“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier or to one or more factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable person (ii) can be linked to that person; (iii) is transferred to CropLife International entities and (iv) is recorded in any form. It does not include data where the identity has been removed (anonymous data).
CropLife International has appointed a contact person who is responsible for overseeing questions in relation to this privacy notice. If data subjects have any questions about this privacy notice, including any requests to exercise their legal rights, they should contact CropLife International’s contact person using the details set out below:
CropLife International A.I.S.B.L.
326 Avenue Louise, Box 35
1050 Brussels, Belgium
+32 2 541 16 63
+32 476 59 62 29
Data subjects have the right to make a complaint at any time to the Belgian Data Protection Authority, the Belgian supervisory authority for data protection issues (www.privacycommission.be) at present. CropLife International would, however, appreciate the chance to deal with such concerns before data subjects approach the Belgian Data Protection Authority, so would be grateful if data subjects would contact the contact person in the first instance.
Principles of processing personal data
CropLife International entities respect data subjects’ privacy and are committed to protecting personal data in compliance with the applicable legislation in the EU with the desire to keep its data subjects informed and to recognize and respect their privacy rights. CropLife International entities will observe the following principles when processing personal data:
- Data will be processed fairly and in accordance with applicable law.
- Data will be collected for specified, legitimate purposes and will not be processed further in ways incompatible with those purposes.
- Data will be relevant to and not excessive for the purposes for which they are collected and used.
- Data subjects in the EU will be asked to provide their clear and unequivocal consent for the collection, processing and transfer of their personal data.
- Data will be accurate and, where necessary kept up up-to-date. Reasonable steps will be taken to rectify or delete personal data that is inaccurate or incomplete.
- Data will be deleted or amended following a relevant request by the concerned data subject, should such notice comply with the applicable legislation each time.
- Data will be processed in accordance with the individual’s legal rights (as described in this policy or as provided by law).
It is important that the personal data CropLife International entities hold about data subjects is accurate and current. Data subjects should keep CropLife International entities informed if their personal data changes during their relationship with CropLife International entities.
Appropriate technical, physical and organizational measures will be taken to prevent unauthorized access, unlawful processing, unlawful alteration or disclosure and unauthorized or accidental loss, destruction or damage to data. In addition, CropLife International entities limit access to the personal data of data subjects to those employees, agents, contractors and other third parties who have a business need to know. CropLife International entities will ensure personal data is processed on their instructions and subject to a duty of confidentiality.
In case of any such violation with respect to personal data, CropLife International entities will take appropriate steps to end the violation and will notify relevant data subjects and any applicable authority or regulator in accordance with applicable law and will cooperate with all such competent authorities.
Types of personal data
CropLife International entities collect data subjects’ personally identifiable information:
- Contact, usage and profile information, such as name, user name or similar identifier, password, postal address, title, email address and telephone number, interests, preferences, feedback and survey responses.
- Personal data in content subjects provide on CropLife International entities’ websites and other data collected automatically through the websites (such as IP addresses, login data, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken on these websites (including products or services used), and dates and times of website visits).
- Financial account and transaction information, including billing address, details about payments to and from data subjects and other details of products and services received from CropLife International entities.
- Marketing and communications data includes data subject preferences in receiving marketing from CropLife International entities and their third parties and data subject communication preferences.
CropLife International entities do not collect any sensitive personal data (as defined in the GDPR) about its data subjects (this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information regarding health and genetic and biometric data). Nor do CropLife International entities collect any information about criminal convictions and offences.
Ways of obtaining personal data
The ways by which CropLife International entities obtain personal data are set out in this section. CropLife International entities do not obtain any personal information about data subjects unless the data subject has provided that information to CropLife International entities in a way that is in accordance to the established data protection rules to do so including but not limited to visiting or creating an account with respect to CropLife International entities’ websites, applying for or subscribing to CropLife International entities’ services or publications, requesting that marketing be supplied by CropLife International entities, providing feedback, entering any promotion or survey, by the completion of a written agreement, consent form, survey, or completion of an on-line or hard copy form. Data subjects may choose to submit personal, private information by facsimile, regular mail, e-mail, or electronic transmission over CropLife International entities’ internal websites, interoffice mail, or personal delivery, as each of these methods may be deemed applicable each time.
Automated technologies or interactions
Third parties or publicly available sources
CropLife International entities may receive personal data about data subjects from various third parties and public sources as set out below:
- Technical data from the following parties: analytics providers such as Google based outside the EU; and search information providers Facebook, Twitter, Google, LinkedIn based inside and outside the EU;
- Contact, financial and transaction data from providers of technical, payment and delivery services such as Isabel based inside the EU;
- Identity and contact data from data brokers or aggregators such as Google based outside the EU.
Use of personal data
CropLife International entities collect and use data subjects’ personal information to operate the CropLife International entities’ websites and deliver requested services. CropLife International entities also use personally identifiable information to inform on services available from CropLife International entities. CropLife International entities may also contact data subjects via surveys to conduct research about their opinion of current services or of potential new services that may be offered.
For data subject’s specific information, the purposes of processing may include:
- Management of CropLife International entities’ relationships with its data subjects
- Processing payments, expenses and reimbursements
- Carrying out CropLife International entities’ obligations under various contracts
IP addresses, browser types, domain names, access times and referring website addresses are used by CropLife International entities for the operation of the service, to maintain quality of the service and to provide general statistics regarding use of the CropLife International entities’ websites.
CropLife International entities keep track of the websites and pages their data subjects visit, in order to determine what services are the most popular. This data may be used to deliver customized content to data subjects whose behaviour indicates that they are interested in a particular subject area.
If CropLife International entities introduce a new process or application that will result in the processing of personal data for purposes that go beyond the purposes described above, CropLife International entities will inform the concerned data subjects of such new process or application, new purpose for which the personal data are to be used, and the categories of recipients of the personal data.
CropLife International entities will disclose data subjects’ personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the law or comply with legal process served on CropLife International entities or the sites; (b) protect and defend the rights or property of CropLife International entities; and, (c) act under exigent circumstances to protect the personal safety of data subjects of CropLife International entities, or the public.
Equipment and Information Security
To safeguard against unauthorized access to personal data by third parties outside CropLife International entities, all electronic personal data held by CropLife International entities are maintained on systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access protected to unauthorized personnel, fire detection and response systems.
The importance of security for all personally identifiable information is of highest concern. CropLife International entities are committed to safeguarding the integrity of personal information and preventing unauthorized access to information maintained in CropLife International entities’ databases. These measures are designed and intended to prevent corruption of data, to block unknown and unauthorized access to our computerized system and information, and to provide reasonable protection of personal data in CropLife International entities’ possession. Access to the computerized database is controlled by a log-in sequence and requires users to identify themselves and provide a password before access is granted. CropLife International entities may need to request specific information from data subjects in order to help them confirm the identity of that data subject and to ensure the right of that data subject to access its personal data (or to exercise any of its other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Rights of data subjects
Data subjects have certain rights under data protection legislation concerning the personal data CropLife International entities hold, including the following:
- Request access (commonly known as a “data subject access request”)
This enables the data subject to receive a copy of the personal data CropLife International entities hold and to check it is lawfully processed.
- Request correction:
This enables the data subject to have any incomplete or inaccurate data corrected. CropLife International entities may need to verify the accuracy of the new data that is provided.
- Request erasure:
This enables the data subject to ask CropLife International entities to delete or remove personal data where there is no good reason for continuing to process it.
The data subject also has the right to ask CropLife International entities to delete or remove personal data where the right to object to processing has been successfully exercised, where information has been processed unlawfully or where personal data was erased to comply with local law.
However, CropLife International entities may not always be able to comply with a request of erasure for specific legal reasons. These reasons will be notified to the data subject at the time of the request.
- Object to processing:
This enables the data subject, where CropLife International entities are processing the data subjects’ personal data relying on a legitimate interest (or that of a third party), to object to processing because of the particular situation that impacts on the data subject’s fundamental rights and freedoms.
In some cases, CropLife International entities may demonstrate the existence of compelling legitimate grounds to process information which override the data subject’s rights and freedoms.
- Request restriction of processing:
This enables the data subject to ask CropLife International entities to suspend the processing of personal data in the following scenarios: (a) where the accuracy of the data needs to be established; (b) where the use of the data is unlawful, but the data subject does not want it to be erased; (c) where the data subject wishes CropLife International entities to hold the data in order to be able to establish, exercise or defend legal claims even though CropLife International entities do not need it; or (d) the data subject has objected to CropLife International entities’ use of the data, but it has to be verified whether there are overriding legitimate grounds to continue to process it.
- Request the transfer:
This enables the data subject to ask CropLife International entities to provide to the data subject, or a third party the data subject has chosen, personal data in a structured, commonly used, machine-readable format.
- Withdraw consent at any time:
Withdrawal of consent will not affect the lawfulness of any processing carried out before consent is withdrawn. If consent is withdrawn, CropLife International entities may not be able to provide certain services. In this case, the data subject will be advised at the time that consent is withdrawn.
A data subject who wishes to exercise any of the rights set out above should contact CropLife International’s contact person Ms Raffaella Colombo at GDPR@croplife.org.
If a data subject fails to provide personal data
Where CropLife International entities need to collect personal data by law, or under the terms of a contract it has with a data subject and that data subject fails to provide that data when requested, CropLife International entities may not be able to perform the contract they have or are trying to enter into with that data subject (for example, to provide services). In this case, CropLife International entities may have to cancel a product or service that the data subject has with it. CropLife International entities will notify the relevant data subject if this is the case at the time.
Third party links
Data retention period
Data subject preferences and personal data processed for the use of any of CropLife International entities’ services will be retained for so long as is necessary to fulfil the purposes for which it was collected (including for the purpose of satisfying any legal, accounting or reporting requirements). To determine the appropriate retention period for personal data, CropLife International entities consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which they process the personal data of data subjects and whether they can achieve those purposes through other means, and the applicable legal requirements. Personal data may be held for up to 5 years, after which CropLife International entities will be active in securely deleting the information.
Transfer outside the EU
In connection with the activities of CropLife International entities, CropLife International entities may transmit personal data outside the EU and more specifically to CropLife International’s additional affiliated entities worldwide. CropLife International entities ensure that the personal data of data subjects is protected, by requiring all its affiliated entities outside the EU to follow the same rules when processing the transferred personal data.
CropLife International entities may be contacted if further information is wished on the specific mechanism they use when transferring personal data out of the EU.