Privacy Notice: Version Date: 1 March 2021
1. Introduction
Please take a few minutes to review this Privacy Notice carefully. We reserve the right to make changes to this Privacy Notice when we release updated versions of the Products or new Products. If we do so, we will ask you to acknowledge that you have read and understood the updated Privacy Notice before your first use of the updated version of the Products or new Products.
In this Privacy Notice we use certain defined terms, which we have capitalized. These terms have the meaning given to them in our Terms & Conditions, which form part of the Agreement between us and you. You can review the Terms & Conditions here: https://www.syngenta.co.uk/syngenta-digital-terms-conditions, and you should also review any Special Offer Terms that form part of our Agreement.
Data Controller. The data controller is Syngenta UK Limited, registered company no. 00849037, registered office address Cpc4, Capital Park, Fulbourn, Cambridge, CB21 5XE, referred to as “Syngenta”, “we”, “us”, “our”.
Contact details. You can contact our Data Privacy Champion via email at dataprivacy.uk@syngenta.com or via post at the registered office address for Syngenta given above.
Scope. This Privacy Notice covers personal data that is processed in conjunction with your use of the Products. Personal data is data that relates to you, where you are an identified or identifiable individual.
The Products are provided to business customers only, subject to our Agreement. Consequently, your personal data will be processed by us where you are authorized to use a Product on behalf of a Business, which may be either a grower or an Advisor Business (see our Terms & Conditions for more information).
2. Personal Data Processing
Syngenta is the ‘data controller’ where we collect and use your personal data for our own purposes, as set out in the table below. However, the Business is the data controller (and Syngenta is the data processor) in respect of other data processing activities.
Syngenta as data processor. Please note that when you use a Product as an authorized user on behalf of a Business, in respect of any personal data that you submit when using the Products (including as part of Your Inputs), the relevant data controller is the Business. We are the data processor when we use the personal data you submit to deliver the service e.g. to provide the Business with agronomic decision support guidance or other Outputs.
For example, a Product may allow you to enter information about your location, in-field observations or to upload imagery. Further, a Product may have GPS functionality which can track the location of the device when the Product is in use. We use all of this information as a data processor in order to deliver the service offered by the Product and to produce the Outputs for the Business (our “customer”). Please refer to the privacy notice(s) of the Business (the data controller) for more information about this processing, including to exercise your rights.
Syngenta’s activities as data controller | ||
Type of personal data | Purposes | Lawful grounds |
Your name, email address, business name, a description of who you are (grower, Advisor), business address, telephone number, password for your Account. | We use this personal data to register and set up your | Where you contract with us as an individual, e.g. as a sole trader the lawful ground is performance of the contract. Where your company or other legal entity contracts with us the lawful ground is our legitimate interests in creating accounts to ensure a user is authorized, and to distinguish between users / devices. |
Your name, email address, business name, a description of who you are (grower, Advisor), business address, telephone number. | We use this personal data to communicate with you via email, text or in app notifications about updates to the Product or other important functional service messages. | Our legitimate interests in informing you about matters which are relevant to your use of the Products. |
Your name, email address, business name, a description of who you are (grower, Advisor), business address, telephone number, password for your Account. | We use this personal data to provide technical and customer support. | Where you contract with us as an individual, e.g. as a sole trader the lawful ground is performance of the contract (specifically resolving your questions and issues). Where your company or other legal entity contracts with us the lawful ground is our legitimate interests in resolving questions and issues for our users. |
Your name, email address, business name, a description of who you are (grower, Advisor), business address, telephone number. | We use this personal data to send you user satisfactions surveys and to ask for your feedback about the Products. | Our legitimate interests in improving the Products for you and for future users. |
If you use a mobile app Product, the date and time the app on your device accesses our servers and what information and files have been downloaded to the app. | We use this information for maintenance of the app, for statistical purposes about the usage of these apps in order to improve their functionality, to understand how they are used and resolve questions regarding their use and for security purposes. The developer of your mobile operating system (e.g. Apple; Google) may also collect app usage data. You should refer to their privacy notices and policies for more information. | Our legitimate interests in: (i) understanding how our apps are used in order to make improvements to them; and (ii) identifying and combatting security threats to our apps and our users. |
If you use an online service in connection with a Product, the following will be collected: computer type (Windows or Macintosh), operating system name and version, language, internet browser type and version and the name and version of the online services you are using, IP address, the page(s) visited, time visited. | We use this information to provide the Products to our users, to ensure they work properly, to calculate usage level, to help diagnose server problems, for statistical purposes about usage of online services and for security purposes. | Our legitimate interests in: (i) understanding how our online services are used in order to make improvements to them; and (ii) identifying and combatting security threats to our online services and our users. |
Contact information, as well as information about how you use the Products. | Customer profiling and marketing - we will process this data (and other information that you have provided to us through using other Syngenta products or services) to understand how you have used the Products, and what your agricultural needs are. We may then contact you (as a representative of your Business) with relevant information about other Syngenta products and services we think may be of interest to your Business. Where required by applicable law, we will obtain your consent for marketing purposes, and in any case, you can stop direct marketing at any time by contacting us as set out below, or by using the unsubscribe link in our emails. | Our legitimate interests in marketing our products and services. Consent, where this is required under applicable law for the purposes of direct marketing. |
Name, email and device specific identifiers, (computer type (Windows or Macintosh), operating system name and version, language, internet browser type and version and the name and version of the online services you are using, IP address, the page(s) visited, time visited | We use "cookies" and other similar technologies to collect information and support certain features of our Products. We use this information to provide the Products (including mobile apps) to our users, for maintenance, to ensure the Products work properly, to calculate usage level, for statistical purposes about the usage of our Products and online services in order to improve their functionality, to help diagnose server problems, to understand how our Products are used, to resolve questions regarding their use and for security purposes. | The legal basis for processing activities related to essential cookies is our legitimate interest in providing our Products to our users. The legal basis for processing activities related to non-essential cookies is your consent. |
3. How does Syngenta share personal data?
Service providers and partners: We share personal data with companies and organizations that we work with for the purposes set out above.
These third parties are required by contract to use the personal data we share with them only for the purposes that we have specified and to take commercially reasonable measures to protect the confidentiality and security of your personal data.
Transfers outside the United Kingdom and the European Economic Area. We will transfer your personal data to recipients in countries outside the United Kingdom and the European Economic Area (“EEA”). We ensure that personal data will be adequately protected, including by ensuring that the recipient country is deemed to provide an adequate level of protection under applicable data protection laws and, if that is not the case, ensuring that we put appropriate safeguards in place such as standard data protection transfer clauses.
For more information on standard contract clauses see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
Intra-group transfers within Syngenta: Our parent company, Syngenta Crop Protection AG, is a Swiss corporation based in Basel, Switzerland (“Syngenta Parent”). Syngenta Parent has concluded Intragroup Data Transfer Agreements (IDTAs) with many of its subsidiaries (Syngenta DP Network), including us, to enable the effective transfer and processing of personal data. We use web servers, store and otherwise process personal data within the Syngenta DP Network in countries within the EEA and also in countries outside the EEA, including Switzerland and the United States.
Transfers to Third parties: We transfer or otherwise make personal data available to service providers, who process your personal data under our instructions to help us to deliver the services offered by our Products, and to carry out the purposes listed in section 2 above. These service providers include, but are not limited to:
Amazon Web Services, Inc (AWS), 410 Terry Avenue North, Seattle, WA 98109-5210, USA provides a hosting service in the USA for the platform which hosts our Products. The appropriate safeguards in place are standard data protection transfer clauses approved by the European Commission for transfers outside the EEA. For more information please see the following links: https://aws.amazon.com/compliance/gdpr-center/ .
Amplitude Inc., 631 Howard St., Floor 5, San Francisco, CA 94105, USA provides usage analysis services by processing device data (device model, OS version, country and region) in the USA. The appropriate safeguards in place are the standard data protection transfer clauses approved by the European Commission for transfers outside the EEA. For more information please see this link: https://amplitude.com/blog/data-minimization .
Sentry, Functional Software Inc., 132 Hawthorne St. San Francisco, CA 94107, USA provides usage analysis services by processing device data (device model, OS version, country and region) in the USA. For more information please see this link https://sentry.io/legal/dpa/1.0.0/ .
Smartlook.com, s.r.o. ID No.: 095 08 830, registered office at: Šumavská 524/31, Veveří, 602 00 Brno, Czech Republic . Smartlook provides qualitative website and mobile app analytics and the Service with various modules which include, but not limited to visitor recordings (user replay), automatic event tracking, conversion funnels, and heatmaps for websites. Data is stored in EU. For more information please see this link: Terms of Service | Smartlook Help Center .
Google Ireland Limited, incorporated and operating under the laws of Ireland (Registered Number: 368047), Gordon House, Barrow Street - Dublin 4, Ireland. We use Firebase to track, prioritize, and fix stability issues that impact app quality, collecting device and application data, to improve the service provided to the user. For more information please see this link: Crashlytics and App Distribution Data Processing and Security Terms (google.com) .
Business transfers. Your personal data may be transferred to a company that acquires, or considers acquiring, the stock or assets of, or invests in, Syngenta, the Syngenta Parent, one of its affiliates, or one of our businesses (or that company’s advisors, lenders or auditors), for example, as the result of a sale, merger, reorganization or liquidation. The legal basis for this data processing is that we have a legitimate interest in being able to sell or acquire investment in our business. If such a transfer occurs, the acquiring company's use of your personal data would still be subject to this Privacy Notice and the privacy preferences you have expressed to us.
Compliance with laws and protection of our rights and the rights of others. We may disclose personal data when this is necessary to comply with the law, a court order, a request from a regulator or a subpoena. In case of obligations under UK, EU or Member State law, the legal basis for this data processing is that it is necessary for compliance with a legal obligation to which we (the data controller) are subject, otherwise that we have a legitimate interest in complying with lawful requests from public authorities. Before disclosing personal data, or making personal data available to, public authorities in third countries, we will consider our obligations to provide an adequate level of protection for the data, except where relevant derogations exist.
We may also disclose personal data to prevent or investigate a possible crime, such as fraud or identity theft (the legal basis being that we have a legitimate interest in protecting ourselves from crime and enforcing or defending our rights; to enforce or apply our online terms of use or other contractual relationship with you (the legal basis being that it is necessary for the performance of a contract with you (where we contract with you as a sole trader) or it is otherwise in our legitimate interest to do so; or to protect our own rights or property or the rights, property or safety of our users or others (the legal basis being that we have a legitimate interest in doing so).
4. How can you exercise your rights in relation to your personal data?
We strive to maintain a high level of transparency about the data we process. As regards our processing of your personal data described in this Privacy Notice, you have the following rights:
- To confirm Syngenta is processing your personal data, to get access to or receive a copy of the personal data we may have about you;
- To require us to rectify or update any inaccurate personal data, or complete any incomplete personal data;
- To require us to delete or erase your personal data;
- To restrict our processing of your personal data;
- To require us to transmit certain of your personal data to you or to transfer or have them transferred to another data controller (data portability); and
- To object to our processing of your personal data on a legitimate interests basis. If we agree with your objection then, subject to other legitimate interests which we may be able to rely on (e.g. in the context of legal claims pending or threatened against us), we will then no longer be allowed to process your personal data;
- To require that we stop processing your personal data for direct marketing purposes.
Certain rights are subject to restrictions or limitations, and their availability may depend on the lawful basis we rely on to process your personal data (see section 2 above). Further, we may rely on applicable exemptions under EU, Member State, UK or other applicable law in order to deny part or all of your request. If we do so, we will inform you when responding to your request.
If you wish to exercise any of your above rights, you can contact us as follows:
If you are resident in the UK, you can contact our Data Privacy Champion via email at dataprivacy.uk@syngenta.com or via post at the Syngenta address given in the Introduction section at the beginning of this Privacy Notice.
We will respond to your reasonably specified request as quickly as possible after validating the request.
5. How to delete your Account? How long does Syngenta store your personal data?
Subject to the below, we intend to store your personal data only for so long as you have an Account. Syngenta will delete your Account if the Products are not used for thirty-six months, unless applicable law requires a longer data retention period.
Please note that removing the Products from your device will not delete your Account. Your Account will remain active unless you ask for deletion by emailing support@syngentadigital.co.uk. Subject to the below, deletion of your Account will delete your personal data. However, we may retain non-personal data after your Account has been deleted.
For evidentiary purposes, in particular to be prepared for legal disputes or complaints, we may store certain personal data (such as a record of your identity and the fact that you were a user of our Products) for a period of time after you delete your Account as long as this is permissible and necessary given the statutes of limitations in your country, so our retention period may vary depending on the circumstances. However, in such cases we will no longer actively process the personal data for the originally specified purpose, but only for the purpose mentioned above. Further we will limit access to your personal data on that basis. The legal basis for such processing is that is it necessary for our legitimate interest in establishing, exercising or defending our rights. We may also retain your personal data after deletion of your Account, if necessary, to comply with an applicable legal obligation.
6. Questions, concerns and complaints concerning our privacy practices.
Should you have any questions, you can contact our Data Privacy Champion via email at dataprivacy.uk@syngenta.com or by writing to the address for Syngenta given in the Introduction section at the beginning of this Privacy Notice. You also have a right to lodge a complaint with the relevant supervisory authority. In the UK this is the Information Commissioner (details available at https://ico.org.uk/).