Agdatahub's privacy policy

Version AGDATAHUB-PC-2023-01, published the 1st january 2023

Agdatahub attaches great importance to the protection of personal data and pays particular attention to information (“ Personal Data ") that you transmit to it when you use the Agdatahub websites and the platform for the EXCHANGE, CONSENT and CONNECT Products (the " Platform »).

The "Sites" define the following websites:

The "Platform" includes the following products ("Products"):

  • Produit EXCHANGE : désigne les services d’intermédiation de données pour gérer les échanges entre abonnés au sein des filières agricoles et agroalimentaires, accessible à l’adresse suivante : https://platform.api-agro.eu/
  • Produit CONSENT : désigne la gamme des services fonctionnels et techniques Connect, Consent et Verif, basés sur l’Identité Numérique Agricole dédiée aux exploitations agricoles. Ces services sont disponibles en ligne (portail web agriculteur et portail partenaire) pour les membres accessibles à l’adresse suivante : https://agritrust.fr et via une application mobile dédiée aux exploitations agricoles.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and the Act of January 6, 1978 relating to data processing, aux fichiers et aux libertés modifiée (together the
"Regulations"), the purpose of this privacy policy is to inform you of how Agdatahub uses and protects your personal data (the "Privacy Policy").

1. Identity and contact details of the data controller

The data controller is the company netframe.co SAS, with its registered office at 81, rue Réaumur, 75002 PARIS – France.

If you have any questions about this Privacy Policy or about the processing of your Personal Data by Agdatahub :

netframe.co
81 rue Réaumur
75002 PARIS
Tel: +33 6 16 13 20 41
Mail : contact@netframe.co

2. Purposes of processing

Agdatahub processes your Personal Data for the following purposes:

  • Processing of a commercial information request issued by a Subscriber via its Members (as these terms are defined in the General Terms and Conditions of the AGDATAHUB Platform) via the Sites;
  • Processing a quotation request made by a Member via the Sites ;
  • Subscription to the newsletter issued by the Sites ;
  • Create and manage your Subscriber, Member or Farmer account on the Platform;
  • Access to functional support and technical assistance for the Platform ;
  • Payment management for purchases made via the Platforms ;
  • Processing appointment requests with an Agdatahub employee;
  • Gestion des paiements des Abonnements aux Produits EXCHANGE et/ou CONSENT ainsi que des prestations de services spécifiques.

3. Processed data

Which Personal Data?

Agdatahub processes the following Personal Data:

  • For processing information requests : email address, surname, first name, company, job title, business telephone ;
  • For quote request processing : email address, last name, first name, company, position, business phone ;
  • To subscribe to the newsletter on the Site: email address, last name, first name ;
  • To create your Subscriber, Member or Farmer account on the Platform: email address, last name, first name, business telephone number, postal address ;
  • Functional support and technical assistance for the Platform: email address, last name, first name, business telephone number.
  • For online payment of subscriptions and services via the payments service Stripe: surname, first name, credit card number, email and cell phone number

 
When?

We collect the information you provide us when:

  • create your Subscriber, Member or Farmer account on the Platform;
  • you create an Agricultural Digital Identity ;
  • you subscribe to a Subscription (as defined in the General Terms and Conditions of the AGDATAHUB Platform) via the Platform;
  • you contact Agdatahub functional support or technical assistance;
  • you write a comment ;
  • you communicate by message with a member of the Platform.

The compulsory or optional nature of the data is indicated at the time of collection by an asterisk. Some data is collected automatically as a result of your actions on the site (see paragraphs "Cookies" and "Processing by the EXCHANGE Product Manager" below).

In order to strengthen trust between Subscribers, Members or Farmers registered on the Platform, Agdatahub may ask you to confirm your identity by Linkedin authentication. When authenticating via Linkedin, you agree to give Agdatahub access to certain information in your profile (surname, first name and profile photograph).

4. Legal base for processing

The applicable legal bases are as follows:

  • The contract: processing is necessary for the performance of your contract with Agdatahub or for the performance of pre-contractual measures taken at your request ;
  • Consent: for any processing that is not necessary for the performance of your contract with Agdatahub or the performance of pre-contractual measures taken at your request, you agree to the processing of your Personal Data by means of express consent (check box, click...). You may withdraw this consent at any time.

5. Recipients

Your Personal Data are only transmitted to the subcontractors and suppliers that Agdatahub uses to ensure:

  • distribution of the Site newsletter and related marketing information (events, user club....);
  • contact, leading to a commercial quote;
  • management, maintenance and hosting of the Platform;
  • access to functional support and technical assistance on the Platform;
  • processing payment transactions.

Under no circumstances will your Personal Data be sold.

6. Shelf life

Agdatahub will retain your Personal Data for as long as necessary to fulfill the purpose(s) described in the "Data Processed" paragraph.

In any event, the retention period of your Personal Data will not exceed three (3) years, from the end of the Subscription (for Subscribers, having subscribed to an EXCHANGE and/or CONSENT Product) or from the last communication (for any other person), unless a longer retention period is required by the Regulations or by a competent administrative or judicial agency. Upon expiry of the retention period, or at your request, your Personal Data will be deleted.

7. Cookies

With the exception of technical cookies necessary for the provision of the service, the sole purpose of which is to facilitate the use of the EXCHANGE and/or CONSENT Products and certain audience measurement cookies benefiting from an exemption from the collection of consent[1], tel l‘outil Matomo Analytics dans sa version 4, votre consentement exprès sera requis avant toute utilisation de tous autres cookies. Vous pouvez accepter ou refuser le dépôt de cookies à tout moment. Si vous ne souhaitez pas que des cookies soient stockés sur votre terminal, vous pourrez bloquer tous les cookies ou certains d’entre eux en modifiant les paramètres de votre navigateur. Les cookies seront conservés pendant une durée de 13 mois.

Each time you connect to the Platform, a banner displaying information on the use of cookies and similar technologies appears at the bottom of your screen, and can be accessed at any time by clicking on the "Cookie management" link in the footer of the Sites. This banner allows you to express your consent to the various cookies or to reject them.

Please note that social network sharing cookies are issued and managed by the publisher of the social network concerned.

8. Traitements effectués par le gestionnaire du Produit EXCHANGE

We draw your attention to the fact that when you use the Platform for the API-AGRO Product, the company Dawex, manager of the EXCHANGE Product, collects, through cookies, your IP address, your connection data and browsing data, the offers consulted and the history of transactions carried out, as well as the operations and exchanges leading to these transactions.

This Personal Data is collected in order to:

  • register Members for newsletters;
  • edit commercial quotations ;
  • compile statistics on visits to and use of the Product (number of pages visited, frequency, etc.);
  • improve the member experience;
  • secure transactions carried out via the Platform;
  • s’assurer que l’utilisation de la Plateforme par les Membres est conforme aux Conditions Générales d’abonnement du Produit EXCHANGE ;
  • ensure that the Platform is not abused.

The collection of this Personal Data is based on your express consent when subscribing to the EXCHANGE Product. You can withdraw this consent at any time.

Data is kept for as long as your account is active. It is then archived in accordance with applicable regulations. In particular, when a member unsubscribes, identity data is deleted and connection data is anonymized, except for messages exchanged, where first and last names are kept for a period of three years.

9. Traitements effectués par le gestionnaire du Produit CONSENT

We draw your attention to the fact that when you use the Platform for the EXCHANGE Product, the company Orange Business, manager of the CONSENT Product, collects, through cookies, your IP address, your connection data and browsing data, the offers consulted and the history of transactions carried out, as well as the operations and exchanges leading to these transactions. 

This Personal Data is collected in order to: 

  • register Members for newsletters; 
  • edit commercial quotations ;  
  • compile statistics on visits to and use of the Product (number of pages visited, frequency, etc.);  
  • améliorer l’expérience du Membre; 
  • secure transactions carried out via the Platform; 
  • s’assurer que l’utilisation de la Plateforme par les Membres est conforme aux Conditions Générales d’abonnement du Produit CONSENT ; 
  • ensure that the Platform is not abused. 

The collection of this Personal Data is based on your express consent when subscribing to the CONSENT Product. You can withdraw this consent at any time.  

Data is kept for as long as your account is active. It is then archived in accordance with applicable regulations.

10. Your rights

In accordance with the Regulations, you may exercise the following rights:

  • Access: you can request information about the processing of your Personal Data, as well as a copy of it.
  • Rectification: if you believe that your Personal Data is inaccurate or incomplete, you may request that your Personal Data be amended accordingly.
  • Deletion: you may request the deletion of your Personal Data, to the extent permitted by Regulation.
  • Limitation: you may request the limitation of the processing of your Personal Data.
  • Objection: you may object to the processing of your Personal Data, for reasons related to your particular situation. In particular, you may object to the processing of your Personal Data for direct marketing purposes, including profiling related to this type of direct marketing, without Agdatahub being able to refuse.

In addition to the aforementioned rights, you have the possibility of organizing the fate of your Personal Data after your death, by sending your instructions to Agdatahub.

You also have the right to withdraw your consent at any time where the consent given serves as the legal basis for the processing concerned of your Personal Data. In these circumstances, the withdrawal of your consent will have the effect of interrupting the processing concerned for the future, but will not affect the lawfulness of the processing previously carried out.

Finally, under the right to portability, you have the right to recover the Personal Data concerning you that Agdatahub has in its possession, and, where technically possible, to request their transfer to a third party.

You may exercise your rights with Agdatahub by sending your request to the contact point mentioned in paragraph 1 "Identity and contact details of the Data Controller " below. Agdatahub informs you that it will be entitled, where appropriate, to oppose manifestly unfounded or excessive requests.

11. Links to third-party websites

You may be able to access third-party websites through links available on the Platform. Use of such third-party sites will be governed by the privacy policies of those sites and not by this Privacy Policy.

12. Transfers outside the European Economic Area

As a matter of principle, we take care to minimize situations in which personal data may be transferred to a country outside the European Union. Nevertheless, it may happen that the use of services provided by a service provider or a third-party application involves the transfer of personal data to a country outside the European Union. In such cases, we ensure that processing involving the transfer of personal data outside the European Union only takes place on condition that a sufficient and appropriate level of protection for your personal data is guaranteed. To this end, we use one of the mechanisms provided for by European regulations to control such transfers.

In addition, we also ensure, in accordance with the recommendations of the European Data Protection Committee on measures that complement transfer mechanisms designed to ensure compliance with the EU level of personal data protection, that we assess the practical effectiveness of the chosen transfer mechanism with regard to the legislation of the third country. If this analysis shows that the chosen transfer mechanism does not offer a level of protection essentially equivalent to that of the EU, we ensure, as far as possible, that additional measures (technical, organizational or contractual) are put in place and regularly evaluated.

In order to be as transparent as possible, you will find below a table containing the processing operations carried out involving a transfer of data outside the European Union and the transfer mechanism used.

Provider
(Processing) 		Transfer mechanism used
(If applicable, additional measures adopted)

STRIPE (Subcontractor) 

https://stripe.com/ 

 

(Management of online credit card transactions) 

Transfer mechanism used: European Commission standard contractual clauses (SCC).

Additional measures:

  • Physical access control to prevent unauthorised persons from accessing the data processing systems available on the premises and facilities (including databases, application servers and related equipment) where personal data is processed.
  • Virtual access control to prevent the use of data processing systems by unauthorised persons.
  • Data access control to ensure that persons authorised to use a data processing system only have access to personal data in accordance with their access rights, and that personal data cannot be read, copied, modified or deleted without authorisation.
  • Disclosure control to ensure that personal data cannot be read, copied, modified or deleted without authorisation during electronic transmission, transport or storage on storage media (manual or electronic), and that it can be verified to which companies or other legal entities the personal data is disclosed.
  • Input control to check whether data has been entered, modified or deleted, and by whom, from data processing systems.
  • Availability control to ensure that personal data is protected against accidental destruction or loss (physical/logical).
  • Separation control to ensure that personal data collected for different purposes can be processed separately.
  • Stripe encrypts data by default. Stripe's security controls include TLS 1.2 configuration for data in transit, TLS and/or SSL encryption for HTTPS and regular testing of infrastructure components. Two-step authentication is available for an additional layer of security when connecting to the Dashboard.
  • Each request for access to data by administrative, judicial and police authorities is examined in order to respond to lawful requests with the minimum of information required.

    Voir aussi https://stripe.com/fr/privacy-center/legal#data-transfers

Brevo

https://www.brevo.com/fr/

 

(mailing solution) 

Transfer mechanism used: European Commission standard contractual clauses (SCC) .

Additional measures:

  • Personal data is processed only by Brevo employees, and the US (Inc) and Indian (Silver Line Ltd) subsidiaries are controlled by Brevo.
  • The transfer consists exclusively of remote access to data, to achieve two specific objectives (support and maintenance), in situations identified and limited according to the principle of data minimisation.
  • Employees are subject to a confidentiality agreement and receive regular training on data protection and the GDPR.
  • Any copying or extraction of data by Brevo employees is prohibited.
  • No sensitive data (within the meaning of Article 9 of the GDPR) is processed by Brevo.
  • Data is stored in the European Union and backup data (back up data) is encrypted.
  • Subcontractors are Brevo subsidiaries who will respond to customer requests exactly as if they were located in the European Economic Area.
  • To date, Brevo's activity has never been the subject of a request from the American administration under section 702 of FISA.

Where applicable, Brevo undertakes to systematically refuse, when the applicable law permits, to communicate data to a third party (including persons governed by public law).

Freshdesk  

https://freshdesk.com  

 

(customer support management solution) 

  • Transfer mechanism used: European Commission standard contractual clauses (SCC).

    Additional measures:

    • Data hosted in the European Union
    • Subsequent sub-contractors are excluded
    • Data is encrypted both at rest and in transit
    • Data is transferred outside the EU for support/security purposes.

    For additional technical and organizational measures of Freshdesk: https://www.freshworks.com/data-processing-addendum/

13. Personal Data of minors

EXCHANGE and CONSENT Products are not intended for minors.

It is up to parents and any person exercising parental authority to decide whether their minor child is authorised to use the Products.

14. Complaints

If you consider that the processing of your Personal Data constitutes a breach of the Regulations, and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are ordinarily resident or where the breach is alleged to have occurred.

In France, the supervisory authority responsible for receiving such complaints is the Commission Nationale de l'Informatique et des Libertés (CNIL).

On the personal data contained in the Files exchanged within the EXCHANGE Product:

Files exchanged as part of your use of the Platform may contain personal data (the "Files"). As a Platform Subscriber, you are responsible for processing this data.

In the event that Agdatahub is considered to be a sub-contractor within the meaning of the Regulation, you must ensure that Agdatahub is authorised to process the Files on your behalf.

In this regard, Agdatahub may access, temporarily record or transfer personal data present in the Files for the purposes of enabling other Subscribers and Members to benefit from the EXCHANGE Products and to conclude transactions, throughout the duration of use of the Platform, in compliance with your instructions and the conditions of the Platform.

Agdatahub will not make any changes to the content of the Files and any changes to the content of the Files must be made by you.

As a Subscriber, you must declare directly on the EXCHANGE Product interface the presence of personal data in the Files so that automatic processing is implemented to hide the personal data in the sample posted online. In the event of failure to declare, Agdatahub is not responsible for the visibility of the personal data in the sample posted online.

(1) https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/cookies-solutions-pour-les-outils-de-mesure-daudience

Legal information

Privacy policy

Resources

netframe.co

© 2024. All rights reserved Agdatahub.

Company

Pricing

News