Effective Date: 1 June 2025

Policy Owner: Chief Technology Officer

Revision: Annually

---

Introduction

myAgro is committed to protecting the privacy and personal data of all individuals with whom it interacts, including farmers, employees, partners, and beneficiaries. This policy outlines how myAgro collects, processes, stores, shares, and protects personal data in compliance with the data protection laws of Senegal, Mali, Côte d’Ivoire, other West African jurisdictions where myAgro may operate, and applicable U.S. privacy regulations.

Scope

This policy applies to all personal data collected by myAgro through its operations, systems, and platforms in Senegal, Mali, Côte d’Ivoire, and any other West African country of operation, as well as to any data transferred internationally to or from these countries, including to the United States.

Legal Framework

MyAgro complies with:

Senegal: Law No. 2008-12 on the Protection of Personal Data

Mali: Law No. 2013-015 on Personal Data Protection

Côte d’Ivoire: Law No. 2013-450 on the Protection of Personal Data

ECOWAS Supplementary Act on Personal Data Protection (2010)

United States: Applicable privacy and security requirements for international data transfers, including but not limited to the California Consumer Privacy Act (CCPA) and guidance under the Federal Trade Commission Act

Definitions

We or us, our or ours, or myAgro Farms, a non-profit company incorporated in New York, USA and its foreign branches, subsidiaries and other affiliated entities globally.

You, User means the natural person accessing an myAgro Platform and may include but not be limited to: an employee, a potential or existing client (person who signs up to use or purchase any of our products or services), job applicant, donor, any person browsing an myAgro Platform for any reason.

Data Subject is the individual to whom the personal data relates.

myAgro Platform means website(s), social media (including Facebook, Twitter, Instagram, YouTube), digital/software applications and other online and offline media of communication owned, controlled or otherwise operated by myAgro.

Personal Data is information that can be used to identify an individual. It may include but not be limited to: name, address, phone number, email address, login information (account number/name and password), IP address, location data, personal identification number (ID/passport number, social security number), photos, video footage with your likeness, audio recordings, educational and professional records, and any form of biometrics, health, racial, ethnic, religion, gender-based, sexual preference, age or any other identifying personal data. 

Processing data refers to the actions we can take with Personal Data, including collection, storage, use, transfer, and removal of Personal Data.

Collection and Use of Personal Data

myAgro collects personal data necessary to:

• Deliver services to farmers (e.g., input layaway systems, training, delivery)
• Manage employment and human resources
• Monitor and evaluate program effectiveness
• Comply with legal obligations

Types of data collected may include:

• Information supplied directly by you
  • Website Data: comments you write, uploaded media
  • Registration Data: Information provided when you enroll in myAgro services (name, location, phone number, national ID)
  • Agricultural Data: Farm location, crop preferences, land size, previous harvest information
  • Financial Data: Payment history, mobile money transactions, package purchases
  • Communication Records: Messages, calls, and interactions with myAgro staff
  • Employment records
• Information collected automatically
  • Device Information: Mobile phone model, operating system, app usage data
  • Location Data: GPS coordinates for delivery and service purposes (with your consent)
  • Usage Analytics: How you interact with our mobile applications and services

Legal Basis for Processing

MyAgro processes personal data based on:

• The informed consent of the data subject
• Contractual necessity (e.g., service delivery)
• Compliance with legal obligations
• Legitimate interest (e.g., organizational operations)

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Data Subject Rights

Your Data Rights:

• Right to Access: Request a copy of all personal data we hold about you, including how we use it
• Right to Correction: Ask us to correct inaccurate or incomplete information
• Right to Deletion: Request deletion of your data (except where we must keep it for legal reasons)
• Right to Object: Object to processing for marketing or other non-essential purposes
• Right to Data Portability: Receive your data in a format that can be transferred to another service
• Right to Withdraw Consent: Cancel your consent for data processing at any time

How to Exercise Rights: Contact us using the information in the Contact section. We may ask for identity verification before processing your request.

Data Sharing and Transfers

• Personal data may be shared with myAgro’s headquarters, technical partners, or service providers under data processing agreements.
• Cross-border transfers of personal data will be made only to countries with adequate data protection or with proper authorization from national authorities. Where required under U.S. law, myAgro ensures that such transfers are consistent with international data privacy frameworks and contractual safeguards.

Reasonable Security Measures

MyAgro implements appropriate technical and organizational measures to safeguard personal data, including:

• Password-protected access controls
• Encryption of sensitive information
• Secure storage and backups

Data Retention

Personal data is retained only for as long as necessary for the purpose for which it was collected, unless a longer retention period is required by law.

Data Breach Notification

In case of a personal data breach, MyAgro will notify affected individuals and relevant authorities in accordance with applicable legal requirements.

Contact and Complaints

For questions, concerns, or to exercise your data rights, contact us:

Email: privacy@myagro.org

In Person or Phone: Visit any myAgro field office

N’gaSènè SARL (myAgro Mali)

Faso‑Kanu Magnambougou

Rue 14, Porte 71

Bamako, Mali

Tel: (+223) 76 95 33 20

Sama Mbey (myAgro Senegal)

Grand Standing

Thiès, Thiès Region

Senegal

Tel:  +221 78 600 52 29

Response Timeline: We will respond to your request within 30 days of receipt.

You may also contact your national data protection authority:

• Senegal: Commission des Données Personnelles (CDP)
• Mali: Autorité de Protection des Données à Caractère Personnel (APDP)
• Côte d’Ivoire: Autorité de Protection des Données Personnelles (ARCP)
• Other West African countries: Refer to the national authority, where applicable
• United States: Federal Trade Commission (FTC)

Updates to This Policy

MyAgro may revise this policy periodically. The latest version will always be available on our website and upon request.