Privacy Policy
Protecting Your Privacy, Is Our Top Priority
Your privacy is important to us. It is Plastno Inc.'s ("we," "our," or "us") policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including via our app, Plastnofy (the "App"), and its associated services.
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name and email address), your devices, payment details, and even information about how you use an app or online service.
In the event the App contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave the App.
Information We Collect
Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information.
"Voluntarily provided" information refers to any information you knowingly and actively provide us when using the App and its associated services.
"Automatically collected" information refers to any information automatically sent by your device in the course of accessing the App and its associated services.
Log Data
When you access our servers via the App, we may automatically log the standard data provided by your device. It may include your device's Internet Protocol (IP) address, your device type and version, your activity within the App, time and date, and other details about your usage.
Additionally, when you encounter certain errors while using the App, we automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Device Data
The App may access and collect data via your device's in-built tools, such as:
Camera — to capture photos for AI-powered cleaning analysis, supply identification, and waste categorization
Photo Library — to select existing photos for AI analysis and chat conversations
Location Services — to provide region-specific waste disposal and recycling guidance; we collect city, region, and country-level data only, not precise GPS coordinates
Push Notifications — to deliver cleaning reminders, pickup schedule alerts, and proactive home care suggestions
When you install the App or use your device's tools within the App, we request permission to access this information. The specific data we collect can depend on the individual settings of your device and the permissions you grant when you install and use the App. You may revoke any of these permissions at any time through your device's system settings.
Personal Information
We may ask for personal information — for example, when you register an account or when you contact us — which may include one or more of the following:
Name
Email address
Sensitive Information
"Sensitive information" or "special categories of data" is a subset of personal information that is given a higher level of protection. Examples of sensitive information include information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation, sexual practices or sex life, criminal records, health information, or biometric information.
We do not intentionally collect sensitive information. If we ever need to collect such information in the future, we will first obtain your explicit consent, and we will only use or disclose your sensitive information as permitted, required, or authorized by law.
User-Generated Content
We consider “user-generated content” to be materials (text, image and/or video content) voluntarily supplied to us by our users for the purpose of using the App. All user-generated content is associated with the account or email address used to submit the materials.
Please be aware that any content you submit for the purpose of using the App will not be public after submitting (and subsequent review or vetting process).
AI-Powered Features and Data Processing
The App uses artificial intelligence ("AI") to provide its core features, including cleaning analysis, supply identification, waste disposal guidance, product sustainability assessments, and an AI-powered conversational assistant ("Ask Plastnofy"). These features are powered by Google's Gemini AI, accessed securely through Firebase Cloud Functions.
When you use these features, the following data may be sent to our servers and processed by Google's AI services:
Photographs you capture or select from your Photo Library
Text descriptions or hints you provide
Your general location (city, region, country) — used to provide localized recycling and disposal guidance
Contextual information about your household (such as home type, number of occupants, and pets) — used to personalize cleaning recommendations
Your current chore, supply, and waste item data — used by the conversational assistant to provide context-aware responses
Photos and text submitted for AI analysis are processed in real time and are not permanently stored by Google's AI services beyond the duration needed to generate a response. Your data is processed in accordance with Google's Cloud Data Processing terms (https://cloud.google.com/terms/data-processing-addendum).
AI-generated recommendations are provided for informational purposes only and should not be relied upon as professional cleaning, health, or environmental advice.
Household Features and Shared Data
The App allows you to create a "household" and invite other members to collaborate on cleaning tasks, supply tracking, and waste management. When you participate in a household:
Your name, role (e.g., Primary Owner, Owner, Member), and avatar are visible to all household members within that household.
Chores, supplies, and waste items saved to the household are accessible to all members of that household.
The Primary Owner's premium subscription status may extend to all household members ("Household Premium").
You are responsible for obtaining consent from any individuals whose personal information (e.g., name) you add to a household within the App.
Sub-Processors and Data Processing
We maintain Data Processing Agreements (DPAs) with each of our third-party service providers (sub-processors) in accordance with GDPR Article 28 and equivalent requirements under other applicable privacy laws. Our current sub-processors include:
• Google LLC (Firebase Authentication, Cloud Firestore, Firebase Crashlytics, Firebase Analytics) — United States
• RevenueCat, Inc. (Subscription Management) — United States
• Klaviyo, Inc. (Email Marketing, Push Notifications) — United States
These sub-processors are contractually obligated to process personal data only on our instructions, maintain appropriate security measures, and assist us in fulfilling data subject requests. Data transferred to the United States is protected under appropriate safeguards, including Standard Contractual Clauses (SCCs) where required.
We will update this list if we engage additional sub-processors that process personal data on our behalf.
Advertising and Ad Attribution
We use Meta's (Facebook's) software development kit ("SDK") to measure the effectiveness of our advertising campaigns and to understand how you interact with the App. This SDK may collect information such as your device identifier, app events (for example, when you register, subscribe, or scan an item), and purchase data. This information is used for ad attribution, campaign optimization, and audience measurement.
On iOS 14.5 and later, we will request your permission via Apple's App Tracking Transparency ("ATT") framework before enabling cross-app tracking for advertising purposes. You may grant or deny this permission at any time through your device's Settings > Privacy & Security > Tracking. Denying permission does not affect your ability to use the App's core features.
On Android devices, the Meta SDK may collect your Google Advertising ID for the purposes described above. You may opt out of ads personalization or reset your Advertising ID at any time through your device's Settings > Google > Ads. On Android 12 and later, you may also delete your Advertising ID entirely. Opting out does not affect your ability to use the App's core features.
For more information, please see Meta's Privacy Policy at https://www.facebook.com/privacy/policy/.
Cookies and Tracking Technologies
Our website (plastnofy.com) may use cookies and similar tracking technologies such as pixels, local storage, and analytics scripts to improve your browsing experience, analyze website traffic, and understand how visitors interact with our site.
Types of cookies we use:
Essential Cookies: Required for core website functionality such as page navigation and secure access. These cannot be disabled.
Analytics Cookies: Help us understand how visitors use our website by collecting anonymous usage data. We use Framer Analytics and may use Google Analytics for this purpose.
Marketing Cookies: May be used in the future to deliver relevant advertisements and track campaign effectiveness. We do not currently serve targeted ads on our website.
Our mobile App (Plastnofy) does not use cookies. However, third-party SDKs integrated into the App (such as Firebase Analytics and Klaviyo) may use device identifiers and similar technologies as described in the "Third-Party Services" section above.
Managing Cookies: You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling cookies may affect your experience on our website. For more information, visit www.allaboutcookies.org.
By continuing to use our website, you consent to the use of cookies as described in this section. Where required by law (such as under the EU e-Privacy Directive), we will obtain your explicit consent before placing non-essential cookies.
Push Notifications
The App may send you push notifications related to:
Daily cleaning briefings
Chore due date reminders
Waste pickup schedule alerts
Proactive smart cleaning suggestions
Household activity updates
Promotional offers from our store
You can individually enable or disable each notification category within the App's Settings screen, or you may disable all notifications through your device's system notification settings at any time.
Legitimate Reasons for Processing Your Personal Information
We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.
Collection and Use of Information
We may collect personal information from you when you do any of the following on the App:
Register for an account
Sign up to receive updates from us via email or social media channels
Post a comment or review or otherwise participate in our online community
Use a mobile device or web browser to access our content
Contact us via email, social media, or on any similar technologies
When you mention us on social media
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
to provide you with the App's core features and services
for analytics, market research, and business development, including to operate and improve our app, associated applications, and associated social media platforms
for internal record keeping and administrative purposes
to comply with our legal obligations and resolve any disputes that we may have
for technical assessment, including to operate and improve our app, associated applications, and associated social media platforms
We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources.
Security of Your Personal Information
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.
How Long We Keep Your Personal Information
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. For example, if you have provided us with personal information as part of creating an account with us, we may retain this information for the duration your account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
Data Breach Notification
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and within the timeframe required by applicable law. Where required under the GDPR, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where required under the Australian Privacy Act 1988, we will notify the OAIC and affected individuals as soon as practicable. Where required under the New Zealand Privacy Act 2020, we will notify the Office of the Privacy Commissioner and affected individuals. Where required under the Singapore PDPA, we will notify the PDPC and affected individuals in accordance with the prescribed timeframes.
Notifications will include the nature of the breach, the categories of data affected, the likely consequences, and the measures taken or proposed to address the breach and mitigate any adverse effects.
Children’s Privacy
We do not aim any of our products or services directly at children under the age of 13 and we do not knowingly collect personal information about children under 13.
Disclosure of Personal Information to Third Parties
We may disclose personal information to:
a parent, subsidiary or affiliate of our company
third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing providers, professional advisors, and payment systems operators
our employees, contractors, and/or related entities
our existing or potential agents or business partners
credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
third parties, including agents or sub-contractors who assist us in providing information, products, services, or direct marketing to you
third parties to collect and process data
an entity that buys, or to which we transfer all or substantially all of our assets and business
Third parties we currently use include:
Firebase (Google) — for user authentication, cloud database storage (Firestore), cloud file storage, serverless functions (Cloud Functions), and error logging
Google Gemini AI — for AI-powered image analysis, cleaning guidance, waste disposal recommendations, and conversational assistance, accessed via Firebase Cloud Functions
RevenueCat — for subscription management, billing validation, and cross-device purchase synchronization
Klaviyo — for email marketing communications, product review management, back-in-stock notifications, synchronization of your subscription status (plan type, trial status, and expiration date) to personalize communications, and registration of your device push notification token (APNs on iOS, FCM on Android) to deliver targeted push notifications
Meta (Facebook) — for advertising attribution, conversion measurement, and app event analytics
Shopify — for e-commerce product catalog and order fulfillment in our in-app store
Apple Pay / Google Payments — for payment processing
International Transfers of Personal Information
The personal information we collect is stored and/or processed in the United States of America, or where we or our partners, affiliates, and third-party providers maintain facilities.
The countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.
Your Rights and Controlling Your Personal Information
Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our app or the products and/or services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example serving particular content to your device), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.
Business Transfers
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
Limits of Our Policy
Our app may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to This Policy
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
Account and Data Deletion
You may delete your account and associated data at any time through the App's Account settings. When you delete your account:
Your authentication credentials are permanently removed from our authentication system.
Your household data (chores, supplies, waste items) stored in our cloud database is disassociated from your identity.
Your marketing profile with Klaviyo is updated to reflect the deletion.
Your RevenueCat subscriber profile is invalidated.
You may also request manual data deletion by emailing [email protected]. We will process your request within 30 calendar days.
Please note that some information may be retained as required by law, for legitimate business purposes, or to complete any transactions that were initiated before the deletion request was made.
Additional Disclosures for U.S. States Privacy Law Compliance
The following section includes provisions that comply with the privacy laws of these states (California, Colorado, Delaware, Florida, Virginia, and Utah) and is applicable only to the residents of those states. Specific references to a particular state (in a heading or in the text) are only a reference to that state's law and applies only to that state's residents. Non-state specific language applies to all of the states listed above.
Do Not Track
Some browsers have a "Do Not Track" feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser "Do Not Track" signals.
We adhere to the standards outlined in this privacy policy, ensuring we collect and process personal information lawfully, fairly, transparently, and with legitimate, legal reasons for doing so.
California Privacy Laws - (CCPA/CPRA)
Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes. In accordance with your right to non-discrimination, we may offer you certain financial incentives permitted by the California Consumer Privacy Act, and the California Privacy Rights Act (collectively, CCPA) that can result in different prices, rates, or quality levels for the goods or services we provide. Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information, and we will provide written terms that describe clearly the nature of such an offer. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes. To make such a request, please contact us using the details provided in this privacy policy with “Request for California privacy information” in the subject line. You may make this type of request once every calendar year. We will email you a list of categories of personal information we revealed to other organisations for their marketing purposes in the last calendar year, along with their names and addresses. Not all personal information shared in this way is covered by Section 1798.83 of the California Civil Code.
California Notice of Collection
In the past 12 months, we have collected the following categories of personal information enumerated in the CCPA:
Identifiers, such as name, email address, account name, IP address, and an ID or number assigned to your account.
Audio or visual data, such as photos you share with us for AI-powered analysis.
Internet or other electronic network activity information, such as app usage data, interaction logs, and advertising attribution data.
Geolocation data, such as your city, region, and country (collected only with your permission for localized waste disposal guidance).
Inferences drawn from the above categories, such as AI-generated cleaning recommendations based on your submitted photos and household context.
For more information on information we collect, including the sources we receive information from, review the "Information We Collect" section. We collect and use these categories of personal information for the business purposes described in the "Collection and Use of Information" section, including to provide and manage our Service.
Right to Know and Delete
You have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
The categories of personal information we have collected about you;
The categories of sources from which the personal information was collected;
The categories of personal information about you we disclosed for a business purpose or sold;
The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
The business or commercial purpose for collecting or selling the personal information; and
The specific pieces of personal information we have collected about you.
To exercise any of these rights, please contact us using the details provided in this Privacy Policy.
Shine the Light
In addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information as defined by applicable statute with third parties and affiliates for their own direct marketing purposes.
To receive this information, send us a request using the contact details provided in this privacy policy. Requests must include “Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code.
Sale and Sharing of Personal Information
Plastno Inc. does not sell your personal information, nor do we share your personal information for cross-context behavioral advertising as defined under the CCPA/CPRA. If our practices change in the future, we will update this policy and provide a "Do Not Sell or Share My Personal Information" link.
Additional Disclosures for Australian Privacy Act Compliance (AU)
Your Rights Under the Australian Privacy Principles
Under the Australian Privacy Principles (APPs), you have the right to:
Request access to the personal information we hold about you;
Request correction of any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading;
Make a complaint if you believe we have breached an APP.
To exercise any of these rights, please contact us using the details provided in the Contact Us section of this Privacy Policy.
Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.
Complaints
If you believe we have breached the Australian Privacy Principles and wish to make a complaint, please contact us first using the details in the Contact Us section. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Website: www.oaic.gov.au
Additional Disclosures for Personal Data Protection Act (PDPA) Compliance (Singapore)
Data Protection Officer
In accordance with the PDPA, Plastno Inc. has designated a Data Protection Officer (DPO) who is responsible for ensuring our compliance with the PDPA. You may contact our DPO using the details provided in the Contact Us section of this Privacy Policy.
Consent
We obtain your consent before or at the time of collecting, using, or disclosing your personal data. You may withdraw your consent at any time by contacting us using the details in the Contact Us section. Please note that withdrawing consent may affect our ability to provide or continue to provide services to you. We will inform you of the likely consequences of withdrawing your consent before processing your withdrawal.
Purpose Limitation
We collect, use, and disclose your personal data only for purposes that a reasonable person would consider appropriate in the circumstances and for which you have been notified. We will not use your personal data for purposes beyond those stated without obtaining your further consent.
Access and Correction
You have the right to:
Request access to your personal data held by us and information about how it has been used or disclosed within the past year;
Request correction of any errors or omissions in your personal data.
We will respond to access and correction requests within 30 calendar days. A reasonable fee may be charged for processing access requests.
Retention
We will cease to retain your personal data, or remove the means by which it can be associated with you, as soon as it is reasonable to assume that the purpose for which the data was collected is no longer being served and retention is no longer necessary for any legal or business purpose.
Transfer of Personal Data Outside Singapore
When we transfer your personal data outside of Singapore, we ensure that the receiving organization provides a standard of protection that is comparable to the protection under the PDPA, whether through contractual arrangements or other legally recognized means.
Data Breach Notification
In the event of a data breach that is likely to result in significant harm to affected individuals or that affects 500 or more individuals, we will notify the Personal Data Protection Commission (PDPC) and the affected individuals as soon as practicable.
Complaints
If you have concerns about our data protection practices, please contact us first using the details in the Contact Us section. If we are unable to resolve your concern to your satisfaction, you may lodge a complaint with the Personal Data Protection Commission (PDPC):
Personal Data Protection Commission
10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438
Website: www.pdpc.gov.sg
Additional Disclosures for Privacy Act 2020 Compliance (New Zealand)
Information Privacy Principles
This Privacy Policy is designed to comply with New Zealand's Privacy Act 2020 and its 13 Information Privacy Principles (IPPs). We collect personal information directly from you, only for lawful purposes connected to the App's functions, and only to the extent that is reasonably necessary.
Your Rights
Under the Privacy Act 2020, you have the right to:
Be informed about what personal information we collect and why;
Request access to the personal information we hold about you;
Request correction of any personal information that is inaccurate, incomplete, or misleading;
Request deletion of your personal information where retention is no longer necessary.
To exercise any of these rights, please contact us using the details provided in the Contact Us section of this Privacy Policy. We will respond to your request within 20 working days.
Overseas Transfers
When we transfer your personal information outside New Zealand, we take reasonable steps to ensure that the receiving organization is subject to privacy obligations comparable to those under the Privacy Act 2020, or is otherwise required to protect your information to a comparable standard.
Data Breach Notification
If a privacy breach occurs that poses a risk of serious harm to any affected individual, we will notify the Office of the Privacy Commissioner (OPC) and the affected individuals as soon as practicable, in accordance with the Privacy Act 2020.
Complaints
If you believe we have breached the Privacy Act 2020, please contact us first using the details in the Contact Us section. If you are not satisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner:
Office of the Privacy Commissioner
PO Box 10094, The Terrace, Wellington 6143
Phone: 0800 803 909
Website: www.privacy.org.nz
In accordance with PIPEDA, we broaden our definition of personal information to include any information about an individual, such as financial information, information about your appearance, your views and opinion (such as those expressed online or through a survey), opinions held about you by others, and any personal correspondences you may have with us. While this information may not directly identify you, be aware that it may be combined with other information to do so.
As PIPEDA refers to personal information using the term Personally Identifying Information (PII), any references to personal information and PII in this Privacy Policy, and in official communications from Us, are intended as equivalent to one another in every way, shape and form.
Valid Consent
Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place. When you contact us, we assume your consent based on your positive action of contact, therefore you consent to your name and email address being used so we can respond to your enquiry. Under PIPEDA, consent is only valid if it is reasonable to expect that an individual to whom the organization's activities are directed would understand the nature, purpose, and consequences of the collection, use, or disclosure of the personal information to which they are consenting.
Where you agree to receive marketing communications from us, we will do so based solely on your indication of consent or until you instruct us not to, which you can do at any time.
While you may request that we delete your contact details at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
International Transfers of Information
While Plastno Inc. endeavors to keep, store and handle customer data within locations in Canada, it may use agents or service providers located in the United States (U.S.), European Economic Area (EEA) or United Kingdom (UK) to collect, use, retain and process personal information as part of providing services to you. While we use all reasonable efforts to ensure that personal information receives the same level of security in any other jurisdiction as it would in Canada, please be aware that privacy protections under U.S. laws may not be the same adequacy.
Customer Data Rights
Although PIPEDA does not contain an extensive set of consumer rights, it does grant consumers the right to:
Access the personal information organizations hold about them;
Correct any inaccurate or outdated personal information the organization hold about them (or, if this is not possible, delete the inaccurate personal information)
Withdraw consent for any activities for which they have consented (e.g. direct marketing or cookies)
Right to Withdraw Consent
Where you give us consent to collect and use your personal information for a specific purpose. Subject to some restrictions, you can, at any time, refuse to consent, or continue to consent to the collection, use or disclosure of your personal information by notifying us using the email address below in the "Contact Us" section. Withdrawal of consent may impact our ability to provide or continue to provide services.
Customers cannot refuse collection, use and disclosure of their personal information if such information is required to:
be collected, used or disclosed as required by any law;
fulfill the terms of any contractual agreement; and
be collected, used or disclosed as required by any regulators including self regulatory organizations
While you may request that we delete your contact details at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this Privacy Policy.
Right of Access Under PIPEDA
PIPEDA gives you a general right to access the PII held by businesses subject to this law. Under PIPEDA, you need to make your access request in writing and pay a minimal fee of $30.00 USD.
If any organizational fees seem unjust, you have the right to complain about this. We retain the right to decide how we disclose the copies of your PII to you. We will take all necessary measures to fulfill your request in 30 days from receipt, otherwise we must inform you of our inability to do so before the 30-day timeframe if:
meeting the time limit would unreasonably interfere with our business activities; or
the time required to undertake consultations necessary to respond to the request would make it impractical to meet the time limit.
We can also extend the time limit for the length of time required to convert the personal information into an alternative format. In these circumstances, we will advise you of the delay within the first 30 days and explain the reason for it.
Right of Rectification Under PIPEDA
You may request a correction to any factual errors or omissions within your PII. We would ask you to provide some evidence to back up your claim. Under PIPEDA, an organization must amend the information, as required, if you successfully demonstrate that it's incomplete or inaccurate.
You may contact us at any time, using the information provided in the Contact Us section of this privacy policy if you believe your PII on our systems is incorrect or incomplete.
If we cannot agree on changing the information, you have the right to have your concerns recorded with the Office of the Privacy Commission of Canada.
Compliance with PIPEDA's Ten Principles of Privacy
This privacy policy complies with the PIPEDA's requirements and ten principles of privacy, which are as follows:
Accountability. Plastno Inc. is responsible for the PII under its control and will designate one or more persons to ensure organizational accountability for compliance with the ten principles of privacy under PIPEDA, whose details are included below. All personnel are accountable for the protection of customers' personal information.
Identifying purposes. Plastno Inc. identifies the purposes for which personal information is collected at or before the time the information is collected.
Consent. Consent is required for Plastno Inc.'s collection, use or disclosure of personal information, except where required or permitted by PIPEDA or other law. In addition, when customers access a product or service offered by us, consent is deemed to be granted. Express consent may be obtained verbally, in writing or through electronic means. Alternatively, consent may be implied through the actions of customers or continued use of a product or service following Plastno Inc.'s notification of changes.
Limiting collection. Personal information collected will be limited to that which is necessary for the purposes identified by Plastno Inc..
Limiting use, disclosure and retention. We will not use or disclose personal information for purposes other than those for which the information was collected, except with your consent or as required by law. We will retain personal information only for as long as is necessary to fulfill the purposes for collecting such information and compliance with any legal requirements.
Accuracy. Personal information will be maintained by Plastno Inc. in an accurate, complete and up-to-date format as is necessary for the purpose(s) for which the personal information was collected.
Safeguards. We will protect personal information with security safeguards appropriate to the sensitivity of such information.
Openness. We will make our policies and practices relating to the collection and management of personal information readily available upon request, including our brochures or other information that explain our policies, standards, or codes.
Customer access. We will inform customers of the existence, use and disclosure of their personal information and will provide access to their personal information, subject to any legal restrictions. We may require written requests for access to personal information and in most cases, will respond within 30 days of receipt of such requests. Customers may verify the accuracy and completeness of their personal information, and may request the personal information be corrected or updated, if appropriate.
Challenging compliance. Customers are welcome to direct any questions or inquiries concerning our compliance with this privacy policy and PIPEDA requirements using the contact information provided in the Contact Us section of this privacy policy.
Anti-Spam Legislation
Our email interactions with our customers are compliant with Canadian Anti-Spam Legislation. The Company does not send unsolicited email to persons with whom we have no relationship. We will not sell personal information, such as email addresses, to unrelated third-parties. On occasion, your personal information may be provided to our third-party partners to administer the products and services you request from us.
When you leave our website by linking to another website, you are subject to the privacy and security policies of the new website. We encourage you to read the privacy policies of all websites you visit, especially if you share any personal information with them.
Enquiries, Reports and Escalation
To enquire about Plastno Inc.'s privacy policy, or to report violations of user privacy, you may contact us using the details in the Contact us section of this privacy policy.
If we fail to resolve your concern to your satisfaction, you may also contact the Office of the Privacy Commissioner of Canada:
30 Victoria Street
Gatineau, QC K1A 1H3
Toll Free: 1.800.282.1376
www.priv.gc.ca
Additional Disclosures for UK General Data Protection Regulation (UK GDPR) Compliance (UK)
Data Controller / Data Processor
The GDPR distinguishes between organizations that process personal information for their own purposes (known as "data controllers") and organizations that process personal information on behalf of other organizations (known as "data processors"). We, Plastno Inc., located at the address provided in our Contact Us section, are a Data Controller with respect to the personal information you provide to Us.
Third-Party Provided Content
We may indirectly collect personal information about you from third-parties who have your permission to share it. For example, if you purchase a product or service from a business working with us, and give your permission for us to use your details in order to complete the transaction.
We may also collect publicly available information about you, such as from any social media and messaging platforms you may use. The availability of this information will depend on both the privacy policies and your own privacy settings on such platforms.
Additional Disclosure for Collection and Use of Personal Information
In addition to the aforementioned purposes warranting the collection and use of personal information, we may also conduct marketing and market research activities, including how visitors use our site, website improvement opportunities and user experience.
Personal Information No Longer Required for Our Purposes
If your personal information is no longer required for our stated purposes, or if you instruct us under your Data Subject Rights, we will delete it or make it anonymous by removing all details that identify you ("Anonymisation"). However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
Legal Bases for Processing Your Personal Information
Data Protection and Privacy Laws permit us to collect and use your personal data on a limited number of grounds. In which case, we will collect and use your personal information lawfully, fairly and in a transparent manner. We never directly market to any person(s) under 18 years of age.
Our lawful bases depend on the services you use and how you use them. This is a non-exhaustive list of the lawful bases we use:
Consent From You
Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place. When you contact us, we assume your consent based on your positive action of contact, therefore you consent to your name and email address being used so we can respond to your enquiry.
Where you agree to receive marketing communications from us, we will do so based solely on your indication of consent or until you instruct us not to, which you can do at any time.
While you may request that we delete your contact details at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
Performance of a Contract or Transaction
Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you. For example, if you contact us with an enquiry, we may require personal information such as your name and contact details in order to respond.
Our Legitimate Interests
Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.
Compliance with Law
In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. For example, we are required to keep financial records for a period of 7 years. If you have any further enquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the Contact Us section of this privacy policy.
International Transfers of Personal Information
The personal information we collect is stored and/or processed in the United Kingdom by us. Following an adequacy decision by the EU Commission, the UK has been granted an essentially equivalent level of protection to that guaranteed under UK GDPR.
On some occasions, where we share your data with third parties, they may be based outside of the UK, or the European Economic Area ("EEA"). These countries to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information.
If we transfer your personal information to third parties in other countries:
we will perform those transfers in accordance with the requirements of the UK GDPR (Article 45) and Data Protection Act 2018;
we will adopt appropriate safeguards for protecting the transferred data, including in transit, such as standard contractual clauses ("SCCs") or binding corporate rules.
Your Data Subject Rights
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.
Right to Object: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.
Right to be Informed: You have the right to be informed with how your data is collected, processed, shared and stored.
Right of Access: You may request a copy of the personal information that we hold about you at any time by submitting a Data Subject Access Request (DSAR). The statutory deadline for fulfilling a DSAR request is 30 calendar days from our receipt of your request.
Right to Erasure: In certain circumstances, you can ask for your personal data to be erased from the records held by organizations. However this is a qualified right; it is not absolute, and may only apply in certain circumstances.
When may the right to erasure apply?
When the personal data is no longer necessary for the purpose for which it was originally collected or processed for.
If consent was the lawful basis for processing personal data and that consent has been withdrawn. Plastno Inc. relies on consent to process personal data in very few circumstances.
The Company is relying on legitimate interests as a legal basis for processing personal data and an individual has exercised the right to object and it has been determined that the Company has no overriding legitimate grounds to refuse that request.
Personal data are being processed for direct marketing purposes e.g. a person's name and email address, and the individual objects to that processing.
There is legislation that requires that personal data are to be destroyed.
Right to Portability: Individuals have the right to get some of their personal data from an organisation in a way that is accessible and machine-readable, for example as a csv file. Associated with this, individuals also have the right to ask an organisation to transfer their personal data to another organisation.
However, the right to portability:
only applies to personal data which a person has directly given to Plastno Inc. in electronic form; and
onward transfer will only be available where this is "technically feasible".
Right to Rectification: If personal data is inaccurate, out of date, or incomplete, individuals have the right to correct, update or complete that data. Collectively this is referred to as the right to rectification. Rectification may involve filling the gaps i.e. to have to have incomplete personal data completed - although this will depend on the purposes for the processing. This may involve adding a supplementary statement to the incomplete data to highlight any inaccuracy or claim thereof.
This right only applies to an individual's own personal data; a person cannot seek the rectification of another person's information.
Notification of data breaches: Upon discovery of a data breach, we will investigate the incident and report it to the UK's data protection regulator and yourself, if we deem it appropriate to do so.
Complaints: You have the right, at any time, to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the details below. Please provide us with as much information as you can about the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint.
Enquiries, Reports and Escalation
To enquire about Plastno Inc.'s privacy policy, or to report violations of user privacy, you may contact our Data Protection Officer using the details in the Contact us section of this privacy policy.
If we fail to resolve your concern to your satisfaction, you may also contact the Information Commissioner's Office (ICO), the UK Data Protection regulator:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113 (local rate)
Website: www.ico.org.uk
Additional Disclosures for EU General Data Protection Regulation (EU GDPR) Compliance (EU/EEA)
Applicability
This section applies to individuals located in the European Union (EU) and European Economic Area (EEA), including Ireland. Where this section overlaps with the UK GDPR section above, both apply to their respective jurisdictions independently.
Data Controller
Plastno Inc., located at the address provided in our Contact Us section, is the Data Controller with respect to the personal information you provide to us.
Legal Bases for Processing
Our processing of your personal data is based on the same legal bases described in the UK GDPR section above: your consent, performance of a contract, our legitimate interests, and compliance with law. These legal bases apply equally under the EU GDPR.
Your Data Subject Rights
As an EU/EEA resident, you have the same Data Subject Rights described in the UK GDPR section above, including the rights to access, rectification, erasure, restriction of processing, data portability, objection, and to be informed. These rights apply under the EU GDPR (Regulation 2016/679).
International Transfers of Personal Data
Your personal data is stored and processed in the United States. For transfers of personal data from the EU/EEA to the United States, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, to ensure your data receives an adequate level of protection.
Supervisory Authority
If you are located in Ireland, the relevant supervisory authority is the Data Protection Commission (DPC). You have the right to lodge a complaint with the DPC at any time:
Data Protection Commission
21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
Website: www.dataprotection.ie
If you are located in another EU/EEA member state, you have the right to lodge a complaint with the supervisory authority in your country of residence.
If you have any questions about this Privacy Policy or this Site, or if you wish to contact our Data Protection Officer, feel free to contact us by sending an email to: [email protected], or by postal mail at: Plastno Inc., 1111B S Governors Avenue, STE 3879, Dover, Delaware, 19904.
