Privacy Policy

1. About RHIZA

“RHIZA” is a trading name (“RHIZA,” “we,” or “us”) of Masstock Arable (UK) Limited, registration number 02387531, having its registered office at Station Road, Andoversford, Cheltenham, Gloucestershire, GL54 4LZ, along with its associated subsidiaries.

RHIZA is a fully integrated digital farming and agronomy service. It brings together satellite imagery, precision tools, cropping, soil and on-farm data, alongside expert agronomic advice, to help farmers make faster, smarter decisions – without adding complexity to the day.

This Privacy Policy outlines what personal data we collect, how we use that information, and how we protect your privacy.

2. Purpose

RHIZA recognises the need to maintain the confidentiality of private, sensitive and proprietary information. This Data Privacy Policy (“Policy”) sets out RHIZA’s overarching approach to data privacy, including how the company protects the confidentiality of private, sensitive and proprietary information (“Company Confidential” or “Client Confidential” information).

This Policy is designed to support compliance with all applicable laws, directives and regulations, as well as other RHIZA policies, covering the security and confidentiality of all types of information – whether paper, electronic or verbal.

RHIZA does not sell, transfer, lease or share your information with third parties, except as described in this policy. Where we do share information, it is only in ways that would reasonably be expected to support order fulfilment, service delivery or product/service enhancements.

3. Scope and Application of Law

A. Scope
This Policy covers all sensitive, private and proprietary information, whether stored or transmitted internally or externally, regardless of the format.

This includes (but is not limited to): client data, personal information, confidential legal data, confidential client data, non-public financial data and proprietary research data. These are collectively referred to as “confidential data”.

This Policy applies to all RHIZA employees and individuals performing work on behalf of RHIZA, its customers or suppliers, who may handle or store confidential data.

B. Application of Laws
This Policy incorporates internationally recognised data privacy principles, and supplements relevant national data privacy legislation. In the event of a conflict between this Policy and national law, the national law will take precedence. Where no national legislation exists, this Policy will apply. Any mandatory reporting requirements for data processing under national laws must be observed.

4. Principles

At a high level, the principles RHIZA complies with when processing data include:

4.1 Fairness and lawfulness
Personal data must be collected and processed legally and fairly, with the rights of individuals protected.

4.2 Restriction to a specific purpose
Data may only be processed for the purpose defined at the time of collection. Any subsequent changes must be justified and limited in scope.

4.3 Transparency
Data subjects must be informed how their data will be handled. In general, personal data must be collected directly from the individual. At the point of collection, individuals must be informed of the data controller’s identity, the purpose of data processing, and any third parties (or categories of third parties) the data may be shared with.

4.4 Data reduction and economy
Before processing personal data, it must be determined whether the data is necessary for the intended purpose. Where possible, anonymised or statistical data should be used instead. Personal data should not be collected or stored for future purposes unless required or permitted by law.

4.5 Deletion
Personal data that is no longer needed following legal or business-related timeframes must be deleted. Exceptions may apply in cases of legitimate interest or historical value. See our Data Retention Policy for more details.

4.6 Factual accuracy
Personal data must be accurate, complete and, where necessary, kept up to date. Measures must be in place to ensure any incorrect or incomplete data is corrected or deleted.

4.7 Confidentiality and data security
Personal data must be treated as confidential and protected through appropriate organisational and technical safeguards to prevent unauthorised access, unlawful processing or accidental loss, alteration or destruction.

5. Reliability of Data Processing

Personal data can only be collected, processed and used on the following legal bases:

A. Consent
Data can be processed with the individual’s consent, which must be given voluntarily and with full information. Consent must be documented in writing or electronically. Verbal consent (e.g. during phone calls) may be accepted in certain cases, but must also be recorded.

B. Legal authorisation
Data processing is permitted if required or allowed under national legislation. Any processing must be proportionate, necessary and aligned with legal requirements.

C. Processing of sensitive data
Sensitive personal data may only be processed if required by law, with the individual’s explicit consent, or where necessary to establish, exercise or defend legal claims. If sensitive data processing is planned, the CRCO or the Corporate Data Protection Officer (DPO) must be consulted in advance.

D. Legitimate interest
In some cases, RHIZA may rely on the legitimate interest principle to justify processing personal data. This will only be used where the data subject could reasonably expect such processing.

The scenarios in which this may apply are not exhaustive – if unsure, please speak to your RHIZA contact.

6. Customer Data

A. Processing of an Order
RHIZA will process a farmer’s personal data with the intention of fulfilling an order. Examples of data processed include:

  • Personal and financial details to set up the farmer as a customer in the order management system
  • Farm location and GPS data to deliver the product to the correct site
  • Personal data to issue an invoice for the order
  • Financial information to process payment
  • Farm access information where provided

B. Satellite Imagery for Provision of Digital Services and Trials Research
RHIZA processes satellite imagery to improve its digital services and field research. This data supports agronomists in managing workloads and enhances the efficiency of agronomic trials. Examples include:

  • Satellite data assessing crop development stages to determine need for treatment
  • Satellite data identifying optimal harvesting times
  • Satellite imagery used in trials to provide enriched research outputs

C. Processing of GPS Data for Digital and Technology Services
GPS data is used within RHIZA’s digital services to support agronomists in field-level decision-making. This includes:

  • Mapping field boundaries so satellite, weather, Ordnance Survey and soil data can be applied through algorithms
  • Recording precise locations of soil samples
  • Capturing inspection locations during agronomist visits

D. Business Development
RHIZA may store business contact details for communication and marketing purposes. Examples include:

  • Technical marketing teams managing lists of farmers and agronomists to share bulletins and trial outcomes
  • Invitations to iFarms, open days or other Agrii-led events
  • RHIZA employees maintaining business contact lists to engage on commercial opportunities
  • Direct marketing to consenting individuals about RHIZA’s services

E. Profiling of Customers
Customer data may be profiled to improve the relevance of RHIZA’s services. Examples include:

  • Analysing purchasing trends to suggest alternative or complementary products
  • Reviewing agronomist or farmer activity to tailor communications and support

F. Research Trials
Farmer data may be used in research and development trials. Examples include:

  • Linking datasets to specific farm locations and GPS coordinates
  • Generating research reports associated with individual farms or growers

G. Third Parties
RHIZA may share data with third parties to improve service delivery, agronomist support and product development. Examples include:

  • Sharing anonymised farm data with software providers to test product enhancements
  • Providing agronomist and farm data to enable third-party order fulfilment
  • Using anonymised cookie data for website analytics

7. Rights of the Data Subject

Each individual has the following rights in relation to their personal data:

7.1 To request information on what personal data has been stored, how it was collected, and for what purpose.

7.2 To be informed of any recipients or categories of recipients with whom the data is shared.

7.3 To request correction or completion of inaccurate or incomplete personal data.

7.4 To object to the processing of data for marketing or research purposes. Such data must be blocked from these uses.

7.5 To request deletion of personal data if it is no longer legally required or if its processing is no longer justified. Legal retention periods and conflicting interests must be respected.

7.6 To object to data processing where their own interests outweigh those of the data controller. This right does not apply where legal obligations require the data to be processed.

7.7 To exercise any additional rights under applicable national data protection laws.

7.8 All rights requests must be handled without undue delay by the Corporate Data Protection Officer.

8. Appendix A: Terms and Definitions

  • Personal Information: Data that can identify a person directly or when combined with other data, e.g. name, date of birth, etc.
  • Anonymised Data: Data stripped of identifying features such that identity cannot reasonably be re-established.
  • Consent: A voluntary agreement to the processing of personal data.
  • Data Breach: Any event involving unauthorised access, use, or loss of personal data.
  • Data Subject: A person whose data is processed.
  • Sensitive Data: Includes race, ethnicity, health, union membership, political views, etc. Definitions may vary by country.
  • Personal Data: Any information relating to an identifiable person.
  • Processing: Any operation on personal data, including collecting, storing, sharing, or deleting.
  • Data Controller: The party that determines the purpose and means of processing data.
  • Data Processor: A party processing data on behalf of the controller.

9. Privacy Policy

A. Incorporation of Privacy Policy

9.1 RHIZA (a trading name of Masstock Arable (UK) Ltd) is committed to protecting your privacy and ensuring compliance with UK data protection laws. This Privacy Policy explains how we use your information and what safeguards are in place.

9.2 By using our website https://www.rhizadigital.co.uk or any services offered by RHIZA, you consent to the practices described in this policy. If you do not agree, you should stop using the site or services.

B. The Information We Collect and How It Is Used

9.3 When you use our website or services, we may collect your name, address, email, telephone number, payment details, and service usage. Some information is shared securely with third parties to fulfil your service requests.

9.4 We will not disclose your personal or financial data to any third party unless legally required or permitted.

9.5 We may use anonymised data for statistical or analytical purposes to improve our services.

9.6 We track behavioural data (e.g. navigation history) to better understand user preferences and improve your experience.

9.7 With your permission, we may send information about RHIZA products or services we think may interest you.

9.8 We may also share information from third parties that may be relevant to your interests.

If you do not wish to receive this information, please email us at info@rhizadigital.co.uk.

9.9 We may retain correspondence for record-keeping and compliance purposes.

We will never share your data with third parties for marketing purposes without your consent.

C. Use of Cookies and Tracking Technologies

9.10 Our website uses cookies and similar technologies to enhance user experience and ensure site functionality.

9.11 Some features may only work if cookies are enabled.

9.12 You may decline cookies, although this may limit site features.

9.13 Cookies can be deleted via your browser settings.

9.14 We may also use JavaScript and third-party analytics providers to monitor usage.

9.15 Advertisers on our site may use their own cookies, which we do not control.

D. PROTECTING YOUR INFORMATION
9.16. The internet is not a secure medium. However, RHIZA has implemented various security procedures and strict internal policies to safeguard and protect your information from unauthorised access and misuse. These security procedures, which are of the highest standards, are continuously reviewed and improved.

9.17. Despite these precautions, no system is entirely fool-proof. You should therefore exercise caution when disclosing any confidential information to third parties.

E. SECURITY AND WHERE WE STORE YOUR PERSONAL DATA
9.18. We are committed to ensuring the security of your data. A variety of security technologies and protocols are in place to protect it from unauthorised access or use. Strict internal guidelines help safeguard your privacy across all levels of our organisation, and we will continue to implement additional security features as technology evolves. Although we take every reasonable step to protect your data, we cannot guarantee its security during transmission to our website. Any data you transmit is at your own risk. Once received, we apply appropriate security measures to help prevent unauthorised access or disclosure.

F. RETENTION PERIOD(S)
9.19. The retention period for your data depends on the nature of our relationship. Customer and client data are retained for a period of seven years. Data for individuals who are not customers or clients is retained for 30 months. We will respond to any request relating to your data in writing as soon as reasonably practicable, and in any case within one month of receipt. Proof of identification may be required to verify your request. All requests should be submitted via our Personal Data Request form. If you believe that any of the information we hold about you is incorrect, incomplete or requires updating, you may also use the contact details below. You have the right to lodge a complaint with the Data Protection Commissioner if you are dissatisfied with how we process your data.

G. SALE OF COMPANY
9.20. If RHIZA, or any part of its business, is sold or merged with another organisation, your personal data may be disclosed to RHIZA’s advisers and any prospective buyers and their advisers. It may also be transferred to the new owners of RHIZA or the relevant business unit.

H. UPDATING YOUR DETAILS
9.21. If any of the details you have provided to RHIZA change – for example, your email address, name or payment information – or if you wish to cancel your order, please notify us by emailing: info@rhizadigital.co.uk

I. YOUR PRIVACY
9.22. As a current or potential client of RHIZA, we believe it is in your legitimate interest to receive information about our products, services and events. You can opt out of, or unsubscribe from, this marketing at any time by emailing: info@rhizadigital.co.uk

9.23. We will never knowingly sell your data to any third-party supplier without your explicit consent.

J. OTHER TERMS
9.24. Due to the global nature of internet infrastructure, information you provide may be transferred to countries outside the European Economic Area that do not have the same data protection laws. However, RHIZA has implemented appropriate safeguards to protect your information during such transfers. By using the website, you consent to these transfers.

9.25. RHIZA may include links to other websites. Please note that once you follow one of these links, you are no longer covered by this Privacy Policy and should review the privacy policies of the new sites.

9.26. RHIZA reserves the right to amend this Privacy Policy at any time. Any changes will be posted on this website.

9.27. You have the right to ask RHIZA at any time not to process your personal data for marketing purposes.

9.28. RHIZA welcomes your feedback on this website and its privacy practices. Please email any queries or comments to: info@rhizadigital.co.uk

K. CHANGES TO THIS PRIVACY STATEMENT
9.29. We reserve the right to update this Privacy Statement at any time, at our sole discretion. If material changes are made, we will update this privacy policy page. You are advised to check this page regularly for any updates. If you have any questions or comments regarding our privacy policy or terms of use, please email: info@rhizadigital.co.uk