Privacy Policy of FFA

Last updated: June, 11, 2023

This Website (“Website”) was created and intended specifically for the Future Food & Ag Leadership Program (“Program”). Your privacy is important to us. Therefore, we are investing great efforts to be transparent about how we collect and otherwise process your personal data.  

Who we are
We are working together to organize and create this Program. The owners of the Website and Program and the controllers of all data obtained through it are AgroHub and AgFunder. AgroHub provides the necessary tools for Program and project management, combined with AgFunder's marketing and PR expertise. INSEAD is the partner of the Program, it provides training, accommodation and food within the framework of the Program.

When we refer to AgroHub, we mean a company registered in the Ukraine with a registered address at Kyiv, Dorogozhitska St., 3, Ukraine.

When we refer to AgFunder, we mean a company registered in the USA with a registered address at 845 Market St., Suite 450 San Francisco, CA 94103, USA.

When we refer to INSEAD, we mean a company registered in France with a registered address at Boulevard de Constance, Fontainebleau 77305, Cedex, France. 

If you have questions, concerns, or complaints, or would like to exercise your rights, we are available at

You can also complain to the supervisory body in your country if you are unhappy with how we have used your personal data.

Our privacy policy
Our privacy policy (“Privacy Policy”) describes the purposes for which we use your personal data (“User”), with whom we may share it, where your personal data is stored, and the measures we take to protect its security. It is also intended to tell you about your rights with respect to your personal data, and how you can contact us about our privacy practices.

These Privacy Policy cover the personal data we process when you interact with our Website and with us by other means for participation in the Program. Before using our Website and participating in the Program, please read our Privacy Policy carefully as it may affect your rights.

AgroHub and AgFunder are the joint controllers of data processed under this Privacy Policy. This means that we together decide what data should be processed, how and why. AgroHub is responsible for compliance with data protection rules and how data subjects can exercise their rights collected through the Website or via contact emails on the Website. Contact AgroHub for any questions about protecting your personal data via email Please be advised that AgFounder has its own Privacy Policy. They will follow it in matters not regulated by this Privacy Policy.

INSEAD processes data of the Users as a data processor. We engage INSEAD to provide us with educational, accommodation and meal services (event support services). If your data is collected in connection with participation in the Program, your data may be transferred to them. This applies to the data we receive from you as the controller. INSEAD may have its own lawful basis and purposes of processing your data which is not covered by this Privacy Policy. If you want to know more about how they handle personal data, you can read their Privacy Policy.

Age of our Users
Our Website and Program are not directed at individuals under 18. We do not knowingly collect personal data from children under 18. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information.

Detailed description of how we process your data

Below you will find a detailed information about:
- what data we may process and when we have got it;
- purposes of processing your data;
- legal basis for the processing;
- retention period.

Data related to the Program

Nature and purpose(s) of processing:
We process this data after you complete the application form to:  - consider your candidacy for participation in the Program and ensure your efficient participation in the Program;- send you the necessary information about the Program;- fulfill obligations regarding reporting and informing partners;- for analytics and statistics for future programs and events.

Personal data we process:
1. Data you provide when you fill out a form (
- first and last name, your company and position, e-mail, phone number, education, your LinkedIn account, the funding source for paying for your participation, your motivation for participating in the Program and the source from which you found out about the Program (which could incidentally include personal data).

Legal basis for the processing (if applicable):
Entering into and performance of a contract (Article 6.1(b) GDPR). Legitimate interest (Article 6.1(f) GDPR).

Data retention period:
We may store your personal data mentioned above from the moment you provided data as long as we need such data to organize events within the Program, but in no case it will be longer than 12 months following the end of the Program.

Data we use to send our marketing information

Nature and purpose(s) of processing:
We process this data after you complete the application form or address us your requests or subscribe to our newsletters, as well as the data that you previously entered when registering for our events or programs, to send to the Users the information about our programs, products, and news.

Personal data we process:
In order to send you newsletters and other information, we collect your email address.

Legal basis for the processing (if applicable):
Consent (Article 6.1(a) GDPR).

Data retention period:
We may store your personal data mentioned above from the moment you provided data as long as you unsubscribe from receiving our newsletters.

Data we use to respond to your requests

Nature and purpose(s) of processing
We process this data after you address us your requests to:
- administer the Users’ requests about the Program sent via our contact email or otherwise;
- interact with your responses related to our vacancies. 

Personal data we process
1. Your email address and the request.
2. Data related to your responses to our vacancies. It may include various information relevant to the job about you that you choose to provide — for example, first name, last name, email, work experience, age, etc.

We encourage you not to share sensitive personal data with us, as well as excessive data which we do not need to resolve your issue.

Legal basis for the processing (if applicable):
Entering into and performance of a contract (Article 6.1(b) GDPR).
Legitimate interest (Article 6.1(f) GDPR).

Data retention period:
We may store your personal data mentioned above from the moment you provided data as long as we need such data to answer your requests, but in no case it will be longer than 12 months following the receipt of your requests. If we receive your data as response to our vacancy, if we decide not to cooperate, your data will be removed within 3 months following the rejection. 

We may also process your personal data to perform legal duties, responsibilities, and obligations and to comply with laws and regulations that apply to us. For example, we could store data about emails and names of subscribers to our newsletters, as well as their choices and consent - to make sure we comply with laws on e-communication.

Your rights when we process your personal data
GDPR and other countries’ privacy laws provide certain rights for data subjects. Based on the most strict EU laws, you have the following rights with respect to your personal data: 

1) Right of access.
You may ask to access and obtain a copy, if required, of the data about you that we collected. 

2) Right to rectification.
You may ask to update the data or to correct any inaccuracies. 

3) Right to erasure.
You may ask to delete the data we retain in certain circumstances, such as when you withdraw consent we have earlier received from you. 

4) Right to restriction of the processing.
You may request to restrict the use of your data in certain circumstances, such as when you have objected to our use. But we will first verify whether we have overriding legitimate grounds to use it. 

5) Right to data portability.
You may ask to transfer your data to a third party in a structured, commonly used, and machine-readable format, in circumstances where the data is processed with your consent or by automated means. 

6) Right to object.
You may object to our processing of your data in some cases, for example, when we process your data on the basis of our legitimate interest. 

How we share data
We share your data with third parties. We are not in the business of selling any of your data, including personal data, to other third parties or advertisers. 

Except for INSEAD, the support of which we explained in the “Who we are” section, we may pass on your data to our employees or verified independent contractors (including contracted private entrepreneurs who are based in Ukraine). We always enter into non-disclosure and confidentiality agreements with those who have access to your data to ensure the data protection.

We may also share your data with service providers that help us operate, provide, support and enhance our services. If a service provider needs to access your data, they do so under appropriate security and confidentiality measures designed to protect your data. For instance, we store your data using Google cloud storage services. We also use Typeform to create the forms and collect your responses and MailChimp to send updates, information about our products and other marketing we deem interesting to you.

You should always check the privacy settings and notices in these third-party services to understand how those third parties may use your data. In exceptional circumstances, we may disclose data with law enforcement agencies, courts, fraud prevention agencies, or other third parties, where we think it is necessary to comply with applicable laws or regulations or to defend our legal rights (where possible, we will notify you of this type of disclosure).

International data transfers
When we use and share your data, it may be transferred to and processed in countries other than your country or residence. 

Where we transfer your data, we put safeguards in place to ensure your data remains protected. For individuals in the UK or EEA, this means that your personal data may be transferred outside of the UK or EEA. When this is the case, it will be transferred to countries where we have compliant transfer mechanisms in place, in particular, the implemented European Commission’s Standard Contractual Clauses to agreements with entities and independent contractors the data is transferred to or other appropriate legal mechanisms to safeguard the transfer.

Security of data
We are committed to keeping our user’s personal data safe. We take appropriate security measures to protect your personal data from accidental loss or destruction, from unlawful processing or access to it.  

All personnel are subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties. Also any access by authorised personnel is logged. 

We use verified contractors that might have access to the data as specified in this Privacy Policy and with whom relevant data processing agreements are concluded. Moreover, we guide and train our personnel to process your data securely. We also use technical measures to ensure your data is safe.

Updates to our Privacy Policy
We may amend or update this Privacy Policy from time to time. If we decide to do so, and the amendments will substantially affect your rights and legitimate interests, we will notify you of any changes via email and/or a notice within our Website. We will also indicate the “Last updated” date at the top of this document.