Bank.Green Privacy policy

1 - What is the purpose of this policy?

Your privacy rights are very important to us. We take great care to process your personal data in accordance with applicable Data Protection Laws (including, for instance, the GDPR).

This policy will explain the privacy principles we follow when you visit and browse this website or sign the pledge form. In particular, we want to tell you why and how we collect, process and store your personal data, what our role as “data controller” involves and what our obligations are.

We also want to inform you about the rights you have in connection to your personal data.

This policy is layered and we encourage you to read it in its entirety by clicking on each of the questions below to find out more about this policy, what we do with your personal data, and your privacy rights.

If you want to find out even more about this policy, you can click on the link that is included at the end of certain answers. For example, for more information about the purpose of this policy, please click here.

This Privacy Policy (“policy”) sets forth the general privacy principles that Empowerment Works, Inc. (“we” or “Bank.Green”) follows with respect to personal data (as defined below) that is processed when you use this website (the “website”) or when you sign the pledge form that can be found on our website. In this context, Bank.Green will generally act as a controller in respect of your personal data, which means that we are responsible for the processing of your personal data, as we decide why and how your personal data is processed.

We respect individual privacy and value the confidence of the visitors of our website. We strive to process your personal data in a manner consistent with applicable Data Protection Laws.

The purpose of this policy is to provide the information required under applicable Data Protection Laws in a transparent manner, including:

• why and how we collect, process and store your personal data;
• what our role as “controller” of your personal data involves; and
• what your rights and our obligations are in relation to this processing.

2 - When does this policy apply?

This policy applies each time we “process” your personal data, for instance when you visit and browse our website or sign the pledge form.

3 - What do the terms in this policy mean?

The defined terms used in this policy have the following meaning:

“Bank.Green” means Empowerment Works, Inc. Bank.Green is a project of Empowerment Works.

“controller” means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. Therefore, this is the person who determines the "how" and "why" of the processing of personal data. For data processed in accordance with this policy, the controller shall be Empowerment Works, Inc.

“Data Protection Laws” means all applicable laws relating to the processing, privacy or security of personal data and all regulations or guidance issued thereunder, including the GDPR, the UK GDPR, Section 5 of the Federal Trade Commission Act and the U.S. Children’s Online Privacy Protection Act and all other applicable laws relating to data protection and information security.

“European Economic Area” or “EEA” means the Member States of the European Union plus Iceland, Liechtenstein, Norway, and Switzerland. “GDPR” means the General Data Protection Regulation.

“personal data” means any information or data that relates to an identified or identifiable natural person or any other information or data that constitutes “personal data,” “personal information” or “personally identifiable information” under applicable Data Protection Laws.

“policy” means this Privacy Policy.

“processing” means any operation or set of operations that is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction and the verb “to process” shall be construed accordingly.

“processor” means a natural or legal person which processes personal data on behalf of the controller. Processors may be subsidiaries, affiliates or third-party suppliers and service providers. In all cases, the controller will conclude a data processing agreement with its processor to ensure your personal data is processed in accordance with the GDPR.

“UK GDPR” means the GDPR as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 and as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419).

“we” or “our” means Empowerment Works, Inc., unless the context requires otherwise.

4 - How do you get my personal data?

We may collect your personal data whenever:

• you visit and browse our website;
• you sign the pledge form; or
• you contact us and provide us with your information. We may also collect data (using cookies, trackers and tags) about how you use our website, for example, the website from which you have just accessed our site, the sections of our website you browse, and other actions taken on our website. Cookies are small files placed on the hard drive of your computer that allow us to, among other things, recognize repeat visitors, measure frequency of visitor use, store user preferences, diagnose problems with our server, and to track information and usage behavior. Most browsers are initially set up to accept cookies; however, you can reset your browser to block all cookies from being loaded onto your computer or to indicate when a cookie is being sent. Please be aware that refusing cookies can affect the performance of websites and may cause some parts of our website not to function properly. To find out more about the types of cookies and other tracking techniques we use, please click here.
  We also receive aggregated statistical information (such as general distribution of gender, location and age range of site visitors) from certain social media platforms, including Facebook, Twitter and Instagram, to measure the effectiveness of our posts and messages, but we do not receive any personal data from these providers. If you have questions about how these platforms collect and use your personal data, we recommend for you to read their privacy policies.

5 - What type of personal data do you collect?

We may collect different sorts of personal data, such as:

• information that may identify you personally (e.g., your name, email address, location, current financial institution, gender and birthday);
• information relating to you visiting our website (e.g., IP address, browser and device information, which parts of the website you like to visit, the time spent on our website); and
• additional personal data that you provide to us separately through one of our online forms, via e-mail or via other communication channels.

6 - Why and on which grounds do you collect my personal data? And for how long do you store my personal data?

We collect and use your personal data for, amongst other things, the following reasons:

• to be able to register your pledge to switch to a more climate-friendly bank and to send you reminders (at the dates chosen by you) for switching banks, or to otherwise send emails to you to keep you updated on our initiatives;
• to improve the performance of our website, to improve the security, user-friendliness and interoperability of our website, as well as identifying usage trends and fraud prevention;
• to determine the most popular and unpopular areas of our website and to help us better understand how users interact on our website;
• to reach a broader audience with our initiative and website;
• to enter into a contract with you, to perform under such a contract we have entered into with you or to enforce our rights; and
• to comply with applicable law or court or governmental orders. Your personal data will only be used for marketing purposes if you agree (and you can change your mind at any time by unsubscribing via the link contained in promotional emails or by contacting us at hello@bank.green).

Certain of the personal data we collect from you will be stored for two years after the date on which you set your last pledge reminder. For other types of personal data, the time period for which we actually keep your personal data depends on the reason for which we collected your personal data. We will in any event delete your personal data if we do no longer need it for the purposes for which it was collected initially, and you can also request from us at any time to delete your personal data (subject to certain exceptions) by following the procedure described here .

To learn more about the purposes of, and legal basis for, the processing of your personal data, and for how long we keep your personal data, please click here .

Purpose and Legal Basis of the Processing and Retention Period

We may collect personal data from you for one or more of the purposes detailed below. Personal data will only be processed to the extent necessary to achieve that purpose.

We may also use personal data for additional purposes where you have given us your consent. We will use your personal data only when we have a valid legal basis to do so.

Purpose of Processing: Registering your pledge to switch to a more climate-friendly bank.
Legal Basis of Processing: We have obtained your prior consent.
Retention Period: Two years after the date on which you set your last pledge reminder

Purpose of Processing: Send you reminders via email to switch to a more climate-friendly bank (at the dates chosen by you).
Legal Basis of Processing: We have obtained your prior consent.
Retention Period: Two years after the date on which you set your last pledge reminder

Purpose of Processing: Send you newsletters.
Legal Basis of Processing: We have obtained your prior consent.
Retention Period: As long as you have not unsubscribed

Purpose of Processing: To determine the most popular and unpopular areas of our website.
Legal Basis of Processing: We have obtained your prior consent and the processing is necessary for our legitimate interest.
Retention Period: No longer than strictly necessary and in any event not longer than 26 months after collection.

Purpose of Processing: To improve the performance, security and inter-operability of our website.
Legal Basis of Processing: We have obtained your prior consent and the processing is necessary for our legitimate interest.
Retention Period: No longer than strictly necessary and in any event not longer than 26 months after collection.

Purpose of Processing: To enter into a contract with you, to perform under a contract we have entered into with you or to enforce our Terms of Use/Terms of Service (as applicable)
Legal Basis of Processing: Processing is necessary to enter into a contract or to perform our contractual obligations towards you.
Retention Period: Two years if no contract is entered into or Ten years after date of termination of the contract

Purpose of Processing: Compliance with law, court or governmental orders (e.g., to reply to an official request from a public or judicial authority with the necessary authorization).
Legal Basis of Processing: Processing is necessary to comply with our legal obligations.
Retention Period: For as long as required pursuant to the applicable legal obligation.

You have the right to withdraw your consent, or to object to the processing of your personal data for that purpose, at any time. If you withdraw your consent or object to the processing, you will no longer receive personalized communications from us. We will delete all personal data that was collected on the basis of consent only (other personal data collected based on other legal bases such as our legitimate interest, will be retained).

In certain circumstances, we may not be able to delete your personal data in its entirety, for example where we must keep track of certain information to comply with legal obligations. You can exercise these rights by contacting us using the contact details set forth here and here .

7 - Who else will receive my personal data?

We may disclose your personal data to our employees.

In addition, our website uses cookies (to find out more, please click here ) and in that context we may transfer your personal data to certain third party processors such as Google, Facebook, Twitter, Tiktok, Zapier, Typeform and ActiveCampaign, as well as our attorneys, accountants and advisors or other unaffiliated third party companies who provide us with assistance or advice or are under contract to perform services for or on our behalf provided that their use of personal data disclosed by us will be limited to performing services for us or on our behalf.

If you want to see the full list of persons to whom we may disclose your data, please click here .

Third-Party Recipients

Our website also uses cookies (to find out more, please click here ) and in that context we may transfer your personal data to certain third party processors.

In addition, we, or any other third-party recipient to whom we transferred your personal data, may also transfer your personal data to third party processors to complete the purposes listed above, where necessary.

Third-party recipients of your personal data may include:

• Google, including Google Ad Manager for advertising campaigns in conjunction with external advertising networks that Bank.Green has no direct relationship with, Google Ads remarketing which is a remarketing and behavioral targeting service that connects the activity of Bank.Green with the Google advertising network, Google Signals which is a feature of Google Analytics that associates information collected from Bank.Green with Google information from accounts of signed-in Google-account users, different applications and versions of Google Analytics which generally utilize personal data collected on our website to track and examine the use of our website and to prepare reports on activity and to share such reports with other Google services (potentially for advertising purposes), and Google Tag Manager for services to deploy and manage tags (which collect information collected regarding the behavior of visitors of our website). You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt-out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.
• Facebook, including Facebook Custom Audience and Facebook Remarketing which are remarketing and behavioral targeting services that connects the activity of Bank.Green with the Facebook advertising network, Facebook Lookalike Audience that shows personalized ads on the basis of user’s behavior on our website or on the Facebook apps or services, Facebook lead ads to allow form-based advertisements to be shown pre-populated with personal data from a data subject’s Facebook profile.
• Twitter, including Twitter Remarketing, Twitter Tailored Audiences and Twitter Ads conversion tracking which are remarketing and behavioral targeting services that connects the activity of Bank.Green with the Twitter advertising network.
• TikTok, including TikTok conversion tracking which is an analytics and behavioral targeting service that connects data from the TikTok advertising network with actions performed on our website.
• Zapier, which is a workflow automation services that automates the movement of personal data between certain third-party services.
• Typeform, which is form builder and data collection platform.
• ActiveCampaign for database management services, which we use amongst others for email services such as sending pledge reminders and newsletters.
• Our attorneys, accountants and advisors or other unaffiliated third party companies who provide us with assistance or advice or are under contract to perform services for or on our behalf provided that their use of personal data disclosed by us will be limited to performing services for us or on our behalf.

We exercise appropriate due diligence in the selection of third parties and take all steps reasonably necessary to ensure that they process your personal data securely, only as instructed by us and for no other purposes, as well as that any transfer that may occur outside the EEA is in accordance with applicable Data Protection Laws.

8 - Will you transfer my personal data to other countries?

Your personal data may also be processed in other countries, including outside of Europe, where data processing and privacy regulations may not offer the same level of protection as in other parts of the world. We will make sure that any transfer of your personal data is compliant with applicable Data Protection Laws, even if it travels outside of Europe.

To find out more, please click here .

Transfers outside the European Economic Area

The personal data transferred to any other third-party recipients may also be processed in a country outside the EEA. If your personal data is transferred outside the EEA to a country that is not considered as providing an adequate level of data protection (as confirmed by an adequacy decision from the European Commission), subject to certain exceptions, we will generally enter into EU standard contractual clauses approved by the European Commission prior to such transfer to ensure the required level of protection for the transferred personal data. You may request additional information in this respect and obtain a copy of the relevant safeguard we have put in place by contacting us at hello@bank.green. A current list of non-EEA countries that are considered to provide an adequate level of data protection can be found on the European Commission’s website here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

9. What happens if I do not provide my personal data?

You are not legally required to provide us with your personal data. However, we sometimes need your personal data to interact with you. For example, we will not be able to register your pledge without your contact details, location and current financial institution.

10. What are my rights?

You have the following rights:

• you may access and request copies of your personal data;
• you may request that we correct or complete any information we hold about you;
• you may request that we delete or restrict the processing of your personal data (in certain circumstances as described here );
• you may change your mind if you had previously agreed to us processing your personal data; and
• you may object to the use of your personal data for direct marketing purposes. If you are a California resident who would like to learn more about our use of your personal data for direct marketing purposes, please click here .

For more information on the rights you have, how to exercise them and how ask questions or file complaints, please click here .

California Do Not Track Disclosure: We are committed to providing you with meaningful choices about the information collected on our services. However, we do not currently recognize or respond to browser-initiated Do-Not-Track signals, as the Internet industry is currently still working on Do-Not-Track standards, implementations and solutions.

Your Rights

You have a right of access to copies of your personal data as processed by us under this policy. If you believe that any information we hold about you is incorrect or incomplete, you also have a right to request the correction thereof. We will ensure that we have the correct information about you on file.

You also have the right to:

• request the erasure of your personal data if it is no longer necessary for us to keep them in connection with the purposes for which they were collected (however, in certain circumstances, we may not be able to delete your personal data in its entirety, for example where we must keep track of certain information to comply with legal obligations);
• request the restriction of the processing of your personal data in certain circumstances (for instance, where you believe the personal data that we hold is inaccurate – in this case, processing can be restricted, while personal data is being rectified);
• withdraw your consent where we have obtained your consent to process personal data (without this withdrawal affecting the lawfulness of processing prior to the withdrawal);
• object to the processing of your personal data for direct marketing purposes; or
• object to the processing of your personal data for other purposes in certain cases where we process your personal data relying on another legal basis than your consent.

We will honor such requests, withdrawals or objections as required under the applicable Data Protection Laws.

In addition, you also have the right to data portability. This is the right to obtain the personal data you have provided to us in a structured, commonly used and machine-readable format and request the transmission of such personal data to you or a third party, without hindrance from us and subject to your own confidentiality obligations.

To exercise the above rights, please send an email to hello@bank.green. In certain circumstances, where necessary, we may request additional information to confirm your identity. You are not required to pay any charge for exercising your rights.

If you do not want to receive email or other communications from us any more, please adjust your communications preferences by sending an email to hello@bank.green. We will address all requests to remove names from any postal mail or email lists in compliance with applicable Data Protection Laws.

If you have any questions or are not satisfied with how we processes your personal data, please let us know by sending an e-mail at hello@bank.green. We will examine your question or complaint and get back to you as soon as possible.

You also always have the right to file a complaint with the competent data protection authority.

Your Privacy Rights under the California Shine the Light Law:

Under California Civil Code Section 1798.83, if you are a California resident and your business relationship with us is primarily for personal, family or household purposes you may request certain data regarding our disclosure, if any, of personal data to third parties for the third parties’ direct marketing purposes. To make such a request, please send us an email at hello@bank.green.

You may make such a request up to once per calendar year. If applicable, we will provide you, by email, a list of the categories of personal data disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year along with the third parties’ names and addresses. Please note, however, that not all personal data sharing is covered by Section 1798.83’s requirements.

11 - How can I contact you?

You can contact us by email at hello@bank.green or by filling in our contact form by clicking here .

Our representative in the EU is Albert Carter (albert@bank.green).

Our representative in the UK is Neil Simpson (neil@bank.green).

12 - Other web sites

The website may contain links to third-party websites which are not operated by Bank.Green. We will endeavour to link only third-party websites that share our high standards and our respect for privacy. However, we are not responsible for the content or privacy practices employed by these third-party websites. If you have any questions about such third parties’ practices with respect to the processing of your personal data, you should contact the responsible provider directly.

13 - Do you collect personal data from children?

We do not knowingly collect, use or disclose any personal data (such as name, address and telephone number) from children under 18 years of age without obtaining prior consent from a parent or legal guardian.

If you are under 18 years of age, you should not give us any information or fill out any forms on our website without asking your parent or guardian first.

If a parent or guardian of a child under 18 believes that his or her child has provided us with personal data, they should contact us if they want this data deleted from our systems. Once we know that we have personal data about a child under 18, we will delete that data from existing files if we can retrieve it.

14 - How will I be informed of updates to this policy?

You will be notified in advance of any future updates to this policy, both through the website (via a pop-up or otherwise) and/or through our other usual communication channels (for example by email, if available).

This policy was last updated on August 10, 2022.