GDPR Compliance

Your rights under the General Data Protection Regulation

Effective since: May 25, 2018

SmartyCrop is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains your rights as a data subject and how we ensure compliance with GDPR requirements when processing personal data of individuals in the European Economic Area (EEA) and United Kingdom.

Your GDPR Rights

Under GDPR, you have specific rights regarding your personal data. We're committed to facilitating the exercise of these rights.

Right to Access

You have the right to request a copy of your personal data

  • Request what personal data we hold about you
  • Understand how we process your data
  • Receive a copy in a structured, commonly used format
  • Response provided within 30 days of request

Right to Rectification

You can request corrections to inaccurate personal data

  • Update incorrect or incomplete information
  • Add supplementary statements to your data
  • Request verification of contested data
  • Corrections made without undue delay

Right to Erasure

You can request deletion of your personal data

  • Request complete deletion of your account
  • Remove data no longer necessary for processing
  • Delete data processed unlawfully
  • Some data may be retained for legal obligations

Right to Data Portability

You can receive your data in a portable format

  • Export your data in machine-readable format
  • Transfer data directly to another service
  • Includes data you've provided to us
  • Available for automated processing data only

Right to Restrict Processing

You can limit how we use your personal data

  • Temporarily restrict data processing
  • Contest accuracy while we verify data
  • Oppose deletion and request restriction instead
  • Restricted data is stored but not processed

Right to Object

You can object to certain types of processing

  • Object to direct marketing at any time
  • Object to processing for legitimate interests
  • Object to automated decision-making
  • We must stop unless compelling legitimate grounds exist

Legal Basis for Processing

Consent

You've given clear consent for specific purposes

Contract

Processing is necessary to fulfill our service agreement

Legal Obligation

We must process data to comply with the law

Legitimate Interests

Processing is necessary for our legitimate business interests

International Data Transfers

Standard Contractual Clauses

We use EU-approved contracts for transfers outside the EEA

Adequacy Decisions

Transfers to countries deemed adequate by the EU Commission

Your Consent

Explicit consent for specific international transfers

Data Protection Measures

Technical Measures

  • End-to-end encryption for data transfers
  • Regular security audits and penetration testing
  • Access logging and monitoring

Organizational Measures

  • Privacy by design and default
  • Regular staff training on data protection
  • Data Protection Impact Assessments (DPIAs)

How to Exercise Your Rights

Submit a Request

To exercise any of your GDPR rights, please contact our Data Protection Officer:

Email: dpo@smartycrop.com

What to Include

  • Your full name and account email
  • Specific right(s) you wish to exercise
  • Any relevant details about your request
  • Proof of identity (we may request this for security)

Response Time: We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days, but we'll inform you of any delays and the reasons.

Right to Lodge a Complaint

If you're not satisfied with how we handle your request, you have the right to lodge a complaint with your local supervisory authority. You can find your local authority at edpb.europa.eu