Privacy Policy | Agrilution App


Data protection

1. Name and contact details of the controller and the data protection officer

This privacy policy applies to data processing carried out by:

agrilution GmbH
Centa-Hafenbrädl-Str. 61
81249 Munich

Tel.: +49 (0) 89 230 292 92
E-mail: info@agrilution.com

(hereinafter “agrilution” or “we”)

You can contact our data protection officer at: privacy@agrilution.com

 

2. Information about the processing of personal data

2.1 Use of the agrilution app

2.1.1 Personal data processed

Device data: Once you install and open the agrilution app on your mobile device, we will capture and save the hardware model and operating system used by you as well as the language setting selected on your device and possibly the unique device identifier.

Server log data: When you use the app, we also capture server logs, information such as IP addresses of your device, access dates and times, app failures and other system activity occurring during the use of our app.

2.1.2 Purposes for which the personal data is processed

We process the device and server log data in order to provide you with a functional and user-friendly app, to evaluate system security and stability and also for other administrative purposes.

2.1.3 Legal bases

The legal basis for the data processing is Article 6(1)(1)(f) GDPR. Our legitimate interest derives from the data collection purposes listed above.

The provision of the data is not a statutory or contractual requirement or necessary for the conclusion of a contract. You have no obligation to provide the data. However, if the data is not provided, we are unable to provide the requested content of the app.

2.1.4 Storage duration

The data is stored in server log files, in a form enabling identification of the persons concerned, for a maximum period of 7 days, unless a security-related event occurs (e.g. a DDos attack). In the case of a security-related event, server log files are stored until the security-related event has been eliminated and completely resolved.

2.2 Registration and creating an account

2.2.1 Personal data processed

Upon registration in the agrilution app, we request and store the following personal data in order to create your account:

•Name (forename, surname),

•E-mail address,

•Address.

2.2.2 Purpose for which the personal data is processed

We process the data mentioned in order to give you additional benefits of our app and our service, such as the purchase of Seedmats.

2.2.3 Legal bases

The legal bases for the data processing are performance of a contract (Article 6(1)(1)(b) GDPR) and Article 6(1)(1)(f) GDPR. Our legitimate interest derives from the data collection purposes listed above.

The provision of the data is required for the use of our app.

2.2.4 Storage duration

We store this data until you change it in your account or delete your account. If you wish to have your account deleted, please send an e-mail to privacy@agrilution.com. We will then immediately remove your account from our system, if the statutory provisions regarding the retention obligation allow. Otherwise, we will anonymize your account as far as possible and delete it as soon as the statutory retention obligation expires.

2.3 Orders

2.3.1 Personal data processed

You can reorder Seedmats via our app if you are logged in to your account. In this case, your personal data is entered into an input mask and sent to us and stored. When you make an order via our app, we collect the following data in the shop:

•E-mail address,

•Surname, forename

•Company name (optional),

•Address,

•Telephone number,

•Payment information.

We use the Shopify Inc. (“Shopify”) platform for our shop. When you place an order in our shop, Shopify stores all the data collected in the shop (see above) as well as your IP address, information about your order in our shop and information about your device and browser used. For this purpose, your personal data is forwarded to the Shopify data centre in the United States and processed there. For the USA, there is an adequacy decision by the European Commission (EU/US Privacy Shield) under which Shopify is certified. This data is stored and processed for the purpose of supporting and processing your orders, your authentication, handling payment transactions and improving Shopify’s services. More information on Shopify’s Terms of Use and Privacy Policy can be found at www.shopify.com/legal/privacy.

2.3.2 Purposes for which the personal data is processed

This data is collected

•to be able to identify you as our customer,

•to be able to process, fulfil and handle your order,

•for correspondence with you,

•for invoicing,

•for handling any liability claims, and asserting any claims against you,

•to ensure the technical administration of our app,

•to manage our customer data.

2.3.3 Legal bases

The data is processed on the basis of your order and is required under Article 6(1)(1)(b) GDPR for the proper processing of your order and for the mutual fulfilment of obligations under the contract.

2.3.4 Storage duration

The personal data collected by us for processing your order will be stored until the expiry of the statutory retention obligation and then deleted. In addition, we also store this data insofar as there are statutory retention obligations, in particular under commercial and tax law. Depending on the nature of the documents, there may be retention obligations of six or ten years under commercial and tax law (Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB)).

2.4 Plantcube

2.4.1 Personal data processed

When the Plantcube is connected to a wifi router, information is automatically sent to a cloud server. In this case, the following information is captured and stored in a pseudonymized version:

•sensor data of the device,

•Seedmats with serial number,

•settings for the functioning of the device,

•status of the individual components in relation to the correct functionality.

2.4.2 Purposes for which the personal data is processed

This data is collected

•to enable optimal functioning of the device,

•to ensure that the device is operated in a correct combination of Seedmats,

•to check the Seedmats for durability and lawful possession,

•to analyse the sensor data with a view to further optimizing the operation, and

•for better assistance from our customer support when problems arise.

2.4.3 Legal bases

The data processing is required under Article 6(1)(1)(b) GDPR for the functional provision of your Plantcube and for the mutual fulfilment of obligations under the contract.

2.4.4 Storage duration

The personal data collected by us for providing the Plantcube will be stored until the expiry of the statutory retention obligation and then anonymized or deleted. In addition, we also store this data insofar as there are statutory retention obligations, in particular under commercial and tax law. Depending on the nature of the documents, there may be retention obligations of six or ten years under commercial and tax law (Section 147 of the German Fiscal Code (AO) and Section 257 of the German Commercial Code (HGB)).

 

3. Disclosure of data

We use technical service providers acting as our order processors as part of the operation and maintenance of our app.

For example, we use Shopify’s platform for our shop. In addition, we pass on your personal data for orders to the service partners involved in the execution of the contract, such as the logistics company commissioned with the delivery and the bank responsible for payment matters.

Service providers processing personal data on our behalf outside the European Union (so-called third countries) will only be used if there is an adequacy decision by the European Commission for that third country or there are suitable or appropriate guarantees on the part of the recipient. In addition, we do not transmit your personal data to third parties, except for the purposes set out below.

We only share your personal data with third parties if:

•you have expressly consented to this under Article 6(1)(1)(a) GDPR,

•the disclosure is required under Article 6(1)(1)(f) GDPR for the protection of our legitimate interests or the legitimate interests of a third party and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,

•in the event that there is a statutory obligation to make the disclosure under Article 6(1)(1)(c) GDPR, and

•this is legally permissible and required under Article 6(1)(1)(b) GDPR for the handling of contractual relations with you.

 

4. Usage analysis

When you use our app, we collect personal data from you in order to improve the functionality of our app and to tailor our offer to you more individually. Your behaviour in relation to the use of our service and our system will be recorded and analysed. The analysis measures are conducted on the basis of our legitimate interests under Article 6(1)(1)(f) GDPR. With the measures used, we intend to ensure needs-based design and ongoing optimization of our app, for example by recording the frequency of use and performing a pseudonymized visitor action evaluation (conversion tracking) to statistically record the use of our app and evaluate our offer to you for optimization purposes. This information is used to create pseudonymous usage profiles that are not merged with data about the bearer of the pseudonym. The aim of the procedure is to investigate where the users come from, which areas of the app are visited and how often and for how long subpages and categories are viewed. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.

To optimize our app, we use UXCam, a service of UXCam Inc. (814 Mission Street, San Francisco, CA, 94103, USA). In this case, pseudonymized usage data is transmitted to UXCam Inc. UXCam Inc. is a USA-based company that analyses the usage data on our behalf. The data processing may take place outside the European Union.

For data processing in the USA, there is an adequacy decision by the European Commission pursuant to Article 45(3) of the EU General Data Protection Regulation (GDPR). The privacy policy of UXCam can be viewed here.

You can object to and prevent the processing of your data through the analysis tools at any time in the browser or app settings.

 

5. Security

The security of your data is always our top priority:

•We store your data exclusively in the EU.

•Sensitive data is transmitted using only the Secure Socket Layer (SSL) encryption method with at least 128 bits.

•When the sender of the data is in a WLAN, all transmitted data is encrypted using the Secure Socket Layer (SSL) encryption method with at least 128 bits.

•All captured data is stored behind a number of firewalls and protected in this way.

•All sensitive data is additionally encrypted on our servers using the SHA-256 or SHA 512 encryption method.

We have also taken technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorized access. All of our employees and service providers working for us are bound by the valid data protection laws. Our security measures are subject to constant improvement and our privacy policies are constantly being revised. Please make sure you have the latest version.

 

6. Data subject rights

You have the right:

•pursuant to Article 15 GDPR and under the restrictions of Section 34 of the Federal Data Protection Act (BDSG), to request information about your personal data processed by us;

•pursuant to Article 16 GDPR, to demand the rectification of incorrect personal data or completion of your personal data stored by us without delay;

•pursuant to Article 17 GDPR, to demand the deletion of your personal data stored by us, except where the processing is required for exercising the right to freedom of expression and information, for fulfilling a legal obligation, for reasons of public interest or for asserting, exercising or defending legal claims; under Section 35 BDSG, further restrictions apply;

•pursuant to Article 18 GDPR, to demand the restriction of the processing of your personal data, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject the deletion thereof and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Article 21 GDPR;

•pursuant to Article 20 GDPR, to obtain your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request transmission to another controller;

•pursuant to Article 7(3) GDPR, to revoke your consent once granted to us at any time. This means that we are no longer allowed to continue the data processing based on that consent for the future, and

•pursuant to Article 77 GDPR, to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work or our place of business. A list of the competent supervisory authorities and their address can be found here.

If your personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right, pursuant to Article 21 GDPR, to file an objection against the processing of your personal data, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without a particular situation being stated.

If you wish to exercise your right of revocation or objection, you just need to send an e-mail to privacy@agrilution.com.

 

7. Status and amendment of this privacy policy

This privacy policy was last updated on 28 May 2019.

Due to technical advances and/or changed legal and/or regulatory requirements, it may be necessary to adapt this privacy policy.

The current privacy policy can be found in the menu of the app under “Info” > “Privacy policy”.

*  *  *