Fynka Privacy Policy

Fynka

Burrus Development Group ("we", "us" or "our") operates the free-of-charge Fynka Application (the "App") and is responsible for collecting, processing and using your personal data in compliance with the applicable data protection law. Your personal data will be included in the database property of Burrus Development Group, located in Plateau de Frontenex 9C, 1223 Geneva, Switzerland. As part of the App we enable you through the various functions to share data with us, with other users and in certain cases with third parties. In particular, we offer the following functions:

- set up of a user account

- household revenue and expense tracker

- programmes of third-party providers

We may add, amend or delete certain functions in the future. When you use our App we may process personal data about you. Personal data in this sense refers to all information relating to an identified or identifiable person. In particular, we may also process your personal data to generate anonymized data about the financials of smallholder farmers and/ or the supply chain of which you are part. When you provide any personal data of a third party, you warrant that you have sufficient authorization from the data subject to share such data with us, and for us to process it in the terms described in this Privacy Policy. Because your trust is important to us, we would like to inform you about what and how we may use personal data. We take the protection of data seriously and ensure appropriate security. We observe the statutory provisions of the Swiss Act on Data Protection ("FADP"), the Ordinance to the Swiss Act on Data Protection ("OFADP"), the Swiss Telecommunications Act ("TCA") and other applicable data pro- tection provisions of Swiss and international law. You can check our Privacy Policy on our App at any time when accessing the account menu, under privacy section. If you have any questions regarding data protection, you can get you in touch with us by sending an email to legal@burrusdevelopment.com

1. Data processing in connection with our App

1.1. What data do we collect when you download and access our App?

When you download our App the following technical data is collected without your intervention and stored by us until automated deletion, as in principle with every download and access of an app:

- the IP address of the requesting device

- the operating system version of your device

- the configuration of the App when using our services

- name of the IP address range and name of the device

- the date and time of your use of our services

- additional statistical information.

The collection and processing of these data are carried out for the purpose of enabling the use of our App (establishing a connection), ensuring system security and stability over the long term and optimising our services as well as for internal statistical purposes. It is within our legitimate interest to process such data for the above-named purposes. Furthermore, by downloading the App, you have consented to the use of such data for the above-named purposes. The collected data may also be used in the event of attacks on the network infrastructure or other unauthorised or abusive use of the App to identify offenders in connection with civil or criminal proceedings. The processing of this information is in our legitimate interest to secure and improve the security of our App. Furthermore, by downloading the App, you have consented to the use of such data for the above-named purposes.

1.2. What data do we automatically collect when you use our App?

When you use our App, we automatically collect certain data required to ensure the usability of the App. In particular: - the time of access. The collection and processing of this data is carried out for the purpose of enabling the use of our App (establishing a connection), ensuring system security and stability over the long term and ensuring a customer friendly use of our App as well as internal statistical purposes. The processing of this personal data for these purposes is within our legitimate interest. The internal ID of your device may also be evaluated together with other data in the event of attacks on the network infrastructure or other unauthorised or abusive use of our website for the purpose of clarification and defence and, if necessary, used within the framework of criminal proceedings for identification and for civil and criminal action against the users concerned. The processing of this information is in our legitimate interest to secure and improve the security of our App accordingly.

1.3. What personal data do we collect when you allow us to send you push notifications or SMS?

You have the possibility to allow push notifications or SMS messages by us to be informed about news and changes to our terms. For this we need the following information:
- telephone number.

We use this information to deliver our communications only if you have consented to receive them. You can unsubscribe from our push notification services at any time.

1.4. What data do we collect to share anonymized data on the financial situation of smallholder farmers and on the sustainability of supply chains?

To generate revenue we share anonymized data and create reports and statistics on the financial situation of smallholder farmers and the sustainability of the supply chain. For this, we collect data that is being processed when you use the different functions and features of the App. In particular, we process the following categories of data:
- personal data (e.g. first name, last name, age etc.)

- information about household members (e.g. first name, gender etc.)

- information about the farm (e.g. location, surface, agricultural production etc.)

- financial information about the user and its household members (e.g. revenues, costs, assets, liabilities, time spent etc).

- information about the buyers (e.g. name, type etc.)

When we share such data and create statistics and reports, we anonymise if possible but at least pseudonymise the personal data, which we use, to protect you. We use this data to fulfil our con- tractual obligations towards our clients and it is in our legitimate interest to collect this data from you to be able to continue offering our functions free of charge to you. For certain categories of data or if the applicable law requires it, we may specifically ask for your consent.

1.5. What are cookies? Do we need cookies?

Cookies help in many ways to make the use of our App easier, more enjoyable and more meaning- ful. Cookies are information files that your web browser automatically saves on your device's hard drive when you visit our App. In particular, we use the following cookies:
- technically necessary cookies

- performance cookies

- functional cookies

We use these cookies, for example, to temporarily store your entries when filling out a form on the App, so that you do not have to repeat the entry when calling up another subpage. Cookies may also be used to identify you as an authorised and registered user after you register on the App, without you having to log in again when you visit another page. Cookies are accepted automatically.

1.6. Do we track your activities on the App?

We may use tracking tools for the purpose of designing and continuously optimising our App to meet your needs. In this context, we also use cookies. The information generated by the cookies about your use of our App is transferred to the servers of the provider of these services, stored there and processed for us. In addition to the data listed in sections 1.1.1. and 1.2., we may receive the following information:
- navigation path of a user

- time spent on the App

- the country, region or city from which access is made

- if you are a recurring or new user

The information is used to evaluate the use of the App, to compile reports on App activity and to provide other services related to the use of the App and the internet for purposes of market research, improving the profit allocation along the supply chain and the need-based design of this App. In addition, this information may be transferred to third parties if this is required by law or if third parties process this data on our behalf.

2. What data do we process when you use our features or interact with us or other users on the App?

To register and use specific functions or features on the App, we require information from you. If a field is mandatory, it is marked with an asterisk when you insert the information. If you do not enter this information, you will not be able to register or use this specific feature or function. You are un- der no obligation to provide us with any information; all information provided by you is voluntary and requires your consent. Note that we may share such information in an anonymised or pseudony- mised form with our clients.

2.1. What data do we collect when you create a user account with us?

You can create a user account on our App through which you can easily access all our functions. To do so we require you to provide us with the following information:
- country of residence

- first name

- last name

- date of birth

- mobile phone number to verify registration information

In addition, you can provide other voluntary information, such as your mobile operator, middle name, gender, and/or a photograph. We use the mandatory information to authenticate you when you log in and to follow up requests to reset your password. The processing of this data is therefore necessary for us to fulfil our pre-contractual and contractual obligations and by agreeing to our terms you consent to us processing this data according to this Privacy Policy. We use voluntary information to display it in the App according to the settings you have made, to offer you the functions you choose to use and to make the information available to other users of the App at your request. The processing of this data is therefore necessary for us to fulfil our pre- contractual and contractual obligations to provide you with the App and you consent to us using the data for the above-described purpose including sharing such data in an anonymised or pseudony- mised form with our clients.

2.2 What personal data is processed when you use our farm and household revenue and expense tracker?

You can use the revenue and expense tracker provided on our App to manage the revenues and expenses of your farm and household as a whole. Please note that this means we may be processing data of other household members; make sure that you are allowed to share such data with us. To provide you with the services of the expense tracker, we in particular process the following information.
- first name

- last name

- your expenses and income

- expenses and income of the other members of the household

The App also requires the following permissions:

- Internet access: This is required in order to save your entries on our server.

- Camera access: This is required to take photos and store them in the App and on our servers.

- Notifications access: This is required to receive alerts in case of forgotten data insertion.

- Geolocation access

- Storage access to choose a photo from the device storage

We use this information and any additional information voluntarily provided by you to provide you with the revenue and expense tracker. The processing of this data is therefore necessary for us to fulfil our pre-contractual and contractual obligations and you consent to us using the data to provide you with this service and to share the data in an anonymised or pseudonymised form with our clients.


2.3. What personal data is processed when you use our program feature?

When using the App, you can view information about sustainability programs offered by third parties and directly register to such programs by using the form provided on the App. We only offer a window to the websites of the program provider; hence, we do not directly process your data ourselves. Note that you share this data with the program provider. For the registration we need the following information:

- first name

- last name

- phone number

The App also requires the following permissions:

- Internet access: This is required to save your entries on our server.

- GPS access: To let the app know your position at a specific date and time to set up your application.

The processing of this data is necessary for the fulfilment of pre-contractual and contractual obligations to join the program and you consent to us using the data to share it in an anonymised or pseudonymised form with our clients.


3. Google Maps

We may use the product of Google Maps Inc. to provide you with location information and detailed information about the location of App users. By using our App you agree to the collection, processing and use of automated data by Google Inc., its agents and third parties. The terms and con- ditions of Google Maps can be found at https://www.google.com/intl/e/help/terms_maps/.

4. Offline system

When you use the App without an internet connection, you are using the offline mode. In this mode you may only use certain features of the App. We offer this mode so that the App may be used in- dependent of your current location and/ or internet availability. To use the offline mode, we offer a secure database within the App, which will store all of the data you enter. When the App detects an available internet connection, it synchronizes your data with our database. The offline system will be used on all or part of the modules that do not require an internet connection, thus simplifying your data insertion process. In particular for the following features:
- household revenue and expense tracker.

5. Storage and exchange of data with third parties Where do we store your data?

We store the data collected with our server host in Geneva, Switzerland. Note that when you are using the App while being offline, your data will be stored on your mobile device. Once you connect with the internet, your data will be synchronised and from then on stored in Geneva.

5.2. How long will my data be kept?

We only store personal data for as long as is necessary to use the above tracking services and described processing activities. Contract data is stored by us for a longer period of time, as this is prescribed by statutory obliga- tions. Obligations to store data may arise out of accounting law, civil law and tax law. According to these laws, business communication, concluded contracts and accounting vouchers must be stored for up to 10 years.

5.3. Will my data be disclosed to other third parties?

Yes, your data may be disclosed to third parties. If you register for a program, the program provider has access to the information you provide. We also use your data in an anonymised or where this is not possible in a pseudonymised manner to share data and generate reports and statistics for us or for third parties with whom we contract. We only disclose your personal data to third parties if you have given prior, express and informed consent, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship. In addition, we may disclose your data to third parties such as our affiliates, collaborators or part- ners such as IT partners and our App developer insofar as this is necessary for the development or the use of the App.

5.4. Do we transfer personal data abroad?

We are entitled to transfer your personal data to third parties abroad for the purpose of the data processing described in this Privacy Policy. You provide your prior, express and informed authorization for us to transfer and transmit your personal data to any country, including the ones that are not considered by the competent authority to have an adequate level of data protection regulation. This transfer and transmission may be per- formed to companies that are related to us or other third party to fulfil our pre-contractual and contractual obligations, execute active and future features and services, as well as any other purposes included in this Privacy Policy. These third parties are bound to protect data to the same extent as we are. If the level of data protection in a country does not correspond to that in Switzerland, the EU, Ivory Coast, Columbia or Costa Rica, we will contractually ensure that the protection of your personal data corresponds to that in Switzerland, the EU, Ivory Coast, Columbia and Costa Rica at all times.

6. Anything else you need to know?


6.1. You have a right of access, of knowledge, to update, of rectification, of deletion, to request evidence of the authorization, to withdraw your consent and to limit the processing as well as of data transferability

You have a right to request information about the personal data that we store about you. In addition, you have a right to correct and update incorrect data and a right to request deletion of your personal data, insofar as there is no legal obligation to retain such data and no legal basis for further processing the existing data. You also have a right to request the data that you have provided to us in a portable form (right to data portability). Upon request, we will transfer your data to a third party of your choice. You have a right to receive the data in a common file format. You have the right to access, delete, request evidence of authorization and opt-out your consent for the processing of your personal data. You can contact us for the aforementioned purposes via the e-mail address legal@burrusdevelopment.com. In order to process your requests, we may request proof of your identity. In many countries, you also have the right to file a complaint with the relevant data protection authority if you have concerns about how we process your data. These rights depend on the applicable data protection legislation and may be either more limited or more comprehensive.

6.3. Is the same protection provided when data is transferred to the USA?
We would like to point out that in the USA there exist surveillance measures by US authorities which generally allow them to get access to all personal data that has been transferred to the USA. This is done without differentiation, limitation or exception based on the objective pursued and with- out any objective criterion that would allow limiting the access to the data and subsequent use thereof by US authorities to very specific, strictly limited purposes that could justify the interference associated both with access to and use of such data. In addition, we would like to point out that in the USA there are no legal remedies available for the persons concerned that would allow them to gain access to the data concerning them and to obtain its correction or deletion, or that there is no effective legal protection against general access rights of US authorities. We explicitly draw your attention to this legal and factual situation to enable an informed decision to consent to the use of your data We would like to point out to users residing in Switzerland or an EU/ EEA member state that the USA does not have an adequate level of data protection, partly due to the issues mentioned above. Insofar as we have explained in this Privacy Policy that recipients of data are based in the USA, we will ensure that your data is protected at an appropriate level by our service providers, either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU-US or Swiss-US Privacy Shield.

6.4. Which law do we apply? And where does the law apply?
This Privacy Policy and the contracts concluded on the basis of or in connection with this Privacy Policy are subject to Swiss law, unless the law of another country is mandatory. The place of jurisdiction shall be Geneva, Switzerland, unless another place of jurisdiction is mandatory.

6.5. What happens if a part of the Privacy Policy is invalid?
Should individual parts of this Privacy Policy be invalid, this shall not affect the validity of the rest of the Privacy Policy. The invalid part of this Privacy Policy shall be replaced in such a way that it comes as close as possible to the economically intended purpose of the invalid part.

6.6. Can this policy be amended?
Due to the further development of our App and offers or changes to the statutory requirements, it may become necessary to amend this Privacy Policy. We will inform you about substantial changes to this Privacy Policy and if necessary ask for your consent to the changes. The most current Privacy Policy is published on our App.