Privacy Policy
Introduction
Welcome to our informative website about Fermata, a data science company developing computer vision solutions for both controlled environment agriculture and outdoor environment (the “Website”).
This Privacy Policy (“Policy”) explains how information about you is collected and used by the Website, which is developed and operated by Fermatagro Technology LTD. (“we”, “us”, “our”).
We are committed to complying with applicable data protection laws, including the EU and the UK General Data Protection Regulation (GDPR), and the California Privacy Rights Act (CPRA) and the Canadian Standards Association’s Model Code for the Protection of Personal Information and Canada’s Personal Information Protection and Electronic Documents Act.
The Website is not directed to website visitors under the age of 18. We do not knowingly collect information or data from children under the age of 18 or knowingly allow minors under the age of 18 to use the Website.
This Policy may be amended from time to time. We will post any change to this Policy on our Website at a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes if we have your email address.
Contact us
If you have any questions, comments or concerns regarding this Policy or our processing of your personal information, please contact us at info@fermata.tech.
What we collect and why
| Scenario | Purposes | Categories of information processed |
|---|---|---|
| Contacting us with an inquiry, booking a demo with us, providing us with feedback and reviews through our email or our online contact form | Responding to your inquiry, demo request and our business development. Responding to your feedback and reviews, our business development. | Your full name, email address, role in the company, the subject of your inquiry and the text of your message. You may also optionally provide your company name, country/region and phone number. |
| Use of cookies on the Website | Facilitate a Website feature that the user specifically requested, analyze the Website usage to evaluate and improve its performance, improve user experience on the Website, inform and serve personalized ads more relevant to user interests. | IP address from which you access the Website, time and date of access, type of device and browser used, language used, links clicked via a mouse or a touch screen, and actions taken while using the Website. |
Methods and sources for collecting your personal information
We collect the personal information from several sources:
- when provided to us directly through our email or online contact form;
- from our service providers helping us to operate the Website;
- through the device you use to access our Website, including through third party cookies and analytics tools, such as Google Analytics, YouTube, Bing, HubSpot and other internal analytics services.
You do not have a legal obligation to provide the information that we request. However, if you choose not to provide this information to us, we may not be able to process your feedback, respond to your inquiry or demo request, and you may not be able to use some of our Website functionalities.
Sharing your personal information
We will not share your information with third parties, except in the events listed below or when you provide us with your explicit and informed consent.
| Scenario | Purposes | Examples of third parties involved |
|---|---|---|
| We will share your information with our service providers who assist us with the internal operations of the Website. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes. | Operating the Website and our business. | AWS, Cloudflare. Subject to the following additional policies: https://aws.amazon.com/privacy/ and https://www.cloudflare.com/privacypolicy/. |
| If you abused your rights to use the Website or violated any applicable law while doing business with us. | Responding to, handling, and mitigating suspected violations of law in connection with our business. | Competent authorities, legal counsels, and advisors. |
| If a judicial, governmental, or regulatory authority requires us to disclose your information. | Complying with a binding request from a competent authority. | Competent authorities. |
| If the operation of the Website or our business is organized within a different framework, or through another legal structure or entity. | Enabling a structural change in the operation of the Website and our business. | The target entity of the merger or acquisition, legal counsels, and advisors. |
Data retention and security
We retain your information for as long as needed to operate the Website, and thereafter as needed for record-keeping matters.
We will retain your information for as long as needed to operate the Website. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements. The overall period of retention is approximately 7 years.
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.
Additional information for individuals in the EU or UK
Controller, GDPR and UK representatives
Fermatagro Technology LTD. is the data controller of the personal information collected via the Website.
| Role | Name | Address |
|---|---|---|
| UK GDPR Representative | Fermatagro Technology LTD. | Koumantarias & Spyrou Araouzou, Tonia Court II, 7th Floor, 3036 Limassol, Cyprus |
International data transfers
To facilitate processing your information through the Website and by our service providers, we will transfer your information to countries outside the EU or the UK. We do so only to countries which are recognized by the European Commission as having adequate protection for personal data, or under the terms of a data transfer agreement which contains standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.
Legal basis for processing your personal data
| Purpose or scenario | Legal basis |
|---|---|
| Responding to your inquiry, demo request or feedback and reviews | Our legitimate interest in responding to your inquiry, demo request, feedback or review and our business development. Our legitimate interest in developing and enhancing our business and the Website. |
| Necessary cookies | Our legitimate interests in providing you with the Website. |
| Analytics, marketing and performance cookies | Consent. |
| Responding to, handling, and mitigating suspected violations of law in connection with our business | Legitimate interests in defending and enforcing against violations and breaches that are harmful to our business. |
| Complying with a binding request from a competent authority | Legitimate interests in complying with mandatory legal requirements imposed on us. |
| Enabling a structural change in the operation of the Website and our business | Legitimate interests in our business continuity. |
Data subject rights
If you are in the EU or the UK, you have the following rights under the GDPR:
- Right to Access and receive a copy of your personal information that we process.
- Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.
- Right to easily and at any time withdraw your consent to the use of non-essential cookies on our Website. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to Data Portability, that is, to receive the personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your personal information transmitted directly from us to the person or entity you designate.
- Right to Object to our processing of your personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such personal information for the establishment, exercise, or defense of legal claims.
- Right to Restrict us from processing your personal information (except for storing it): (a) if you contest the accuracy of the personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the personal information rather than requiring the deletion of such data by us; (c) if we no longer need the personal information for the purposes outlined in this Policy, but you require the personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).
- Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your personal information. However, notwithstanding such request, we may still process your personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims.
If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.
When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with the information that you have asked for, we will explain the reason.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority in the Member State of your residence, place of work or place of alleged infringement of the GDPR. If you are in the UK, you can lodge a complaint with the Information Commissioner’s Office (ICO).
Additional information for individuals in California
If you are an individual residing in California, we provide you with the following information pursuant to the California Privacy Rights Act (CPRA). This is also the information we have collected in the past 12 months.
Personal information we collect
| Categories of personal information | Specific types collected | Source of information |
|---|---|---|
| Identifiers | Real name, IP address and email address. | The consumer themselves. |
| Other personal information that identifies, relates to, describes, or is capable of being associated with, a particular individual | Telephone number. | The consumer themselves. |
| Internet or other electronic network activity information | Internet or other electronic network activity information. | The consumer’s device. |
| Geolocation data | Country/region (optional). | The consumer themselves. |
| Professional or employment-related information | Company name, role. | The consumer themselves. |
Business purposes for which the personal information is used
The following are the business or commercial purposes for which we use each category of personal information (Identifiers; other personal information that identifies an individual; internet or other electronic network activity information; geolocation data; professional or employment-related information). Details about the information we collect for each category are provided in the table above, and more details about business or commercial purposes are provided in the section titled “What we collect and why”.
- Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
- Helping to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for these purposes.
- Debugging to identify and repair errors that impair existing intended functionality.
- Short-term, transient use, including, but not limited to, nonpersonalized advertising shown as part of a consumer’s current interaction with the business, provided that the consumer’s personal information is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer’s experience outside the current interaction with the business.
- Undertaking internal research for technological development and demonstration.
- Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
Sharing and disclosing to third parties
The chart below explains the personal information we disclosed in the preceding 12 months. It also explains the personal information we shared for online behaviorally targeted ads in the preceding 12 months. Other than this, we have not disclosed your personal information for a business purpose in the preceding 12 months.
We do not have actual knowledge that we share the personal information of consumers under 18 years of age for online behaviorally targeted ads, or that we sell personal information of consumers under 18.
| Categories of personal information | Third parties to whom we disclose, and the business or commercial purpose |
|---|---|
| Identifiers; other personal information that identifies an individual; internet or other electronic network activity information; geolocation data; professional or employment-related information; inferences | Competent authorities, legal counsels, and advisors if you abused your rights to use the Website or violated any applicable law in the course of doing business with us. Judicial, governmental, or regulatory authority if they require us to disclose your information. Target entity of the merger or acquisition, legal counsels, and advisors if the operation of the Website or our business is organized within a different framework, or through another legal structure or entity. |
| Internet or other electronic network activity information; inferences | Sharing with advertising networks for online behaviorally targeted ads. |
Your rights if you are a resident of California
Notice of the right to opt-out using the opt-out preference signal
You have a right to opt-out of sharing your personal information for behavioral targeted ads. You can exercise this right by using the opt-out preference signal.
We process the opt-out preference signal if it is sent by your browser in accordance with the “Global Privacy Control”. For more information on how to install and implement the Global Privacy Control, please visit https://globalprivacycontrol.org/#download.
If you turn on this Global Privacy Control in your browser, we will receive the signal, process it in a frictionless manner, and treat it as a request to opt-out of the use of your personal information for behavioral-targeted ads. The opt-out request is specific to the browser in which you have it turned on. It is effective as an opt-out request only while you use that browser to visit our Website.
Knowing the personal information we collect about you
You have the right to know:
- The categories of personal information we have collected about you.
- The categories of sources from which the personal information is collected.
- Our business purpose for collecting personal information.
- The categories of third parties with whom we share personal information, if any.
- The specific pieces of personal information we have collected about you.
Right to delete personal data provided by or obtained about you
Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
- Delete your personal information from our records; and
- Direct any service providers to delete your personal information from their records.
Please note that we may not delete your personal information if it is necessary to:
- Perform a contract between you and the Client.
- Help to ensure security and integrity to the extent the use of the consumer’s personal information is reasonably necessary and proportionate for those purposes.
- Debug to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law.
- Comply with the CPRA.
- Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with the Client and compatible with the context in which you provided the information.
- Comply with an existing legal obligation.
We also will deny your request to delete if it proves impossible or involves disproportionate effort, or if another exception to the CPRA applies. We will provide you a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot comply with the request to delete your information.
Right to correct inaccurate personal information
If we receive a verifiable request from you to correct your information and we determine the accuracy of the corrected information you provide, we will correct inaccurate personal information that we maintain about you.
In determining the accuracy of the personal information that is the subject of your request to correct, we will consider the totality of the circumstances relating to the contested personal information. We also may require that you provide documentation if we believe it is necessary to rebut our own documentation that the personal information is accurate.
We may deny your request to correct in the following cases:
- We have a good-faith, reasonable, and documented belief that your request to correct is fraudulent or abusive.
- We determine that the contested personal information is more likely than not accurate based on the totality of the circumstances.
- Conflict with federal or state law.
- Other exception to the CPRA.
- Inadequacy in the required documentation.
- Compliance proves impossible or involves disproportionate effort.
We will provide you a detailed explanation that includes enough facts to give you a meaningful understanding as to why we cannot comply with the request to correct your information.
Protection against discrimination for exercising these rights
You have the right to not be discriminated by us for exercising the rights granted to you under applicable law. If you exercise your rights, we cannot:
- Deny you services.
- Charge different prices or fees for services, also through discounts, benefits, or fines.
- Provide you a different level or quality of services.
- Propose that you receive different prices or tariffs for services.
Please note that we may charge a different fee or provide a different level or quality of services, if the difference is reasonably related to the value we gain from your personal information.
Exercising your rights by yourself or through an authorized agent
If you would like to exercise any of your CPRA rights as described in this Policy, please contact us by e-mail at info@fermata.tech.
We will ask you for additional information to confirm your identity and for security purposes, before disclosing the personal data you requested, by using a two or three points of data verification process, depending on the type of information you require and the nature of your request.
You may also designate an authorized agent to make a request on your behalf. To do so, you need to provide the authorized agent with written permission, and the agent will need to submit proof that they have been authorized by you. We will also require that you verify your own identity.
Our response to your requests
We will respond to your requests within 45 days (or within 90 days, where the law permits, and we determine it necessary considering the complexity and number of the requests you have filed). If we take longer than 45 days, we will inform you of the extension within the initial forty-five-day response period, together with the reason for the extension.
We may deny your request in the following cases:
- If we believe in good faith, based on reasons which are documented in writing, that your request is fraudulent or is an abuse of your rights under applicable law.
- If we conclude that the request is irrelevant, based on all the circumstances at issue.
- If it is contrary to federal or state law.
- Due to discrepancy in the required documentation.
- If the fulfilment of your request turns out to be impossible or involves disproportionate effort.
We will provide you with a detailed explanation including sufficient facts, to enable you to meaningfully understand why we cannot fulfil your request.
Do Not Track
We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personal data about a user’s online activities over time and across third-party websites or online services.