browser to block/delete the cookies. Listed below are the links to the support documents on how to manage and delete cookies from the major web browsers.

Chrome: https://support.google.com/accounts/answer/32050

Safari: https://support.apple.com/en-in/guide/safari/sfri11471/mac

Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US

Microsoft Edge: Delete cookies in Microsoft Edge – Microsoft Support

If you are using any other web browser, please visit your browser’s official support documents.