Got questions about the GGN label or the system behind it?
Take a look at our list of frequently asked questions! Click on a question to expand the answer.
Take a look at our list of frequently asked questions! Click on a question to expand the answer.
The GGN label is a universal mark of certified, responsible farming and transparency. It is designed to help guide you in your day-to-day grocery shopping.
Transparency is at the heart of our label – Our label connects you to the roots of your food and plants. Our 'About GGN' webpage details how we promote responsible farming that benefits farmers, retailers, and consumers around the globe. Through our work, we support worldwide sustainable development for the good of future generations and our planet.
GGN is short for GLOBALG.A.P. Number. GLOBALG.A.P. is the company behind the GGN label. The GGN is a 13-digit producer or producer group identification number given to every producer registered for certification. Once the production process on the farm is successfully certified, the producer can print this number on their product packaging. The number identifies where the product was produced, and retailers can use it to verify their suppliers.
In combination with the GGN label and its logo, the GGN enables us to give you the transparency you need and lets you trace your product back to its roots. And you can do that right on your mobile device while you're shopping!
The portal is at the heart of our promise of transparency. It collects the profiles of all the producers we have verified for you and whose products carry the GGN label logo. The portal also provides information on responsible farming practices and how certification works. Learn more about how the GGN label gives you transparency here.
Provided the product has a GGN label logo, all you have to do is type the GLOBALG.A.P. Number (GGN) into the GGN search and you will learn all about the farm, its location, and the certified products* it produces.
*Please note: The term ‘certified product(s)’ refers to products originating from a farm with GLOBALG.A.P. certified production processes.
The GGN label covers only farmed products and not wild farming. So, you won’t find the label logo on swordfish, because swordfish can’t be farmed in a controlled environment. It can only be fished in the ocean. Salmon, on the other hand, can be farmed in aquaculture farms using GLOBALG.A.P. certified processes that can be regulated, controlled, and monitored, as well as checked by trained auditors and inspectors working for independent and accredited certification bodies.
The GGN label is built on an internationally recognized and accredited set of good farming practices that cover food safety, sustainability, environmental protection, animal welfare, social responsibility, and supply chain traceability. These good farming practices are defined as a set of rules and requirements in a standard: theGLOBALG.A.P. Integrated Farm Assurance (IFA). Producers must comply with these IFA requirements in order to get certified and prove that they use responsible farming practices on their farm. The IFA covers all forms of farming – agriculture, floriculture, aquaculture, and livestock farming. However, the GGN label is currently available only for floriculture and aquaculture. |
GLOBALG.A.P. is a company that develops accredited standards used to check and certify the production processes in agriculture, floriculture, aquaculture, and livestock farming. The requirements specified in the GLOBALG.A.P. Integrated Farm Assurance (IFA) standard, called control points and compliance criteria, are developed in coordination with everyone involved in the industry, including producers, retailers, government agencies, and NGOs. That’s why they reflect the current demands of the market as a whole. The GLOBALG.A.P. IFA certification proves that the production process on the farm operates according to science-based and industry-approved responsible farming requirements. This is a B2B certification, meaning that the certificates are checked by traders and retailers when sourcing products for consumers. The GLOBALG.A.P. IFA standard is one of the leading certification systems in the world, with over 200,000 farmers under GLOBALG.A.P. certification in more than 135 countries worldwide. Learn more about the GLOBALG.A.P. IFA standard at IFA v6 (globalgap.org). |
Producers receive a GLOBALG.A.P. IFA certificate when they fulfill all the control points and compliance criteria defined in the GLOBALG.A.P. Integrated Farm Assurance (IFA) standard. The IFA covers production processes in agriculture, floriculture , aquaculture, and livestock farming. |
Producers implementing the IFA standard on their farms receive a GGN and are added to the GLOBALG.A.P. database, which collects and stores the assessment and certification data of more than 200,000 farms in over 135 countries. It is one of the largest online sources of verified farm data on food safety and sustainability. The database provides instant and complete access to the registration and status data of every producer and product within the GLOBALG.A.P. system. Traders and retailers worldwide use the platform’s online certificate validation tool daily to verify their suppliers. You can learn more about how the certification process works here. |
No, the product itself is not certified. The GGN means that the production process on the farm that produced the product is certified. This is an important distinction. GLOBALG.A.P. certification covers the on-farm production process only and NOT the end product. |
The GGN label logo is part of the GGN label. It shows consumers that that product was produced through a production process that is certified according to responsible farming requirements. It also means that you can trace the product back to its roots, the farm where it was produced, and get information on the producer. The GGN label logo also confirms that the integrity of the product was secured from the farm to the market shelf. This means that the product from GLOBALG.A.P. certified production processes was not mixed with products from non-certified production processes along the entire supply chain. Consumers can search the GGN found on products with the GGN label at www.ggn.org. If the product has a GGN but no GGN label logo on the package, you can use the public search function on the GLOBALG.A.P. database to find out where the product came from. To do so, simply enter the GGN in the field “Search #1 - Identify producer via unique codes”. The results will display the name of the producer. Please note: Not all producers with certification want to have their information publicly visible. For more information, please contact our customer support at customer_support@globalgap.org |
The GGN label relies on so-called Chain of Custody (CoC) certification, which enables supply chain transparency by monitoring every step of the way from the farm to the market shelf. A product passes through many hands before it reaches you. Chain of Custody certification uses a transparent system of documentation to make sure the labeled product you buy in the market consists only of products from certified production processes. Often, traders will buy products from several sources and package them as one product under a single brand label, such as a bouquet of flowers. To make sure that the products from certified production processes are not mixed with products from non-certified production processes as they make their way from the farm to your home, traders wanting to use the GGN label must also fulfill the requirements of the GLOBALG.A.P. Chain of Custody standard. |
Traders are buyers or packers that source products from various producers and either sell them to other traders or packers in bulk or package them under a specific brand name. These products are often mixed to create another product, such as a bouquet of flowers. That’s why Chain of Custody certification is so important: It ensures that products from certified production processes are not mixed with products from non-certified production processes. |
|
No, they’re not. The GGN is an identification number for a producer with a certified production process. It is a traceability code for the farm up to the farm gate. The CoC Number is an identification number for a trader/packer or retailer selling products from certified production processes. It is a transparency code covering the supply chain from the farm gate to the market shelf. |
While our customer support is well trained to respond to all your queries, we cannot directly help you fix any problems relating to the actual product. That’s because the GGN label and logo only cover certified production processes. This means that independent third-party certification bodies are responsible for certifying production processes on the farm and NOT the actual products. Our label is not responsible for problems relating directly to the products.
To deal with a problem with the actual product, we highly recommend you do the following:
Contact the retailer where you bought the product and/or the product’s brand owner and inform them directly of your issue. You can usually find their hotline and contact information online and via their social media channels. Retailers and brand owners are generally keen on keeping their customers happy and will gladly assist you with your problem.
If you have no luck with option 1, try contacting the producer directly. You can find the contact information on their farm profile by searching their GGN.
If the product has a GGN but no GGN label logo, please contact our customer support at customer_support@globalgap.org
There can be several reasons for this, such as technical problems or a typo/printing mistake on the package. It can also mean that the farm has not been registered on ggn.org yet.
We can help you find out. Please use the contact form on our website to send us the following:
Clear pictures of both the front and back of the packaging taken with your mobile device. You can upload them as attachments to the contact form.
Exact information about the error message you received. Please select the message that was displayed form the list below:
The farm or farms with this GGN are currently being reviewed.
If the product you have bought is not specified in the farm profile, please contact info@ggn.org for more information.
For more information, please contactinfo@ggn.org.
The protection of your privacy and personal data is important to us, and this is a key factor in how we design and implement our activities on the internet.
This privacy policy applies to the website(s) operated by Agraya GmbH (formerly FoodPLUS GmbH), Spichernstr. 55, 50672 Cologne, Germany; email: info@agraya.com; tel.: +49 (0) 221 57776 0 (hereinafter referred to as “Agraya GmbH” or “we”) as the data controller. This includes www.agraya.com (hereinafter referred to as “Website”). This privacy policy can be accessed from this Website.
For questions relating to data protection and the processing of your personal data, please contact our data-protection officer:
HEC Harald Eul Consulting GmbH
Auf der Höhe 34
50321 Brühl
Email: dataprivacy@agraya.com
In this privacy policy, we inform you about the type, scope, and purposes of the collection, processing, and use of your personal data when visiting or using our Website. This is performed in accordance with the provisions of the European General Data Protection Regulation (GDPR) and other applicable (federal) data protection legislations (hereinafter referred to jointly as “Applicable Data Protection Law”).
No automated decision-making/profiling is performed.
We process personal data in accordance with the stipulations of the General Data-Protection Regulation (GDPR), the German Federal Data-Protection Act (Bundesdatenschutzgesetz - BDSG) and other applicable data-protection provisions (details are provided in the following). The details of which data are processed and how they are used, possibly also using artificial intelligence (AI), depends largely on the services requested or agreed in each case. Further details or additions for the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. in the context of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time, as you may find out from our website www.agraya.com.
2.1 Purposes pursuant to fulfilment of an agreement or pre-contractual measures (Art. 6, section 1 b of the GDPR)The processing of personal data is carried out in order to carry out our contracts with you and the execution of your orders as well as to carry out measures and activities within the framework of pre-contractual relations, e.g. with interested parties. In particular, the processing thus serves to provide services according to your orders and wishes and include the necessary services, measures and activities. This essentially includes contract-related communication with you, the corresponding billing and associated payment transactions, credit checks, the verifiability of transactions, orders and other agreements as well as quality control by means of appropriate documentation, goodwill procedures, measures to control and optimize business processes as well as the fulfilment of general duties of care, control and supervision by affiliated companies (e. g. Parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; ensuring IT security ((inter alia system and plausibility tests) and general security, including building and plant security, securing and exercising domestic authority (e. g. by means of access controls); guaranteeing the integrity, authenticity and availability of data, preventing and investigating criminal of-fences; control by supervisory bodies or supervisory authorities (e. g. auditing).
2.2 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6, section 1 f of the GDPR)Above and beyond the actual fulfilment of the (pre-) agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
Your personal data can also be processed for certain purposes (e.g. use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) including as a result of your consent. As a rule, you can revoke this consent at any time. You shall be separately informed about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally speaking, revocation of consent only applies to the future. Processing that takes place prior to consent being issued is not affected by such and remains lawful.
2.4 Purposes relating to adherence to statutory requirements (Art. 6, section 1 c of the GDPR) or in the public interest (Art. 6, section 1 e of the GDPR)Just like any actor which takes part in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g. commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities (e.g. generally accepted industry standards or guidelines).
The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g. comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g. audit reports, inspections findings or complaints by retailers, suppliers, traders or consumers).
In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as, for example, commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process this data in accordance with statutory provisions.
Relevant personal data categories may in particular be:
At our company, your data is received by those internal offices or organisational units that need such to fulfil our contractual and statutory obligations or that require such data within the framework of processing and implementing our legitimate interests.
Your data is disclosed/passed on to external offices and persons solely
We shall moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data has been sent to them.
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
Above and beyond this, we are subject to various retention and documentation obligations that emanate inter alia from the German Commercial Code (HGB) and the German Tax Code (AO), as well as other statutory retention and documentation obligations. The periods and deadlines for retention and/or documentation stipulated therein are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship.
Furthermore, special statutory provisions may require longer retention such as for example the preservation of evidence in connection with statutory timebarring provisions (statute of limitations). Under §§ 195 ff. of the German Civil Code (BGB), the regular timebarred period is three years, but timebarred periods of up to 30 years may also be applicable.
If the data is no longer required to meet contractual or statutory obligations and rights, it is regularly deleted unless its further processing - for a limited period - is necessary to fulfil the purposes listed under number 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to delete the data as a result of the special type of storage or such is only possible at an unreasonably great expense and processing for other purposes is excluded by appropriate technical and organisational measures.
Data is transmitted to offices in countries outside the European Economic Area EU/EEA (so-called third states) whenever such is necessary to meet a contractual obligation towards you (e.g. if you are despatched to another country), such is required by law (e.g. notification obligations under tax law), such is in the legitimate interest of us or a third party or you have issued us your consent to such.
At the same time, your data may be processed in a third country including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the assurance of an adequate level of data protection for the respective country or for one or more specific sectors within a third country, appropriate contracts (such as EU standard contracts) and additional measures may be used as a basis for the transfer. Information on the appropriate or adequate safeguards and on the possibility of obtaining a copy from you can be re-quested from the company data protection officer.
If certain conditions are met, you can assert your data-protection rights against us
Whenever possible, your applications for the exercise of your rights should be sent in writing to the address stated above or addressed directly to our data-protection officer.
You only need to provide data that is necessary for the commencement and performance of the business relationship or for a pre-contractual relationship with us or the collection of which we are required by law. Without this data, we are generally not able to conclude the agreement or continue to perform such. This may also relate to data that is required later within the framework of the contractual relationship. If we request data from you above and beyond this, you shall be informed about the voluntary nature of the information separately.
We do not use any purely automated decision-making procedure as set out in Article 22 of the GDPR. If we do institute such a procedure in individual cases in the future, we shall inform you pursuant hereto separately if this is required by law.
Information on your right of objection under Art. 21 of the GDPR
1. You have the right to file an objection at any time against processing of your data which is performed on the basis of Art. 6, section 1 f of the GDPR (data-processing on the basis of a weighing out of interests) or Art. 6, section 1 e of the GDPR (data-processing in the public interest). The precondition for this, however, is that there are grounds for your objection emanating from your special personal situation. This also applies to profiling that is based on this purpose in the meaning of Art. 4, no. 4 of the GDPR.
If you file an objection, we shall no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
2. We will also use your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection to such at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We shall respect this objection with effect into the future.
We shall no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection can be filed without adhering to any form requirements and should if possible be sent to
Agraya GmbH
Spichernstr. 55
50672 Cologne
Germany
Our privacy policy and the information on data protection about our data processing according to article 13, 14 and 21 GDPR may change from time to time.
Access data and server log filesWe (or the webspace provider commissioned by Agraya GmbH) collect data about every visit to the Website. This data is saved in so-called server log files and includes the name of the accessed web page or webservice, file, date and time of the access, data volume transferred, any data input, report of successful access, browser type including version, your operating system, referrer URL (the page previously visited), Internet Protocol (IP) address, and where relevant username and the requesting provider. We use this data exclusively for statistical analyses and the purpose of operating, securing, and optimizing the Website. This data is not merged with other data sources or other personal data about you. The system needs to store the IP address temporarily to enable the Website to be delivered to you. The IP address is stored for the duration of the session for this purpose. Data is saved in server log files to safeguard the functionality of the Website. The data also helps Agraya GmbH to optimize the Website and safeguard the security of the IT systems. We further reserve the right to review the data in the server log files retrospectively if there are specific indications that justify a suspicion of unlawful use. These purposes represent an example of Agraya GmbH’s legitimate interest in data processing. The legal basis for this data processing is Art. 6 (1) f) GDPR.
RegistrationYou can register on our Website for a variety of purposes. Registration is used to sign up for specific events, to receive informational emails/newsletters, or to receive informational material (e.g., brochures or posters). During registration we collect data about you that we need for the specific registration (hereinafter referred to as “Registration Data”). This generally includes your first name, email address and further information about your company (where relevant). The specific data is set out in further detail in the registration form in each case. The legal basis for this data processing is Art. 6 (1) b) GDPR.
When you register, we store your IP address in addition to the Registration Data. This falls within our legitimate interests relating to log purposes and the prevention of abuse. The legal basis for this data processing is Art. 6 (1) f) GDPR.
https://privacy.microsoft.com/en-us/privacystatement. For further information about the processing of your personal data in countries outside the EEA/EU, please see the section “Transferring data to countries outside the EEA/EU” below.
You can object to the further processing, storage, and use of your Registration Data at any time. However, this may result in a complete deregistration. You may submit your objection either directly via the Website or by contacting us at dataprivacy@agraya.com.
Committees/Specialist groupsIn certain cases, if you become active in committees/specialist groups we also process personal data, e.g., in the form of participation lists. This is necessary for the performance and documentation of the committees/specialist groups. The legal basis for this data processing is Art. 6 (1) b) and f) GDPR.
As part of their participation in the committees/specialist groups or collaboration on other projects, we may email certain users, in particular customers or other third parties we work with, a link for sharing content via SharePoint which is offered by Microsoft Ireland Operations, Ltd. (hereinafter referred to as “Microsoft”). Further information about Microsoft SharePoint can be found at https://products.office.com/en-us/sharepoint/collaboration. For further information about the processing of your personal data by Microsoft, see https://privacy.microsoft.com/en-us/privacystatement. For further information about the processing of your personal data in countries outside the EEA/EU, please see the section “Transferring data to countries outside the EEA/EU” below. This processing is performed on the basis of your consent to the processing of your personal data pursuant to Art. 6 (1) a) GDPR or Art. 6 (1) b) GDPR when data is processed for the purpose of the performance of a contract.
Contact initiationWhen you contact Agraya GmbH (e.g., via contact form, calendars, telephone, email, or as a follow-up to a contact made during a trade fair), your information is stored for the purpose of processing the request as well as for any follow-up queries. The legal basis for this data processing is Art. 6 (1) b) GDPR).
We process such information via Microsoft Dynamics. For further information about this service provider and the processing of your personal data in countries outside the EEA/EU, please see the section “Registration” above, and the section “Transferring data to countries outside the EEA/EU” below.
Comments and postsIf you leave a comment on our blog or make other posts, your IP address will be stored. This is done to protect Agraya GmbH if a user includes unlawful content in comments and/or posts (insults, forbidden political propaganda, etc.). We may face legal action regarding the comment or post and thus have an interest in the identity of the author for the purposes of defending the claim or asserting recourse claims and may even be obliged to disclose such information to third parties, courts, or public authorities. These purposes represent an example of Agraya GmbH’s legitimate interest in data processing. The legal basis for this data processing is Art. 6 (1) c) and f) GDPR.
Informational emails, newslettersWe send informational emails to large mailing lists (hereinafter referred to as “Informational Emails”), in particular our newsletters on a range of subjects, to inform our consenting users about our products and services, invitations to certain events, as well as news about us or our Website. If you want to receive Informational Emails, we need you to provide a valid email address. We use a procedure to verify that you are the holder of the email address that was provided, or that the holder consents to receiving the Informational Emails (“double opt-in procedure”). This involves us sending an email to the email address that was provided with a request to reconfirm the registration to receive the Informational Emails (e.g., by clicking a link). Additionally, on request, you can indicate the specific topics we may inform you about. No further data is collected. This data is not used for any purpose other than sending Informational Emails and is not passed on to third parties. The legal basis for this data processing is your consent (Art. 6 (1) a) GDPR; section 7 (2) German Act on Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, UWG)).
When you register for one of our Informational Emails, we store your IP address and the date of the registration. This data is stored solely for evidential purposes in the event that a third party misuses an email address and registers to receive Informational Emails without the knowledge of the authorized party. This falls within the legitimate interests of both us and our users (Art. 6 (1) f) GDPR).
You can withdraw your consent to the saving of your data, your email address, and its use for the sending of Informational Emails at any time effect for the future. Your withdrawal can be performed via a link in the Informational Emails themselves or by notifying us, as described in further detail in the section “Rights of data subjects”.
We process your data in connection with Informational Emails via Microsoft Dynamics. For further information about this service provider or the processing of your personal data in countries outside the EEA/EU, please see the section “Registration” above, and the section “Transferring data to countries outside the EEA/EU” below.
InxmailThis website uses Inxmail for sending newsletters. The provider is the Inxmail GmbH, Wetzinger Straße 17, 79106 Freiburg (hereinafter referred to as “Inxmail”).
Inxmail is a service that, among other things, organizes the mailing of newsletters and allows the analysis of such services. The data you enter for the purpose of subscribing to the newsletter is processed on Inxmail servers.
Inxmail Data Analysis
With the assistance of Inxmail, we are in a position to analyze our newsletter campaigns. For instance, this allows us to see whether a newsletter message has actually been opened and which links were clicked. This enables us to find out which links are clicked with great frequency.
We can also see whether any predefined activities took place after opening / clicking (conversion rate). This allows us to recognize whether a purchase was made after the newsletter was clicked.
Inxmail also allows us to divide newsletter recipients into different categories (clusters). It is, for example, possible to divide the newsletter recipients based on age, gender, or place of residence. This allows us to adapt our newsletters more effectively for the respective target groups. If you do not want to participate in the Inxmail analysis, you will have to unsubscribe from the newsletter. We provide a link to opt out in every newsletter message.
To review the Data Privacy Policy of Inxmail please click here: https://www.inxmail.de/datenschutz.
Anonymized Tracking
We use Inxmail’s anonymous tracking, which only allows us to identify you if you have explicitly consented to this in advance.
Legal Basis
The data is processed on the basis of your consent Art. 6(1)(a) GDPR. You may revoke your consent at any time with future impact.
Archiving Period
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after unsubscribing from the newsletter or after the purpose for its use has ceased to exist. We reserve the right to delete email addresses from our newsletter distribution at our own discretion in conjunction with our legitimate interest pursuant to Art. 6(1)(f) GDPR or to block them. This will not affect data we store for other purposes.
After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist, if such action is necessary to prevent future mailings. Data from the blacklist will be used exclusively for this purpose and will not be merged with other data. This is in your and our best interest and also in the interest of compliance with the statutory mandates for the sending of newsletters (legitimate interest as defined in Art. 6 (1)(f) GDPR). There is no time limit for archiving in the blacklist.You may object to the storage if your interests outweigh our legitimate interests.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Surveys/Microsoft forms
We may also conduct online surveys on the basis of your respective consent with the aid of Microsoft Forms, a service offered by Microsoft, with whom we have entered into a data processing agreement. The surveys may be disseminated in a number of ways (via hyperlink, QR code, embedding in a website or Sway, or sent by email). Processing is performed on the basis of your consent to the processing of your personal data pursuant to Art. 6 (1) a) GDPR or Art. 6 (1) b) GDPR when data is processed for the purpose of the performance of a contract.
Further information about Microsoft Forms can be found at https://support.office.com/en-us/forms. It cannot be ruled out that in individual cases your data will be transmitted to the Microsoft Corporation in the USA and processed there. For further information about the processing of your personal data by Microsoft, see https://privacy.microsoft.com/en-us/privacystatement. For further information about the processing of your personal data in countries outside the EEA/EU, please see the section “Transferring data to countries outside the EEA/EU” below.
Jotform
We have integrated Jotform into this website. The provider is Jotform Inc., 111 Pine St. Suite, 1815 San Francisco, California 94111, USA (hereinafter referred to as “Jotform”).
Jotform enables us to generate online forms to record messages, inquiries and other entries entered by visitors to our website. All entries you make will be processed on Jotform’s servers.
We use Jotform on the basis of our legitimate interest in determining your needs as effectively as possible (Art. 6(1)(f) GDPR). If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
The data you enter into the form will remain in our possession until you ask us to delete them, revoke your consent to the archiving of your data or until the purpose of archiving the data no longer exists (e.g., upon completion of the processing of your inquiry). This does not affect mandatory statutory provisions – in particular those governing retention periods.
The transfer of the data to the United States is safeguarded by EU Standard Contract Clauses we have executed with Jotform. For details, please follow this link: https://www.jotform.com/gdpr-compliance/dpa/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/6788.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Online payments
If you register for an event, we make it possible for any payable fees to be paid online, depending on the specific offering. Similarly, all invoices issued by Agraya GmbH can be paid online using a credit card. The data required to initiate the online payment is strictly separated from your Registration Data. If you opt for online payment, the data you input, including the intended use and the sum to be transferred for the online payment, is not saved directly by us, but forwarded straight to BS Payone GmbH for payment verification and the initiation of the payment process. BS Payone GmbH transfers no more than minimal information about the payment procedures to us (e.g., allocation to invoice number and status of the payment transaction). BS Payone GmbH is therefore responsible for processing and storing personal data in connection with online payments. This serves the purpose of performing a contract between you and Agraya GmbH and thus falls within the legitimate interests of both parties (Art. 6 (1) b) and f) GDPR). The data protection regulations of BS Payone GmbH can be accessed at https://www.payone.com/DE-en/data-protection-regulations.
If you and/or your company are located in the United States, the payment service provider used is First Data Merchant Services, LLC. (hereinafter referred to as “Payeezy”). To pay, you will be redirected to Payeezy’s website, where you can enter the data required for payment processing (Art. 6 (1) b) and f) GDPR). We do not transfer any personal data to Payeezy. For more information on how Payeezy processes personal data, please refer to Payeezy’s privacy policy at https://merchants.fiserv.com/en-us/privacy/?utm_source=firstdataus.
Applications
On our Website we may publicize job advertisements for vacancies in our company, at our subsidiary in the USA (GLOBALG.A.P. North America Inc.), or our offices in South Africa. Responsibility for filling the vacancies and processing the respective applications lies with the company to which you make the specific application.
If you submit an application to us or our subsidiary or other offices, the respective company will process the information and documents you submit including the personal data included therein, such as your full name, address, email address, telephone number, information about your professional development/résumé, references, or other information that you communicate to that company in the course of your application. Prior to any appointment, the personal data (full name, date of birth, place of birth, nationality) of the applicants short-listed following the application process shall be checked against entries on blacklists, and especially the EU terrorist list pursuant to the EU anti-terror regulations. The purpose of this is to enter into a contract of employment with these applicants and to comply with a legal obligation to which we are subject (Article 6 (1) c) GDPR), because statutory provisions prohibit financial benefits, including the payment of a salary, being paid to persons who are included on such blacklists.
If we forward your application to our subsidiary in the USA, we do so to comply with your request to enter into/initiate an employment contract with the subsidiary pursuant to Art. 49 (1) 1b) GDPR. The submission of application documents including personal data is necessary for the performance of the application process.
You are not obliged, either under statute or contractually, to provide personal data for application purposes. However, if you supply no information about yourself, your application cannot be processed.
Transferring data to third parties
We will not disclose your personal data to third parties unless you have provided your consent or another permitted circumstance applies in accordance with the Applicable Data Protection Law. These third parties include in the first instance service providers commissioned by us to support our business operations (Art. 28 GDPR). This covers, e.g., webspace providers for the operation of our Website or the forwarding of invoicing or tax-relevant information to service providers for the purposes of invoicing and accounting or controlling. In these cases, however, the scope of the transmitted data will extend only to the minimum required to achieve the purposes pursued via the data processing. If you register on our Website for an event, we transmit the information you submit during registration to the organizations and companies we work with to run the respective event. The legal basis for this data processing is Art. 6 (1) b) GDPR.
For the purpose of pooling resources and optimizing our business processes, we operate a CRM system with our affiliated company, GLOBALG.A.P. North America Inc., under joint responsibility pursuant to Art. 26 GDPR. In this regard, we have concluded a so-called joint controller agreement (Art. 26 (1) GDPR). You can assert your data protection rights with each controller. The parties will inform each other without delay of claims asserted by data subjects in relation to the joint processing. They will provide each other with all the information necessary to respond to requests for information. Agraya GmbH will generally process and respond to requests from data subjects. GLOBALG.A.P. North America Inc. is located outside the EU/EEA and in the USA. To ensure an appropriate level of data protection, we have concluded so-called standard contractual clauses. You can find more information on data transfers to third countries in the following section.
If we are legally obliged to disclose specific personal data on the basis of a judicial decision or following a request for information from law enforcement or supervisory authorities or authorized third parties in conjunction with investigatory proceedings or the suspicion of a criminal act, an unlawful act, or other acts that may give rise to legal liability for you or us, we will disclose the data required for the investigation, such as your full name, address, email address, or other relevant information (Art. 6 (1) c) GDPR). Similarly, we reserve the right to process and use users’ personal data to enforce or defend against claims.
Transferring data to countries outside the EEA/EU
Personal data may be transferred to third parties that are located in non-EEA or non-EU countries and where no so-called adequacy decision exists, i.e., the European Commission has not established a level of data protection comparable to that in the EU (e.g., the USA, South Africa). In this case, prior to transferring, we ensure in compliance with the requirements of Art. 44 et seq. GDPR that an adequate level of data protection is in place at the recipient, in particular by conducting what are known as transfer impact assessments, by obtaining your consent in advance, or through specific guarantees, in particular the self-certification of a recipient in the USA in accordance with the principles of the EU – US Privacy Framework as well as concluding what are referred to as the EU standard contractual clauses. A copy of suitable guarantees can be obtained on request via the email address set out at the beginning of this privacy policy. Basic information about the participants of the EU–US Privacy Framework can also be found here. Basic information about the EU standard contractual clauses can be found here, and information about the adequacy decisions here.
Furthermore, even when we have concluded standard contractual clauses, we seek to establish further measures that provide an equal level of data protection compared to the applicable standards in the EU when personal data is forwarded to third countries (e.g., the USA, South Africa). Such further measures shall be established to accommodate CJEU decision C-311/18 (Schrems II). For further information on this topic, please contact our Data Protection Officer via the email address set out at the beginning of this privacy policy.
Integration of third-party content and services
Third-party content, such as YouTube videos, RSS feeds, or graphics from other websites, may be integrated into our online offerings. This usually assumes that the providers of this content (hereinafter referred to as “Third-Party Providers”) will be aware of the user’s IP address. This is because they would not be able to transmit the content to the browser of the user in question without the IP address. The IP address is therefore necessary in order to display this content. We endeavor only to use such content in those cases in which the respective Third-Party Provider only uses the IP address to deliver the content. However, we have no influence over whether the Third-Party Providers use IP addresses, e.g., for statistical purposes. Where we are aware of this, we will notify the users accordingly. The use of enhanced presentation options for information purposes and to optimize your user experience is within our mutual legitimate interest (Art. 6 (1) f) GDPR).
Further information about the use of YouTube videos can be found below.
YouTube with expanded data protection integration
This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalize browsing on YouTube. Ads that are played in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user's browser, which contain personal data similar to cookies and can be used for recognition. Details on the extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.
After activating a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
Cookies
Cookies are small files that permit specific information relating to a device to be stored on the user’s accessing device (PC, smartphone, etc.). Some enhance the user-friendliness of websites and aid the user (e.g., by storing login data), some enable the recording of statistical data about website use and the analysis to improve the Website or the placement of targeted ads. You can influence how cookies are used. Most browsers have an option that limits or completely prohibits the storage of cookies. However, it should be noted that use, and especially user comfort, may be restricted without cookies. Our users can manage many online advertising cookies from companies via the US page http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/uk/your-ad-choices/.For further information about the use of cookies and how you can deactivate them, see www.youronlinechoices.com.
We store cookies on our users’ hard drives unless they actively block them. The processing of personal data collected using cookies for analytical and marketing purposes is only done, and cookies are only dropped, subject to your prior consent. Thus, the legal basis for this processing is Art. 6 (1) a) GDPR. You can withdraw your consent at any time with effect for the future. The legal basis for using cookies which are necessary for the technical operation of our website is Art. 6 (1) f) GDPR. Further information on which Third-Party Providers we use in this regard can be found in the following.
Piwik PRO
We have integrated Piwik PRO on this website. The provider of this service is Piwik PRO GmbH, Knesebeckstraße 62/63, 10719 Berlin.
Piwik PRO enables us to collect and analyze data about the behavior of website and app users. For this purpose, Piwik PRO processes surfing behavior, device information and the IP address. It also stores cookies in your browser.
The use of the above-mentioned service is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the continuous optimization of the website and its content to offer users an improved and personalized user experience and to increase website performance. If a corresponding consent has been requested, the processing is carried out exclusively based on Art. 6 (1) (a) GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.
Further details can be found in the provider’s privacy policy at https://piwikpro.de/datenschutz/#product.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
Google Ads
The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.
The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://business.safety.google/controllerterms/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.
Our social media appearances
This privacy policy applies to the following social media presence
Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
Legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).
Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
Storage time
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).
Your rights
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to object, the right to data portability and the right to file a complaint with the responsible regulatory agency. Furthermore, you can request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.
Individual social networks
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, Ireland.
According to Facebook, the data collected is also transferred to the USA and other third countries. You can adjust your advertising settings yourself in your user account on Facebook. Further details can be found in Meta’s privacy policy: https://www.facebook.com/about/privacy/.
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Irland.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For details on how they handle your personal information, see the Instagram Privacy Policy: https://privacycenter.instagram.com/policy/.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/4452
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow St, Dublin, D04 E5W5, Ireland. Details on how they handle your personal data can be found in YouTube’s privacy policy: https://policies.google.com/privacy?hl=de&gl=de#infocollect.
Additional California privacy terms and rights
The state of California enacted the California Consumer Privacy Act in 2018 and amended it in 2020 under the California Privacy Rights Act (hereinafter referred to collectively as “CCPA”). Together, the acts afford certain rights to California residents (“consumers”). This section specifically addresses the rights of California residents under the CCPA.
A. Collection categories
As explained above in this privacy policy, we collect a variety of categories of information, including sensitive personal information, in connection with providing the services. In this section, we explain these categories again specifically in the context of the CCPA. In providing the services on the Websites, we collect the following categories of personal information: the person’s name, postal/mailing address, IP address, unique personal identifier or online identifier, email address or telephone number, and other Registration Data.
B. Information sources
As explained above, we collect personal information from consumers themselves directly via our Website, through interactions with our company’s personnel, and through social media, and, in some cases, from service providers.
C. Personal information use and sharing for business purposes
As explained in greater detail above, we use the personal information that is collected for a wide variety of business purposes:
To fulfill any contractual obligations with you related to the Website
To facilitate the establishment and use of accounts created on the Website
To verify your identity and manage access to your accounts on the Website
To facilitate your participation in our online forums
For analytics purposes and to operate, maintain, and improve the Website
To market the Websites and gather additional information regarding the Website
To create new products and services on the Website
To protect against, investigate, and deter fraudulent, unauthorized, and/or illegal activity on or relating to the Website
When necessary, to meet legal requirements, such as legally mandated reporting, subpoenas, court orders, or other legal process requirements
We only disclose and share your personal information for business purposes with the following categories of third parties:
Service providers, as explained above, and with our affiliated company GLOBALG.A.P. North America Inc.
D. Sale of personal information
We do not engage in any sale of a consumer’s personal information as that term is defined under the CCPA.
E. Sharing of personal information
The CCPA defines “sharing” as “renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means” personal information. We share your personal information, as described above, with the companies that provide cookies and similar technologies used on our Website. Those companies have access to and might use the personal information gathered through these technologies, which might include an individual consumer’s IP address. Such uses might include targeted advertising information based on individual internet activity and interests. It is possible that some of the businesses providing marketing services to us might share personal information with their business partners. In addition, some companies that provide services to us might need to access and use customer information as part of providing services to us, and these same companies might use this information for the development of their own business capabilities, not solely for the provision of services to us.
To notify us of your desire to restrict the use of your personal information by third parties, contact us and submit your request by emailing us at dataprivacy@agraya.com:
DO NOT SHARE MY PERSONAL INFORMATION
If you have any questions about submitting your request, please contact us and submit your request by emailing us at dataprivacy@agraya.com or calling toll-free at +1 833 879 8855.
F. Your California rights and choices
The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
i. Access to specific information.
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see the section “Exercising consumer rights” below), we will disclose to you:
The categories of personal information we collected about you
The categories of sources for the personal information we collected about you
Our business or commercial purpose for collecting or selling that personal information
The categories of third parties with whom we share that personal information
The specific pieces of personal information we collected about you
If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
Sales, identifying the personal information categories that each category of recipient purchased
Disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained
Under the CCPA, you may also request that we disclose certain information to you about our collection and use of your personal information beyond the past 12 months. We, however, may decline to provide that information to you if doing so would require a disproportionate effort on our part.
ii. Deletion and correction request rights
You have the right to request that we delete or correct any of your personal information that we collected from you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see the section “Exercising consumer rights” below), we will delete (and direct our service providers to delete) or correct your personal information from our records, unless an exception applies.
In the absence of a verifiable consumer request from you, we will retain your personal information as described above, before automatically deleting (and directing our service providers to delete) it.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Complete the transaction for which we collected the personal information, provide goods or services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
Debug products to identify and repair errors that impair existing intended functionality
Exercise free speech, ensure the right of another consumer to exercise their right to free speech, or exercise another right provided for by law
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us
Comply with a legal obligation
Make other internal and lawful uses of that information that are compatible with the context in which you provided it
iii. The right to opt out – the right to opt out of sharing of personal information
You have the right to opt out of the sharing of your information with a third party, i.e., to prevent a transfer of information to a third party that is not restricted in certain ways from making use of the information. As we explained above, some of the companies that provide cookies and similar technologies might use personal information for targeted advertising information based on individual internet activity and interests, potentially including the sharing of information with others. You can exercise your right to opt out of the sharing of your information by emailing us at dataprivacy@agraya.com:
DO NOT SHARE MY PERSONAL INFORMATION
iv. Exercising consumer rights
To exercise the rights described above, please submit a verifiable consumer request to us by one of the following methods:
• Emailing us at dataprivacy@agraya.com
• Calling us toll-free at +1 833 879 8855
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may make a verifiable consumer request for access or data portability no more than twice within a 12-month period.
To verify the identity of an individual making a request, a two-step process will need to be completed. A verifiable consumer request must do the following:
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it
Separately provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
iv. Response timing and format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Unless otherwise requested, any disclosures we provide will cover no more than the 12-month period preceding receipt of the verifiable consumer request. The response we provide will also explain the reasons we cannot comply with a request, where applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless the request is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
G. Nondiscrimination
We will not discriminate against you for exercising your CCPA rights. Unless permitted by the CCPA, we will not:
Deny you goods or services
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties
Provide you with a different level of quality of goods or services
Suggest that you may receive a different price or rate for goods or services or a different level of quality of goods or services
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time. However, we do not currently provide any financial incentives.
H. “Shine the Light” disclosure
We have not shared any personal information with other companies for their direct marketing use within the immediately preceding calendar year. Accordingly, California’s “Shine the Light” law, Cal. Civil Code § 1798.83 to § 1798.84, does not apply to us, and we have not established any mechanism for you to request information on our sharing of information for third parties’ marketing purposes.
Updates to the privacy policy
In the course of the ongoing development of our Website, we will also continually modify our privacy policy. Any changes will be communicated on this page in good time. For that reason, our users should regularly view this page to find out about the current status of the privacy policy.
Last updated: 15/07/2025