Privacy Policy AgroLink

Privacy Policy for the Agrolink Application

Effective Date: October 5, 2025 Last Updated: October 5, 2025

1. Introduction

1.1. Our Commitment to Privacy

Welcome to Agrolink. At PZ Zlatna polja, sa p.o.(“we,” “us,” “our”), your privacy is fundamental to our business. We are committed to protecting your personal data and being transparent about how we collect, use, and safeguard it. This Privacy Policy is designed to provide you with comprehensive information about our data processing practices, in line with the highest global data protection standards, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our goal is to build trust with our users by giving them control over their data and providing clear, understandable information about how that data contributes to the functionality and improvement of the Agrolink application.

1.2. About Us and This Policy

This Privacy Policy (“Policy”) applies to the “Agrolink” mobile application (“Application” or “Service”), developed and operated by “PZ Zlatna polja, sa p.o.”. For the purposes of applicable data protection laws, PZ Zlatna polja, sa p.o. is the Data Controller for the personal data we collect through the Application.

Full legal name of the Data Controller: PZ Zlatna polja, sa p.o. Registered address: Jovana Bjelica bb, 78000 Banja Luka.

This Policy explains what data we collect, why we collect it, how we use it, with whom we share it, and what your legal rights are concerning your personal data. By using our Application, you acknowledge that you have read and understood this Policy. Identifying the Data Controller is not just a formality; it is a fundamental transparency requirement under GDPR (Article 13) that establishes legal responsibility for protecting your data from the outset.

1.3. Definitions of Key Terms

To ensure complete clarity and intelligibility, a key requirement of the GDPR , we define the key terms used in this Policy:

Personal Data: Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g., IP address, device ID), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. This broad definition includes both data you provide to us directly and data we collect automatically.
Processing: Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
User: “You,” “your,” refers to any natural person who downloads, registers for, or uses the Agrolink Application.
Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. In the context of this Policy, it is PZ Zlatna polja, sa p.o.

2. Data We Collect

To provide you with a functional and personalized service, we collect various types of information. In accordance with the principles of transparency, we detail which categories of data we collect, a key requirement of laws such as the GDPR and CCPA.

2.1. Data You Provide to Us Directly

This is information that you knowingly and actively enter into the Application.

Account Registration Data: When you create an Agrolink account, we ask for basic information necessary for identification and communication, such as your full name, email address, phone number, and password. We may also request your postal address to provide location-based services.
Profile and Farm Data: To make the most of the Application’s features, you can enter more detailed information about your agricultural holding. This includes, but is not limited to: farm name, land size (hectares/acres), primary crop types, soil types, irrigation methods, demographic data, and preferences regarding agricultural inputs.
User-Generated Content: This is the core data you enter while using the Application. It includes all operational data you record, such as crop rotation schedules, records of fertilizer and pesticide applications, yield data, notes, as well as any photos or documents you upload (e.g., photos of crops for disease or pest identification).
Communications with Us: When you contact us via email for customer support, participate in surveys, or otherwise communicate with us, we collect the information you provide, including the content of your messages and your contact details.

2.2. Data We Collect Automatically

When you use our Application, certain information is collected automatically from your mobile device.

Usage Data: We collect information about your interaction with the Application. This includes which features you use, which pages or screens you view, the time spent on them, the sequence of interactions (clicks/taps), and general navigation within the Application. This data helps us understand how our Service is used and how to improve it.
Device Information: We collect technical information about the device you use to access the Application, including: the type of mobile device (e.g., iPhone, Samsung Galaxy), unique device identifiers (e.g., IDFA for iOS, Android Advertising ID), operating system version, IP address, mobile network information, and the type of mobile internet browser.
Crash and Performance Data: In the event that the Application experiences an error or crash, we may automatically collect diagnostic data. This data can include information about the state of the Application and your device at the time of the error, which helps us identify and resolve issues. This information is often collected through third-party services like Firebase Crashlytics.

2.3. Location Data

Location data is crucial for many advanced features in agritechnology. It is important to emphasize that a combination of data such as soil type, yield, fertilizer brand, and precise GPS coordinates can create an extremely valuable and sensitive commercial profile of a farm’s operations. Therefore, we are particularly transparent about the collection of this data.

Precise Geolocation: We may collect precise geolocation data from your device using GPS, Wi-Fi, and cellular network signals. This occurs only with your explicit consent, which is requested via the standard system permission prompt on your operating system when you first use a feature that requires location.
Purpose of Location Collection: Precise location is necessary to provide key features of the Application, such as:
- Mapping the boundaries of your plots.
- Providing hyper-localized weather forecasts and agronomic alerts.
- Geotagging data collected in the field (e.g., the location of a soil sample or disease outbreak).
- Tracking agricultural machinery in real-time.
Your Control: You can enable or disable location services for the Agrolink Application at any time through your mobile device’s settings. Disabling location may limit the functionality of certain parts of the Application.

3. How and Why We Use Your Data (Legal Basis for Processing)

Every personal data processing activity we undertake must be based on a valid legal basis, as required by the GDPR. We do not collect data without a clearly defined purpose. This practice ensures that data is used responsibly and purposefully, and it compels our organization to conduct internal data protection impact assessments, thereby demonstrating a mature and proactive approach to privacy.

3.1. Our Purposes and Legal Bases

Depending on the purpose, we rely on one of the following legal bases for processing your personal data:

Performance of a Contract (Article 6(1)(b) GDPR): Processing is necessary for the performance of a contract to which you are a party (our Terms of Use) or to take steps at your request before entering into a contract. This applies to the core functions of the Application for which you have registered.
PZ Zlatna polja, sa p.o.imate Interest (Article 6(1)(f) GDPR): We process your data when it is in our PZ Zlatna polja, sa p.o.imate interest (or the interest of a third party), provided that your interests and fundamental rights do not override our interests. Our PZ Zlatna polja, sa p.o.imate interests include improving, maintaining, and protecting our Service.
Consent (Article 6(1)(a) GDPR): For certain purposes, such as sending marketing messages, we will rely on your explicit and freely given consent. You have the right to withdraw your consent at any time.
Legal Obligation (Article 6(1)(c) GDPR): We are sometimes legally required to process your data, for example, to comply with a court order or a government request.

3.2. Table of Processing Activities

To provide you with maximum transparency, the table below details the purposes of processing, the categories of data used, and the legal basis we rely on for each activity. Using a table is a best practice for presenting complex information in a clear and understandable manner.

Purpose of Processing	Categories of Personal Data Involved	Legal Basis under GDPR
To provide and manage your account and the core features of the Application	Registration Data; Device Information; Profile and Farm Data.	Performance of a contract (Article 6(1)(b)): This data is necessary for us to fulfill our contractual relationship with you and provide the service you requested.
To personalize your experience (e.g., providing tailored agronomic advice or relevant content)	Usage Data; Profile and Farm Data; User-Generated Content; Location Data.	PZ Zlatna polja, sa p.o.imate interest (Article 6(1)(f)): It is in our PZ Zlatna polja, sa p.o.imate interest to improve our service and make it more relevant and useful to you. For highly personalized features that use more sensitive data, we may rely on your Consent (Article 6(1)(a)).
To communicate with you (including sending service-related notices, security alerts, and responding to support requests)	Registration Data (email, phone); Communications with Us.	Performance of a contract (Article 6(1)(b)) for essential service messages; PZ Zlatna polja, sa p.o.imate interest (Article 6(1)(f)) for responding to your inquiries and providing support.
Marketing and Promotions (To send you marketing communications about new features, promotions, or other news, based on your preferences)	Registration Data (email).	Consent (Article 6(1)(a)): Sending marketing materials is done only if you have given explicit consent (opt-in). This is a key legal distinction from service messages.
For analytics and service improvement (to understand how users interact with our app and to develop new features)	Usage Data; Device Information; Aggregated and anonymized data.	PZ Zlatna polja, sa p.o.imate interest (Article 6(1)(f)): It is in our PZ Zlatna polja, sa p.o.imate interest to analyze the use of our service to improve it and develop our business.
To maintain security, prevent fraud, and enforce our terms of service	Device Information (IP address, ID); Usage Data.	PZ Zlatna polja, sa p.o.imate interest (Article 6(1)(f)): We have a PZ Zlatna polja, sa p.o.imate interest in protecting our platform, users, and intellectual property from abuse.
To comply with legal obligations (such as responding to a subpoena or government request)	All relevant categories of data, depending on the legal requirement.	Legal obligation (Article 6(1)(c)): Processing is necessary to comply with legal obligations to which we are subject.

4. How We Share and Disclose Your Data

Your trust is important to us, which is why we are transparent about with whom and why we share your data.

4.1. General Sharing Policy

Our policy is not to sell your personal data to third parties in the traditional sense of the word (i.e., for monetary compensation). However, it is important to note that laws like the CCPA have a broader definition of “sale” that can include sharing data for other types of value. Your rights in this regard will be explained in detail in Section 6.

4.2. Categories of Recipients

We may share your personal data with the following categories of recipients, and only for the purposes described in this Policy :

Service Providers: We engage third parties (companies and individuals) to perform services on our behalf. These Service Providers gain access to your data only to the extent necessary to perform tasks for us. As the Data Controller, we remain responsible for the protection of your data. Therefore, we have Data Processing Agreements (DPAs) with all Service Providers that oblige them to maintain data confidentiality, apply appropriate security measures, and use the data exclusively for the purposes we have defined. Examples include:
- Cloud hosting and infrastructure providers (e.g., Amazon Web Services, Google Cloud Platform) for storing our data.
- Analytics service providers (e.g., Google Analytics for Firebase) for analyzing Application usage.
- Customer support platform providers for managing your inquiries.
- Email and communication service providers for sending service and marketing messages.
Legal Obligations and Protection of Rights: We may disclose your data if we are legally required to do so (e.g., in response to a court order, subpoena, or other legal process) or if we believe in good faith that such disclosure is necessary to: (a) comply with the law; (b) protect our rights, property, or safety; (c) protect your safety or the safety of others; (d) investigate fraud.
Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your data may be transferred as part of that transaction. In such a case, we will notify you via email and/or a prominent notice in the Application of any change in ownership or use of your personal data, as well as any choices you may have regarding it.
Aggregated and Anonymized Data: We may share aggregated or anonymized data with partners for research, industry analysis, demographic profiling, and other business purposes. This data is processed in a way that an individual cannot be reasonably identified from it. We take technical and procedural steps to ensure this data cannot be re-linked to you.

5. Data Retention and Deletion

Our data retention policy is based on the “storage limitation” principle from the GDPR, which means we keep personal data only for as long as necessary for the purposes for which it was collected. Establishing a clear retention schedule is not only a legal obligation but also a key risk management practice that minimizes our “data exposure” and reduces potential harm in the event of a data breach.

5.1. Retention Period

Instead of vague terms like “a reasonable time,” we define specific retention periods based on the category and purpose of the data:

Account Data: We retain your registration and profile data as long as you have an active Agrolink account. After you deactivate your account, we will retain this data for a period of 90 days to allow for easy reactivation. After this period, the data will be permanently deleted or anonymized, unless we are legally required to keep it longer (e.g., for tax or accounting purposes).
Usage and Analytics Data: Automatically collected information used for analytics is stored in an identifiable form for up to 24 months. After this period, the data is either permanently deleted or aggregated and anonymized so that it can no longer be linked to you.
Backup Archives: Please note that after you request deletion, your data may remain in our secure backup archives for a limited period (e.g., an additional 30 days). This data is isolated from production systems, is not used for any other purpose, and will be overwritten in accordance with our backup cycle. This practice ensures business continuity while managing your expectations about immediate deletion.

5.2. Data Deletion

You have the right to request the deletion of your account and associated personal data. Detailed instructions on how to submit an account deletion request can be found in Section 6 (Your Data Protection Rights). Once we receive and verify your request, we will take steps to delete your data from our active systems in accordance with the retention periods stated above.

6. Your Data Protection Rights

Providing users with clear and actionable rights is not just a legal obligation but also a key element in building trust and can be a competitive advantage. We believe your ability to control your data is a fundamental right.

6.1. How to Exercise Your Rights

To exercise any of the rights listed below, please send us a request via email to the address provided in Section 11 (“How to Contact Us”). To protect your privacy and security, we may ask you to verify your identity before responding to your request. We will respond to your request within the legally prescribed timeframe, which under the GDPR is one month from receipt of the request.

6.2. Rights for Users in the European Economic Area (EEA), UK, and Switzerland

If you are a resident of the EEA, the United Kingdom, or Switzerland, you have the following rights under the GDPR :

Right of Access: You have the right to request and receive a copy of the personal data we hold about you.
Right to Rectification: You have the right to request the correction of inaccurate or the completion of incomplete personal data.
Right to Erasure (‘Right to be Forgotten’): You have the right to request the deletion of your personal data under certain conditions (e.g., if the data is no longer necessary for the purposes for which it was collected).
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain situations (e.g., while the accuracy of the data is being verified).
Right to Data Portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit that data to another controller without hindrance from us.
Right to Object: You have the right to object to the processing of your personal data that is based on our PZ Zlatna polja, sa p.o.imate interests. Following an objection, we will no longer process your data unless we can demonstrate compelling PZ Zlatna polja, sa p.o.imate grounds for the processing which override your interests, rights, and freedoms.
Right to Withdraw Consent: If processing is based on your consent (e.g., for marketing), you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a data protection supervisory authority in your country of residence if you believe that our processing of your personal data violates applicable laws.

6.3. Rights for California Residents

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) :

Right to Know: You have the right to request that we disclose what categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting, selling, or sharing it, and the categories of third parties to whom we have disclosed your information.
Right to Delete: You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.
Right to Opt-Out of Sale/Sharing: You have the right to direct us not to “sell” or “share” your personal information. You can exercise this right by sending a request to our privacy email address.
Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of your rights under the CCPA. This means we will not deny you goods or services, charge you different prices, or provide a different level or quality of services.
Right to Correct: You have the right to request that we correct inaccurate personal information we hold about you.
Right to Limit Use of Sensitive Personal Information: If we collect sensitive personal information (e.g., precise geolocation), you have the right to limit our use and disclosure of that data to only those purposes necessary to provide the services.

7. Data Security

Protecting your data is our priority. In the context of agritechnology, we are aware that farm data represents a valuable business asset, the breach of which can have serious commercial consequences. Therefore, we apply a multi-layered security approach to protect your information from unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

Technical Measures:
- Encryption: We use industry-standard encryption (TLS/SSL) to protect data during transmission between your Application and our servers. Data is also encrypted at rest on our servers.
- Network Security: We use firewalls, intrusion detection systems, and other network security measures to prevent unauthorized access to our systems.
Organizational Measures:
- Access Control: We implement strict access control policies based on the principle of least privilege. This means that only authorized employees and contractors have access to your personal data, and only to the extent necessary to perform their job duties.
- Employee Training: We conduct regular training on data protection and security practices for all our employees to raise awareness of the importance of protecting personal data.
Procedural Measures:
- Incident Management: We have an established incident response plan to act quickly and effectively in the event of a data breach, including notifying the relevant authorities and affected individuals in accordance with legal obligations.
- Regular Assessments: We periodically conduct security risk assessments and vulnerability testing to proactively identify and address potential weaknesses.

Although we take all reasonable and commercially acceptable measures to protect your data, it is important to note that no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

8. International Data Transfers

PZ Zlatna polja, sa p.o. operates globally, which means your personal data may be transferred to, stored, and processed in countries outside of your residence, including countries outside the European Economic Area (EEA) that may not have the same level of data protection laws. The use of global cloud providers makes cross-border data transfers a technical reality. Acknowledging this complexity and specifying the legal mechanisms we use demonstrates our commitment to upholding the strictest global privacy standards.

When we transfer your personal data from the EEA to countries that the European Commission has not deemed to have an adequate level of protection (such as the United States), we rely on appropriate safeguards to ensure your data remains protected. The primary mechanism we use is the Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses impose contractual obligations on the data recipient to protect your data in accordance with GDPR standards.

9. Children’s Privacy

Our Service is not intended for or directed at individuals under the age of 16. This is in line with the GDPR standard, which is stricter than many national laws that set the age limit at 13.

We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16 without verified parental or guardian consent, we will take immediate steps to delete that information from our servers.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at the email address provided in Section 11 so that we can take the necessary actions.

10. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other reasons.

When we make changes, we will update the “Last Updated” date at the top of this Policy. If the changes are material, we will provide you with more prominent notice in a manner we deem appropriate, such as a notification within the Application or by sending an email to the address associated with your account. This proactive communication is a best practice that ensures you are always informed about how we protect your privacy.

We encourage you to review this Policy regularly to stay informed about our data protection practices. Your continued use of the Application after the changes take effect will be deemed acceptance of those changes.

11. How to Contact Us

If you have any questions, comments, or concerns regarding this Privacy Policy, or if you wish to exercise your data protection rights, please contact us. Providing clear and accessible communication channels is key to our accountability and your ability to manage your data.

Please direct all privacy-related inquiries to the following contacts:

Full legal company name: PZ Zlatna polja, sa p.o.

Email address for privacy questions: For all inquiries, including requests to exercise your rights, please use our dedicated email address: info@legitmedia.net