Frequently Asked Questions
Here are some of the most frequently asked questions about Plastic Bank.
Plastic Bank is committed to fully comply with the EU’s General Data Protection Regulation (GDPR).
Plastic Bank is committed to fully complying with the EU’s General Data Protection Regulation (GDPR) in all aspects of business. Plastic Bank operates with Data Protection by Design and by Default as a key philosophy, while also maintaining a robust GDPR compliance system and internal data security auditing process.
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitations
- Integrity and confidentiality
- Plastic Bank only uses physical opt-in consent-based data capture for legitimate business reasons.
- We maintain a robust GDPR compliance system and an internal auditing process. The proper GDPR policies and documentation are in place along with the proper GDPR security and data protection measures. This includes state of the art blockchain encryptions, Hyperledger Fabric smart contracts, IBM server and multi-cloud storage, and a custom-designed resilience system with multiple servers on multiple continents.
- Age of consent is appropriately verified through special tools built into our website and application that automatically adjust the required age based on each user's country. Our school programs utilize in-app family accounts with the consent of a parental guardian.
- We utilize Data Protection Impact Assessments and Legitimate Interest Assessments to document the risk mitigation steps and reasonings to compliantly collect, store, and utilize the data.
- We maintain an updated GDPR compliant cookie protocol only used to optimize the user experience of new and returning visitors to our website.
- We have a storage limitation and retention period policy to anonymize data after 5 years since the last date of user activity or upon request from a discontinued user.
- Our website and app have features to allow a user to withdraw consent at any time.
- Our Director of Technology, Rob Stocks, has been appointed as Data Protection Officer, to proactively oversee Plastic Bank’s GDPR compliance company-wide.
- A GDPR committee consisting of Rob Stocks (DPO), CTO Shaun Frankson, as well as regional and departmental Compliance Officers, conduct an annual GDPR audit with quarterly GDPR compliance update meetings.
Plastic Bank’s last annual GDPR audit was completed on April 14, 2021, by Shaun Frankson.
- An Updated Data Privacy Agreement accessible through all data collection points
- Official GDPR Policy
- GDPR Compliance Audit Logs
- Historical Data Privacy Archives
- Updated Cookies Policy
- Data Flow Chart
- Data Asset Registry
- GDPR Meeting Tracker
- Data Security Strategy
- Data Protection by Design Outline
- Age of Consent List and System Tracker
- PIPEDA Breach Reporting Criteria
- (DPO) Data Protection Officer Responsibilities
- Legitimate Interest Assessment Forms
- Data Protection Impact Assessment Forms
- Data Subject Access Request Log
- Data Subject Erase Request Log
- Data Processor Compliance Agreement
This policy explains how our organization uses and protects the personal data we collect from you when you use our website.
Version 2.0, Last Updated: September 14, 2021
Plastic Bank does, as part of the Plastic Bank Recycling Corporation, which includes our separately incorporated international Plastic Bank operations in Brazil, Haiti, the Philippines, Indonesia, Brazil, and Egypt.
We collect the following data:
- Personal identification information (name, email address, phone number, etc.)
- For registered members in our application, we require additional information to comply with our code of conduct, audit trail requirements, KYC requirements, and various life improvement program qualifications
You directly provide us with most of the data we collect. We collect data and process data when you:
- Register online or place an order for any of our products or services.
- Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
- Use or view our website via your browser’s cookies.
- Use our Plastic Bank app
- Within our website platform:
- To process your orders and manage your account.
- To email subscribed users with update newsletters
- To localize the information you see
- To make our programs and impact suggestions relevant to you
- To improve your user experience on our website
- Within our Certified Recycling Ecosystems:
- To customize your user experience
- For audit trails
- For benefit programs
- For livelihood enhancement
- For credit scores
- For user impact scores
- For impact claim verification
- To prevent child labour through proof of identity and age of consent
- For verified ethical sourcing and code of conduct compliance
When we process your order, we may send your data - in conjunction with the resulting information form - to third-party credit reference agencies to prevent fraudulent purchases.
- Shopper profiles and registered Plastic Bank Ambassador data is stored in an encrypted database on our website protected by industry standard firewalls and anti-virus software.
- Newsletter subscriber data is stored and processed by Mailchimp
- Business contacts are stored and processed by Salesforce.
- App user data is stored with our blockchain database in a private cloud.
Plastic Bank and our third party data partners protect your data by following industry standard best practices for maintaining up to date security software on our servers, conducting regular risk assessments, encrypting and securely backing up data. Our staff are trained on the importance of protecting all personal data and we ensure that our vendors and partners have similar practices in place.
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
- The right to access & portability - You have the right to request us for copies of your personal data. We may charge you a small fee for this service.
- The right to rectification - You have the right to request that Our Company correct any information you believe is either inaccurate or incomplete.
- The right to restrict data processing and reject automated individual decisions with regards to your data.
- You have the right to be notified in the event of a breach that might have exposed your data. Plastic Bank abides by the regulations in all of our operating regions with regards to notification and remediation.
If you are a registered user, you can login to the site and request your data under Privacy in your Settings.
If you are not a registered user but have subscribed to our newsletter or submitted a contact form, you can send your request for your data file to [email protected]
To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.
A cookie is a small data file that a website will occasionally save to your device when you visit the site. It allows the website to remember your actions and preference (ie. login, language, display preferences, etc.) over a period of time so that you don't have to re-enter the data every time you visit or traverse the site.
The cookie-related information is not used to identify you personally and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.
- Whether or not you have replied to a pop-up survey that asks you if the content was helpful or not
You can control and/or delete cookies as you wish. For more information, please refer to aboutcookies.org. You can delete all cookies already on your device, and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site, and some functionalities may not work as intended.