Privacy Statement

This Privacy Statement is applicable to processing of Personal Data of:

• Customers and Suppliers of DLL;
• Individuals that visit DLL’s office or use our services on dllgroup.com or other applicable websites;

“Customers” means anyone who has at any time agreed to, or applied for, a (financial or Partner) solution offered by DLL, either as an end-user/client or as a Partner.

“Partners” means equipment manufacturers and software developers and their respective distribution partners (from authorized distributors and independent dealers to resellers).

“(DLL) Member” means current and former employees, (supervisory) directors, consultants, temporary staff, individual contractors, interns, secondees and contract employees (also referred to as ‘you’ or ‘your’).

As a Customer or Supplier, if you transfer any Personal Data concerning your employees, representatives or ultimate beneficial owners (UBOs) to us, we also expect your employees, representatives or UBOs to be informed about this. You can give this Privacy Statement to them so that they can learn how and why we process their Personal Data.

DLL is a finance partner for equipment and technology assets. We deliver sustainable and effective solutions to move assets to market, throughout the entire asset life cycle: commercial finance, retail finance and used equipment finance. We work closely with our Partners to provide financing solutions to end-users of equipment and technology assets.

DLL processes your Personal Data in accordance with applicable privacy and data protection laws and as stipulated in this Privacy Statement. With this Privacy Statement we want to inform you in a transparent manner on the most important standard activities and legal bases on which we process your Personal Data.

Contact details:
De Lage Landen Financial Services Canada Inc.
5046 MAINWAY, UNIT 1
BURLINGTON
ON
L7L 5Z1
Canada
Telephone: +1 (877) 500 5355

DLL is a wholly owned subsidiary of De Lage Landen International B.V., which is a wholly owned subsidiary of Coöperatieve Rabobank U.A. (“Rabobank” and together with its subsidiaries, the “Rabobank Group”). Data may be shared within Rabobank Group to the extent such sharing is permitted by law. When sharing data within Rabobank Group, DLL will comply with the rules that we have agreed within Rabobank Group, the Rabobank Privacy Code, which serve as the Binding Corporate Rules of the Rabobank Group.

Questions about this Privacy Statement or the processing of Personal Data in general can be directed to our local compliance officer at CanadianPrivacy@DLLgroup.com.

“Personal Data” means any information directly or indirectly relating to an individual, or any other information, that can be used to identify an individual.

Personal Data is ‘processed’ when any activity or set of activities is performed on the Personal Data. This includes the collection, storage, access, use, transfer, disclosure and removal of Personal Data.

DLL may process the following Personal Data when you apply for a job or position at DLL, once you are selected to work for DLL, throughout your employment with DLL and after the end of your employment:

Recorded calls, (recordings of video chat and online chat sessions), video surveillance, documentation of e-mails
Conversations we have with you, and you have with us, by telephone or in online chat sessions. E-mails you send to us and which we receive from you. Camera images that we record in our offices. These are captured for quality and auditing purposes.

Data related to the use of our website, portals or (mobile) applications.

• Cookies may collect your IP address, data about the applications and devices you use to visit our website, use of our portals or mobile applications in the context of using our services.
• Information on your social networking and instant messaging accounts (LinkedIn, XING, etc.).
• Data generated by your participation in behavior/cognitive assessments. You will receive more information about the nature of such assessments before you participate in any of them.
• Information related to pre-employment screening on integrity and capability, depending on the position you are applying for.

Financial details:
Bank account numbers, credit card numbers, cardholder or accountholder name and details, instruction records, transaction details, only as collected through our Pre-authorized Debit Agreement.

Closed-circuit television (‘CCTV’):
Your photograph and video recordings when on DLL property.

Recording of telephone conversations for improving quality of our services:

• Recording (details), name, telephone number, performance conversation details.
• Signed source documents of requested changes to data.
• Email correspondence related to performance/dispute/legal cases.
• Photographs, video or audio tapes, transcriptions or other recordings.

Personal Data concerning criminal convictions

• We may process data related to your criminal record or criminal convictions in the context of anti-money laundering, fraud prevention, pre-employment screening and regulatory reporting from open sources (e.g. media searches).
• We consult (directly or via third parties) financial industry incident databases and alert systems in which for example cases of fraud against financial institutions are registered.

Biometric data
If you have registered your fingerprint in any electronic application operated by us (‘App’) to quickly access the App, we process your biometric data.

Nationality

• In the context of preventing terrorism and for tax obligations, we are required to record information about your country of birth.
• We also might have/take/store your photograph or film you on our CCTV (closed-circuit television).
• However, we do not register your race or ethnic background as a category, and we do not use race or ethnic background to make decisions.

Health

• It is necessary to register that you are out ill from work, and in that event, DLL is obliged to make efforts for your reintegration and/or to support you in your recovery, DLL will process information relating to that situation.
• If you have health problems that must be addressed by the provision of certain facilities in the workplace, this will also involve the processing of Personal Data concerning health. For example, modification of your workspace or the evaluation of whether you are capable of performing certain working activities.

Religion or philosophy of life
This data may be processed for the purposes of accommodating religious or philosophical practices, dietary wishes, or religious holidays.

We may collect your Personal Data in the following ways:

• If you apply for a financial or Partner solution, either as an end-user/client or as a Partner.
• If you offer a product or service to us.
• By receiving it from third parties (e.g. Personal Data we receive from our Partners, a Credit Reporting Agency, your financial institution and Personal Data that we receive from companies to which you have given consent to share your data with us).
• If you enter your Personal Data on our website with the request to contact you; when you visit any of our websites or use any features or resources available on or through a website or Member App (for further details, see cookie statement on applicable website, portal or (mobile) app).
• Via email or telephone (if you contact us).
• When you visit a DLL office via our visitor-registration and if in operation via Closed Circuit Television (‘CCTV);
• From affiliates within the Rabobank Group
• When you give your consent to take and use your photographs, video or audio tapes, transcriptions or other recordings for e.g. DLL website or social media;

By law, every use of Personal Data must have a legal basis. This is a justifiable reason to use your Personal Data.

Prior to using any Personal Data, we will define the purpose(s) of the use and will not use Personal Data in a manner which is not compatible with those purposes.

We use your Personal Data for the following purposes:

We will only make a decision based solely on automated processing including profiling which produces legal effects concerning you or significantly affects you, in the event it is allowed by law, and we have notified you.

Logic of automated credit-scoring
A pre-defined minimum-score is required to have you accepted as a Customer. The higher the score, the smaller the risk you pose to creditors. In addition, you may be disqualified by showing up on watch-lists published by the financial sector or the Rabobank Group.

The credit-score is calculated based upon several components:
Below, we list the most important components that influence your credit score:

1. Your financial standing: Based upon Personal Data provided by you in the process of credit-scoring, we consult external credit rating agencies to acquire relevant financial information (credit-rating, financial statements, turn-over/solvency, payment history). If you already have or had a relation with us in the past, we combine the aforementioned (external) financial information with internal payment history related to you;
2. The applicable conditions and characteristics of the DLL Partner Program under which you apply for a financial solution;
3. Activity codes of the branch(es) in which you operate and the type of asset(s) you want to finance with us.

Significance and envisaged consequences of automated credit-scoring
In a case where the minimum-score is not achieved, a DLL member will review the credit application. If, after this review, we still cannot grant credit for any reason, the DLL member will then issue a decline.

Specific rights you have relating to automated decision making
Your credit score may be calculated based on automated decision making, however, this will always be balanced against your right to request a manual review of the decision. You have the right not to be subject to a decision based solely on automated credit-scoring. Based upon the notification that automated credit scoring will be applied to you, you can object to such automated credit scoring. In that case a manual human intervention will be part of the credit scoring applied by us.

When automated credit scoring is finalized and you want to express your point of view and contest the (automated) decision, you also have the right to invoke human intervention. In that case a person will review and reassess the automatically generated decision.

Legal basis of the credit score
There are different applicable legal grounds that apply to different credit checks, which will vary case-by-case and are described below:

1. the decision is made by DLL for purposes of (a) entering into, or performing a contract or (b) managing the contract, provided the underlying request leading to a decision by DLL was made by you; or
2. In certain cases where the legal ground mentioned under a) does not apply to us, we may base our processing of your Personal Data on a legal obligation to do so. Such ground will be depending on the existence of applicable law that requires us to assess your ability to fulfill your payment-obligations under the contract with us before entering into such a contract.
3. We, or our Partners, will ask your consent before we, or our Partners, perform a credit check or credit score.

Only personnel who require access for the purposes as stated in this Privacy Statement will use your Personal Data. All our personnel are bound by a duty of confidentiality.

Generally, we use your Personal Data for the purpose(s) for which these were originally collected. Personal Data may also be used for a corresponding purpose.

For example, you apply for a position that in the end does not suit you, but when we think you are suitable for another/similar position, we might include you in the procedure for the other/similar position.

We are committed to keep your Personal Data secure. To prevent unauthorized access or disclosure, we have taken technical and organizational measures to safeguard and secure your Personal Data. These security measures are aimed at preventing your Personal Data from being used illegitimately or fraudulently. In particular, we use security measures to ensure the confidentiality, integrity, and availability of your Personal Data as well as the resilience of the systems and services that process them and the ability to restore Personal Data in the event of a data breach. Where possible, we aim to secure your Personal Data using pseudonymization or encryption measures. In addition, we test, verify and regularly evaluate the effectiveness of our technical and organizational measures in order to ensure continuous improvement in the security of processing Personal Data.

a. Personal Data Within the Group
We are a wholly owned subsidiary of De Lage Landen International B.V., who is a wholly owned subsidiary of Coöperatieve Rabobank U.A. (“Rabobank” and together with its subsidiaries, the (“Group”).

Your Personal Data may be shared within the Group for legitimate purposes, when those entities comply with the rules of Rabobank described in the Rabobank Privacy Code (“Privacy Code”). This Privacy Code describes the requirements that all Group entities worldwide must meet and guarantee an appropriate level of protection of Personal Data and serve as the Binding Corporate Rules of the Group.

b. Outside the Group
Your Personal Data may also be transferred to third parties outside the Group if we are legally obliged to do so, because we need to identify you before we enter into an agreement with you or because we use a third party for meeting the obligations, we entered into with you. We may also pass on your Personal Data to tax and supervisory authorities or (national) data protection authorities.

If you do not pay on time, we may transfer your Personal Data to third parties that we need in the context of our services (for example, bailiffs and lawyers).

We may pass on your Personal Data to Partners to work together on Customer opportunities and/or remarketing strategies. For example, we can share the start and end date of the contract or relevant developments that happen during the duration of the contract with our Partners.

We may transfer our agreement with you to another financial institution. Once the agreements have been transferred, the other party will also process your Personal Data. We agree with the other party that it must comply with privacy and data protection laws and regulations.

We may share Personal Data with third parties (such as our marketing agencies or suppliers) that process Personal Data on our behalf for commercial/marketing purposes.

Sometimes we engage Partners and third parties for processing Personal Data on our instructions where it is necessary in connection with the purpose for which we collected your Personal Data. For example, when a Partner supports us in providing our services to you or a company that stores data for us.

We could also disclose your Personal Data to any relevant party, claimant, complainant, enquirer, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights in accordance with applicable law. Besides that, we could also disclose your Personal Data to any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security in accordance with applicable law.

The third parties must first be deemed sufficiently reliable from a privacy and data protection perspective. We only engage third parties if this fits the purposes for which we process your Personal Data. In addition, these third parties can only be involved if they enter into proper contracts with us, have implemented appropriate security measures and guarantee that your Personal Data will remain confidential.

If we transfer your Personal Data to third parties located in a country which is deemed not to provide an adequate level of data protection, we take extra measures to protect your Personal Data.

We do not store your Personal Data longer than we need to for the purposes for which we have collected it. We have implemented appropriate technical and organizational measures to ensure that only people that have a right to access your information can access it. In addition, we take applicable law and regulations into account when your Personal Data is stored which means that we can use different storage periods. For example, if the supervisory authority requires us to store certain Personal Data longer or if you have filed a complaint that makes it necessary to keep the underlying Personal Data for a longer period.

We will delete Personal Data at an earlier time if you request us to delete your Personal Data, unless another law prevails. In certain cases, we may use different retention periods. For example, if a supervisory authority requires us to store certain Personal Data longer, if you have filed a complaint that makes it necessary to keep the underlying Personal Data for a longer period, or in specific cases for archiving, legal proceedings, or for historical, scientific research or statistical purposes.

Right to access and rectification
You can ask us to access your Personal Data collected by us. Should you believe that your Personal Data is incorrect or incomplete, then you can ask us to rectify or supplement your Personal Data.

Right to restrict Personal Data
You can ask us to limit the Personal Data used by us. We may refuse a restriction request if we have a lawful reason to continue using the Personal Data (e.g. the exercise of a contract, a legal archiving duty, or the establishment, exercise or defense of legal claims).

Right to data portability
You have the right to ask us to receive the Personal Data that you provided to us with your consent, in a structured and machine readable format or to transfer your Personal Data to a third party. Should you ask us to transfer Personal Data directly to a third party, then this can only be done if it is technically possible.

Right to object
You have the right to object if we process your Personal Data, for example if we record telephone conversations. If you object to processing, we will determine whether your Personal Data can indeed no longer be used for those purposes. We can then decide to cease using your Personal Data. We will inform you about our decisions and motivations. You have also the right to request that we stop using your Personal Data for direct marketing purposes. We will then take steps to ensure you are no longer contacted for direct marketing purposes.

Right to withdraw consent
If you have given your consent to us for specific uses of your Personal Data, you can at any time withdraw your consent. From that moment, we are no longer allowed to use your Personal Data.

Please refer to DLL’s Global Privacy Standard and Procedures on Individual Rights for more information on Individual Rights Requests.

For questions related to this Privacy Statement, please contact our local privacy officer or local compliance officer via CanadianPrivacy@DLLgroup.com.

If you would like to exercise any of your rights, please do so by completing this form:

We will respond within one month after we have received your request. In specific cases, we are allowed to extend this period with another 2 months. In order to process your request, we will request you to provide sufficient information to identify you. We may also ask that you further specify your request.

We will do our best to handle your request, question or complaint in a timely and appropriate fashion.

If you feel we did not handle your request, question or complaint timely or appropriately, you may also lodge a complaint using the same button in this section.

If you still feel we did not handle your request, question or complaint timely or appropriately, you can also contact your local Data Protection Authority. You can find the contact details of your local Data Protection Authority below:
Office of the Privacy Commissioner
of Canada
30, Victoria Street
Gatineau, Quebec
K1A 1H3

This Privacy Statement will be updated from time to time. For example, in case of additional legal requirements or if we process Personal Data for new purposes. Please note that you can find the latest version of this Privacy Statement on our website dllgroup.com or at this link Privacy statement | DLL - financial solutions partner (dllgroup.com)