Last updated April 16, 2021
We collect personal information to provide you with the products and services you request as well as information on other products and services offered by or through us. We are committed to protecting the privacy of your personal information.
ecoATM UK will be the controller in respect of any personal data collected through the use of the Kiosk and Services, which means we control the way information is used and processed. We may be contacted via the following email address:email@example.com
About this Policy
Types of Information Collected and Processed
We may collect, store, and use the following categories of personal information about you:
Title, first name, last name, username or similar identifier, date of birth, identification card number and gender, copy of your driving licence and related details such as your name, address, place of birth, driver number, and photograph.
Address, email address and telephone numbers.
Bank account and payment card details.
Details about payments to and from you and other details of the transaction in which you used the Kiosk. These include:
• the time, date and location of sale of your Device;
• the details of the Device we buy from you, to include model, make, carrier, and memory size;
• CCTV, video and photographic footage, video and still photographs of you at the Kiosk; and
• any vouchers, coupons or other alternative means of payment you may request that we use, as well as relevant payment method information such as Paypal account, sort code and account number, mobile phone number, credit or debit card number.
• Your behavior on our Kiosk, for example time spent on each page, time to click through, if and when you discontinued the transaction, etc
• IMEI, MEID, and/or serial numbers from any Device
• Device operating system and version;
• Device model;
• Device name;
Marketing and Communications Data
• Your preferences in receiving marketing from us, our third parties, and your communication preferences where you choose to receive marketing from us.
Information we receive:
Special Category Personal Data
We do not collect, store or use the following "special categories" of more sensitive personal information such as your physical and mental health details, sexual life, racial or ethnic origin, trade union membership and/or offences, and we ask that you do not supply us with any special category personal data
Collecting data through Direct Interactions
You may give us your Identity, Contact, and Financial Data by using the Kiosk, providing your driving licence, filling in forms, providing information via the Kiosk, or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
• utilize the Kiosk;
• insert your identification card into the Kiosk;
• fill in forms or fields at the Kiosk;
• provide information for payment for your Device either at the Kiosk or to a customer service representative;
• speak to or contact customer services;
• request marketing to be sent to you;
• contact us through our call center;
• enter a competition, promotion or survey;
• give us some feedback;
• by filling in forms, for example when you sign up to offers, news or a competition;
• by sending us emails and text messages (SMS or MMS);
• by communicating with our customer service representatives and technical support personnel either over the telephone or via email. For example, when requesting technical assistance performing a transaction, asking for information about our Kiosks, reporting an issue, or making a complaint.
Collecting data through Automated Technologies
As you interact with Kiosk, we may collect technical data about your Device. We collect this data by electrically examining the Device using cables that you connect to your Device and other similar technologies.
When you visit our Kiosk, we may employ CCTV in our Kiosks, we therefore may video or photograph you by CCTV, camera or video equipment for security purposes.
When you insert your driving licence into our Kiosk, we may automatically collect personal data about you. We collect this data by electrically examining and viewing the driving licence/ identification card.
Collecting data through Third parties or Publicly Available Sources.
We may receive personal data about you from such third parties as set out below:
• Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Paypal, Paypoint, or Bottomline Technologies based inside and outside of the UK.
Collecting through Telephone recordings
We may also record telephone conversations to offer you additional security, resolve complaints, for staff training purposes, to improve our service standards and for fraud prevention measures.
How we Use the Information we Collect
We use your information in the following ways:
• to respond and/or deal with your request or enquiry including individual rights requests;
• To make decisions on your transaction, such as verifying your identity and your phone;
• Reply to any requests for information that you ask us for or deal with enquiries and responses to those;
• To contact you for service related purposes;
• To process your transaction, and such things as payment;
• To manage our relationship with you;
• To send you service marketing information or updates about market conditions on a regular basis which we feel would be of interest or use to you; and
• for compliance with our legal, regulatory and other good governance obligations
• To protect the security of the kiosk and prevent fraudulent transactions.
Fair and lawful processing
We are required by law to process personal data only if we have a lawful basis to do so. The lawful basis are specifically set out within data protection law and any processing which we do must fit within one of those basis. We cannot create a new reason because what we want to do does not fit within the lawful basis set out in the data protection law. The types of lawful basis that exist are:
• where an individual gives us their consent to process their personal data in a particular way;
• where we need to process your personal data because it is necessary for the performance of a contract;
• where it is necessary to comply with law;
• where we need to protect the vital interests of a customer; or
• where it is necessary for our legitimate interests and for the legitimate interests of another party.
We have set out in the table below how we use your personal information and the lawful basis for doing so as described in this policy.
Activities, Data Used and Lawful Basis for Processing
1. Activity: Providing our Kiosk service to you and device trade
• Data used: Identity, Contact, Financial, Transactional, Technical
• Lawful basis for processing: Performance of Contract, Necessary for our legitimate interests to provide our services
2. Activity: Internal administration of Kiosk, internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
• Data used: Identity, Contact Financial, Transactional, Technical, Aggregated, Marketing and communications
• Lawful basis for processing: Necessary for our legitimate interests for running our business and provision of Kiosk.
3. Activity: Improving the service
• Data used: Identity, Aggregated, Technical, Usage
• Lawful basis for processing: Necessary for our legitimate interests or help with product development.
4. Activity: Maintaining the Security of Kiosk and preventing fraud;
• Data used: Identity, Aggregated, Technical, Usage, Financial
• Lawful basis for processing: Necessary for our legitimate interests of ensuring the security of our Services.
5. Activity: Marketing - to deliver relevant advertising to you and make offers to you
• Data used: Marketing and communications, Contact, Technical, Usage
• Lawful basis for processing: Consent- where you have opted in to receive marketing
6. Activity: Complying with a court order, or to exercise or defend legal claims
• Data used: Identity, Contact, Financial
• Lawful basis for processing: To comply with a legal obligation
7. Activity: Complying with other requests from third parties where required and lawfully permitted
• Data used: Identity, Contact, Aggregated, Technical, Usage, Financial
• Lawful basis for processing: To comply with a legal obligation
Disclosing your information
We may disclose your information to third parties from time to time, the categories of recipients are as follows:
• our partner companies such as ecoATM, LLC;
• third party suppliers;
• law enforcement agencies, where this is requested;
• third party payment providers such as Paypal and Bottomline; and/or
• our insurers.
We may also share your personal data in the event that our business, or substantially all of its assets are acquired by a third party, (in which case personal information about customers might be one of the transferred assets).
Transferring your Information
The data that we collect from you at the Kiosk may be transferred to, and stored at, a destination outside the UK. It may also be processed by staff operating outside the UK who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the provision of support services.
If data is transferred by us from within the UK to a jurisdiction outside the UK, it is done so in accordance with applicable data protection laws. If we transfer your data to countries which the UK has not deemed to have provided an adequate level of protection for your personal data, in a situation where we are legally required to use additional safeguards to transfer your information, we do so by using Standard Contractual Clauses (also known as Model Clauses), which have been adopted by the European Commission, together with additional safeguards where necessary.
You have the following rights under certain circumstances:
• Right to request correction - to make changes or corrections to your information to make sure it is accurate and up to date;
• Right to object to processing - ask us to stop processing your information;
• Right to restrict processing - limit our use or processing of your information;
• Right to request erasure – to ask us to delete your information (we are not obliged to do this in relation to information we need as part of our contractual relationship or for compliance with other laws, such as taxation or accounting laws);
• Right to request access - receive a copy of the information we hold about you - you may request details of personal information which we hold about you at any time (a Data Subject Access Request or DSAR). No fee will be required, although reasonable fees can be charged for manifestly unfounded or excessive requests;
• Right of portability - transfer your information to a third party; and
Where you have provided consent for data processing, you can withdraw this consent at any time.
If you have any requests to exercise your data information rights you can send an email to firstname.lastname@example.org.
You have the right to lodge a complaint about us to the UK Information Commissioner's Office (https://ico.org.uk/) or the relevant authority in your country of work or residence.
We take commercially reasonable steps to protect and secure information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
Retention of information
We may keep your details on record for as long as is reasonably necessary for the purposes for which it may use your personal data, as set out above and as allowed in accordance with applicable data protection law.
The criteria we use to determine data retention periods for your personal data includes the following:
• retention in case of queries – for example, where you contact us to receive further information about the way we handle your data;
• retention in case of claims - for the period in which you might legally bring claims against us which can be 7 years;
• retention in accordance with legal and regulatory requirements - after your agreement with us has come to an end; and
• to stay in touch about your requirements on an ongoing basis, where you have selected to receive these.
Please note that we reserve the right to retain certain information for our own record-keeping (for example, to ensure that you do not receive marketing communications that you have opted-out of receiving) and to defend ourselves against any claims.
Third Party websites
We may, from time to time, provide you with links to and from the websites of others, to include partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these privacy policies before you submit any personal data to these websites.
We will send you marketing according to what you have indicated you would like to receive. We determine your marketing preferences during the sign up process. If you would like to stop receiving marketing, to do this you will need to contact email@example.com by email to withdraw your consent or click the “unsubscribe” link in the direct marketing email you may have received. Please note that if you do withdraw your consent and there is no alternative lawful reason which justifies our processing of your personal data for a particular purpose, it may mean that you cannot receive some marketing communications.
We will occasionally update this Policy as our business and products evolve. If we make changes, we will provide notice of such changes by revising the date at the top of this Policy and, in some cases, we may provide you with more prominent notice (such as sending you a notification). We encourage you to review this Policy from time to time to stay informed about our information practices and the ways you can help protect your privacy.
If you have questions, concerns or suggestions, please feel free to send an email to: firstname.lastname@example.org
You can also address questions, comments and requests to: ecoATM International Ltd., 5a Franscati Way, Maidenhead, Berkshire, SL6 4UY
Last updated April 16, 2021