GDPR Policy

Plastic Bank Foundation (Canada) is committed to fully complying with the EU’s General Data Protection Regulation (GDPR).

What is Plastic Bank Foundation (Canada)'s policy concerning EU GDPR compliance?

Plastic Bank Foundation (Canada) is committed to full compliance with the EU’s General Data Protection Regulation (GDPR) in all aspects of business. Plastic Bank Foundation (Canada) operates with Data Protection by Design and by Default as a philosophy while maintaining a robust GDPR compliance system and internal data security auditing process.

Plastic Bank Foundation (Canada) is committed to holding the six data protection principles to the highest standards. They are:
  1. Lawfulness, fairness, and transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitations
  6. Integrity and confidentiality
Plastic Bank Foundation (Canada) is fully GDPR compliant and takes an extreme compliance approach to meet the strictest standards required by our partners and users based in the EU
  1. Plastic Bank Foundation (Canada) only uses physical opt-in, consent-based data capture for legitimate business reasons.
  2. Our privacy policy is accessible at all data inputs and transparently includes all of the GDPR requirements and reasonings for collecting, storing and using the data.
  3. We maintain a robust GDPR compliance system and an internal auditing process. The proper GDPR policies and documentation are in place along with the proper GDPR security and data protection measures. This includes state-of-the-art blockchain encryption, Hyperledger Fabric smart contracts, IBM server and multi-cloud storage, and a custom-designed resilience system with multiple servers on multiple continents.
  4. Age of consent is appropriately verified through special tools built into our website and application that automatically adjust the required age based on each user's country. Our school programs utilize in-app, family accounts, with the consent of a parental guardian.
  5. We utilize Data Protection Impact Assessments and Legitimate Interest Assessments to document the risk mitigation steps and reasonings to compliantly collect, store, and utilize data.
  6. We maintain an updated GDPR compliant cookie protocol only used to optimize the user experience of new and returning visitors to our website.
  7. We have a storage limitation and retention period policy to anonymize data after 5 years since the last date of user activity or upon request from a discontinued user.
Our GDPR Continuous Improvement Routines

Shaun Frankson, has been appointed as our Data Protection Officer, to proactively oversee Plastic Bank Foundation (Canada)’s GDPR compliance. We utilize a GDPR committee consisting of Shaun Frankson, as well as other invited internal and external guests, to conduct an annual GDPR audit with quarterly GDPR compliance update meetings.

Plastic Bank Foundation (Canada)’s last annual GDPR audit was completed on April 14, 2020, by Shaun Frankson.

In an effort to continuously maintain and improve our GDPR compliance, Plastic Bank Foundation (Canada) maintains the following documents and policies:
  • An Updated Data Privacy Agreement accessible through all data collection points
  • Official GDPR Policy
  • GDPR Compliance Audit Logs
  • Historical Data Privacy Archives
  • Updated Cookies Policy
  • Data Flow Chart
  • Data Asset Registry
  • GDPR Meeting Tracker
  • Data Security Strategy
  • Data Protection by Design Outline
  • Age of Consent List and System Tracker
  • PIPEDA Breach Reporting Criteria
  • (DPO) Data Protection Officer Responsibilities
  • Legitimate Interest Assessment Forms
  • Data Protection Impact Assessment Forms
  • Employee Data Privacy Policy
  • Data Subject Access Request Log
  • Data Processor Compliance Agreement

Data Security

This policy explains how our organization uses and protects the personal data we collect from you when you use our website.

Who is collecting my data?

Plastic Bank Foundation (Canada) is a registered charity in Canada.

What data do we collect?

We only collect data submitted through our contact form and data transmitted through donations made with Charitable Impact, CHIMP Foundation, and PayPal.

How do we collect your data?

You directly provide us with most of the data we collect. We collect and process data when you:

  • Make a donation with Charitable Impact, CHIMP Foundation, or PayPal
  • Submit an inquiry through our contact form
  • Use or view our website via your browser's cookies
How will we use your data?

We use your data for two main purposes: Within our website platform, to email subscribed users with updates, localize the information you see, and to improve your user experience. When processing your donation, we may also use the resulting information form and send your data to credit reference agencies to prevent fraudulent donations.

How do we store your data?

We would like to send you information about products and services of ours that we think you might like. If you have agreed to receive marketing communications, you may always opt-out at a later date. You have the right to - at any time - stop us from contacting you for marketing purposes or giving your data to other members of our company group.

What are your data protection rights?

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access - You have the right to request us for copies of your personal data. We may charge you a small fee for this service.
  • The right to rectification - You have the right to request that we correct any information you believe is either inaccurate or incorrect.

Cookie Policy

To improve your user experience on this site, occasionally we will place small data files called cookies on your device.

What are cookies?

Cookies are small data files that we occasionally save to your device when you visit our website. It allows us to remember your actions and preferences (such as login, language, font size and other display preferences, etc.) over a period of time so you don't have to re-enter them whenever you visit or traverse our site.

The cookie-related information is not used to identify you and the pattern data is under our complete control. These cookies are not used for any purpose other than those described herein.

How do we use cookies?

A number of our pages use cookies to remember:

  • Whether or not you have replied to a survey pop-up that asks you about the helpfulness of a page's content
  • Whether or not you have agreed to our use of cookies within this site.

Cookies are also stored within Google Analytics so we can monitor how our message is spreading. Enabling these cookies is not strictly necessary for the site to function, however, it will provide you with an improved browsing experience. You are able to delete or block these cookies at any time, but some features may not work as intended.

How can I control my cookies?

You can control and/or delete any cookies at any time. For more details, please refer to aboutcookies.org. You can delete any cookies already on your device, as well as prevent sites from placing them within your browser settings. If you choose to do this, you may have to manually adjust some preferences every time you visit a site and some services or functions may not work as intended.

Still have questions?