Partnership Plan Privacy Notice

Version Date: 22 October 2020

1. Introduction

Please take a few minutes to review this Privacy Notice carefully. We reserve the right to make changes to this Privacy Notice when we update or make changes to our Partnership Plan loyalty scheme. If we do so, we will ask you to acknowledge that you have read and understood the updated Privacy Notice before your next log-in to the updated or amended Partnership Plan.

In this Privacy Notice we use certain defined terms, which we have capitalized. These terms have the meaning given to them in our Terms & Conditions, which form a legally binding agreement between us and you. You can review the Terms & Conditions here: https://www.syngenta.co.uk/partnership-plan-terms-and-conditions.

Data Controller. The data controller is Syngenta UK Limited, registered company no. 00849037, registered office address Cpc4, Capital Park, Fulbourn, Cambridge, CB21 5XE, referred to as “Syngenta”“we”“us”, “our”.

Contact details. You can contact our Data Privacy Champion via email at dataprivacy.uk@syngenta.com or via post at the registered office address for Syngenta UK Limited given above.

Scope. This Privacy Notice covers personal data that is processed in conjunction with membership of the Partnership Plan. Personal data is data that relates to you, where you are an identified or identifiable individual. 

Our Partnership Plan loyalty scheme is available to business customers only, subject to the Terms & Conditions. Consequently, your personal data will be processed by us where you are authorized to administer or otherwise access or use a Partnership Plan Account on behalf of a Business (see our Terms & Conditions for more information).

2. Personal data processing.

We process your personal data as set out in the table below.

Type of personal data

Purposes

Lawful grounds

Your name, business email address, business name, business address, telephone number, mobile phone number, user login, job title.

We use this personal data to register and set up your
Account, provide user access (as either a Member or Delegate), deliver Reward items, provide delivery status updates, handle queries, returns and complaints, provide Partnership Plan technical support and customer services.

Where you contract with us as an individual, e.g. as a sole trader, the lawful ground is performance of the contract between us governing your membership of the Partnership Plan.

Where your company or other legal entity contracts with us, the lawful ground is our legitimate interests in providing Partnership Plan membership to your Business.

Your name, business email address, business name, business address, telephone number, mobile phone number, user login, job title.

We use this personal data to communicate with you via email about updates to the Partnership Plan and other important service messages.

Where you contract with us as an individual, e.g. as a sole trader, the lawful ground is performance of the contract between us governing your membership of the Partnership Plan.

Where your company or other legal entity contracts with us, the lawful ground is our legitimate interests in providing Partnership Plan membership to your Business.

Your contact information, as well as information about how you use the Partnership Plan.

Marketing - we may contact you (as a representative of your Business) with relevant information about other Syngenta products and services we think may be of interest to your Business. Where required by applicable law, we will obtain your consent for marketing purposes, and in any case, you can stop direct marketing at any time by contacting us as set out below, or by using the unsubscribe link in our emails. 

Our legitimate interests in marketing our products and services.

Consent, where this is required under applicable law for the purposes of direct marketing.

Cropping and product usage data which you submit to us, for example, how many hectares of each different crops you/your Business farm(s), the volume of Syngenta products used, your contact information and any information which you submit via surveys.

We also use information collected by email tracking pixels to understand whether you have engaged with marketing communications.  See section 7 below for more details.

To better tailor marketing communications which you have agreed to receive to ensure they are relevant you/your Business.

To assess the effectiveness of our campaigns and the relevance of Partnership Plan to our customers.

We will rely on our legitimate interests to: (i) make our marketing communications more relevant to our subscribers and to our Partnership Plan members ((where we have a lawful ground to send you marketing communications, see below); (ii) to assess the effectiveness and relevance of those communications, so that we can improve them over time; and (iii) to understand how the Partnership Plan is used so that we can make improvements to it. 

If you log-in to the online Partnership Plan Platform, the following data will be collected automatically: computer type (Windows or Macintosh), operating system name and version, language, internet browser type and version and the name and version of the online services you are using, IP address (in truncated, anonymized form), unique randomized ID the page(s) visited, time visited.

We may collect this information using cookies and similar technologies – see section 7 below, as well as our separate Cookie Policy.

We use this information to provide the Partnership Plan to our members, to ensure the online portal works properly, to calculate usage level, to help diagnose server problems, for statistical purposes about usage of the portal and for security purposes.

Our legitimate interests in: (i) understanding how our online services are used in order to make improvements to them; and (ii) identifying and combatting security threats to our online services and our users.

We may also: (i) aggregate or otherwise anonymise personal data; or (ii) use data you submit in a way that does not relate to you as an identifiable individual (for example, where the data relates to your Business). We may do this for a variety of business purposes, including, without limitation, improving our Partnership Plan, analysing the use of our agricultural products in aggregate, producing statistical or research outputs on agricultural matters, developing new offers and products and for any other purposes determined by us. In these cases, we will not be processing personal data and our activities are outside of the scope of this Privacy Notice.  

3. How does Syngenta share personal data?

Service providers and partners: We share personal data with companies and organizations that we work with for the purposes set out above.

These third parties are required by contract to use the personal data we share with them only for the purposes that we have specified and to take commercially reasonable measures to protect the confidentiality and security of your personal data.

Transfers outside the United Kingdom and the European Economic Area. We will transfer your personal data to recipients in countries outside the United Kingdom and the European Economic Area (“EEA”). We ensure that personal data will be adequately protected, including by ensuring that the recipient country is deemed to provide an adequate level of protection under applicable data protection laws and, if that is not the case, ensuring that we put appropriate safeguards in place such as standard data protection transfer clauses.

Intra-group transfers within Syngenta: Our parent company, Syngenta Crop Protection AG, is a Swiss corporation based in Basel, Switzerland (“Syngenta Parent”). Syngenta Parent has concluded Intragroup Data Transfer Agreements (IDTAs) with many of its subsidiaries (Syngenta DP Network), including us, to enable the effective transfer and processing of personal data. We use web servers, store and otherwise process personal data within the Syngenta DP Network in countries within the EEA and also in countries outside the EEA, including Switzerland and the United States.

Transfers to Third parties

Service Providers: We transfer or otherwise make personal data available to service providers, who process your personal data under our instructions to help us to dispatch and deliver Rewards, provide customer support, and otherwise to carry out the purposes listed in section 2 above. These service providers act on our instructions, and do not use your personal data for purposes other than those set out in this Privacy Notice. 

Business transfers. Your personal data may be transferred to a company that acquires, or considers acquiring, the stock or assets of, or invests in, Syngenta, the Syngenta Parent, one of its affiliates, or one of our businesses (or that company’s advisors, lenders or auditors), for example, as the result of a sale, merger, reorganization or liquidation. The legal basis for this data processing is that we have a legitimate interest in being able to sell or acquire investment in our business. If such a transfer occurs, the acquiring company's use of your personal data would still be subject to this Privacy Notice and the privacy preferences you have expressed to us.

Compliance with laws and protection of our rights and the rights of others. We may disclose personal data when this is necessary to comply with the law, a court order, a request from a regulator or a subpoena. In case of obligations under EU or Member State law, the legal basis for this data processing is that it is necessary for compliance with a legal obligation to which we (the data controller) are subject, otherwise that we have a legitimate interest in complying with lawful requests from public authorities. Before disclosing personal data, or making personal data available to, public authorities in third countries, we will consider our obligations to provide an adequate level of protection for the data, except where relevant derogations exist. 

We may also disclose personal data to prevent or investigate a possible crime, such as fraud or identity theft (the legal basis being that we have a legitimate interest in protecting ourselves from crime and enforcing or defending our rights; to enforce or apply our online terms of use or other contractual relationship with you (the legal basis being that it is necessary for the performance of a contract with you (where we contract with you as a sole trader) or it is otherwise in our legitimate interest to do so; or to protect our own rights or property or the rights, property or safety of our users or others (the legal basis being that we have a legitimate interest in doing so).

4. How can you exercise your rights in relation to your personal data?

We strive to maintain a high level of transparency about the data we process. As regards our processing of your personal data described in this Privacy Notice, you have the following rights:

· To confirm Syngenta is processing your personal data, to get access to or receive a copy of the personal data we may have about you;

· To require us to rectify or update any inaccurate personal data, or complete any incomplete personal data;

· To require us to delete or erase your personal data;

· To restrict our processing of your personal data;

· To require us to transmit certain of your personal data to you or to transfer or have them transferred to another data controller (data portability); and

· To object to our processing of your personal data on a legitimate interests basis. If we agree with your objection then, subject to other legitimate interests which we may be able to rely on (e.g. in the context of legal claims pending or threatened against us), we will then no longer be allowed to process your personal data;

· To require that we stop processing your personal data for direct marketing purposes.

Certain rights are subject to restrictions or limitations, and their availability may depend on the lawful basis we rely on to process your personal data (see section 2 above). Further, we may rely on applicable exemptions under EU, Member State, UK or other applicable law in order to deny part or all of your request. If we do so, we will inform you when responding to your request.

If you wish to exercise any of your above rights, you can contact us as follows:

If you are resident in the UK, you can contact our Data Privacy Champion via email at dataprivacy.uk@syngenta.com or via post at the registered office address for Syngenta UK Limited given in the Introduction section at the beginning of this Privacy Notice.

We will respond to your reasonably specified request as quickly as possible after validating the request.

5. How long does Syngenta store your personal data?

Subject to the below, we intend to store your personal data only for so long as you are the “owner” or a Member or Delegate for a Business with a Partnership Plan Account. If the owner or Member informs us of a change to the Account contact details, we will update the Account

Syngenta will delete your Business’ Partnership Plan Account if there is no log-in for twelve months. Otherwise, your Business Partnership Plan Account will remain active unless you ask for deletion by emailing partnership.plan@syngenta.com. Subject to the below, deletion of your Account will delete your personal data. However, we may retain non-personal data after your Business Account has been deleted.

By way of exception from the above rule that personal data is only stored for so long as you are associated with a Business that has a Partnership Plan Account:

· If you are on a marketing mailing list, we will continue to process your contact information to send you marketing communications for as long as we have a lawful ground to do. You can opt-out of these communication at any time by following the instructions in the communications or by contacting us directly;

· We are required to store transaction records (i.e. records of your purchase of a Reward) for a minimum of 5 years in order to satisfy our requirement to maintain proper accounting records. In some circumstances, there may be limited personal data (e.g. a name or contact information) associated with such records;

· For evidentiary purposes, in particular to be prepared for legal disputes or complaints, we may store certain personal data (such as a record of your identity and the fact that you were the owner, Member or a Delegate for a Business Partnership Plan Account) for a period of time after deletion of the Account as long as this is permissible and necessary given the statutes of limitations in your country, so our retention period may vary depending on the circumstances. However, in such cases we will no longer actively process the personal data for the originally specified purpose, but only for the purpose mentioned above. Further we will limit access to your personal data on that basis. The legal basis for such processing is that is it necessary for our legitimate interest in establishing, exercising or defending our rights; and

· We may also retain your personal data after deletion of your Account, if necessary, to comply with an applicable legal obligation (other than the obligation to maintain transaction records referred to above). 

6. How does Syngenta protect personal data?

We maintain a comprehensive data security program, including commercially reasonable administrative, physical and technological security measures, to protect personal data from unauthorized access, unauthorized use, and unauthorized or accidental destruction, modification or disclosure. Although we take commercially reasonable precautions to provide an appropriate level of security, we cannot guarantee the security of personal data provided over the internet or stored in our databases.

7. Cookies and similar technologies

More detailed information about our use of cookies can be found in our Cookies Policy https://www.syngenta.co.uk/partnership-plan-cookies-policy.

Google Analytics: In common with many companies, we use a web analytics tool provided by Google LLC to assign a randomized User ID to each website visitor in order to understand how visitors use and interact with the website. We use the “Anonymise IP” extension, which means that your IP address will be masked before it is transferred to the United States. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and masked there. The IP address transmitted in connection with Google Analytics will not be merged with any other data of Google. More detailed information about the terms of use and data privacy are available at https://policies.google.com/technologies/partner-sites?hl .

8. Questions, concerns and complaints concerning our privacy practices.

Should you have any questions, you can contact our Data Privacy Champion via email at dataprivacy.uk@syngenta.com or by writing to the address for Syngenta UK Limited given in the Introduction section at the beginning of this Privacy Notice. You also have a right to lodge a complaint with the relevant supervisory authority. In the UK this is the Information Commissioner (details available at https://ico.org.uk/).