Privacy Policy

Privacy Policy

Grow Farms values your privacy and is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform and related services.

1. Personal Data Collection

We collect the following categories of personal data when you interact with the Platform:

  • Identification and Contact Information: Name, email address, phone number, business details.
  • Account Information: Username, password (encrypted), preferences.
  • Usage Data: IP address, browser type, device identifiers, access logs.
  • Communication Data: Records of communications between you and our support or sales teams.
  • Transaction Data: Purchase history, order details, payment status.
  • Cookies and Tracking Technologies: As outlined in Section 5.

2. Legal Basis and Purpose of Processing

We process your personal data based on the following legal grounds under the GDPR:

Purpose of Processing Legal Basis
To create and manage your account Article 6(1)(b) GDPR – performance of a contract
To process orders and manage deliveries Article 6(1)(b) GDPR – performance of a contract
To respond to inquiries and provide customer support Article 6(1)(b) or 6(1)(f) GDPR – legitimate interest
To send you relevant service updates or promotional communications Article 6(1)(a) GDPR – your consent (if applicable)
To comply with legal obligations Article 6(1)(c) GDPR – legal obligation
To improve our services through analytics Article 6(1)(f) GDPR – legitimate interest

3. Data Sharing and Transfers

We only disclose your personal data to the extent necessary and for legitimate purposes. Categories of recipients include:

  • Logistics and Delivery Providers: To fulfill your orders.
  • IT and Cloud Service Providers: Hosting, data storage, and system maintenance.
  • Professional Advisers and Legal Authorities: As required to comply with legal obligations or defend legal claims.

We do not sell your personal data under any circumstances.

Where data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place (e.g., standard contractual clauses).

Cookies and Tracking Technologies

The Grow Farms Platform uses cookies and similar technologies to enhance the functionality and user experience of the Platform.

Types of cookies used:

  • Strictly Necessary Cookies: Essential for core functionality (e.g., user login).
  • Performance Cookies: Collect anonymous data to help us understand how the Platform is used.
  • Functionality Cookies: Remember user preferences such as language or region.
  • Analytics Cookies: Help us analyze and improve our services.

Managing cookies:

You can manage or disable cookies at any time by adjusting your browser settings. However, disabling some cookies may affect the performance or functionality of the Platform.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, regulatory, tax, and accounting requirements. After the applicable retention period, your data will be securely deleted or anonymized.

6. User Rights

In accordance with the GDPR, you have the following rights regarding your personal data:

  • Right of Access – to obtain a copy of your data.
  • Right to Rectification – to correct inaccuracies.
  • Right to Erasure – to request deletion of your personal data.
  • Right to Restriction – to limit processing under certain circumstances.
  • Right to Data Portability – to receive data in a structured, commonly used format.
  • Right to Object – to object to processing based on legitimate interest or direct marketing.
  • Right to Withdraw Consent – where processing is based on your consent.

To exercise these rights, please contact us at: gpb@grow-farms.org

7. Contact Us

For any questions regarding this Privacy Policy or how your data is handled, please contact:

Data Protection Officer

Grow Farms S.L.

Email: gpb@grow-farms.org

8. Data Breach Notification

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, or disclosure.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the competent supervisory authority without undue delay, and in any case within the time frame required by the GDPR (typically within 72 hours of becoming aware of the breach).

The notification will include:

  • A description of the nature of the breach.
  • Contact details of our Data Protection Officer.
  • Likely consequences of the breach.
  • Measures taken or proposed to address the breach.

9. Automated Decision-Making and Profiling

We do not use your personal data to make decisions based solely on automated processing, including profiling, which produce legal effects concerning you or significantly affect you, as defined in Article 22 GDPR.

If this ever changes in the future, we will notify you in advance and provide you with the right to obtain human intervention and to contest any such decision.