In addition to GDPR compliance, this policy is also designed to align with the data protection laws applicable in the United States, including but not limited to the California Consumer Privacy Act (CCPA), and the UK’s Data Protection Act 2018, which supplements the GDPR in the UK context.
2. Data Collection and Utilization
At BankMyCell, we collect personal data such as email addresses and names to communicate with our customers, respond to inquiries, and provide excellent customer service. This data collection is essential for delivering our services and enhancing user experiences.
In addition to the aforementioned purposes, we ensure that all data collection is based on legality, fairness, and transparency. We only collect data necessary for the stated purposes and ensure that it is processed in a manner that ensures its security.
For users in the United States and the United Kingdom, we ensure that data collection practices are transparent and comply with local data protection laws. This includes providing clear information about the types of data collected and the purposes for which it is used.
3. Disclosure of Data and Third-Party Engagements
BankMyCell engages in the disclosure of basic order information, including but not limited to email addresses, order IDs, and order values, solely with partners chosen by our customers for transactional purposes. This disclosure is restricted to necessary information only and is carried out with utmost care for security.
In addition, BankMyCell utilizes SendGrid to securely send out email marketing and order related communications. We make sure that any external parties involved in handling personal data adhere to GDPR regulations and are contractually obligated to maintain the confidentiality and security of the information.
We ensure that any third parties involved in processing personal data comply with GDPR standards and are bound by contractual obligations to maintain the confidentiality and security of the data.
4. Transfer of Data Across Borders
During our business operations, there may be instances where personal data is transferred outside of the European Union, primarily to the United States. BankMyCell takes comprehensive security measures, including Cloudflare’s SSL, firewall, VPN with 2FA access to protect such data.
To comply with GDPR requirements regarding international transfers, we use Standard Contractual Clauses (SCCs) or ensure that the data is transferred to a country with an adequacy decision by the European Commission.
For data transfers involving the USA and the UK, we adhere to the principles and mechanisms approved under the GDPR, CCPA, and the UK’s Data Protection Act 2018. This includes ensuring adequate levels of data protection and security in line with these regulations.
5. Rights of Data Subjects
Under GDPR regulations, individuals have the right to request access, correction, deletion or portability of their data. If you would like to make such a request, please contact BankMyCell’s Data Protection Office at [email protected]. We are committed to addressing these requests promptly and efficiently.
We also want to let users know that they have the right to file a complaint with a supervisory authority if they believe their data is not being handled in accordance with the GDPR regulations.
6. Data Security Protocols
At BankMyCell, we have implemented strict security protocols to prevent unauthorized access, changes, or destruction of user data. These protocols involve secure storage on our servers, encryption, and robust access controls. Our Data Protection Office oversees these measures, and you can contact them at [email protected] for further information.
We regularly conduct audits and assessments to ensure that these security measures continue to be effective
Our security protocols are regularly reviewed and updated to comply with the evolving data protection regulations in the EU, USA, and the UK.
7. Data Retention Policy
As part of our official business records, BankMyCell retains data related to orders. However, if you request it, we will delete any non-order related data through our Data Protection Office at [email protected].
We want to emphasize that personal data will not be kept longer than necessary for the collected or processed purposes.
The retention period for personal data complies with GDPR, CCPA, and the UK’s Data Protection Act 2018, ensuring that data is not held longer than necessary and is processed for legitimate and lawful purposes.
9. Protection of Minors
BankMyCell does not collect data from individuals under the age of 16. We prioritize safeguarding the privacy of minors and strictly adhere to relevant legal standards.
We have implemented additional verification processes to prevent unintentional data collection from minors.
Additional verification processes are in place to comply with the Children’s Online Privacy Protection Act (COPPA) in the USA and the UK’s Data Protection Act 2018 regarding the collection of data from minors.
10. Inquiries and Concerns Regarding Privacy
For inquiries or concerns pertaining to privacy and data protection, stakeholders are encouraged to contact BankMyCell’s Data Protection Officer:
- Name: Richard Morris
- Email: [email protected]
- Address: BankMyCell, 99 Wall Street #1032, New York City, New York, 10005
11. Amendments to the Policy
Any significant changes made to this GDPR policy will be communicated to users through our website and email notifications, ensuring transparency and compliance with regulations.
12. Consent and Choice Mechanisms
BankMyCell obtains consent for data collection and processing through explicit opt-in procedures. Users are afforded the facility to opt-out or unsubscribe from our communications via links provided in our emails.
We ensure that the process for withdrawing consent is as easy as the process for giving it.
13. Data Protection Officer
Data protection and privacy inquiries should be directed to BankMyCell’s Data Protection Office at [email protected].
14. Compliance and Impact Assessments
To ensure compliance with GDPR, BankMyCell regularly reviews and updates our data protection practices. We continuously evaluate the effectiveness of our data storage and processing protocols.
We conduct Data Protection Impact Assessments (DPIAs) for activities involving processing personal information that may pose a significant risk to individuals’ rights and freedoms.
15. Data Breach Response Protocol
In the event of a data breach, BankMyCell is dedicated to promptly informing affected individuals and relevant authorities in accordance with GDPR requirements. We have comprehensive procedures in place to handle and mitigate the impact of any breaches.
If a data breach occurs, we will document all relevant details, including the breach itself, its consequences, and the measures taken to address it. This documentation will be done in compliance with GDPR Article 33.