Objective

The aim of this privacy policy is to provide adequate and consistent safeguards for the handling of Personal Data (as defined below) by CropLife International A.I.S.B.L. (‘CropLife International’) and affiliated entities (CropLife International and all such entities being together referred as ‘CropLife International entities’) in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation”, or ‘GDPR’).

Scope

CropLife International is the controller and responsible for CropLife International entities’ websites. This privacy policy is issued on behalf of and applies to all CropLife International entities in the EU that process personal data. The GDPR will apply to CropLife International entities that are either 1) established in the EU or 2) offer services in the EU (whether or not for payment) to data subjects in the EU or 3) which monitor the behavior of such data subjects.

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to a name, an identification number, location data, an online identifier or to one or more factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable person (ii) can be linked to that person; (iii) is transferred to CropLife International entities and (iv) is recorded in any form. It does not include data where the identity has been removed (anonymous data).

Contact details

CropLife International has appointed a contact person who is responsible for overseeing questions in relation to this privacy notice. If data subjects have any questions about this privacy notice, including any requests to exercise their legal rights, they should contact CropLife International’s contact person using the details set out below:

Barbara Hondius
Senior Operations Manager
CropLife International A.I.S.B.L.
326 Avenue Louise, Box 35
1050 Brussels, Belgium
GDPR@croplife.org
+32 2 541 16 63
+32 476 59 62 29

Data subjects have the right to make a complaint at any time to the Belgian Data Protection Authority, the Belgian supervisory authority for data protection issues (https://www.dataprotectionauthority.be/citizen) at present. CropLife International would, however, appreciate the chance to deal with such concerns before data subjects approach the Belgian Data Protection Authority, so would be grateful if data subjects would contact the contact person in the first instance.

Principles of processing personal data

CropLife International entities respect data subjects’ privacy and are committed to protecting personal data in compliance with the applicable legislation in the EU with the desire to keep its data subjects informed and to recognize and respect their privacy rights. CropLife International entities will observe the following principles when processing personal data:

  • Data will be processed fairly and in accordance with applicable law.
  • Data will be collected for specified, legitimate purposes and will not be processed further in ways incompatible with those purposes.
  • Data will be relevant to and not excessive for the purposes for which they are collected and used.
  • Data subjects in the EU will be asked to provide their clear and unequivocal consent for the collection, processing and transfer of their personal data insofar as consent is relied on for the processing of the personal data.
  • Data will be accurate and, where necessary kept up up-to-date. Reasonable steps will be taken to rectify or delete personal data that is inaccurate or incomplete.
  • Data will be kept only as it is necessary for the purposes for which it was collected and processed. Those purposes shall be described in this privacy policy.
  • Data will be deleted or amended following a relevant request by the concerned data subject, should such notice comply with the applicable legislation each time.
  • Data will be processed in accordance with the individual’s legal rights (as described in this policy or as provided by law).

It is important that the personal data CropLife International entities hold about data subjects is accurate and current. Data subjects should keep CropLife International entities informed if their personal data changes during their relationship with CropLife International entities.

Appropriate technical, physical and organizational measures will be taken to prevent unauthorized access, unlawful processing, unlawful alteration or disclosure and unauthorized or accidental loss, destruction or damage to data. In addition, CropLife International entities limit access to the personal data of data subjects to those employees, agents, contractors and other third parties who have a business need to know. CropLife International entities will ensure personal data is processed on their instructions and subject to a duty of confidentiality.

In case of any such violation with respect to personal data, CropLife International entities will take appropriate steps to end the violation and will notify relevant data subjects and any applicable authority or regulator in accordance with applicable law and will cooperate with all such competent authorities.

Types of personal data

CropLife International entities collect data subjects’ personally identifiable information:

  • Contact, usage and profile information, such as name, user name or similar identifier, password, postal address, title, email address and telephone number, interests, preferences, feedback and survey responses.
  • Personal data in content subjects provide on CropLife International entities’ websites and other data collected automatically through the websites (such as IP addresses, login data, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken on these websites (including products or services used), and dates and times of website visits).
  • Financial account and transaction information, including billing address, details about payments to and from data subjects and other details of products and services received from CropLife International entities.
  • Marketing and communications data includes data subject preferences in receiving marketing from CropLife International entities and their third parties and data subject communication preferences.

CropLife International entities do not collect any sensitive personal data (as defined in the GDPR) about its data subjects (this includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information regarding health and genetic and biometric data). Nor do CropLife International entities collect any information about criminal convictions and offences.

Ways of obtaining personal data

The ways by which CropLife International entities obtain personal data are set out in this section. CropLife International entities do not obtain any personal information about data subjects unless the data subject has provided that information to CropLife International entities in a way that is in accordance to the established data protection rules to do so, including but not limited to:

  • visiting or creating an account with respect to CropLife International entities’ websites;
  • applying for or subscribing to CropLife International entities’ services or publications;
  • requesting that marketing be supplied by CropLife International entities;
  • providing feedback, entering any promotion or survey;
  • by the completion of a written agreement, consent form, survey; or
  • completion of an on-line or hard copy form.

Data subjects may choose to submit personal, private information by facsimile, regular mail, e-mail, or electronic transmission over CropLife International entities’ internal websites, interoffice mail, or personal delivery, as each of these methods may be deemed applicable each time.

Automated technologies or interactions

When interacting with CropLife International entities’ websites, CropLife International entities may automatically collect technical data about the equipment, browsing actions and patterns of its data subjects. CropLife International entities collect this personal data by using cookies, server logs and other similar technologies. CropLife International entities may also receive technical data about a data subject if it visits other websites employing their cookies. Please see CropLife International entities’ cookie policy below for further details.

Third parties or publicly available sources

CropLife International entities may receive personal data about data subjects from various third parties and public sources as set out below:

  • Technical data from the following parties: analytics providers such as Google based outside the EU; and search information providers Facebook, Twitter, Google, LinkedIn based inside and outside the EU;
  • Contact, financial and transaction data from providers of technical, payment and delivery services such as Isabel based inside the EU;
  • Identity and contact data from data brokers or aggregators such as Google based outside the EU.

Use of personal data

CropLife International entities collect and use data subjects’ personal information to operate the CropLife International entities’ websites and deliver requested services. CropLife International entities also use personally identifiable information to inform on services available from CropLife International entities. CropLife International entities may also contact data subjects via surveys to conduct research about their opinion of current services or of potential new services that may be offered.

For data subject’s specific information, the purposes of processing may include:

Necessity for the performance of a contract or by law

e.g.:

  • Management of CropLife International entities’ relationships with its data subjects
  • Processing payments, expenses and reimbursements
  • Carrying out CropLife International entities’ obligations under various contracts

Legitimate interests

IP addresses, browser types, domain names, access times and referring website addresses are used by CropLife International entities for the operation of the service, to maintain quality of the service and to provide general statistics regarding use of the CropLife International entities’ websites.

Consent

CropLife International entities keep track of the websites and pages their data subjects visit, in order to determine what services are the most popular. This data may be used to deliver customized content to data subjects whose behaviour indicates that they are interested in a particular subject area.

Marketing activities

Subject to any applicable local laws and requirements, CropLife International entities will only send you marketing information when you have consented to receive direct marketing information from us or when this is within our legitimate interest.

New purposes

If CropLife International entities introduce a new process or application that will result in the processing of personal data for purposes that go beyond the purposes described above, CropLife International entities will inform the concerned data subjects of such new process or application, new purpose for which the personal data are to be used, and the categories of recipients of the personal data.

CropLife International entities will disclose data subjects’ personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the law or comply with legal process served on CropLife International entities or the sites; (b) protect and defend the rights or property of CropLife International entities; and, (c) act under exigent circumstances to protect the personal safety of data subjects of CropLife International entities, or the public.

Use of cookies

The CropLife International entities’ websites use “cookies” that automatically track certain information about visitor activity on the sites. Cookies are data files that contain information created by a web server that can be stored on a visitor’s hard disk for use either during a particular session or for future use. CropLife International entities use cookies only to support visitor’s interaction with the site and keep it running efficiently. This information includes the browser and operating system being used, the IP address and the referring URL.

CropLife International entities will not use cookies to collect personally identifiable information. However, if a visitor wishes to restrict or block the cookies which are set by their websites (or indeed any other website), this can be done through the browser settings.

Equipment and information security

To safeguard against unauthorized access to personal data by third parties outside CropLife International entities, all electronic personal data held by CropLife International entities are maintained on systems that are protected by up-to-date secure network architectures that contain firewalls and intrusion detection devices. The data saved in servers is “backed up” (i.e. the data are recorded on separate media) to avoid the consequences of any inadvertent erasure, destruction or loss otherwise. The servers are stored in facilities with high security, access protected to unauthorized personnel, fire detection and response systems.

Access security

The importance of security for all personally identifiable information is of highest concern. CropLife International entities are committed to safeguarding the integrity of personal information and preventing unauthorized access to information maintained in CropLife International entities’ databases. These measures are designed and intended to prevent corruption of data, to block unknown and unauthorized access to our computerized system and information, and to provide reasonable protection of personal data in CropLife International entities’ possession. Access to the computerized database is controlled by a log-in sequence and requires users to identify themselves and provide a password before access is granted. CropLife International entities may need to request specific information from data subjects in order to help them confirm the identity of that data subject and to ensure the right of that data subject to access its personal data (or to exercise any of its other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Rights of data subjects

Data subjects have certain rights under data protection legislation concerning the personal data CropLife International entities hold, including the following:

  • Request access (commonly known as a “data subject access request”):

This enables the data subject to receive a copy of the personal data CropLife International entities hold and to check it is lawfully processed.

  • Request correction:

This enables the data subject to have any incomplete or inaccurate data corrected. CropLife International entities may need to verify the accuracy of the new data that is provided.

  • Request erasure:

This enables the data subject to ask CropLife International entities to delete or remove personal data where there is no good reason for continuing to process it.
The data subject also has the right to ask CropLife International entities to delete or remove personal data where the right to object to processing has been successfully exercised, where information has been processed unlawfully or where personal data was erased to comply with local law.

However, CropLife International entities may not always be able to comply with a request of erasure for specific legal reasons. These reasons will be notified to the data subject at the time of the request. CropLife International entities are only entitled to refuse to comply with your request for erasure for one of the following reasons:

    • to exercise the right of freedom of expression and information;
    • to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
    • for public health reasons in the public interest;
    • for archival, research or statistical purposes; or
    • to exercise or defend a legal claim.
  • Object to processing:

This enables the data subject, where CropLife International entities are processing the data subjects’ personal data relying on a legitimate interest (or that of a third party), to object to processing because of the particular situation that impacts on the data subject’s fundamental rights and freedoms.

In some cases, CropLife International entities may demonstrate the existence of compelling legitimate grounds to process information which override the data subject’s rights and freedoms.

  • Request restriction of processing:

This enables the data subject to ask CropLife International entities to suspend the processing of personal data in the following scenarios: (a) where the accuracy of the data needs to be established; (b) where the use of the data is unlawful, but the data subject does not want it to be erased; (c) where the data subject wishes CropLife International entities to hold the data in order to be able to establish, exercise or defend legal claims even though CropLife International entities do not need it; or (d) the data subject has objected to CropLife International entities’ use of the data, but it has to be verified whether there are overriding legitimate grounds to continue to process it.

  • Request the transfer:

This enables the data subject to ask CropLife International entities to provide to the data subject, or a third party the data subject has chosen, personal data in a structured, commonly used, machine-readable format.

  • Withdraw consent at any time:

Withdrawal of consent will not affect the lawfulness of any processing carried out before consent is withdrawn. If consent is withdrawn, CropLife International entities may not be able to provide certain services. In this case, the data subject will be advised at the time that consent is withdrawn.

A data subject who wishes to exercise any of the rights set out above should contact CropLife International’s contact person Ms Barbara Hondius at GDPR@croplife.org.

If a data subject fails to provide personal data

Where CropLife International entities need to collect personal data by law, or under the terms of a contract it has with a data subject and that data subject fails to provide that data when requested, CropLife International entities may not be able to perform the contract they have or are trying to enter into with that data subject (for example, to provide services). In this case, CropLife International entities may have to cancel a product or service that the data subject has with it. CropLife International entities will notify the relevant data subject if this is the case at the time.

Third party links

CropLife International entities’ websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about the data subject. CropLife International entities do not control these third-party websites and cannot be held responsible for their privacy policy. Therefore, CropLife International entities recommend that when data subjects leave their websites that they should read the privacy policy of every website visited.

Data retention period

Data subject preferences and personal data processed for the use of any of CropLife International entities’ services will be retained for so long as is necessary to fulfil the purposes for which it was collected (including for the purpose of satisfying any legal, accounting or reporting requirements). To determine the appropriate retention period for personal data, CropLife International entities consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which they process the personal data of data subjects and whether they can achieve those purposes through other means, and the applicable legal requirements.

Transfer outside the EU

In connection with the activities of CropLife International entities, CropLife International entities may transmit personal data outside the EU and more specifically to CropLife International’s additional affiliated entities worldwide. CropLife International entities ensure that the personal data of data subjects is protected, by requiring all its affiliated entities outside the EU to follow the same rules when processing the transferred personal data.

Whenever CropLife International entities transfer the personal data of any data subject outside the EU, CropLife International entities ensure a similar degree of protection is afforded to it by this privacy policy.

CropLife International entities may be contacted if further information is wished on the specific mechanism they use when transferring personal data out of the EU.

We use cookies to ensure that we give you the best experience on our website.