We collect personal information to provide you with the products and services you request as well as information on other products and services offered by or through us. We are committed to protecting the privacy of your personal information.
ecoATM UK will be the controller in respect of any personal data collected through the use of the Kiosk and Services, which means we control the way information is used and processed. We may be contacted via the following email address: firstname.lastname@example.org
About this Policy
Types of Information Collected and Processed
We may collect, store, and use the following categories of personal information about you:
Title, first name, last name, username or similar identifier, date of birth, identification card number and gender, copy of your driver’s license and related details such as your name, address, place of birth, driver number, and photograph,
Address, email address and telephone numbers.
Bank account and payment card details.
Details about payments to and from you and other details of the transaction in which you used the Kiosk. These include:
Marketing and Communications Data
Information we receive:
Special Category Personal Data
We do not collect, store or use the following "special categories" of more sensitive personal information such as your physical and mental health details, sexual life, racial or ethnic origin, trade union membership and/or offences, and we ask that you do not to supply us with any special category personal data
Collecting data through Direct Interactions
You may give us your Identity, Contact, and Financial Data by using the Kiosk, providing your drivers license, filling in forms, providing information via the Kiosk, or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
Collecting data through Automated Technologies
As you interact with Kiosk, we may collect technical data about your Device. We collect this data by electrically examining the Device using cables that you connect to your Device and other similar technologies.
When you visit our Kiosk, we employ CCTV in our Kiosks, we therefore may video or photograph you by CCTV, camera or video equipment for security purposes,
When you insert your driver’s license into our Kiosk, we may automatically collect personal data about you. We collect this data by electrically examining and viewing the driver’s license/ identification card.
Collecting data through Third parties or Publicly Available Sources.
We may receive personal data about you from such third parties as set out below:
• Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Paypal, Paypoint, or Bottomline Technologies based inside and outside of the EEA.
Collecting through Telephone recordings
We may also record telephone conversations to offer you additional security, resolve complaints, for staff training purposes, to improve our service standards and for fraud prevention measures.
How we Use the Information we Collect
We use your information in the following ways:
Fair and lawful processing
We are required by law to process personal data only if we have a lawful basis to do so. The lawful basis are specifically set out within data protection law and any processing which we do must fit within one of those basis. We cannot create a new reason because what we want to do does not fit within the lawful basis set out in the data protection law. The types of lawful basis that exist are:
We have set out in the table below examples of how we use your personal information and the lawful basis for doing so as described in this policy.
Lawful basis for processing
Providing our Kiosk service to you and device trade in
Identity, Contact Financial, Transactional, Technical
Performance of Contract
Necessary for our legitimate interests to provide our services
Internal administration of Kiosk, internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
Identity, Contact Financial, Transactional, Technical , Aggregated, Marketing and communications
Necessary for our legitimate interests for running our business and provision of Kiosk.
Improving the service
Identity, Aggregated, Technical, Usage
Necessary for our legitimate interests of to help with product development,
Maintaining the Security of Kiosk
Identity, Contact, Technical, Usage
Necessary for our legitimate interests of ensuring the security of our Services.
Marketing - to deliver relevant advertising to you and make offers to you
Marketing and communications, Contact, technical, Usage
Consent- where you have opted in to receive marketing
Complying with a court order, or to exercise or defend legal claims
To comply with a legal obligation
Complying with other requests from third parties where required and lawfully permitted
Identity, Contact, Aggregated, Technical, Usage
To comply with a legal obligation
Disclosing your information
We may disclose your information to third parties from time to time, the categories of recipients are as follows:
We may also share your personal data in the event that our business, or substantially all of its assets are acquired by a third party, (in which case personal information about customers might be one of the transferred assets).
Transferring your Information
The data that we collect from you at the Kiosk may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the provision of support services.
If data is transferred by us from within the EEA to a jurisdiction outside the EEA, it is done so in accordance with applicable data protection laws. We rely on the following appropriate safegaurds to transfer your information:
a. Model Clauses: The European Commission has adopted standard contractual clauses (also known as Model Clauses), which provide safeguards for personal information that is transferred outside of Europe. We may use these Model Clauses when transferring personal information outside of Europe.
b. Privacy Shield: We may rely on the EU-US Privacy Shield to transfer personal information to some of our third party service providers in the United States, where they are certified to receive such information under the Privacy Shield Program.
You have the following rights under certain circumstances:
• Right to request correction - to make changes or corrections to your information to make sure it is accurate and up to date;
• Right to object to processing - ask us to stop processing your information;
• Right to request access - receive a copy of the information we hold about you - you may request details of personal information which we hold about you at any time (a Data Subject Access Request or DSAR). No fee will be required, although reasonable fees can be charged for manifestly unfounded or excessive requests;
• Right of portability - transfer your information to a third party; and
Where you have provided consent for data processing, you can withdraw this consent at any time.
If you have any requests to exercise your data information rights you can send an email to email@example.com.
You have the right to lodge a complaint about us to the UK Information Commissioner's Office (https://ico.org.uk/) or the relevant authority in your country of work or residence.)
We take commercially reasonable steps to protect and secure information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
Retention of information
We may keep your details on record for as long as is reasonably necessary for the purposes for which it may use your personal data, as set out above and as allowed in accordance with applicable data protection law.
The criteria we use to determine data retention periods for your personal data includes the following:
Please note that we reserve the right to retain certain information for our own record-keeping (for example, to ensure that you do not receive marketing communications that you have opted-out of receiving) and to defend ourselves against any claims.
Third Party websites
We may, from time to time, provide you with links to and from the websites of others, to include partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these privacy policies before you submit any personal data to these websites.
We will occasionally update this Policy as our business and products evolve. If we make changes, we will provide notice of such changes by revising the date at the top of this Policy and, in some cases, we may provide you with more prominent notice (such as sending you a notification). We encourage you to review this Policy from time to time to stay informed about our information practices and the ways you can help protect your privacy.
If you have questions, concerns or suggestions, please feel free to send an email to: firstname.lastname@example.org
You can also address questions, comments and requests to: ecoATM International Ltd., 5a Franscati Way, Maidenhead, Berkshire, SL6 4UY
Last updated May 4, 2019