1. Introduction
This document serves as BankMyCell’s Privacy Policy under the General Data Protection Regulation (GDPR). As a subsidiary of Pixel CX LTD, we are fully committed to safeguarding the privacy and security of our customers personal data. Our policy outlines the protocols and measures we have implemented to collect, use and protect personal data in strict compliance with GDPR guidelines.
In addition to GDPR compliance, this policy is also designed to align with the data protection laws applicable in the United States, including but not limited to the California Consumer Privacy Act (CCPA), and the UK’s Data Protection Act 2018, which supplements the GDPR in the UK context.
2. Data Collection and Utilization
BankMyCell collects personal data such as email addresses and names for communication, responding to inquiries, and providing customer service. Our data collection is lawful, fair, and transparent, ensuring data security and compliance with local laws in the US and UK.
3. Disclosure of Data and Third-Party Engagements
We share only necessary information with partners for transactional purposes and use services like SendGrid for secure email communications. All third parties involved in handling personal data must comply with GDPR standards.
4. Transfer of Data Across Borders
During our business operations, there may be instances where personal data is transferred outside of the European Union, primarily to the United States. BankMyCell takes comprehensive security measures, including Cloudflare’s SSL, firewall, VPN with 2FA access to protect such data.
To comply with GDPR requirements regarding international transfers, we use Standard Contractual Clauses (SCCs) or ensure that the data is transferred to a country with an adequacy decision by the European Commission.
For data transfers involving the USA and the UK, we adhere to the principles and mechanisms approved under the GDPR, CCPA, and the UK’s Data Protection Act 2018. This includes ensuring adequate levels of data protection and security in line with these regulations.
5. Rights of Data Subjects
Under GDPR regulations, individuals have the right to request access, correction, deletion or portability of their data. If you would like to make such a request, please contact BankMyCell’s Data Protection Office at [email protected]. We are committed to addressing these requests promptly and efficiently.
We also want to let users know that they have the right to file a complaint with a supervisory authority if they believe their data is not being handled in accordance with the GDPR regulations.
6. Data Security Protocols
We implement strict security protocols to protect data from unauthorized access or destruction. These measures are overseen by our Data Protection Office and are regularly audited.
7. Data Retention Policy
As part of our official business records, BankMyCell retains data related to orders. However, if you request it, we will delete any non-order related data through our Data Protection Office at [email protected].
We want to emphasize that personal data will not be kept longer than necessary for the collected or processed purposes.
The retention period for personal data complies with GDPR, CCPA, and the UK’s Data Protection Act 2018, ensuring that data is not held longer than necessary and is processed for legitimate and lawful purposes.
8. Use of Cookies and Similar Technologies
Our Cookie Policy, available on our website, details our use of cookies and tracking technologies. We comply with regulations by obtaining user consent and providing clear information about these technologies.
We ensure compliance with cookie-related regulations in the EU, USA, and the UK, including obtaining explicit consent where required and providing clear information about the use of cookies and tracking technologies.
9. Protection of Minors
BankMyCell does not collect data from individuals under the age of 16. We prioritize safeguarding the privacy of minors and strictly adhere to relevant legal standards.
We have implemented additional verification processes to prevent unintentional data collection from minors.
Additional verification processes are in place to comply with the Children’s Online Privacy Protection Act (COPPA) in the USA and the UK’s Data Protection Act 2018 regarding the collection of data from minors.
10. Inquiries and Concerns Regarding Privacy
For inquiries or concerns pertaining to privacy and data protection, stakeholders are encouraged to contact BankMyCell’s Data Protection Officer:
- Name: Richard Morris
- Email: [email protected]
- Address: BankMyCell, 99 Wall Street #1032, New York City, New York, 10005
11. Amendments to the Policy
Any significant changes made to this GDPR policy will be communicated to users through our website and email notifications, ensuring transparency and compliance with regulations.
12. Consent and Choice Mechanisms
We obtain data collection and processing consent through explicit opt-in procedures, with options to opt-out or unsubscribe provided in our communications.
13. Data Protection Officer
Data protection and privacy inquiries should be directed to BankMyCell’s Data Protection Office at [email protected].
14. Compliance and Impact Assessments
To ensure compliance with GDPR, BankMyCell regularly reviews and updates our data protection practices. We continuously evaluate the effectiveness of our data storage and processing protocols.
We conduct Data Protection Impact Assessments (DPIAs) for activities involving processing personal information that may pose a significant risk to individuals’ rights and freedoms.
15. Data Breach Response Protocol
In the event of a data breach, BankMyCell is dedicated to promptly informing affected individuals and relevant authorities in accordance with GDPR requirements. We have comprehensive procedures in place to handle and mitigate the impact of any breaches.
If a data breach occurs, we will document all relevant details, including the breach itself, its consequences, and the measures taken to address it. This documentation will be done in compliance with GDPR Article 33.