Phito Stories logo

Phito Stories | Episode 5

Days
Hrs
Min
Sec
Watch Episode

App Privacy Policy

Last updated: 16 February 2026

This Privacy Policy explains how SmartFarming B.V. (“we”, “us”, or “our”) collects, uses, and protects personal data when you use the Phito App mobile application (the “App”).

This App is made available to users in Spain, Portugal, Romania, Hungary, Albania, Italy, Aruba, and Bonaire (Caribbean Netherlands).

We are committed to processing personal data in accordance with:

  • The EU General Data Protection Regulation (EU) 2016/679 (“GDPR”)
  • Applicable national data protection laws
  • Applicable laws in Aruba and the Caribbean Netherlands

1. Data Controller

Company Name: SmartFarming B.V.
Registered Address: Bevrijdingsstraat 38, 6703 AA Wageningen, The Netherlands
Email: info[at]smartfarmingtech.com

If required under applicable law, our Data Protection Officer (DPO) can be contacted at: info[at]smartfarmingtech.com

2. Personal Data We Collect

We may collect and process the following categories of data:

2.1 Account Information (if applicable)

  • Name or username
  • Email address
  • Login credentials (encrypted)

2.2 Usage and Behavioural Data

  • In-app interactions
  • Features used
  • Content preferences
  • Time spent in the App
  • Navigation patterns
  • Engagement with alerts or notifications

2.3 Device and Technical Data

  • Device type and operating system
  • App version
  • Anonymous device identifiers
  • Log data (e.g., crashes, performance data)

2.4 Communications

  • Messages sent to support
  • Feedback submitted through the App

We do not intentionally collect special categories of personal data unless explicitly stated.

3. Purposes of Processing

We process personal data for the following purposes:

  • To provide and operate the App
  • To personalise content
  • To provide customised alerts and notifications
  • To analyse usage and improve user experience
  • To ensure security and prevent misuse
  • To comply with legal obligations

We do not sell personal data and do not use personal data for advertising or commercial resale.

4. Legal Bases for Processing (GDPR)

Under GDPR, we rely on the following legal bases:

  • Performance of a contract (Article 6(1)(b)) – to provide core App functionality, including account management and delivery of core services.
  • Legitimate interests (Article 6(1)(f)) – to ensure security, prevent misuse, maintain system integrity, and operate crash reporting, provided these interests are not overridden by your rights.
  • Consent (Article 6(1)(a)) – for behavioural analytics and personalisation using Firebase Analytics.
  • Legal obligation (Article 6(1)(c)) – where processing is required by law.

Where processing is based on consent:

  • Analytics technologies will not be activated until you provide consent.
  • You may withdraw consent at any time via the App settings.
  • Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

5. Analytics 

5.1 Firebase Analytics

We use Google Firebase Analytics to understand how users interact with the App and to tailor content and alerts.

Analytics data may include:

  • In-app behaviour and interaction data
  • User identifiers associated with your account
  • Device and technical information

Firebase Analytics is only activated after you provide consent.

Google acts as a data processor under a data processing agreement incorporating Standard Contractual Clauses (SCCs) where required.

6. Data Sharing

We may share personal data with:

  • Google Firebase (Analytics)
  • Hosting and cloud infrastructure providers located in the European Union
  • IT and technical support providers
  • Legal or regulatory authorities where required

All service providers are bound by contractual data protection obligations and act as data processors on our behalf.

We do not sell or rent personal data and do not use personal data for advertising purposes.

7. International Data Transfers

Some of our service providers, including Google Firebase, may process data outside the European Economic Area (EEA).

Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Supplementary technical and organisational safeguards where required

Although our primary hosting infrastructure is located in the European Union, certain analytics or support operations may involve international data access.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy.

Specifically:

  • Analytics data linked to user accounts is retained for up to 14 months.
  • Crash reports are retained for up to 12 months.
  • Account data is retained for as long as your account remains active.
  • Upon account deletion, associated personal data will be deleted or anonymised, unless retention is required by law.

Aggregated or anonymised statistical data that no longer identifies users may be retained for longer periods.

We periodically review stored data and securely delete or anonymise data that is no longer necessary.

9. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption where appropriate
  • Access controls
  • Secure hosting environments
  • Monitoring and logging

However, no system is completely secure.

10. Your Rights Under GDPR

If you are located in the EU or in a jurisdiction applying similar protections, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase personal data (“right to be forgotten”)
  • Restrict processing
  • Object to processing based on legitimate interests
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact us at: info[at]smartfarmingtech.com

11. Children’s Privacy

The App is not intended for children under 16 years of age unless permitted by local law and with appropriate parental consent.

If we become aware that personal data has been collected from a child without appropriate legal basis, we will take steps to delete it.

12. Automated Decision-Making

We do not carry out fully automated decision-making that produces legal or similarly significant effects on users.

Personalisation of content does not constitute automated decision-making within the meaning of Article 22 GDPR.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the App or other appropriate means.

14. Contact

If you have questions about this Privacy Policy or our data practices, please contact:

Email: info[at]smartfarmingtech.com