“RHIZA” is a trading name (herein after referred to as “RHIZA,” “we,” or “us”), for Masstock Arable (UK) Limited, registration number 02387531, having their registered offices Station Road, Andoversford, Cheltenham, GL54 4LZ and United Agri Products Limited, registration number 02798041, having their registered offices Station Road, Andoversford, Cheltenham, GL54 4LZ and their associated subsidiaries.
RHIZA is a leading provider of Digital Agronomy Services and Technology to support sustainable and profitable farming solutions in the UK.
This Policy covers all sensitive, private, and proprietary information that is both internally and externally transmitted, irrespective of the medium of storage or transfer. Types of data covered by this Policy may include but are not limited to, client data, personal information, confidential legal data, confidential client data, non-public financial data and proprietary research data. Collectively, these data types are referred to as “confidential data.” This Policy applies to all Agrii employees and others performing work for the Company who may handle and store confidential data on behalf of RHIZA, its Customers or Suppliers.
This Policy comprises the internationally accepted data privacy principles without replacing the existing national laws. It supplements the national data privacy laws. The relevant national law will take precedence if it conflicts with this Policy, or it has stricter requirements than this Policy. The content of this Policy must also be observed in the absence of corresponding national legislation. The reporting requirements for data processing under national laws must be observed.
At a high level, data processing principles that RHIZA will comply with include1:
4.1. Fairness and lawfulness: When processing personal data, the individual rights of the data subjects must be protected. Personal data must be collected and processed in a legal and fair manner.
4.2. Restriction to a specific purpose: Personal data can be processed only for the purpose that was defined before the data was collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.
4.3. Transparency: The data subject must be informed of how his/her data are being handled. In general, personal data must be collected directly from the individual concerned. When the data are collected, the data subject must either be aware of, or informed of: the identity of the Data Controller; the purpose of data processing; and third parties or categories of third parties to whom the data might be transmitted.
4.4. Data reduction and data economy: Before processing personal data, you must determine whether and to what extent the processing of personal data is necessary to achieve the purpose for which it is undertaken. Where the purpose allows and where the expense involved is in proportion with the goal being pursued, anonymised or statistical data must be used. Personal data may not be collected in advance and stored for potential future purposes unless required or permitted by national law.
4.5. Deletion: Personal data that is no longer needed after the expiration of legal or business process-related periods must be deleted. In some cases, there may be an indication of interests that merit protection or historical significance of this data in individual cases. Please see Data Retention policy for further information.
4.6. Factual accuracy: Personal data on file must be correct, complete, and (if necessary) kept up to date. Suitable steps must be taken to ensure that inaccurate or incomplete data are deleted, corrected, supplemented or updated.
4.7. Confidentiality and data security: Personal data are subject to data secrecy. It must be treated as confidential on a personal level and secured with suitable organizational and technical measures to prevent unauthorised access, illegal processing or distribution, as well as accidental loss, modification or destruction.
Collecting, processing and using personal data is permitted only under the following legal basis.
Data can be processed following consent by the data subject. Before giving consent, the data subject must be informed in accordance with this Policy. The declaration of consent must be obtained in writing or electronically for the purposes of documentation. In some circumstances, such as telephone conversations, consent can be given verbally. The granting of consent must be documented.
The processing of personal data is also permitted if national legislation requests, requires or allows this. The type and extent of data processing must be necessary for the legally authorized data processing activity, and must comply with the relevant statutory provisions.
Sensitive personal data can be processed only if the law requires this or if the data subject has given consent for the same. This data can also be processed if it is mandatory for asserting, exercising or defending legal claims regarding the data subject. If there are plans to process sensitive data, the Computer Resource Central Organisation (CRCO) or the Corporate Data Protection Officer (DPO) must be informed in advance.
In some circumstances, RHIZA will rely on the legitimate interest concept to justify our processing of personal data but only in circumstances where such processing should be reasonably expected by the Data Owner. The below Section is not exhaustive list of these circumstances and therefore we suggest you consult your RHIZA representative in case of doubt.
RHIZA will process a farmer’s order and personal data with the intention of fulfilling the order management process. Specific examples of data processed are as follows:
RHIZA processes satellite imagery and use image data to enhance their digital products and services with the intention of improving capacity management for customers and agronomists and optimising the process for conducting agronomy field trials. Specific examples of this are:
RHIZA will process GPS data for customers using their digital products and services with the intention of supporting customers and agronomists with additional information to help manage their capacity. Specific examples include:
RHIZA will store business network contact information, with the intention of engaging the network with information about RHIZA’s products and services. Examples of such engagements include:
RHIZA will process customer data and profile customer segments with the intention of enhancing the relevance of RHIZA’s products and services to the agronomist network. Specific examples of this include the following:
In some cases, farmer data is used as part of R&D trials process. Outputs from R&D trials enable RHIZA to provide relevant information to farmers that promotes enhanced farming practices. Specific examples of data that is used in research trials are:
From time to time RHIZA may share data with 3rd parties with the intention of enhancing capacity for the agronomists and increasing profit for the farmer and enhancing our products and services. Specific examples include:
Every data subject has the following rights
5.1. The data subject may request information on which personal data relating to him/her has been stored, how the data was collected, and for what purpose. If there are further rights to view the employer’s documents (e.g. personnel file) for the employment relationship under the relevant employment laws, these will remain unaffected.2
5.2. If Personal Data are transmitted to third parties, information must be given about the identity of the recipient or the categories of recipients.3
5.3. If Personal Data are incorrect or incomplete, the data subject can demand that it be corrected or supplemented.4
5.4. The data subject can object to the processing of his or her data for purposes of advertising or market research. The data must be blocked from these types of use.5
5.5. The data subject may request his/her data to be deleted if the processing of such data has no legal basis, or if the legal basis has ceased to apply. The same applies if the purpose behind the data processing has lapsed or ceased to be applicable for other reasons. Existing retention periods and conflicting interests meriting protection must be observed.6
5.6. The data subject generally has a right to object to his/her data being processed, and this must be considered if the protection of his/her interests takes precedence over the interest of the data controller owing to a particular personal situation. This does not apply if a legal provision requires the data to be processed.7
5.7. Additionally, every data subject can assert the rights as per national privacy laws.8
5.8. When a data subject makes an application to exercise his/her data subject rights, the application must be handled immediately by the Corporate Data Protection Officer.
A. Personal Information is information that can be used to distinguish or trace an individual’s identity, such as name, social security number, or biometric records, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.
B. Data are anonymised if personal identity can never be traced by anyone, or if the personal identity could be recreated only with an unreasonable amount of time, expense and labour.
C. Consent is the voluntary, legally binding agreement to data processing.
D. Data breach incidents are events where there is justified suspicion that Personal Data are being illegally captured, collected, modified, copied, transmitted or used.
E. Data subject under this Policy is a natural person whose data can be processed. In some countries, legal entities can be data subjects as well.
F. Sensitive data are data about racial and ethnic origin, political opinions, religious or philosophical beliefs, union membership or the health and sexual life of the data subject. Under certain national laws, other data categories can be considered sensitive or the content of the data categories can be structured differently.
G. Personal Data are all information about certain or definable natural persons. A person is definable for instance if the personal relationship can be determined using a combination of information with even incidental additional knowledge.
H. Processing personal data means any process, with or without the use of automated systems, to collect, store, organise, retain, modify, query, use, forward, transmit, disseminate or combine and compare data. This also includes disposing of, deleting and blocking data and data storage media. Processing personal data is required if the permitted purpose or justified interest could not be achieved without the personal data, or only with exceptionally high expense.
I. Data Controller is a natural or legal person, alone or jointly with others, who determine the purposes and means of the processing.
J. Data Processor is a natural or legal person, who processes personal data on behalf of the data controller.
1 GDPR, Article 5 2 GDPR Rec. 58, 60; Art 13-14 3 GDPR Rec.62; Art. 17(2), 19 4 GDPR Rec.39, 59, 65, 73; Art 5(1)(d), 16 5 GDPR Rec.50,59,69-70, 73; Art. 21 6 GDPR Rec. 65-66, 68; Art. 17 7 GDPR Art. 21 8 GDPR Art. 90
1. The ‘Term’ of this agreement (the ‘Term’) will begin on the date of the signature of this agreement and shall continue for the Minimum Initial Term and, thereafter, this agreement shall be automatically renewed for successive periods of 3 months (each a Renewal Period) , unless:
i. either party notifies the other party of termination, in writing, at least 30 day before the end of the Minimum Initial Term or any Renewal Period, in which case this agreement shall terminate upon the expiry of the applicable Minimum Initial Term or Renewal Period; or
ii. otherwise terminated in accordance with the provisions of this agreement.
2. Each party may be given access to information that is proprietary or confidential (“Confidential Information”) from the other party in order to perform its obligations under this agreement. Each party shall only use such Confidential Information of the other party to perform its obligations under this Agreement and will not cause or allow the Confidential Information to be disclosed except:
i. where required by law, court order or regulatory body
ii. to any of its employees or agencies who need to know the information in order to discharge its obligations as set out in this Agreement and agree only to use the information for that purpose
iii. where the information was known or available on a non-confidential basis before being disclosed under this Agreement
3. From time to time RHIZA may utilise the Customer’s anonymised agronomy data from the Toolbox and Contour as part of an aggregated dataset for agronomic research purposes.
4. RHIZA hereby grants to the Customer a non-exclusive, non-transferable right, without the right to grant sublicenses, to permit the Customer’s authorised users to use the services and the documentation during the Term solely for the Customer’s internal business operations.
5. The Customer will ensure that each authorised user shall keep a secure password for his use of the services, and that each authorised user shall keep his password confidential.
6. The Customer shall not access, store, distribute or transmit any viruses, or any material during the course of its use of the services that is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive or otherwise illegal.
7. The Customer shall not (except as may be allowed by any applicable law which is incapable of exclusion by agreement between the parties and except to the extent expressly permitted under this agreement):
i. attempt to copy, modify, duplicate, create derivative works from, frame, mirror, republish, download, display, transmit, or distribute all or any portion of the online software applications and/or documentation (“Software”) provided by RHIZA as part of the services (as applicable) in any form or media or by any means; or
ii. attempt to de-compile, reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the Software; or
iii. access all or any part of the services in order to build a product or service which competes with the services provided under this Agreement; or
iv. use the services to provide services to third parties; or
v. license, sell, rent, lease, transfer, assign, distribute, display, disclose, or otherwise commercially exploit, or otherwise make the services and/or documentation available to any third party except the authorised users, or
vi. attempt to obtain, or assist third parties in obtaining, access to the services and/or documentation, other than as provided under this clause 7; and
vii. The Customer shall use all reasonable endeavours to prevent any unauthorised access to, or use of, the services and, in the event of any such unauthorised access or use, promptly notify RHIZA.
8. The rights provided under clause 4 are granted to the Customer only, and shall not be considered granted to any subsidiary or holding company of the Customer.
9. RHIZA shall provide the prescribed services to the Customer.
10. RHIZA warrants that it shall provide the services with reasonable care and skill in accordance with:
i. the description of the services set out at www.rhizadigital.co.uk;
ii. generally recognised commercial practices and standards in the agriculture industry; and
iii. all laws and regulations applicable to the services, including all laws and regulations relating to anti-bribery and corruption and data protection.
11. Recommendations, reports and advice issued within this service is specific to the Customer only whilst in occupancy / responsible for the farms/holdings listed in this agreement and/or in the addendum.
i. does not warrant that the Customer’s use of the services will be uninterrupted or error-free; or that the services, documentation and/or the information obtained by the Customer through the services will meet the Customer’s requirements; and
ii. is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the services may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
13. No amendments will be made to the specific details as set out in Items A-F or the addendum unless agreed by both Parties in writing.
14. It is the responsibility of the Customer to provide and maintain accurate cropping, field and management records/documentation which may be relevant to the provision of these services.
15. It is the responsibility of the Customer to ensure that all data and information that is submitted for the purposes of this service is accurate and complete in all respects.
16. No responsibility is accepted by RHIZA for losses or penalties resulting from any incomplete, incorrect or inaccurate data or information.
17. It is the responsibility of the Customer (or their agent) to ensure that the recommendations and advice are implemented.
18. The Customer must inform RHIZA of all health and safety rules and regulations and any other reasonable security requirements that apply at the premises.
19. In consideration of the provision of the services by RHIZA to the Customer, the Customer shall pay the subscription fees quarterly and any service charges as agreed and detailed in the order form at the beginning of this agreement.
20. All charges quoted to the Customer are exclusive of VAT, which RHIZA shall add to its invoices at the appropriate rate.
21. The Customer shall pay each invoice submitted to it by RHIZA in full, without deduction within 30 days receipt of the invoice
22. Without prejudice to any other right or remedy that it may have, if the Customer fails to pay in accordance the terms set out above:
i. The Customer shall pay interest on the overdue amount of 4% per annum above the Bank of England base rate at the relevant time. Such interest will accrue on a daily basis from the due date until actual payment of the overdue amount whether before or after judgement
ii. RHIZA may suspend all services until payment has been made in full.
23. All payment shall be made in £GBP.
24. If RHIZA’s performance of its obligations under this Agreement are prevented or delayed by the Customer by acts, events, omissions or accidents beyond its reasonable control, RHIZA shall not be liable for any costs, charges or losses sustained or incurred by the Customer that arise directly or indirectly from such prevention or delay.
25. Except as expressly and specifically provided in this agreement:
i. the Customer assumes sole responsibility for results obtained from the use of the services by the Customer, and for conclusions drawn from such use. RHIZA shall have no liability for any damage caused by errors or omissions in any information, instructions or scripts provided to RHIZA by the Customer in connection with the services, or any actions taken by RHIZA at the Customer’s direction;
ii. all warranties, representations, conditions and all other terms of any kind whatsoever implied by statute or common law are, to the fullest extent permitted by applicable law, excluded from this agreement; and
iii. the Services are provided to the Customer on an “as is” basis.
26. Nothing in this Agreement limits or excludes either party’s liability for
i. death or personal injury caused by its negligence
ii. fraud or fraudulent misrepresentation
iii. any other liability which cannot be limited or excluded by applicable law.
27. Subject to the above clause RHIZA shall not have any liability to the Customer whether in contract, tort, for breach of statutory duty, or otherwise, arising under or in connection with this Agreement for:
i. loss of profits
ii. loss of sales or business
iii. loss of anticipated savings
iv. loss of use or corruption of software, data or information
v. any indirect or consequential loss
28. Subject to clause 25, 26 and clause 27 RHIZA’s total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation, restitution or otherwise, arising in connection with the performance or contemplated performance of this agreement shall be limited to the total fees paid under this agreement during the  months immediately preceding the date on which the claim arose.
29. The Customer acknowledges and agrees that RHIZA and/or its licensors own all intellectual property rights to the services, Software and documentation provided as part of the services. Except as expressly stated herein, this Agreement does not grant the Customer any rights to, or in, patents, copyright, database right, trade secrets, trade names, trademarks (whether registered or unregistered), or any other rights or licences in respect of the services Software and documentation provided as part of the services.
30. RHIZA confirms that it has all the rights in relation to the Software, services and the documentation that are necessary to grant all the rights it purports to grant under, and in accordance with, these Terms.
31. “Customer Data” means the data inputted by the Customer, for the purpose of using the services or facilitating the Customer’s use of the services.
“Data Protection Legislation” means all applicable data protection legislation relating to personal data and all other regulatory requirements in force from time to time which apply to a party relating to the use of personal data (including, without limitation, the General Data Protection Regulation ((EU) 2016/679); the Data Protection Act 2018; the Privacy and Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended
32. The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of all such Customer Data.
33. RHIZA shall follow its archiving procedures for Customer Data. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy against RHIZA shall be for RHIZA to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by RHIZA in accordance with the archiving procedures. RHIZA shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party.
34. Both parties will comply with all applicable requirements of the Data Protection Legislation.
36. A party may terminate this Agreement by giving notice in accordance with clause 1 or immediately by giving written notice to the other party if that other party:
i. fails to pay a sum of money under the terms of this Agreement within 30 days of the due date for payment
ii. commits a material breach of this Agreement which, if capable of remedy, it fails to remedy within 30 days after being given written notice specifying full particulars of the breach
iii. is dissolved, ceases to conduct substantially all of its business or becomes unable to pay its debts
37. Any reduction in the area covered by the service agreement and/or the addendum must be made at least 30 days prior to the next service invoice being processed. Any reduction will be treated as a partial early exit if made within the Initial Minimum Term and the subscription fees will not be reduced until after the end of the Initial Minimum Term.
38. On termination of this agreement for any reason:
i. all licences granted under this Agreement shall immediately terminate and the Customer shall immediately cease all use of the services;
ii. RHIZA may destroy or otherwise dispose of any of the Customer Data, unless RHIZA receives, no later than ten days after the effective date of the termination of this agreement, a written request for the delivery to the Customer of the then most recent back-up of the Customer Data. RHIZA shall use reasonable commercial endeavours to deliver the back-up to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by RHIZA in returning or disposing of Customer Data; and
iii. any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination, including the right to claim damages in respect of any breach of the agreement which existed at or before the date of termination shall not be affected or prejudiced.
39. This Agreement constitutes the entire agreement between the parties and supersedes and extinguishes all previous agreements, promises, assurances, warranties, representations and understandings between them, whether written or oral, relating to its subject matter.
40. This Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this Agreement or its subject matter or formation (including non-contractual disputes or claims).