BYDV Assist App Privacy Notice

Version Date: June 4, 2020.

Please take a few minutes to review this Privacy Notice carefully. We reserve the right to make changes to this Privacy Notice when we issue an updated version of the BYDV Assist application (the “App”). If we do so, we will ask you to acknowledge that you have read and understood the updated Privacy Notice before your first use of the updated version of App.

Introduction.The data controllers are Syngenta UK Limited registered company no. 00849037, registered office address Cpc4, Capital Park, Fulbourn, Cambridge, CB21 5XE and Syngenta Ireland Limited (reg’d co. no. 021021), reg’d office address 6th Floor, South Bank House, Barrow Street, Dublin 4, D04TR29, referred to as “Syngenta”, “we”, “us”, “our”.

Contact details. UK If you are resident in the UK, you can contact our Data Privacy Champion via email at dataprivacy.uk@syngenta.comor via post at the reg’d office address for Syngenta UK Limited given in the Introduction section above.

Republic of Ireland: If you are resident in the Republic of Ireland, you can contact our Data Privacy Champion via email at dataprivacy.ie@syngenta.comor via post at the reg’d office address for Syngenta Ireland Limited given in the Introduction section above.

Scope. This Privacy Notice covers personal data that is processed through the App. personal data is data that identifies an individual, either alone or in combination with other information available to us.

Purpose and lawful grounds for processing personal data:

  • In order to download and use the App, we require that you provide the following personal data: your name, email address, business name, a description of who you are (grower, agronomist, distributor, other) and you will also need to set a password for your account. We use this personal data to register and set up your account, provide the BYDV Assist disease monitoring service (which includes sending you disease risk calculations for the locations you have specified, spray application guidance and BYDV Assist service-related information via email and push notifications to your device) and to provide user support. The legal basis for these processing activities is that they are necessary to deliver the BYDV Assist service that you have signed up for and to perform our associated contractual relationship with you (Article 6(1)(b) Regulation (EU) No. 2016/679 General Data Protection Regulation “GDPR”).

    The algorithms and software which power the App will use the town or location that you have specified to access historic weather data and current weather forecasts in order to assess the BYDV risk and generate spray application guidance for the locations that you have specified. Please note that the App does NOT use your device GPS system and so does not track your device’s location. The legal basis for these processing activities is that they are necessary to deliver the BYDV Assist service that you have signed up for and to perform our associated contractual relationship with you (Article 6(1)(b) GDPR).

    We will also use the locations that you have specified in the App and any personal data in feedback comments that you post in the App for the purpose of improving the App and the underlying algorithms and software. The legal basis for these processing activities is that they are necessary for the purpose of our legitimate interests in improving the App and its underlying algorithms and software (Article 6(1)(f) GDPR).

Account Deletion. Please note that deleting the App from your device will not delete your account. If you wish to delete your account please send an email requesting account deletion to support.bydv@syngenta.com

BYDV Assist service emails: You will receive BYDV Assist service emails (such as risk calculations and spray application guidance) as long as you have specified locations in the App. If you no longer wish to receive BYDV service emails, please make sure to delete the locations that you have specified in the App.

How does Syngenta share personal data?

Service providers and partners: We share personal data with companies and organizations that we work with for the purposes set out above in the section titled “Purpose and lawful grounds for processing personal data”, such as:

Amazon Web Services, Inc (AWS), 410 Terry Avenue North, Seattle, WA 98109-5210, USA, is a hosting service provider and acts as a Data Processor. It provides hosting service in the European region for the BYDV App. AWS is responsible for protecting the global infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is comprised of the hardware, software, networking, and facilities that run AWS services, which provide powerful controls to customers and APN Partners, including security configuration controls, for the handling of customer content. Protecting this infrastructure is AWS’ number one priority (for more information, visit: https://aws.amazon.com/compliance).

These third parties are required by contract to use the personal data we share with them only for the purposes that we have specified and to take commercially reasonable measures to protect the confidentiality and security of your personal data.

Transfers outside the European Economic Area. We will transfer your personal data to recipients in countries outside the European Economic Area (EEA). We ensure that personal data will be adequately protected, including by ensuring that the recipient country or organization has been deemed by the European Commission as ensuring an adequate level of protection for personal data and, if that is not the case, ensuring that we put appropriate safeguards in place such as standard data protection transfer clauses approved by the European Commission for transfers outside the EEA. For more information about such arrangements please see the links below.

Adequate countries: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

Standard contract clauses: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

Intra-group transfers within Syngenta: Our parent company, Syngenta Crop Protection AG, is a Swiss corporation based in Basel, Switzerland (“Syngenta Parent”). Syngenta Parent has concluded Intragroup Data Transfer Agreements (IDTAs) with many of its subsidiaries (Syngenta DP Network), including us, to enable the effective transfer and processing of personal data. We use web servers, store and otherwise process personal data within the Syngenta DP Network in countries within the EEA and also in countries outside the EEA, including Switzerland and the United States.

Transfers to other third parties outside the EEA: We also disclose your personal data to third party service providers outside the EEA who provide the following services:

Amplitude Inc.,631 Howard St., Floor 5, San Francisco, CA 94105, USA (hereinafter “Amplitude” is used by Syngenta to provide in-App usage analysis services. The App sends anonymous data (device model, OS version, country and region from where the connection starts, functions used inside the App) to Amplitude. Syngenta analyzes data in Amplitude in order to better understand the usage of the App and how to improve it. Data collected by Amplitude stored in the US.

Amplitude is certified under the EU-US Privacy Shield program. For further details, see https://www.privacyshield.gov/participant?id=a2zt000000001XZAAY&status=Active

Business transfers. Your personal data may be transferred to a company that may acquire the stock or assets of Syngenta, the Syngenta Parent, one of its affiliates, or one of our businesses, for example, as the result of a sale, merger, reorganization or liquidation. The legal basis for this data processing would be that it is necessary for our legitimate interests in such acquisition (Article 6(1)(f) GDPR). If such a transfer occurs, the acquiring company's use of your personal data would still be subject to this Privacy Notice and the privacy preferences you have expressed to us.

Compliance with laws and protection of our rights and the rights of others. We may disclose personal data when this is necessary to comply with the law, a court order or a subpoena. In case of obligations under EU or Member State law, the legal basis for this data processing is that it is necessary for compliance with a legal obligation to which we (the data controller) are subject (Article 6(1)(c) GDPR), otherwise that it is necessary for the purposes of our legitimate interests (Article 6(1)(f) GDPR). We may also disclose personal data to prevent or investigate a possible crime, such as fraud or identity theft (the legal basis being that it is necessary for our legitimate interests in protecting ourselves from crime and enforcing or defending our rights (Article 6(1)(f) GDPR); to enforce or apply our online terms of use or other contractual relationship with you including the BYDV Assist service that you have signed up for (the legal basis being that it is necessary for the performance of a contract with you under Article 6(1)(b) GDPR); or to protect our own rights or property or the rights, property or safety of our users or others (the legal basis being that it is necessary for the purposes of our legitimate interests under Article6(1)(f) GDPR).

How can you exercise your rights in relation to your personal data?

We strive to maintain a high level of transparency about the data we process. As regards our processing of your personal data described in this Privacy Notice, you have the following rights:

  • To confirm Syngenta is processing your personal data, to get access to or receive a copy of the personal data we may have about you;
  • To require us to rectify or update any inaccurate personal data, or complete any incomplete personal data; 
  • To require us to delete or erase your personal data;
  • To restrict our processing of your personal data;
  • To require us to transmit certain of your personal data to you or to transfer or have them transferred to another data controller (data portability); and
  • To require that we stop processing your personal data for direct marketing purposes. Subject to other legitimate interests which we may be able to rely on (e.g. in the context of legal claims pending or threatened against us), we will then no longer be allowed to process your personal data.

If you wish to exercise any of your above rights, you can contact us as follows:

If you are resident in the UK you can contact our Data Privacy Champion via email at dataprivacy.uk@syngenta.comor via post at the reg’d office address for Syngenta UK Limited given in the Introduction section at the beginning of this Privacy Notice.

If you are resident in the Republic of Ireland you can contact our Data Privacy Champion via email at dataprivacy.ie@syngenta.comor via post at the reg’d office address for Syngenta Ireland Limited given in the Introduction section at the beginning of this Privacy Notice.

We will respond to your reasonably specified request as quickly as possible after validating the request.

How long does Syngenta store your personal data? We intend to store your personal data only for so long as you have an account set up to use the App. Syngenta will delete your account if the App is not used for 12 months. Please note that removing the App from your device does not delete your account. Your account will remain set up unless you ask for deletion by emailing support.bydv@syngenta.comDeletion of your account will delete your personal data.

For evidentiary purposes, in particular to be prepared for legal disputes, we may store your personal data for a period of time after you delete your account as long as this is permissible and necessary given the statutes of limitations in your country, so our retention period may vary depending on the circumstances. However, in such cases we will no longer actively process the personal data for the originally specified purpose but only for the purpose mentioned above. The legal basis for such processing is that is it necessary for our legitimate interests in enforcing or defending our rights (Article 6(1)(f) GDPR).

How does Syngenta protect personal data? We maintain a comprehensive data security program, including commercially reasonable administrative, physical and technological security measures, to protect personal data from unauthorized access, unauthorized use, and unauthorized or accidental destruction, modification or disclosure. Although we take commercially reasonable precautions to provide an appropriate level of security, we cannot guarantee the security of personal data provided over the internet or stored in our databases.

Children. Our App is not directed nor targeted to children under the age of 13. We do not use the App to knowingly solicit personal data from children under the age of 13. Please do not provide us with any personal data relating to children under the age of 13. If we learn that such personal data has been provided through the App, we will use reasonable efforts to remove such personal data from our databases.

Questions, concerns and complaints concerning our privacy practices.

If you are a resident in the UK: Should you have any questions, you can contact our Data Privacy Champion via email at dataprivacy.uk@syngenta.com or by writing to the address for Syngenta UK Limited given in the Introduction section at the beginning of this Privacy Notice. You also have a right to lodge a complaint with the relevant supervisory authority. In the UK this is the Information Commissioner (details available at https://ico.org.uk/ )

If you are a resident in the Republic of Ireland: Should you have any questions, you can contact our Data Privacy Champion via email at dataprivacy.ie @syngenta.comor by writing to the address for Syngenta Ireland Limited given in the Introduction section at the beginning of this Privacy Notice. You also have a right to lodge a complaint with the relevant supervisory authority. In Ireland this is the Data Protection Commission (details available at https://www.dataprotection.ie )