Last updated: 24/12/2025
This Data Processing Addendum applies where GrowTrack processes personal data on behalf of a customer.
It forms part of the GrowTrack Terms of Service.
Parties
Data Controller
The customer is using GrowTrack.
Data Processor
GrowTrack Systems Ltd, United Kingdom.
Scope and Purpose
GrowTrack processes personal data only to provide and operate the GrowTrack platform.
Processing is limited to what is necessary to deliver the service.
Types of Data Processed
Depending on use, this may include:
• Account information
• Garden and planting records
• Notes, images, and logs created by users
• Technical and usage data
GrowTrack does not process special category data by design.
Processing Instructions
GrowTrack processes data only on documented instructions from the customer, as defined by the use of the service.
We do not process data for unrelated purposes.
Confidentiality
All personnel with access to personal data are subject to confidentiality obligations.
Access is restricted to authorised systems and roles.
Security Measures
GrowTrack implements appropriate technical and organisational measures, including:
• Secure infrastructure
• Access controls
• Encrypted data transfers
• Backup and recovery systems
Security is reviewed and improved over time.
Subprocessors
GrowTrack uses trusted subprocessors to deliver the service.
These may include hosting, email delivery, and payment providers.
All subprocessors are required to meet GDPR compliant standards.
A current list of subprocessors is available on request.
Data Subject Rights
GrowTrack supports customers in responding to data subject requests, including:
• Access
• Rectification
• Erasure
• Restriction
• Data portability
Requests should be submitted through support.
Data Breaches
If GrowTrack becomes aware of a personal data breach, we will notify affected customers without undue delay.
The notification includes relevant details required for compliance.
Data Retention and Deletion
Personal data is retained only while an account remains active.
Upon account deletion, data is deleted in line with GDPR requirements and documented retention rules.
International Transfers
Data is stored and processed using GDPR compliant infrastructure.
Where data is transferred outside the UK or EU, appropriate safeguards are applied.
Audits and Compliance
GrowTrack makes information available to demonstrate compliance.
Formal audits are subject to reasonable notice and scope.
Liability
Each party remains responsible for its own compliance obligations under data protection law.
Contact
For data protection or DPA-related questions, contact: