Policy: External Data Sharing

New
  • Published on Feb 2, 2026
  • 3 minute(s) read
Prev Next

Title:  

Rainforest Alliance Policy: External Data Sharing Policy  

Code:  

A-53-SRCL-B-AL

Version:  

1.0

Applies to:  

All individuals and entities involved in the external sharing of Rainforest Alliance data.

Enforceability:

Binding Content

Effective by:  

2nd May 2026

Published on:  

2nd February 2026

Linked to:

Rainforest Alliance Terms and Conditions

A-27-SRCL-B-CH EUDR Data Sharing Policy

A-1-S-B-FA Rainforest Alliance Sustainable Agriculture Standard - Farm Requirements

A-33-R-B-FA Rainforest Alliance Regenerative Agriculture Standard,  

Farm Requirements

A-35-SRCL-B-SC Rainforest Alliance Supply Chain Requirements

1. Purpose 

This policy explains how Rainforest Alliance shares data with partners, buyers, researchers, and the public. 

It ensures that all data sharing is responsible, transparent, and aligned with legal requirements, including the Rainforest Alliance Terms and Conditions (T&Cs), Certification Binding Documents, and data protection laws, such as General Data Protection Regulation (GDPR). 

Our goal is to use data to promote sustainability and transparency, while protecting the rights and confidentiality of farmers, organizations, and communities. 

2. Scope 

This policy applies to: 

  • All external sharing of data collected or managed by Rainforest Alliance through its certification programtraceability systems, and online platforms

  • All Certificate Holdersfarmerssupply chain actorsbuyers, and research partners who request or receive data from Rainforest Alliance. 

It does not apply to internal data use within Rainforest Alliance.

3. Key Definitions  

Term 

Meaning 

Supply Chain Data 

Data provided by organizations through certification, including traceability, transaction, and performance information. 

Personal Information 

Any information that identifies a person (such as names, contact details, GPS coordinates). 

Aggregated and Anonymized Data 

Data that is provided in such a way that personal information and confidential information cannot be identified, directly or indirectly, and cannot reasonably be re-identified (we rely on a minimum of three data points for anonymization purposes). 

4. Guiding Principles 

  1. Transparency 
    Rainforest Alliance shares information to build trust and understanding about certification and sustainability efforts. 

  2. Confidentiality and Fairness 
    Rainforest Alliance protects confidential information and only shares data in ways that are fair, secure, and consistent with the Rainforest Alliance T&Cs. 

  3. Consent and Legal Basis 
    Personal information is only shared when there is a valid legal basis—such as consent, performance of a contract, or legitimate interests—and in accordance with applicable laws. 

  4. Anonymization 
    Whenever possible, data shared externally is aggregated or anonymized to protect individual organizations or farms.

  5. Responsible Use 

    Rainforest Alliance and its partners use data only for legitimate purposes such as sustainability improvement, research, compliance verification, and transparency. 

5. What Data we May Share 

5.1 Public Information  

Rainforest Alliance may publicly share: 

  • Certificate holder names, locations, and Rainforest Alliance identification codes 

  • Crop type, certified area size, certification status, and confirmed nonconformities 

  • Lists of companies or products using Rainforest Alliance seals

  • Aggregated or anonymized data analyses for impact reporting, research, and market transparency 

This data is not confidential under the T&Cs. 

5.2 Supply Chain Data  

  • Rainforest Alliance may share supply chain data within a specific supply chain (e.g., with registered buyers that are current on all applicable royalties, fees, and other required payments or actors directly linked to the same certified product flow). 

  • Such data is considered confidential and shared only as permitted under the Certification Binding Documents. 

  • Rainforest Alliance may also share volume information with registered buyers to help facilitate the sale of certified products. 

5.3 Data Shared with Researchers or Third Parties 

  • Rainforest Alliance may share anonymized or aggregated data (based on a minimum of three data points) with Rainforest Alliance-approved researchers or partners to evaluate program effectiveness or conduct sustainability studies. 

  • If shared data includes Personal Information, Rainforest Alliance will only share it under a Non-Disclosure Agreement (NDA), or Data Use Agreement (DUA)

  • Disaggregated anonymized data (i.e., without identifiable personal or company details) may also be shared with researchers under an NDA. 

5.4 Data Shared with Auditors and Certification Bodies 

  • Rainforest Alliance shares information such as contact details, audit reports, traceability data, and other relevant certification information with accredited auditors and certification bodies.  

6. What we Will Not Share 

Rainforest Alliance will not share: 

  • Personal information (e.g., phone numbers, emails, GPS) without consent or a legal basis. 

  • Confidential Supply Chain Data outside the certified supply chain unless authorized by the data subject. 

  • Any data that could harm the privacy, safety, or reputation of individuals or organizations or lead to reasonably foreseeable competitive organizational advantages. 

7. Possible External Data Request Scenarios 

Request Type

Rainforest Alliance Action

Requests via Account Managers – Stakeholders may request additional information when engaging with Rainforest Alliance teams during collaboration or service delivery. 

These requests are reviewed according to Rainforest Alliance data sharing procedures and applicable guidelines. 

Requests Triggered by Public Dashboards or Reports – External users may see high-level or aggregated information in Rainforest Alliance dashboards (e.g., Power BI) and request deeper insights. 

Rainforest Alliance will assess whether further data can be shared based on confidentiality, anonymization, and legal requirements. 

Requests Related to Ethical or Compliance Concerns – External parties may request information to verify adherence to Rainforest Alliance ethical, environmental, or human rights safeguards. 

Rainforest Alliance will provide appropriately scoped information without disclosing personal or confidential supply chain data.

All requests are evaluated on a case-by-case basis and addressed through Rainforest Alliance’s established procedures to ensure responsible, legal, and ethical data sharing. 

8. Data Use Safeguards 

To protect data contributors: 

  • All external data sharing follows data protection laws and Rainforest Alliance security protocols (in all material respects). 

  • Partners receiving data must agree to keep it confidential and use it only for approved purposes

  • When applicable, Rainforest Alliance anonymizes and/or aggregates sensitive data before sharing externally. 

  • Misuse of shared data may lead to access suspension, legal action, or termination of agreements

9. Rights and Responsibilities 

Certificate Holders and Organizations: 

Have the right to: 

  • Request clarification on how data is used or shared. 

  • Withdraw consent (where applicable). 

Are responsible for: 

  • Ensuring own compliance with data protection laws when submitting personal information to Rainforest Alliance. 

  • Providing accurate data through the certification process. 

10. Contact and Governance 

The Rainforest Alliance Data Management and Legal Teams oversee this policy. 

Questions or concerns can be sent to: datamanagement@ra.org 

11. Review and Updates 

This policy is reviewed annually to remain consistent with: 

  • Rainforest Alliance Terms & Conditions 

  • Certification Binding Documents 

  • Applicable data protection regulations 

  • Rainforest Alliance Privacy Policy