Hosting and Storage Icon

This document is intended to provide a boilerplate agreement between land stewards and/or trusted advisers and the data service providers. Land stewards and/or their trusted advisors act as data controllers, originators, stewards or their proxies, while data service providers are those that host or store agricultural data. Service providers are the signatories to this agreement and are the party referred to as “we, us, or our” throughout the document. Land stewards and/or trusted advisers are referred to as “users” throughout the document.

Preamble

Service Providers are required under this agreement to achieve and maintain a standard for hosting, storing, and securing sensitive data and agricultural information. As is consistent across all of OpenTEAM’s data use agreements, data hosts and storage providers in our ecosystem must agree to ensure that land stewards and their proxies are assured that service providers are upholding their data rights.

OpenTEAM’s Data Hosting and Storage Agreement follows the 8 primary principles of OpenTEAM’s Agriculturalists’ Bill of Data Rights:

  1. Ownership and Sovereignty*
  2. Privacy and Security
  3. Access and Use
  4. Portability
  5. Erasure
  6. Transparency and Informed Consent
  7. Benefit*
  8. Correction

*Note: Principles of Ownership and Sovereignty, and Benefit are covered within conditional data use agreements.

This document establishes a framework for appropriate measures for hosting and storing confidential data. Service Providers agree to the terms of this document, which is intended to be paired with relevant conditional data use and proxy agreements to allow users to manage and assign ownership, sovereignty and benefits.

I. Control & Use

Rights Maintained: Ownership & Sovereignty; Transparency & Informed Consent

Identity

While using the data hosting service, a user will be required to provide verifiable unique identifiers such as an address, mobile phone number, or verified email address. These identifiers will enable a user’s secure retrieval and future portability and transfer of data rights, through conditional use and proxy agreements.

Usage Data

Usage Data is collected automatically when using the Service only for monitoring, maintaining, and optimizing the service and providing metrics back to the users. This monitoring is required for invoicing for data storage and computational cycles.

Usage Data may include information such as a user’s device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of the Service that a user visits, the time and date of a visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When the user accesses the Service by or through a mobile device, the service provider may automatically collect information for ID verification, including, but not limited to, the type of mobile device used to access the service, a mobile device’s unique ID, the IP address of a mobile device, a mobile operating system, the type of mobile Internet browser used, unique device identifiers, and other diagnostic data.

Data Sharing

We will not share a user’s data except for the purposes outlined in conditional data use agreements or as required by law.

II. Processing and Security

Rights Maintained: Transparency & Informed Consent; Erasure; Portability; Correction

Best management practices for hardware and software security are implemented as outlined in current standard operating procedures and/or best management practices document which is available upon request. These conditions have been audited by [ third party certification ]. While reasonable steps will be taken to ensure data security, no method of transmission over the internet or method of electronic storage is 100% secure.

Data Processing

We only have access to data through the terms set out under this agreement.

  • To manage user requests: To attend and manage user requests to us.
  • For business transfers: wer may use a user's information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets,
  • To provide and maintain the service, including to monitor the usage of the Service.
  • To manage a user’s account: to manage a user's registration as a user of the Service. The Data a user provides can give the user access to different functionalities of the Service that are available to a registered user.

Data Retention

The Service Provider will retain data only for as long as is necessary for the purposes set out in this Use Agreement. The Service Provider will retain and use data to the extent necessary to comply with its legal obligations (for example, if the Service Provider is required to retain data to comply with applicable laws), resolve disputes, and enforce its legal agreements and policies.

The Service Provider will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Service, or the Service Provider is legally obligated to retain this data for longer time periods.

All user data are either mirrored or backed up on a specified frequency and are therefore recoverable and portable for an agreed-upon term of not less than five years, unless data has been transferred out of the system and the user has opted for erasure.

Data Transfer

The user's information, including data, is processed at the Service Provider's hosting locations and in any other places where the parties involved in the processing are located. This means that this information may be transferred to — and maintained on — computers outside the user's state, province, country, or other governmental jurisdiction where the data protection laws may differ from the user's.

The service provider will take all reasonable steps to ensure that data is treated securely and in accordance with this Agreement. No transfer of data will take place to an organization or a country unless there are adequate controls in place including the security of data and other information.

III. Disclosure

Rights Maintained: Transparency & Informed Consent

Business Transactions

If the Service Provider is involved in a merger, acquisition, or asset sale, data may be transferred. Data cannot be transferred in a business transaction unless the transferee accepts the obligations defined in this Agreement. The Service Provider will provide at least 60 days advance written notice and the opportunity to opt-in or opt-out before data is transferred and the Agreement is assumed by a new entity.

Third-Party Services

The Service Provider may use third-party service providers to monitor, analyze, or interoperate with the service. The Service Provider requires all third-party service providers to follow the same levels of protection defined under this agreement.

Payments

The Service Provider may use third-party services for payment processing (e.g. payment processors).

The Service Provider will not store or collect the user's payment card details. That information is provided directly to its third-party payment processors whose use of the user's information is governed by their use agreement. All payment processors must adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

IV. Exercising of Data Protection Rights

Rights Maintained: Erasure, Access and Use, Correction The user may exercise the user's rights of access, use, erasure, and correction by contacting the Service Provider. Please note that the Service Provider must ask the user to verify the user's identity before responding to such requests. If the user makes a request, the Service Provider will follow a best efforts process to assure timely responses [specify a defined response time here]

V. Law enforcement and Legal Requirements

Rights Maintained: Privacy & Security; Transparency & Informed Consent

Under certain circumstances, the Service Provider may be required to disclose data by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other Legal Requirements

    The Service Provider may disclose data in good faith if such action is necessary to:

    • Comply with a legal obligation
    • Prevent or investigate possible wrongdoing in connection with the Service
    • Protect the safety of users of the Service or the public
    • Protect against legal liability

    Changes to this Boilerplate Agreement

    This boilerplate which is intended to be customized by the parties to the agreement is governed through an annual versioning process - which can be tracked here. The Service Provider is a signatory to this process - so any changes to its version and signature can be monitored through the following site. Changes to this boilerplate agreement are effective when posted on this page.

    Contact Us

    If the user has any questions about this agreement, the user can contact us: By visiting this page on the Service Provider site: [The service provider SITE_CONTACT_PAGE_URL] By sending us an email: [The service provider SITE_CONTACT_EMAIL]

    *[Accessible (FAIR Principle)]: There should be clear means of viewing and using data, metadata, or infrastructure of interest. 'Accessible' is a key component of the FAIR Data Principles. *[accessible (FAIR Principle)]: There should be clear means of viewing and using data, metadata, or infrastructure of interest. 'Accessible' is a key component of the FAIR Data Principles. *[Accountable]: All parties involved in the collection, storage, and use of agricultural data must be held responsible for their engagement in data management and be subject to appropriate regulation and oversight. If data is found to be incorrect or misleading, reasonable steps are taken to correct it. *[accountable]: All parties involved in the collection, storage, and use of agricultural data must be held responsible for their engagement in data management and be subject to appropriate regulation and oversight. If data is found to be incorrect or misleading, reasonable steps are taken to correct it. *[Accuracy]: Ensuring that data is correct and not misleading. *[accuracy]: Ensuring that data is correct and not misleading. *[Ag Data Transparent]: A certification and set of guidelines for companies collecting, storing, analyzing, and using agricultural data. Core principles include education, ownership, collection, access and control, notice, transparency and consistency, choice, portability, terms, and definitions. *[ag data transparent]: A certification and set of guidelines for companies collecting, storing, analyzing, and using agricultural data. Core principles include education, ownership, collection, access and control, notice, transparency and consistency, choice, portability, terms, and definitions. *[Aggregate Data]: A combined dataset made up of a diversity of sources (e.g., sensors, systems, farmers, data platforms). This combination of datasets can provide additional value (e.g., benchmarking and analytics, identifying trends and timelines, etc.) to the data controller as compared to data from a single source. *[aggregate data]: A combined dataset made up of a diversity of sources (e.g., sensors, systems, farmers, data platforms). This combination of datasets can provide additional value (e.g., benchmarking and analytics, identifying trends and timelines, etc.) to the data controller as compared to data from a single source. *[Agricultural Advisor]: A professional who provides advice and support to farmers, ranchers, land stewards, and other actors in the agricultural sector. They may work independently or as part of an organization such as an extension service. *[agricultural advisor]: A professional who provides advice and support to farmers, ranchers, land stewards, and other actors in the agricultural sector. They may work independently or as part of an organization such as an extension service. *[Agricultural Data]: A broad category of data types related to agricultural activities, including data about the land (e.g., soil and fertility data, geospatial data, etc.), data about on-farm crops and animals (e.g., seed type, yield, feed and health information about animals, etc.), data about or generated by farm equipment (e.g., model, fuel consumption, yield maps, etc.), and other information about farm management (e.g., commodity price, farm revenue, employment, etc.) *[agricultural data]: A broad category of data types related to agricultural activities, including data about the land (e.g., soil and fertility data, geospatial data, etc.), data about on-farm crops and animals (e.g., seed type, yield, feed and health information about animals, etc.), data about or generated by farm equipment (e.g., model, fuel consumption, yield maps, etc.), and other information about farm management (e.g., commodity price, farm revenue, employment, etc.) *[Anonymization]: All personal or identifiable information is removed from the dataset, such that it is impossible for any user to gain insights about a discrete individual. It is an expectation of anonymization that the data could never be re-identified. *[anonymization]: All personal or identifiable information is removed from the dataset, such that it is impossible for any user to gain insights about a discrete individual. It is an expectation of anonymization that the data could never be re-identified. *[Australian Farm Data Code]: Developed by the National Farmers' Federation in Australia, this code offers guidelines for those managing data on farmers' behalf. "The Code is intended to inform the data management policies of service providers…It is also a yardstick by which farmers can evaluate the policies of those providers." *[California Consumer Privacy Act (CCPA)]: A data privacy law that went into effect in 2020, giving California residents the right to ask a business to disclose what personal information they have about the resident, what they do with that information, to correct inaccuracies, and to request that their information be deleted or not sold to third parties. Businesses subject to CCPA have responsibilities to respond to consumer requests to these rights and provide certain notices. *[CARE Principles of Indigenous Data Governance]: The CARE principles, stewarded by The Global Indigenous Data Alliance, outline four related requirements for data management to support Indigenous Data Sovereignty and self-determination: Collective Benefits, Authority to Control, Responsibility, Ethics. The CARE Principles were designed to be complementary with FAIR principles, but they are not necessarily applied together. *[Commercial Use]: The data can be used for a commercial, or economic, purpose (e.g., as part of a transaction, as a form of capital, or to inform R&D, for advertising) *[commercial use]: The data can be used for a commercial, or economic, purpose (e.g., as part of a transaction, as a form of capital, or to inform R&D, for advertising) *[Conditional Use]: Use of the data is subject to certain rules or constraints (e.g., not for commercial purposes) *[conditional use]: Use of the data is subject to certain rules or constraints (e.g., not for commercial purposes) *[Confidentiality]: Protection of data from unauthorized access or use. *[confidentiality]: Protection of data from unauthorized access or use. *[Consent]: Freely given and informed statement that signifies agreement to an action related to an individual's or organization's data and their operations. *[consent]: Freely given and informed statement that signifies agreement to an action related to an individual's or organization's data and their operations. *[Data Architect]: The professional(s) responsible for designing, creating, integrating, and managing data management systems, and/or producing products that utilize data for analytics. *[data architect]: The professional(s) responsible for designing, creating, integrating, and managing data management systems, and/or producing products that utilize data for analytics. *[Data Controller]: A person or group that decides why and how data is collected, processed, and used. The data controller is often the data subject unless they have authorized and reassigned control to a proxy. *[data controller]: A person or group that decides why and how data is collected, processed, and used. The data controller is often the data subject unless they have authorized and reassigned control to a proxy. *[Data Fiduciary]: A person or group that has access to and manages data on behalf of the data originator. The data fiduciary is expected to act ethically and in the best interest of the data subject. *[data fiduciary]: A person or group that has access to and manages data on behalf of the data originator. The data fiduciary is expected to act ethically and in the best interest of the data subject. *[Data Governance]: Data governance involves both: *[data governance]: Data governance involves both: *[Data Justice]: Acknowledging and creating action around the way data collection and dissemination have previously and continue to harm historically marginalized communities, data justice recognizes the relationship between data and social justice and aims to represent diverse communities and promote autonomy and trust. *[data justice]: Acknowledging and creating action around the way data collection and dissemination have previously and continue to harm historically marginalized communities, data justice recognizes the relationship between data and social justice and aims to represent diverse communities and promote autonomy and trust. *[Data Management]: The process of collecting, organizing, analyzing, and accessing data. *[data management]: The process of collecting, organizing, analyzing, and accessing data. *[Data Minimization]: The practice of limiting the collection of personal data. To achieve data minimization, the data being processed should be adequate and relevant to fulfill the stated purpose and not hold more data than is needed. *[data minimization]: The practice of limiting the collection of personal data. To achieve data minimization, the data being processed should be adequate and relevant to fulfill the stated purpose and not hold more data than is needed. *[Data Originator]: The person or group purposefully providing data. *[data originator]: The person or group purposefully providing data. *[Data Ownership]: *[data ownership]: *[Data Portability]: The ability of an individual or organization to 'move' their data from one place, platform, or software to another *[data portability]: The ability of an individual or organization to 'move' their data from one place, platform, or software to another *[Data Privacy]: The rules for how, and by whom, data can be collected, shared, and used, protecting personal data from unauthorized access and use. It further refers to handling data in compliance with relevant data protection laws and regulations. *[data privacy]: The rules for how, and by whom, data can be collected, shared, and used, protecting personal data from unauthorized access and use. It further refers to handling data in compliance with relevant data protection laws and regulations. *[Data Processing]: The ability of an individual or organization to 'move' their data from one place, platform, or software to another *[data processing]: The ability of an individual or organization to 'move' their data from one place, platform, or software to another *[Data Processor]: The person or group responsible for handling or performing actions on data. *[data processor]: The person or group responsible for handling or performing actions on data. *[Data Sharing]: The process of making data available and accessible to others *[data sharing]: The process of making data available and accessible to others *[Data Sovereignty]: An individual's ability to create, control, and manage their own data. It ensures that the individual or community, about whom data is collected, has knowledge of and meaningful consent over how that information is used and shared by others, with tools and resources to control, interpret, and act on their own data. *[data sovereignty]: An individual's ability to create, control, and manage their own data. It ensures that the individual or community, about whom data is collected, has knowledge of and meaningful consent over how that information is used and shared by others, with tools and resources to control, interpret, and act on their own data. *[Data Steward]: The person or group responsible for managing and maintaining data, ensuring it is accurate, complete, secure, and adheres to governmental and organizational policy. The data steward may also contribute to data management to support the intended (re)use of data. *[data steward]: The person or group responsible for managing and maintaining data, ensuring it is accurate, complete, secure, and adheres to governmental and organizational policy. The data steward may also contribute to data management to support the intended (re)use of data. *[Data Storage]: The process of saving information, including how and where it is stored, ensuring that it is accessible and retrievable when needed. *[data storage]: The process of saving information, including how and where it is stored, ensuring that it is accessible and retrievable when needed. *[Data Subject]: The person, entity, or thing, that is the focus of inquiry. *[data subject]: The person, entity, or thing, that is the focus of inquiry. *[Data Transparency]: The condition with which Individuals are informed and have access to adequate and comprehensive information regarding their data. This includes what is being collected, how it is used, and who has access. *[data transparency]: The condition with which Individuals are informed and have access to adequate and comprehensive information regarding their data. This includes what is being collected, how it is used, and who has access. *[Data User]: A person or group that receives data from the data originator or data provider, via an agreement with the data originator. *[data user]: A person or group that receives data from the data originator or data provider, via an agreement with the data originator. *[De-identification]: Removing all or a subset of personally identifying information from a dataset to prevent users from deducting personal information about any individual with the available data (e.g., removing names, addresses, etc.). De-identification is a strategy to protect an individual's privacy and safety while preserving the usefulness or utility of the data(set) as much as possible. *[de-identification]: Removing all or a subset of personally identifying information from a dataset to prevent users from deducting personal information about any individual with the available data (e.g., removing names, addresses, etc.). De-identification is a strategy to protect an individual's privacy and safety while preserving the usefulness or utility of the data(set) as much as possible. *[FAIR Principles]: Guidelines for 'good data management,' which improve the discovery and (re)use of scholarly data by humans and computers (e.g., machine learning, algorithms). The four foundational principles are Findable, Accessible, Interoperable and Reuseable. *[FAIR]: Guidelines for 'good data management,' which improve the discovery and (re)use of scholarly data by humans and computers (e.g., machine learning, algorithms). The four foundational principles are Findable, Accessible, Interoperable and Reuseable. *[Findable (FAIR Principle)]: Data, metadata, and infrastructure should be easy to find for both humans and computers. It is a key component of the FAIR Data Principles. *[findable (FAIR Principle)]: Data, metadata, and infrastructure should be easy to find for both humans and computers. It is a key component of the FAIR Data Principles. *[General Data Protection Regulation (GDPR)]: The European Union's law on protecting personal data and privacy of all people in the Europe Union, whether or not the data management takes place in Europe. *[GDPR]: General Data Protection Regulation: The European Union's law on protecting personal data and privacy of all people in the Europe Union, whether or not the data management takes place in Europe. *[Interoperable (FAIR Principle)]: A dataset’s ability to be aggregated with other datasets in meaningful ways and to work with applications and workflows. For systems and softwares, interoperable refers to these systems’ ability to exchange and make use of information or operate in conjunction with one another. It is a key component of the FAIR Data Principles. *[interoperable (FAIR Principle)]: A dataset’s ability to be aggregated with other datasets in meaningful ways and to work with applications and workflows. For systems and softwares, interoperable refers to these systems’ ability to exchange and make use of information or operate in conjunction with one another. It is a key component of the FAIR Data Principles. *[Land Stewards]: A person or group who works with or adjacent to the land, regardless of ownership, with the goal of implementing environmentally, culturally, and socially responsible agricultural practices. A land steward could be someone working directly on the land, such as a farmer, or it could be an individual who supports those working on the land, such as a technical assistance provider. *[Land stewards]: A person or group who works with or adjacent to the land, regardless of ownership, with the goal of implementing environmentally, culturally, and socially responsible agricultural practices. A land steward could be someone working directly on the land, such as a farmer, or it could be an individual who supports those working on the land, such as a technical assistance provider. *[land stewards]: A person or group who works with or adjacent to the land, regardless of ownership, with the goal of implementing environmentally, culturally, and socially responsible agricultural practices. A land steward could be someone working directly on the land, such as a farmer, or it could be an individual who supports those working on the land, such as a technical assistance provider. *[Lawfulness]: Establishing an appropriate basis for the processing of data that is in compliance with relevant laws and regulations. *[lawfulness]: Establishing an appropriate basis for the processing of data that is in compliance with relevant laws and regulations. *[Machine Readable]: Data in a form that a computer, artificial intelligence, or algorithm can process *[machine readable]: Data in a form that a computer, artificial intelligence, or algorithm can process *[Metadata]: Information about a piece of data or dataset, including title, description, area, and time period covered. It is essentially “data about data” and aids in the findability and usability of the data. *[metadata]: Information about a piece of data or dataset, including title, description, area, and time period covered. It is essentially “data about data” and aids in the findability and usability of the data. *[Non-commercial Data Use]: The data cannot be used for commercial purposes (i.e., not intended to make a profit) *[non-commercial data use]: The data cannot be used for commercial purposes (i.e., not intended to make a profit) *[Open Data]: Data that is available to be freely accessed, used, modified, and shared for any purpose, often only subject to a requirement to attribute the data’s source. *[open data]: Data that is available to be freely accessed, used, modified, and shared for any purpose, often only subject to a requirement to attribute the data’s source. *[Open Source]: A publicly accessible software or hardware tool that can be modified and shared by all of its users. This allows the tool to be designed, inspected, and enhanced by multiple contributors. Open source tools allow for more control, increased security and stability, additional training opportunities, and the foundation of communities centered around collaborative design. *[open source]: A publicly accessible software or hardware tool that can be modified and shared by all of its users. This allows the tool to be designed, inspected, and enhanced by multiple contributors. Open source tools allow for more control, increased security and stability, additional training opportunities, and the foundation of communities centered around collaborative design. *[Personal data]: Any information that directly identifies an individual or that could be used to identify the individual, either alone or in conjunction with other information (e.g., name, location, or factors specific to the person's physical, genetic, economic, cultural identity). *[personal data]: Any information that directly identifies an individual or that could be used to identify the individual, either alone or in conjunction with other information (e.g., name, location, or factors specific to the person's physical, genetic, economic, cultural identity). *[Privacy by Design]: The concept that data is best protected when data privacy is integrated into a technology's design. *[privacy by design]: The concept that data is best protected when data privacy is integrated into a technology's design. *[Proxy]: An individual or group authorized and given rights by the data originator or data controller to act on their behalf with regards to their data, such as collection, processing, and sharing. Proxy rights are granted via a Proxy Agreement *[proxy]: An individual or group authorized and given rights by the data originator or data controller to act on their behalf with regards to their data, such as collection, processing, and sharing. Proxy rights are granted via a Proxy Agreement *[proxies]: An individual or group authorized and given rights by the data originator or data controller to act on their behalf with regards to their data, such as collection, processing, and sharing. Proxy rights are granted via a Proxy Agreement *[Purpose Limitation]: The Principle that personal data is only collected for specific and legitimate purposes. This purpose is made explicit and data is not used in a manner beyond the original purpose. *[purpose limitation]: The Principle that personal data is only collected for specific and legitimate purposes. This purpose is made explicit and data is not used in a manner beyond the original purpose. *[Reusable (FAIR Principles)]: Data and metadata should be optimized and formatted to be easily shared, combined with other data, or used for new purposes. It should be easily available with clear usage licenses and rights. It is a key component of the FAIR Data Principles. *[reusable (FAIR Principles)]: Data and metadata should be optimized and formatted to be easily shared, combined with other data, or used for new purposes. It should be easily available with clear usage licenses and rights. It is a key component of the FAIR Data Principles. *[Service Providers]: A company or organization that offers services related to data management, storage, processing, analysis, or other related activities. *[service providers]: A company or organization that offers services related to data management, storage, processing, analysis, or other related activities. *[Service Providers]: A company or organization that offers services related to data management, storage, processing, analysis, or other related activities. *[service providers]: A company or organization that offers services related to data management, storage, processing, analysis, or other related activities. *[service provider]: A company or organization that offers services related to data management, storage, processing, analysis, or other related activities. *[Service Provider]: A company or organization that offers services related to data management, storage, processing, analysis, or other related activities. *[Storage Limitation]: The principle that personal data is only held for as long as the original purpose for collecting that data is unfulfilled. It should not be held after it has served its purpose. *[storage limitation]: The principle that personal data is only held for as long as the original purpose for collecting that data is unfulfilled. It should not be held after it has served its purpose. *[Technical Assistance Provider (TAP)]: An individual or organization (including government agencies, non-profit organizations, or private companies) that provides support to farmers, ranchers, and land stewards. They may provide expertise in areas such as crop or livestock management, soil health, irrigation systems, pest management, and other agricultural practices. They may also provide assistance with technology adoption, data management, and other aspects of agricultural technology. *[technical assistance provider (TAP)]: An individual or organization (including government agencies, non-profit organizations, or private companies) that provides support to farmers, ranchers, and land stewards. They may provide expertise in areas such as crop or livestock management, soil health, irrigation systems, pest management, and other agricultural practices. They may also provide assistance with technology adoption, data management, and other aspects of agricultural technology.