#WorldsFirstIntelligentAgricultureCloud

    CUSTOMER LOGIN:

    CROPIN GLOBAL PRIVACY POLICY

     Last Modified: August 21, 2024

    This website, www.cropin.com, and its associated domains, including the Cropin Grow  (SmartFarm Plus), Cropin Trace (RootTrace) and the Cropin Connect (AcreSquare), and the  other Applications (the “Website”) is owned and operated by Cropin Technology Solutions  Private Limited (the “Company”/ “Cropin”, which expression shall, unless repugnant to the  context or meaning thereof, include its representatives, administrators, permitted successors and  assigns), having its registered office at 3rd Floor, 1021 16th Main, BTM 1st Stage, Bangalore,  Karnataka - 560029, India. 

    Cropin is a global agri-ecosystem intelligence provider. Cropin’s suite of products enables  various stakeholders in the agri-ecosystem, including financial services providers, to adopt and  drive digital strategy across their agricultural operations. Using cutting-edge technology like  artificial intelligence, machine learning, and remote sensing, Cropin creates an intelligent,  interconnected data platform. Cropin helps organizations digitize their operations from farm to  fork and leverage near real-time farm data and actionable insights to make effective decisions.  Cropin helps agribusinesses bring transparency to their remote farm operations thereby  monitoring progress every day and taking corrective measures immediately and helping business  managers with analytics to get insights into farm data. 

    This Global Privacy Policy (the “Privacy Policy”) describes the manner in which Cropin and its  affiliates collect, process, store, share, retain and purge personal information and / or data of its  Customers and Users (the “Processing”) that we receive from You when You visit the Website  and / or use our Services on the Website or which we otherwise collect from You. 

    1. DEFINITIONS 

    1.1. “Application” shall mean the software applications created, developed, and owned by Cropin to  enable access and use of the Service(s) through web, mobile or other handheld devices (such as  apps on iOS or Android devices). 

    1.2. “Business Partner” shall mean and include any third-party service provider duly authorised by  Cropin to provide certain services on its behalf.  

    1.3. “Controller" is a person or entity that determines the purposes and means of Processing  Personal Data, having the authority to decide how and why the data is processed. 

    1.4. “Customer” shall mean and include agribusinesses, corporations, or individuals who have  entered into agreements with the Company to utilize its Services. Unless otherwise specifically  provided, the Customers are generally considered the Controllers of the Personal Data processed,  stored or hosted by Us in the course of providing Our Services. 

    1.5. “Personal Data” shall mean any information that identifies a natural person in accordance with  the relevant data protection laws in Your region and does not include any publicly available  information. It shall however exclude any such information permitted by law to be used with any 

    restriction or bar. For further details on the type of Personal Data collected, please refer to Clause  3. 

    1.6. “Products” shall mean those products and software offered by the Company on the Website. 

    1.7. “Processor" is a person or entity that processes Personal Data on behalf of the Controller,  following the Controller's instructions and purposes for processing the data. 

    1.8. “Service(s)” shall refer to the services that the Company provides through the ‘Products’,  including but not limited to the software and Application. 

    1.9. “User(s)” means and includes individuals who may or may not be directly associated with a  Customer but use this Website or Application(s). Users under this Privacy Policy could be  prospective employees, employees, visitors, partners, or end-users who interact with the Website  or Application under the purview of the Customer's agreement with the Company including the  employees and/or field agents of the Customer.  

    1.10. “We”, “Our”, and “Us” shall mean and refer to the Company/ Cropin, the creators of this  Privacy Policy. 

    1.11. “You”, “Your”, “Yourself” shall mean the Customer and/or the User(s) who use the Website.

    2. APPLICABILITY  

    2.1. This Privacy Policy describes how Cropin collects, processes, stores, shares and retains Personal  Data. 

    2.2. This Privacy Policy is limited in its applicability only to Your use of the Website. It does not  apply to any Personal Data, so collected by any third parties by virtue of You clicking any third party links on our Website out of Your free volition. In such an event, the Privacy Policy of such  Third-Party website shall be applicable to You. 

    2.3. This Privacy Policy shall not apply to Personal Data processed, stored or hosted by us when we  act as a Processor on behalf of our Customers in the course of providing our Services, in which  case the privacy statement of the relevant Customer will apply, and our data processing  agreement with such Customer will govern our processing of Your Personal Data.

    3. INFORMATION COLLECTED 

    We generally collect the following types of information: 

    3.1. Personal Data:  

    Personal Data such as but not limited to the below: 

    1. Your name, email address, phone number, age, gender, date of birth, Account ID, password  and physical address (the “User Account Data”); 
    2. Your banking / payment information 
    3. Id Photo 
    4. Id Proof details
    5. Family Details 
    6. Transaction information 

    3.2. Information collected basis the agreement with the Customer: 

    Notwithstanding anything mentioned in Clause 3.1 above, the Customers can ask their users to  submit Personal Data to be submitted to Cropin’s systems using a custom module. The  information collected depends on the Customer’s business needs. Customers are solely  responsible for ensuring only the necessary information is captured. The types of information  stored by Cropin to provide better Services include, but are not limited to, farmer’s education,  assets, plot and crop details, farming practices, fertilizers and pesticides used, and harvest  information. Cropin collects this Personal Data as per the agreement with the Customers.  However, processing-related information is not covered by this policy and is governed by the  Customer's privacy policy. Any queries about processing-related information should be directed  to the respective Customer. 

    3.3. Geo-location Information: 

    Geo-location Information is captured by Cropin based on the Customer’s request. The Customer  can choose to enable / disable geo tracking based on business requirements, and agreement  between the Customer and its user. If You use certain features of Cropin’s Website and  Application, we may collect information about Your user’s location such as Internet Protocol  (IP) address which in turn would enable us to infer the city, region/state, country, continent,  Internet Service Provider (ISP), longitude/latitude coordinates of location, type of connection  (residential, business, etc.), and name of the organisation that owns the connection. 

    3.4. Usage Information: 

    Usage Information is captured by Cropin about Your interactions with Cropin’s Website such as  the pages viewed on the Website, reports and dashboards viewed, and content viewed via using  API’s. We use the following to analyze the data and improve user experience: 

    - Google Analytics 

    - Google Ads 

    - Microsoft Clarity 

    - Hotjar 

    - HubSpot 

    - Factors.ai 

    3.5. Cookies: 

    We do not store any information other than user-id in cookies. You may decline these cookies by  changing Your browser settings, if permitted. However, do note that this may impact Your  experience in using the Services. 

    3.6. If You access our Service though our App we will be able to view personally identifiable  information made available through Your wireless device. We may collect Your unique device  identification number and other information made available through Your wireless device.

    3.7. Non-identifying information:  

    Whenever You visit our Website, we may collect non-identifying information from You, such as  Your referring URL, browser, operating system, and Internet Service Provider. Without a  subpoena, voluntary compliance on the part of Your Internet Service Provider, or additional  records from a third party such as Your wireless provider, this information alone cannot usually  be used to identify You. 

    3.8. In accordance with applicable laws, we may also collect and store certain user-related  information whenever You visit our Website which shall include but not be limited to the  following: 

    1. Computer and internet connection including Your IP address, operating system and browser  type;  
    2. Mobile carrier and device information including device and application IDs; 
    3. Cookie information and information about the timing, frequency and pattern of Your use of  our Website;


    4. CONSENT  

    4.1. Any consent collected on the Website with respect to the B2B business undertaken by Cropin  with its Customers, shall be pursuant to a service agreement (“Agreement”) entered into  between a Customer and Cropin to collect, process, store, share, retain and purge User Personal  Data, necessary for the provision of Our Services. 

    4.2. In light of the above, the User is to note that in such circumstances highlighted in clause 4.1, the  Customer is the Controller of the User information and Cropin in furtherance to the Agreement,  acts merely as a Processor. All obligations to obtain the appropriate consent lies with the  Customers in this regard. As per Cropin's requirements, the Customer must provide a copy of a  consent form to their users. By signing this form, the Customer’s user grants their consent for  Cropin to act as a data Processor. 

    4.3. When Users directly access or use Cropin Website, Cropin may collect the information  mentioned in Point 3. In this case, Cropin acts as both the Controller and Processor of the  information. Cropin will ask for your consent to collect, use, store, transfer, and delete Your  Personal Data. By clicking “I accept,” you agree to allow Cropin to collect this information.  Your consent will be recorded and considered a legally binding contract between You and  Cropin. 

    4.4. You shall be entitled to withdraw Your consent at any time by writing to our Data Protection  Officer (the “DPO”) at dpo@cropin.com, which shall not apply in case of any ongoing Services.  

    4.5.Cropin updates this Privacy Policy from time to time. When we amend this Privacy Policy, we  will place a note on our Website as to when the Privacy Policy was last modified and We may  reobtain Your consent using such format and/or manner as may be required by law from time to  time.

    4.6. Your continued use of the Website and/or Services available through the Website despite such  Notice shall constitute Your acknowledgement of the modified Privacy Policy and commitment  to abide by the same.

    5. EXTERNAL LINKS ON THE WEBSITE 

    We do not allow third parties/individuals to display advertisements when You use the Website or  Application. However, the Application may be configured to include hyperlinks to other  websites, content or resources by You or Your users. We have no control over such external  links present in the Website or Application, which are provided by persons or companies other  than us. 

    You acknowledge and agree that We are not responsible for any collection or disclosure of Your  Personal Data by any external websites, companies or persons, nor do We endorse any  advertising, products or other material on or available from such external websites or resources. 

    You further acknowledge and agree that We are not liable for any loss or damage which may be  incurred by You as a result of the collection and/or disclosure of Your Personal Data by external  websites, sites or resources, or as a result of any reliance placed by You on the completeness,  accuracy or existence of any advertising, products or other materials on, or available from such  websites or resources. This external website and resource providers may have their own privacy  policies governing the collection, storage, retention and disclosure of Your Personal Data that  You may be subject to. We recommend that before You enter the external website, do review  their privacy policy.

    6. OUR USE OF YOUR INFORMATION 

    We use Your Personal Data and information as provided below: 

    6.1. To provide the Services and contact You in furtherance to it. 

    6.2. To enhance or improve Your user experience by presenting the content in an efficient manner for  usage on our Website or Service. 

    6.3. To carry our obligations arising from any contracts entered into between You and us, including  for billing. 

    6.4. For analytical purposes, including but not limited to assessing usage data, usage patterns, and  other similar activities. 

    6.5. To send emails about our other Products or Services. 

    6.6. To resolve disputes between You and Cropin. 

    6.7. To send email reports as requested by You. 

    6.8. To send emails and updates about Cropin, including news and requests for agreement to  amended legal documents such as this Privacy Policy and our Terms of Service, or respond to  inquiries.

    6.9. To perform any other function that we believe in good faith is necessary to protect the security or  proper functioning of our Website or Service. 

    6.10. To process payment transactions between You and Cropin. 

    6.11. To monitor the traffic on our Website. 

    6.12. Managing relationships with Customers, vendors and Business Partners.

    6.13. To aggregate data such as statistical or demographic data. 

    6.14. Business development purposes. 

    6.15. For advertising and marketing. 

    6.16. Communicating with current and potential Customers, Business Partners, suppliers, vendors, and  their points of contact. 

    6.17. To respond to Your request under the “contact us” section or wherein You have requested a  demo for a Product on the Website. 

    6.18. To respond to You or evaluate Your application when You apply for an open position by either  populating the application form on our Website, by email or by hard copy and whether submitted  directly by You or by a third-party recruitment agency on Your behalf. 

    6.19. To share with law enforcement if we are compelled to by a court order, if there has been a  violation of any laws or if a violation of the Terms of Service or Privacy Policy has occurred. 

    6.20. To make our Services smarter, faster, secure, integrated, and useful to You. We use collective  learnings about how people use our Services and feedback provided directly to us to troubleshoot  and to identify usage, activity patterns and areas for integration and improvement of Services. 

    6.21. To resolve technical issues You encounter, to respond to Your requests for assistance, to analyze  crash information, and to repair and improve our Services.

    7. DISCLOSURE OF PERSONAL DATA 

    7.1. We will not use Your Personal Data for any purpose other than for reasons provided in Point 6  above. 

    7.2. We may disclose Your Personal Data in the following instances: 

    1. with our Business Partners in furtherance to providing the Services, upon taking express  written “prior consent” from a Customer and on a “need to know” basis for the following  purposes (i) analytics; (ii) customer support; (iii) legal; and (iv) sharing it with third parties  and employees in furtherance to providing our Services. 
    2. with any judicial, quasi-judicial, regulatory, statutory and/or any government agency  pursuant to any legal requirement. 

    7.3. We will not share, sell, or otherwise provide Your Personal Data received from You to any third  party without Your consent, except as described herein or as required by law. 

    7.4. We may share Your Personal Data to Cropin employees, contractors and agents who need to  know that information in order to provide Services to You and who are subject to strict  contractual confidentiality obligations and code of conduct to ensure protection of information  and may be terminated if they fail to meet these obligations. 

    7.5. Although You disclose Your information to Cropin, we use third parties such as contractors and  web hosts to assist Us. While We do not currently share Personal Data with other third parties,  We may need to do so in the future to provide Our services. For example, if We add a payment  processor for transactions, We would need to share Your information to process payments. By  agreeing to this policy, you allow us to share Your information with third parties we hire for  operating, maintaining, or improving Our Services. You agree not to hold Us liable for their  actions, and any legal action for their wrongdoing must be taken directly against them. Third  parties We may share information with include: 

    - Google Analytics 

    - Google Ads 

    - Microsoft Clarity 

    - Hotjar 

    - HubSpot 

    - Factors.ai

    8. DATA TRANSFER  

    8.1. Unless expressly permitted by law and with Your explicit consent, Cropin will not transfer Your  Personal Data to any third party, either within or outside the territorial jurisdiction of Your  region. 

    8.2. In the event of a merger, acquisition, or change of control of Cropin by another entity, Cropin  reserves the right to share and/or transfer all or a portion of Your Personal Data to such entity in  accordance with applicable laws. Cropin will not be required to obtain Your express consent or  notify You in case of a change of control of Cropin. 

    8.3. Your information is regarded as confidential and shall not be divulged to any third party, unless  legally required to do so to appropriate authorities or if necessary to ensure users may fully avail  of the services of the Website. We shall not sell, share, or rent your Personal Data to any  marketing agencies or any other companies that engage in unsolicited communications. Any  communication by us to You shall be undertaken in accordance with our Terms of Service and  Privacy Policy. 

    8.4. Cropin stores Personal Data on its databases and on servers in various countries around the  world. We may store Your Personal Data on a server located outside the country where You live.  The information that you provide, subject to disclosure in accordance with this Privacy Policy  and license agreement, shall be maintained in a safe and secure manner. Cropin databases and  information are stored on secure AWS servers with appropriate firewalls.

    8.5. Cropin uses industry-standard physical, technical, and administrative security measures to  safeguard all Personal Data, keeping it confidential and secure. Cropin follows ISO/IEC 27001  Information Security Management System Standard to handle and secure the information dealt.  We conduct periodic reviews of Our security measures pertaining to our information collection  and storage to guard against unauthorized access to systems. While all reasonable efforts will be  made to ensure that information submitted by You is safe and secure, Cropin makes no  representations, warranties, or other assurances that the security measures are adequate, safe,  foolproof, or impenetrable. 

    8.6. As a user of the Services, You have the responsibility to ensure data security. You should use the  Services responsibly and not share Your user information, including Your username, password,  or account information, with any person. Remember that You are solely responsible for all acts  done under the account registered to You. 

    8.7. Your data may be transferred to and stored on computers outside of your state, province, country,  or other governmental jurisdiction where privacy laws may not be as protective as those in Your  area. If You are outside India and choose to provide information to Us, Cropin may transfer Your  Personal Data to locations where Cropin has its servers and process it there. By consenting to  this Privacy Policy and submitting Your information, You agree to this transfer. For the data that  will be shared by Cropin in light of the agreements signed with Customers, We commit to  maintaining a mechanism established that facilitates transfers of Personal Data outside the EU as  required by the data protection directive or laws.

    9. PUBLIC DATA  

    9.1. Any information that is freely available or accessible in the public domain or furnished under  any law for the time being in force shall not be regarded as Personal Data.  

    9.2. We will not be responsible in any manner of whatsoever nature for any unauthorized use,  violation or misuse of such publicly available information. 

    10. AGGREGATE AND NON-IDENTIFIABLE DATA

    We may use, process, and disclose de-identified or aggregated non-identifiable information for  quality control, analytics, research, development, and other purposes. This information will not  identify You individually. When handling de-identified data, We will maintain its de-identified  status and not attempt to reidentify it, except to ensure our de-identification methods comply  with privacy laws.

    11. CHILDREN AND DISABLED PERSONS 

    11.1. Our Services are not intended for children. If You are under the age of majority as per applicable  laws of your region, or are unable to give consent due to a disability, You may submit Your  Personal Data while using the Website only with the express consent of your parent or guardian,  as applicable.

    11.2. In the event of discovery of You being a minor and/or disabled, Cropin shall, without any notice,  shall at its sole discretion stop the Services including but not limited to removing Your  information from its system and seek such legal remedy as may be prescribed under applicable  laws.

    12. DATA RETENTION AND STORAGE  

    12.1. We shall retain Your Personal Data on our servers for such period as may be prescribed by law  from time to time or otherwise agreed to by the Customers when we act as a data Processor. 

    12.2. In the event that We are unable to process the Personal Data submitted by You for whatsoever  reason(s) or when the purpose of collection and/or processing of Your Personal Data is fulfilled,  Your Personal Data shall be deleted unless it is required by us to retain such Personal Data under  law and/or as may be required for any internal or external audit purposes.  

    12.3. We are committed to complying with applicable laws to ensure that all measures, so prescribed  by law, are taken for storing Personal Data in order to ensure the safety and security of Your  Personal Data.  

    12.4. We may store Your data on servers provided by any third-party hosting vendor whom we have a  valid contract with. 

    13. DATA PURGING  

    13.1. Cropin has necessary policies, mechanisms and tools in place to ensure that all Your Personal  Data so collected and stored is deleted as soon as the purpose, as described in this Policy is  completed, unless otherwise agreed to between the Customer and Cropin or mandated by law to  be maintained by Cropin. 

    13.2. Any data destroyed shall be disposed of in a manner that protects the confidentiality of Your  Personal Data, in an appropriate manner as per the standards prescribed by law.

    14. DATA SECURITY 

    14.1. We shall take all reasonable measures to prevent unauthorized access, use and disclosure of Your  Personal Data.  

    14.2. In furtherance to keeping Your Data safe and secure, Cropin may collect the following  information: 

    1. Anonymous data from every visitor of the Website to monitor traffic and fix bugs which  includes (without limitation) information like web requests, the data sent in response to such  requests, the Internet Protocol (“IP”) address, the browser type, the browser language,  unique identifiers of the device through which the application is accessed, such as VPN,  information of Wi-Fi connectivity and a timestamp for the request; and  
    2. Log file information is automatically reported by Your browser each time the application is  viewed. The server supporting the application logs may include information such as web  request, IP address, Analytical Code, Geo Stamp, browser type, browser language,  referring/exit pages and Universal Resource Locators (“URL”), platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount  of time spent on a particular page, the date and time of the request (“Log File  Information”). Such Log File Information collected is not associated with any Personal  Data and is only tagged to the unique identifier for a particular device.

    15. ACCESSING, EDITING AND REMOVING YOUR INFORMATION: 

    Users may review and edit the Personal Data they have provided to Us by placing their request  via email to the DPO as per the details mentioned below. 

    Data Deletion: 

    Cropin stores information in it’s databases for the duration of the contract. If You delete the data  using Website, then data is archived in case restoration is required at a later stage. In case any  data deletion activity is required to be done, which cannot be done from Website, You can drop  an email to dpo@cropin.com and the request would be taken care of by the Cropin team within  the time limit as specified in the contract, or in a maximum of 30 days. From time to time,  Cropin retains residual information about You in our backup and/or database. Such information  would be deleted subject to contractual agreements, provided that region/country’s law permits  the same. Post deletion of data, user would have to login as a new user. 

    Although most changes in information or data collection preferences may change, some  information may stay stored on a browser’s web cache or in downloaded excel/pdf documents.  We take no responsibility for stored information in Your cache, or in other devices that may  store information, and disclaim all liability of such. 

    Data Modification 

    In case any type of data as listed in clause 3.1 is collected by Cropin or if the Cropin’s Customers  share with Cropin any of the data as listed in Clause 3.1, Cropin may allow You to modify Your  own data and make corrections / updates as necessary. In case of any data modification activity  is required to be done, You can drop an email to dpo@cropin.com. Cropin cannot ensure all  Services would work as expected after data modification / deletion, as functionalities dependent  on that data might not work in certain cases. Cropin may deny data modification if it is required  for compliance of laws of that country. 

    Consent Withdrawal 

    Where You have provided Your consent to the collecting of Your Personal Data by Cropin’s  Customers, You may withdraw Your consent at any time by sending a communication to Cropin  at dpo@cropin.com stating that You are withdrawing Your consent. In cases where the  Customers have shared any Personal Data for which consent is to be withdrawn, the Customer  can directly intimate Cropin’s DPO at the aforementioned email. Please note that the withdrawal  of Your consent does not affect the lawfulness of any processing activities based on such consent  before its withdrawal. However, please note that in the event You withdraw Your consent, we  cannot ensure the continuity or quality of the Services being provided to You.

    Complaints  

    If You wish to place a complaint with regard to privacy requirements or laws, access any of Your  Information or would like to update or correct any errors in Your User Information, please  contact Cropin at dpo@cropin.com and also copy the data Controller (Customer who has  collected the data) so that we can consider and respond to Your request. All requests will be  addressed no later than 72 hours from the date such a request is made. 

    If You have any questions or complaints about this Privacy Policy or Cropin handling practices,  You may send an email at dpo@cropin.com or send mail to: 

    Attention: Rajesh Jalan (DPO) 

    Cropin Technology Solutions Private Limited 

    3rd floor, 1021, 16th Main Road, 

    BTM 1st Stage, Bengaluru, Karnataka 560029

    16. COOKIES 

    We use data collection devices such as “cookies” on certain pages of our Websites. “Cookies”  are small files sited on Your hard drive that assist us in providing customized Services. We also  offer certain features that are only available through the use of a “cookie”. Cookies can also help  us provide information’ which is targeted to Your interests. Cookies may be used to identify  logged in or registered Users. Our cookies store only username, and no other tracking  information. 

    The Website also has enabled the Google Analytics, which allows Google to collect data about  Users on our Website, in addition to anonymous identifiers. You may choose to opt out of this by  sending an email to Cropin.

    17. COMMERCIAL/NON-COMMERCIAL COMMUNICATION: 

    By providing Your contact information to the Website, You consent to being added to our email  list. This allows Us to periodically send You communications and updates. However, You may  unsubscribe from Our communications by notifying Cropin that You no longer wish to receive  solicitations or information and We will endeavor to remove You from Our database where You  have the right to request this under our Privacy Policy, or applicable law, or where We  voluntarily decide to grant the request.

    18. SEVERABILITY: 

    Each paragraph of this Privacy Policy shall be and remain separate from and independent of and  sever-able from all and any other paragraphs herein except where otherwise expressly indicated  or indicated by the context of the agreement. The decision or declaration that one or more of the paragraphs are null and void shall have no effect on the remaining paragraphs of this Privacy  Policy. 

    19. AMENDMENT 

    Like our Terms of Use, we may amend this Privacy Policy from time to time. When we amend  this Privacy Policy, we will place a note on our Website as to when the Privacy Policy was last  modified. You must agree to the amendments as a condition of Your continued use of our  Website and Service. If You do not agree, You must immediately cease using our Website and  Service and notify us of Your refusal to agree by emailing us at dpo@cropin.com.

    20. DISPUTE RESOLUTION & GOVERNING LAW 

    20.1. Any dispute or grievance remaining unresolved for a period of over 30 (thirty) business days,  post exhausting grievance redressal mechanism, may be resolved by referring such disputes to  the relevant Data Protection Authority (the “DPA”) as may be notified in Your region in this  regard. 

    20.2. This Privacy Policy shall be governed by the laws governing data protection and privacy within  Your local jurisdiction. 

    ADDITIONAL INFORMATION FOR EU CITIZENS

    21. DATA CONTROLLER AND CONTACT INFORMATION 

    21.1. The Controller for Personal Data collected under this Privacy Policy is the relevant Cropin entity  in Your country, having its registered offices at the Hague Humanity Hub, Alexanderveld 5,  Office 3.05, 2585 DB, the Hague, the Netherlands. 

    21.2. If You are using Cropin B2B Services administered by Your company, Your company may be  the Controller for Personal Data collected by those Cropin B2B Services. Please contact Your  company for more information. 

    21.3. You can reach Cropin’s European Data Protection Officer at: 

    Attn. EU Data Protection Officer 

    The Hague Humanity 

    Hub, Alexanderveld 5, 

    Office 3.05, 2585 DB, The 

    Hague, The Netherlands. 

    Email: dpo@cropin.com

    22. CROPIN’S LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA

    22.1. The lawful basis for Cropin’s processing of Your Personal Data depends on the purposes of the  processing. Generally, the basis is the necessity for Cropin’s legitimate business interests. For  contracts or potential contracts, the basis is the necessity for performance or pre-contractual  steps. For legal obligations, we share Personal Data with law enforcement or governmental  bodies as required. Consent is used as the basis where appropriate or required by law, for  example, before collecting precise location data from Your mobile device. 

    22.2. We process Your Personal Data for reasons as provided in Clause 6. 

    22.3. When processing is based on contract performance in furtherance to any agreement with  Customers, these include online transactions where You purchase a Service from Cropin through  its Website. 

    22.4. When processing is based on consent, these include: 

    1. Collecting and processing precise location information from Your mobile device. b. Sending promotional emails when permitted by law. 
    2. Processing Personal Data on the Website through cookies and similar technologies when  permitted by law. 

    22.5. When processing is based on legal obligations, these include: 

    1. Payment of taxes and other government levies. 
    2. Providing Personal Data to law enforcement or other governmental bodies as required by  law. 
    3. Retaining business records required by law.
    4. Complying with court orders or legal processes. 

    23. RETENTION OF YOUR PERSONAL DATA 

    23.1. To determine the retention period for Your Personal Data, Cropin considers criteria such as: a. Legal requirements for data retention. 

    1. Retention obligations related to litigation or government investigations. 
    2. Retention requirements in agreements with Customers. 
    3. Date of last interaction with Cropin. 
    4. Time between interactions with Cropin. 
    5. Sensitivity of the data. 
    6. Purposes for which the data was collected. 

    24. CROSS BORDER DATA TRANSFER

    In order to provide our Services, Your Personal Data may need to be stored in locations outside  of Your local jurisdiction. Before transferring Your Personal Data to any of our servers outside  of Your local jurisdiction, Cropin will ensure all required transfer mechanisms are in place to  make available an adequate level of protection for the transfer of Your Personal Data or take  “express consent” by providing a detailed notice to You, including any threats that may ensue  due to the non-availability of appropriate transfer mechanisms for the transfer. 

    25. YOUR INDIVIDUAL RIGHTS 

    25.1. In accordance with EU laws, You have the following rights with respect to Your Personal Data: a. The right to access Your Personal Data; 

    1. The right to rectify Your Personal Data; 
    2. The right to object to processing Your Personal Data; 
    3. The right to restrict processing; 
    4. The right to erase Your Personal Data; 
    5. The right to data portability; and  
    6. The right to lodge a complaint. 

    25.2. Cropin will use its best efforts to address and settle any requests or complaints brought to its  attention. In addition, You have the right to approach the competent data protection authority  with requests or complaints. The overall competent supervisory authority for Cropin in Europe  is: 

    Autoriteit Persoonsgegevens (“Dutch Data Protection Authority”) 

    Hoge Nieuwstraat,  

    8 P.O. Box 93374 2509 AJ Den Haag/The Hague  

    The Netherlands. 

    Telephone: +31 70 888 8500 

    Email: pers@autoriteitpersoonsgegevens.nl 

    Website: autoriteitpersoonsgegevens.nl 

    25.3. If You wish to make a request to exercise Your rights, we will respond within thirty (30) days,  with a possible extension of sixty (60) days if necessary. You can exercise Your rights by writing  to DPO.  

    ADDITIONAL INFORMATION FOR U.S. RESIDENTS IN CERTAIN STATES  (INCLUDING CALIFORNIA) 

    This section provides additional details for residents in specific U.S. states, including California,  regarding Your privacy rights under applicable laws, such as the CCPA. 

    For Personal Data processed on behalf of a Customer, where we act as a Processor or Service  provider, we will assist that Customer in responding to Your privacy rights requests. You should  submit such requests directly to the relevant Customer or include them in Your correspondence  with us. 

    The collection, use, and disclosure of Personal Data depend on our relationship and interactions  with You. The table below outlines the categories of Personal Data we generally collect (and  have collected in the past twelve months for California residents), and the third parties to whom  we may disclose this data for business or commercial purposes, however, it must be noted that  Cropin does not sale or share Personal Data with any third party for any monetary benefit. In  some cases, We may seek Your consent or provide You with choices before collecting or using  certain Personal Data. 

     

    Category of Personal Data

    Category of Third Party

    Business Purpose for 

    Disclosure

    Financial Information

    Payment Gateways

    Processing payments and 

    transactions

    Email and SMS Information

    Email and SMS Gateway

    Communication and 

    notifications

    All Personal Data Stored on AWS Servers

    AWS Servers

     

    Secure data storage and management.


    26. SENSITIVE PERSONAL INFORMATION

    We only use and disclose sensitive personal information, as authorized by applicable law, such  as to provide requested Services, ensure security, detect and respond to fraud, comply with legal  obligations, and with Your consent.

    27. EXERCISING YOUR PRIVACY RIGHTS  

    27.1. Subject to limitations and exceptions under applicable law, verified residents in certain U.S.  states (including California) may have additional privacy rights. You can exercise these rights by  contacting us at dpo@cropin.com: 

    1. The right to delete Personal Data;  
    2. The right to correct Inaccurate Personal Data;  
    3. The right to access Personal Data being collected;  
    4. The right to know what Personal Data is sold or shared and to whom; 
    5. The right to opt out of sale or sharing of Personal Data;  
    6. The right to limit use and disclosure of Sensitive Personal Information; and
    7. The right of no retaliation following opt out or exercise of other rights. 

    27.2. Cropin will use its best efforts to address and settle any requests or complaints brought to its  attention. In addition, You have the right to approach the competent data protection authority  with requests or complaints. This can be the supervisory authority in the country or federal state  where You live. The overall competent supervisory authority for Cropin in California is: 

    California Privacy Protection Agency 

    ATTN: PRA Coordinator 

    2101 Arena Blvd 

    Sacramento, CA 95834 

    Telephone: 916-572-2900  

    E-mail: PRA@cppa.ca.gov 

    Website: https://cppa.ca.gov/