Data Protection Notice for BigFarmNet
This service (“Service”) is provided by Big Dutchman International GmbH, Auf der Lage 2, 49377 Vechta, Germany (“We” or “Us”) as controller within the meaning of the applicable data protection laws.
When using the Service, We collect and process personal data about the registered user (“You” or the “User”). Since protection of your personal data when using the Service is important to Us, We want to provide you with the following information on the personal data We will collect when You use the Service and on how We will handle such data in accordance with applicable data protection laws including the EU General Data Protection Regulation (“GDPR”). This Data Protection Notice applies to the use of the Service in whichever form; i.e. be it through a website as well as an app or other online service.
You can access this Data Protection Notice at any time by selecting the “Data Protection” section/link within the Service.
1. Purposes and Legal Bases for Processing
We collect certain information when you are using the Service. The categories of personal data, the purposes for which it is collected as well as the legal bases for the processing are specified below.
1.1. Automatically Collected Information
When You use the Service, We automatically collect and store specific data. This includes: the technical and connection-related data assigned to your terminal, e.g. IP address and MAC address, which We require to transmit the contents retrieved by you or to be presented by Us to you (including, e.g. texts, images and product information, as well as files provided for downloading, etc.), request contents, access status / http status code, transferred data volume, website from which the request is made, browser, operating system and its interface, language and version of the browser software, as well as request date and time.
We use this information: (1) to provide you with the service and the related functions; (2) to improve the functions and performance features of the Service; and (3) to prevent and eliminate abuse and malfunctions (incl. troubleshooting).
The data is processed and used based on the statutory provisions according to which, these data processing activities are justified in that: (1) processing is required to fulfil the agreement on the use of the Service (e.g. At. 6 para. 1 b) GDPR); or (2) We have an overriding legitimate interest in ensuring the functionality and fault-free operation of the Service and in being able to offer the Service tailored to the user (Art. 6 para. 1 f) GDPR).
1.2. Creation of a User Account (Registration) and Login
As far as the use of the Service requires registration, this is for the purpose of technically gaining access to the server and to prevent any access by unauthorised third parties. When you register with the Service, We collect certain data which you provide (e.g. name, address, country, e-mail address).
We use your registration data to grant you and manage your access to the Service. We use the access data in particular to authenticate you upon login and to follow up on enquiries for resetting your password.
The data is processed and used based on the statutory provisions according to which these data processing activities are justified in that: (1) processing is required to fulfil the agreement on the use of the Service (e.g. Art. 6 para. 1 b) GDPR); or (2) We have an overriding legitimate interest in ensuring the functionality and fault-free operation of the Service (e.g. Art. 6 para. 1 f) GDPR).
1.3. Use of the Service
Within the scope of the Service, the user can enter, manage and process various information (including images and documents), tasks and activities regarding its organisation. The respective data is collected in a user-related manner and marked with a time stamp in each case. The data collected in this way is transferred to a server and stored there for the duration of the usage relationship. Furthermore, a unique ID is assigned to the organisation. This is the information collected by the respective user using the Service, in particular data on the organisation (e.g. address, region, country, etc.); data on individual runs (“Production Data”); feed supply or silo figures; activities (e.g. registration of guests, delivery/collection of animals or feed, vaccinations and veterinary treatments and pest control), all in accordance with the functions implemented within the Service (including as the case may be any additional plug-ins you are using) . If the user provides any information likely to relate to natural persons in this context, e.g. names and contact details (in particular postal addresses, phone numbers and e-mail addresses) of farmers, guests, suppliers, animal traders, breeders, slaughterers or other organisation employees using the Service, We also process such data to provide the service.
The data is processed and used based on statutory provisions according to which these data processing activities are justified in that: (1) processing is required to fulfil the agreement on the use of the Service (e.g. Art. 6 para. 1 b) GDPR); or (2) We have an overriding legitimate interest in ensuring the functionality and fault-free operation of the Service (e.g. Art. 6 para. 1 f) GDPR).
1.4. Storage of Specific Data in the Customer Database
We store personal data in a customer database to manage the relationship with You as a customer.
The data is processed and used based on statutory provisions according to which these data processing activities are justified in that We have an overriding legitimate interest in maintaining and managing the customer relationship (e.g. Art. 6 para. 1 f) GDPR).
2. Use of Anonymous Data
We reserve the right to use and evaluate the data collected using the Service, e.g. Production Data, for additional purposes, e.g. to improve products, enhance the service, develop new features and functions and optimise the user interfaces. If such information is personal data, it is anonymised in accordance with the applicable data protection laws before it is further used and evaluated.
3. Newsletters and Advertising
We use the data provided by the user to send postal advertising messages and news about improved service offerings and other events to the organisation address stored by the user, if applicable. Moreover, We might use your email address to send you newsletters or other advertising messages to the e-mail address provided if we are lawfully entitled to do so (e.g. because you have consented to such receipt (by subscribing to our newsletter) or because We have received your e-mail address in connection with the sale of any product or service and advertise own similar products and services.
The use of the data for advertising purposes is based on statutory provisions according to which these data processing activities are justified in that We have an overriding legitimate interest in these direct marketing activities (e.g. Art. 6 para. 1 f) GDPR).
You may object to any use of your data for direct marketing purposes at any time.
Also, if you have declared a consent to receive direct marketing you may withdraw this consent at any time with effect for the future.
4. Analytics and Cookies
When you use our Service and, where legally required, if you have consented, We place so-called ‘cookies’ on your computer to offer you a larger range of functions and to organise the use of the Service in a convenient and needs-based manner. Cookies are small files which are assigned to the browser used by you and stored on your hard drive and provide the party placing the cookie, i.e. Us, with certain information.
We use the following types of cookies:
4.1. Mandatory cookies – the ones enabling the functions and performances requested by you from the Service
4.2. Functional cookies – the ones remembering your settings to organise the Service in a more user-friendly manner
We in particular use a cookie remembering the graphical interface settings.
4.3. Performance / analytics cookies – the ones collecting pseudonymous information on the websites visited by you
Within our Service, we use Google Analytics, a web analytics service provided by the Google Inc. (“Google“). As a general rule, the information generated by the cookies about your use of this Service will be transferred to a server of Google in the United States and will be stored there. Within our Service, however, the so-called ‘IP anonymisation’ is enabled, so that your IP address will first be shortened by Google within the Member States of the European Union or in other countries which are parties to the Agreement on the European Economic Area. The entire IP address will be transmitted to a server of Google in the United States and will be shortened there only in exceptional cases. Google will use this information on our behalf to analyse your use of the Service, to compile reports about the Website activities and to provide Us with additional services related to the use of the Website and the use of the Internet. The IP address transmitted by your browser within the framework of Google Analytics will not be amalgamated with any other data of Google.
As far as this data is to be regarded as personal data, the processing of the data is carried out on the basis of legal provisions which authorise the data processing because we have an overriding legitimate interest in a demand-oriented design as well as the statistical evaluation of our Services (e.g. Art. 6 para. 1(f) GDPR, Sec. 15 para. 3 TMG); or on the basis of a provided consent (e.g. by clicking accept on our cookie banner).
Most Internet browsers allow you to block or prevent storing cookies. You may configure the browser settings accordingly and block the acceptance of cookies, e.g. by following the instructions for the browser used by you, retrievable at http://www.allaboutcookies.org/, or using any other technical tool to this end, if possible. However, we would like to draw your attention to the fact that you might probably no longer be able to use all functions of this Website in such case.
In addition, you can prevent the registration of the data created by the cookie and related to your use of our Service (incl. your IP address) to Google as well as the processing of such data by Google by downloading and installing the browser plug-in available at the following link [https://tools.google.com/dlpage/gaoptout?hl=en-GB].
5. Recipients of Data
Besides the cases explicitly specified in this Data Protection Notice, your personal data is disclosed to the following recipients:
- We are a company based in Germany which operates on an international scale and is part of a larger group of companies. Certain personal data, e.g. data specified by the user upon registration, may be disclosed to our affiliated companies for internal administration purposes incl. joint customer care and customer relationship management.
- Occasionally, We rely on other affiliated group companies or on third-party companies and external service providers to render our service, e.g. for hosting parts of the Service or the related data. In such cases, the data is disclosed to these companies to enable processing by them. These service providers are carefully selected and may exclusively process the data according to our instructions.
- Within the scope of enhancing our business, it may be the case that our company structure transforms in that its legal form is changed, subsidiaries, company parts or units are established, purchased or sold. In case of such transactions, the customer information is disclosed together with the transferred assets, if required. In case of each disclosure of personal data to third parties to the extent described above, we ensure that this is made in accordance with this Data Protection Notice and the applicable data protection laws.
- If required to clarify any unlawful and/or abuse use of the Service or for legal prosecution, personal data can be forwarded to the law enforcement authorities and to potentially aggrieved third parties. Such forwarding is only made, however, if indications for any unlawful and/or abusive behaviour exist. Data may also be disclosed if this serves to enforce terms and conditions of use or other agreements. We are additionally required by law to provide specific public bodies with information upon request. This may include law enforcement authorities, public authorities prosecuting administrative offences entailing a fine and tax authorities.
The aforementioned disclosures may result in such data being processed in countries outside of the European Economic Area (“EEA”) (i.e. in a third country). Each transmission of data to a third country is made under observance of the applicable data protection laws. If the European Commission has not established the existence of an adequate level of protection for a third country, We provide reasonable guarantees to ensure adequate protection of your data. This may be made, e.g., by concluding data processing agreements containing EU standard data protection clauses which offer appropriate guarantees according to the European Commission (accessible at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).
In the case of certain service providers that are being engaged as data processors in the U.S. we transfer data based on the data recipients’ certifications under the EU-US-Privacy Shield (acknowledged by the European Commission in its resolution dated 12 July 2016).
6. Abuse Detection and Prosecution
We usually store any information for abuse detection and prosecution, in particular your IP address, as long as necessary, for this purpose including for investigating or prosecuting a specific incident. This data is stored and used based on statutory provisions according to which these data processing activities are justified in that: We have an overriding legitimate interest in ensuring the functionality and security of the Service and in preventing fraud (e.g. Art. 6 para. 1 f) GDPR).
7. Storage Period
We delete or anonymize your personal data as soon as it is no longer needed for the purposes for which we have collected or used the data as per this Data Protection Notice. We normally store your personal data for the period of use and the term of the contract about the Services and retain them beyond that to the extent required for purposes of criminal investigation or to secure, assert or enforce legal claims.
If you cancel your user account, your profile is deleted.
To the extent data must be retained for legal reasons, these data are deleted only after the expiration of this period and are blocked until then. The data are then no longer available for any further use except for the purposes of the legal retention period.
After deletion from our operational systems, the data remains for a certain period in the back-up copies in our revolving data-backup process and are then, however, automatically deleted in the course of this process at the end of the backup cycle.
8. Your Rights as a Data Subject
You have certain rights with respect to your personal data:
Right of access: You have the right to receive from Us information about the personal data relating to you which are processed by Us as set forth in Art. 15 GDPR.
Right to rectification: You have the right to demand that We correct personal data relating to you if those data are incorrect.
Right to erasure (“right to be forgotten”): You have the right to demand that We delete personal data relating to you under the prerequisites described in Art. 17 GDPR. These prerequisites establish especially a right to deletion if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
Right to demand restriction of processing: You have the right to demand that We restrict the processing in accordance with Art. 18 GDPR. This right exists especially if the accuracy of the personal data is in dispute as well as in the event that deletion cannot yet be made due to a need to comply with legal retention requirements.
Right to data portability: You have the right to receive from Us personal data, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with Art. 20 GDPR. This includes the right to have the data transmitted to another controller. This right exists where the data is processed by automated means and on the basis of either your consent or a contract.
Right to object: You have the right to submit an objection against the processing of personal data relating to you for reasons resulting from your specific situation. We will stop processing your personal data unless We can prove important reasons for the processing which deserve protection which outweigh your interests, rights and freedoms or if the processing serves to assert, exercise or defend against legal claims.
Moreover, you have the right to file a complaint with a supervisory authority.
If you have any questions regarding our way of handling your personal data, or if you want to exercise the rights mentioned under clause 8 as a data subject, you can contact us at:
10. Modifications of this Data Protection Notice
We always keep this Data Protection Notice up to date. Therefore, we reserve the right to modify it from time to time and to update modifications of the collection, processing or use of your data. The current version of the Data Protection Notice can always be retrieved under the “Data Protection” section/link within the Service.
Status as of: 13. November 2018