VAS PRIVACY POLICY

 

OUR PRIVACY COMMITMENT TO YOU

VAS understands how important your privacy and data ownership are to you. We are committed to protecting the privacy of your data and the information that VAS and you share.

You own your raw producer data.

We will not disclose data or information that could identify you or your business without your express consent. VAS wants you to be informed and to provide the transparency necessary for you to understand how your data is used and how VAS is creating data that you can use to improve your enterprise.

VAS creates value for you through its software by creating computational data, which includes analytics, benchmarking, hosted and other formatted data. VAS owns its computational data and is committed to providing technology to help you focus on making the best decisions for your business and to provide you with new insights about your enterprise. To do that, we need a license to use your raw producer data. And you need a license to use our computational data and technology.

The Privacy Policy makes it clear that VAS cannot do any of the following without your permission:

  • Access your computers
  • Access your system
  • Share your identifiable individualized files with third parties

This Privacy Agreement is part of our commitment to transparency and your data ownership and privacy. It lays out provisions to help you understand the details of your and VAS’s rights and obligations as we work together to improve your enterprise. It covers the following:

  • Security
  • Anonymity: protecting the identity and privacy of customers
  • Rights of natural persons using VAS services and software
  • Use of VAS and customer data
  • Protecting VAS’s system and software
  • Contact information for privacy issues

 

PRIVACY POLICY PROVISIONS

VAS maintains the following Privacy Policy. By using or accessing any VAS product or service, you acknowledge that you accept the policies, protections, and terms outlined in this Privacy Policy. It may be subject to change from time to time. These changes can be found on this website: www.vas.com.

 

Scope: This Privacy Policy governs how Valley Agricultural Software, Inc., and any affiliated companies (“VAS”), treats information you share with VAS. Examples of how you share information with VAS includes inputting information into software or API provided by VAS, providing information to VAS through VAS-provided services, or otherwise provided to VAS—including by sharing information through your use of the VAS website.

 

Definitions: An “Affiliate” is any person (natural or legal) that directly or indirectly controls, is controlled by, or is under common control with Valley Agricultural Software, Inc. A “Value Added Reseller” is any person, natural or legal, that is authorized by VAS to sell software licenses or service subscriptions, typically in countries other than the United States.

 

Cookies: VAS’s websites, services, and software may use “Cookies” to track your activities and preferences and improve functionality. This allows VAS to make the websites, services, and software more responsive to your needs. A web-page server places a Cookie or data file on your hard disk. Programs cannot be run nor can viruses be delivered using the Cookies. You can accept or deny these Cookies. If you deny these Cookies, you may experience some inconvenience in your use of the online services.

 

Browser and Online Services: Certain information is collected by most browsers or automatically through your device when using a browser, such as your Media Access Control (MAC) address, computer type, screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the online services you are using.

 

Security: VAS will take commercially reasonable efforts to secure your personal information—i.e., information that identifies natural persons—from unauthorized access, theft and misuse. Reasonable efforts include encrypting all passwords in the VAS database and sending traffic between VAS controlled systems over encrypted channels. But it is impossible to guarantee that every communication or transmission over the internet is secure. Thus, despite VAS’s reasonable efforts, it cannot guarantee the safety of this personal information. By using VAS’s system, service, or website you agree that VAS will not be held liable for any unauthorized access. You can also help VAS by taking precautions to protect your personal information when you are on the Internet.  Use a strong, unique password and make sure to use a secure web browser.

 

Anonymity: VAS anonymizes data to the extent that it does not interfere with the services VAS or Value Added Resellers provide to you, any obligation VAS has under law, or developing or improving VAS’s products and services. Anonymizing means de-identifying or removing information that would allow anyone, like a third-party service provider, to identify you or your business as the source of data. Examples of how anonymized data may be presented to third-parties is in blind, collated, assembled, aggregated, or bundled reports. VAS, its Affiliates, contractors, and Value Added Resellers will not provide data to others that can identify you or your business without your express written consent or unless required by law; for example, you may authorize VAS to share non-anonymized data with another vendor for the purpose of facilitating services you receive from that vendor.

 

Aggregation: VAS creates aggregate data and information, including agricultural and farming data. This aggregated data and information help us among other things to identify and analyze trends in a specific region, set benchmarks, participate in research and development programs, and improve our products and services. VAS creates aggregated data and information so that no individuals nor their farm and business operations can be identified, and so that none of your specific personal information can be ascertained.

 

Use of Information: Subject to the Anonymity provision above, VAS, its Affiliates, and Value Added Resellers use or may use your information in the following ways: Your information is used to provide and improve the services or products offered, licensed, or provided to you by VAS: this includes data services, farm management and decision support software, precision herd management services and software, as well as VAS integration platforms. VAS will also use your information for internal business purposes. VAS may share your personal identifiable information with third parties only with your consent. VAS does this to provide you with or to improve the products or services offered, licensed, or provided by VAS. VAS may also share anonymized or aggregated farm or computational information—i.e. not personal information of natural persons—with third parties or to use it for other commercial purposes. VAS may provide or disclose your personal information if that disclosure is required by law or governmental order; if VAS is required to do so, as part of an action to seek remedies for a breach of any end-user agreement or contract; if the data is transferred as part of a sale of VAS or a portion of its business; and if VAS believes disclosure is necessary to protect its rights or the personal safety of others.

 

Product Support and Improvement: VAS may use data and information gathered to personalize applications and website content, facilitate your use of VAS application websites (for example, to facilitate navigation and the login process), enhance security, identify software attack patterns, diagnose server problems, avoid duplicate data entry, make product updates, product patches and fixes, improve website quality, calculate usage levels and evaluate page response rates.

 

Third-Party Integrations and APIs: VAS offers its users the opportunity to use and transfer information to third-party service providers within certain VAS applications or platforms. VAS will only do this at your direction and with service providers you have a direct relationship with.

 

Business Acquisition: If VAS goes out of business, enters bankruptcy, or goes through some other change of ownership, your data could be one of the assets transferred to or acquired by a third-party. Even if that happens, this Privacy Policy (including the provisions governing changes to this Privacy Policy) will continue to apply to the use of your data.

 

Data Transmission: VAS may transfer your information, including personal information of natural persons, outside your jurisdiction of residence or outside the European Union. By using VAS software and services, you consent to the transfer, processing, storage and access of information to countries outside of your country of residence. These countries may not have similar data protection laws to those in your country of residence. However, we will always protect your information in accordance with this Privacy Policy wherever it is processed. If European Union data-protection and privacy laws apply to you, then VAS will maintain measures to protect your personal information identifying natural persons in a manner commensurate with those protections required under European Union law.

 

Links Outside VAS: VAS’s website, services, and software might provide links to third-party sites. Third parties may also link to VAS’s website, services, and software. VAS does not make any representations about the privacy policies or content of third-party sites. VAS is not responsible or liable for any third-party policies, acts, or omissions.

 

Updates: This policy may be updated from time to time without prior notice to you to reflect changes in VAS online information practices. For substantial changes, VAS will post a notice or change log on VAS.com that points to this Privacy Policy to notify you. VAS recommends that you regularly return to VAS’s website to stay up to date regarding VAS’s Privacy Policy. When changes are made to this Privacy Policy it will be posted to the website and the “last updated” date at the bottom of this policy will be revised. Any updates are effective immediately upon them being published or otherwise made available on VAS’s website. Your further use of any VAS products or services constitutes your acceptance of the revised Privacy Policy then in effect.

 

If you expressly accept this Privacy Policy as part of any End User Subscription Agreement or End User License Agreement, then any update to this Privacy Policy may be presented to you for acceptance. If you do not accept the update, VAS can—in its sole discretion—choose to either continue to provide services under the previously accepted Privacy Policy or to terminate services and any accompanying End User Subscription Agreement or End User License Agreement.

 

Children’s Privacy: VAS products and services including web-based, online or access from a mobile platform are not directed to individuals under the age of sixteen (16), and VAS requests that you not provide VAS with any of their information or use our products and services.

 

Modifications Based on Local Law: To the extent the laws of a country from which personally identifiable information is collected or in which VAS is operating may prohibit VAS from using and sharing data in a way described in this Privacy Policy, the Privacy Policy shall be deemed modified to be consistent with such local laws.

 

Personal Data: To the greatest extent possible, VAS does not keep or process the personal data of natural persons, except for the purpose of identifying authorized users, providing customer service, customer sales, improving platforms or services, and product development. Any information of this kind is only shared internally with VAS employees and vendors for customer service, product development, customer sales, and verification purposes, unless otherwise authorized, consented, or directed by you. For purposes of this section and the section below, personal data shall mean data that directly identifies you as a customer, not aggregated or anonymized data collected through VAS software for herd management or business purposes.

 

Additional Rights Regarding Personal Data: The following notices and disclosures apply to all natural persons who provide personal data to VAS, i.e., data subjects, who are covered by the EU General Data Protection Regulation (Regulation EU 2016/679):

  • Length of Data Use: Personal data of a data subject is maintained while the data subject or the data subject’s employer is a customer of VAS, and for a reasonable time afterwards to make it easier for VAS to serve the data subject or his or her employer if either re-subscribe to VAS’s services and to contact them about subscription renewal.
  • Use of Data: VAS may process a data subject’s data for the business purpose of providing tools for herd management and other similar farming operations; managing accounts; performing security audits; fixing software issues and improving user experience; and communicating directly with the data subject.
  • Right to Access and Rectification: A data subject has the right to demand access to and the rectification or erasure of personal data, or restriction of processing concerning the data subject, or to object to processing of personal data, as well as the right to data portability.
  • Withdrawal of Consent: A data subject also has the right to withdraw the consent provided by his or her acceptance of this Privacy Policy at any time, without affecting the lawfulness of any data processing based on consent before its withdrawal.
  • Right to Lodge Complaint: A data subject also has the right to lodge a complaint with a supervisory authority regarding VAS’s processing of his or her personal data.
  • Need for Personal Data & Consequences of Withdrawing Consent: The personal data provided by the data subject under this Privacy Policy is required for VAS to perform its obligations under any contract between VAS and the data subject or an employer of the data subject because this information is needed to identify authorized users and provide customer service. A data subject that no longer provides consent or requests erasure of his or her personal data will no longer be able to use VAS services or products because this information is needed to ensure that the data subject is an authorized user.
  • Providing Personal Data to Data Subject: VAS can provide to a data subject—upon request—remote access to a secure system that provides that natural person with direct access to his or her personal data. This type of request will not be fulfilled in way that may adversely affect the rights or freedoms of others, including trade secrets or intellectual property, and, in particular, the copyrights, protecting VAS’s software. Depending on the amount of data that falls within this type of request, VAS may request that, before the information is delivered, the data subject specify the information or processing activities to which his or her request relates.
  • More Information: For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office on rights under the General Data Protection Regulation.
  • Who to Contact: A data subject can use the following email to contact VAS regarding any of the privacy rights provided for or granted under law or under this Privacy Policy: [email protected].

 

Last Updated:  February 26, 2021

 

 

California Privacy Notice Supplement

California law requires that VAS provide you with a summary of your privacy rights under the California Consumer Privacy Act of 2018, as amended (“CCPA”). As required by CCPA, this supplement identifies specific rights regarding certain personal information collected, disclosed and sold by certain businesses. This supplement describes those rights and explains how to exercise them. This supplement does not apply to personal information to which the CCPA does not apply. This supplement applies exclusively to California residents.

Definition: CCPA defines “personally identifiable information” as individually identifiable information about an individual consumer collected online by a corporation from an individual and maintained by the corporation in an accessible form, and may include any of the following: (1) a first and last name; (2) a home or other physical address, including street name and name of a city or town; (3) an email address; (4) a telephone number; (5) a social security number; (6) any other identifier that permits the physical or online contacting of a specific individual; and (7) information concerning a user that the web site collects online from the use, and maintains in personally identifiable form, in combination with an identifier described within this supplement.

Information We Collect

VAS collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer. In particular, VAS has collected the following categories of personal information from consumers within the last twelve (12) months:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. YES
G. Geolocation data. Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. YES
I. Professional or employment-related information. Current or past job history or performance evaluations. NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES

Personal information does not include:

  • Publicly available information from government records.
  • De-identified, anonymized, or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • Personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

VAS obtains the categories of personal information listed above from the following categories of sources:

  • Directly from you. For example, from forms, verbal questions and answers, or online submissions that you have completed and provided to us related to the services you inquire about or engage us to perform.
  • Indirectly from you. For example, through information we collect from our clients, vendors, or third parties in the course of providing services to you.
  • Directly and indirectly from activity on our websites and applications. For example, from submissions through our website portal or website usage details collected automatically.
  • From third-party data processors or business partners to provide data driven market insight.
  • Publicly available data bases.

Use of Personal Information

VAS may use or disclose the personal information we collect, for either itself or its business partners or associations, for one or more of the following business purposes:

  • To fulfill or meet the reason for which the information is provided. For example, if you share your name and contact information while inquiring about our services, requesting information or materials, or ask a question about our products or services, VAS will use that personal information to respond to your inquiry.
  • To provide you with information, products or services that you request from us.
  • To process your requests, transactions, and payments and prevent transactional fraud.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
  • To improve our website and present its contents to you.
  • For testing, research, analysis and product development.
  • As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.

VAS will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you any required notice.

Sharing Personal Information

VAS may disclose your personal information to a third party for a business purpose, only when explicitly consented or authorized by you. In the preceding twelve (12) months, we may have disclosed the following categories of personal information for a business purpose:

Categories:

Category A: Identifiers

Category D: Commercial information

We disclose your personal information for a business purpose to the following categories of third parties:

  • Legal entities established pursuant to the Farm Credit Act of 1971, as amended.
  • Contracts and service providers.
  • Third parties to whom we partner to offer products and services to you.

 

Selling Personal Information

In the preceding twelve (12) months, VAS has not sold any personal information.

Your Rights and Choices: You have the right to request that VAS disclose certain information to you about VAS’ collection and use of your personal information over the past 12 months. Once VAS receives and confirms your verifiable consumer request, VAS will disclose to you:

  • The categories of personal information VAS collected about you;
  • The categories of sources for the personal information VAS collected about you;
  • VAS’ business or commercial purpose for collecting or selling that personal information;
  • The categories of third parties with whom VAS shares that personal information;
  • The specific pieces of personal information VAS collected about you (also called a data portability request); or
  • If VAS sold or disclosed your personal information for a business purpose, two separate lists disclosing (i) sales, identifying the personal information categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights: You have the right to request that VAS delete any of your personal information that VAS collected from you and retained, subject to certain exceptions. Once VAS receives and confirms your verifiable consumer request, VAS will delete (and direct our service providers to delete) your personal information from VAS records, unless an exception applies. VAS may deny your deletion request if retaining the information is necessary for VAS or our service providers to:

  1. Complete the transaction for which VAS collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of VAS’ ongoing business relationship with you, or otherwise perform VAS’ contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with VAS.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights: To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by:

  • Calling us at 559.686.9496;
  • Contacting us via this webpage or emailing us at [email protected]; and/or
  • mail at the following address:

Valley Agricultural Software, Inc.

3950 South K Street

Tulare, California 93274

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom VAS collected personal information or an authorized representative;
  • Describe your request with sufficient detail that allows VAS to properly understand, evaluate, and respond to it.

VAS cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Requests must indicate the type of request and be accompanied by your full name, California residential address and email address (if available). If submitted by your authorized agent, the request must include the same details plus evidence of your written permission to submit a request on your behalf. Making a verifiable consumer request does not require you to create an account with us. VAS will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format: VAS endeavors to respond to a verifiable consumer request within 45 days of its receipt. If VAS requires more time (up to 90 days), VAS will inform you of the reason and extension period in writing. If you have an account with VAS, VAS will deliver its written response to that account. If you do not have an account with VAS, VAS will deliver its written response by mail or electronically, at your option. Any disclosures VAS provides will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response VAS provides will also explain the reasons VAS cannot comply with a request, if applicable. For data portability requests, VAS will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. VAS does not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If VAS determines that the request warrants a fee, VAS will tell you why it made that decision and provide you with a cost estimate before completing your request.

Non-Discrimination: VAS will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, VAS will not:

  • Deny you goods or services;
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services; or
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Last Updated: February 26, 2021