Privacy statement

DLL collects and processes personal data relating to individuals, including but not limited to customers and suppliers. The privacy and the protection of personal data is important to DLL. This Privacy Statement outlines in a transparent manner how we collect and use personal data and meet our data protection obligations.

For questions related to this Statement or the processing of personal data in general, please contact us via: privacyoffice@dllgroup.com

January 1st, 2022

  • This Privacy Statement is applicable to the processing of personal data of:
    • Customers and Suppliers of De Lage Landen International B.V. (“DLL”, “we” or “us”); and/or
    • Individuals that visit DLL offices or use our services on dllgroup.com or other applicable websites.
    When we mention “Customers” in this Statement we mean: anyone who has at any time agreed to, or applied for, a (financial or Partner) solution offered by DLL, either as an end-user/client or as a Partner.  

    Our “Partners” are equipment manufacturers and their distribution partners (from authorized distributors and independent dealers to resellers).  

    When we mention “Suppliers” we mean: anyone who has at any time agreed, or offered to, provide any product or service to DLL.  

    Within the different groups as identified above we may apply different forms of processing. If such differentiation is applicable and deemed relevant by us, we will indicate that in this Privacy Statement.  

    For the avoidance of doubt, this Privacy Statement does not apply to our (former) employees or job applicants. Separate Privacy Statements apply to those individuals.

  • As a Customer or Supplier, if you transfer any personal data concerning your employees, representatives or ultimate beneficial owners (UBOs) to us, we expect you to inform your employees, representatives or UBOs about this. You can refer them to this Privacy Statement so that they can learn how and why we process their personal data.

  • International and organizational scope of DLL
    We are a wholly owned subsidiary of Coöperatieve Rabobank U.A. (‘Rabobank’), a Dutch bank headquartered in Utrecht, the Netherlands.

    De Lage Landen International B.V. is also a Dutch Bank. As a holding company DLL has subsidiaries and branch offices in more than 30 countries on all continents, together with DLL referred to in this Statement as, ‘DLL Group’. DLL sets the strategy for DLL Group and enters into strategic partnerships on a global level with international Partners.

    These global partnerships are the basis for financial contracts that are entered into with Customers by local subsidiaries of DLL Group.

    When you do business with DLL Group in one of the countries where DLL Group is present, you will enter into a relation with a local DLL subsidiary or branch office. If such (local) relation involves processing of personal data, the privacy statement of the local DLL subsidiary or branch office will be applicable to such processing.

    DLL consolidates the business of DLL Group and aggregates and categorizes various data relating to the contracts and partnerships entered into by DLL Group. This aggregated data can include personal data and is used for reporting purposes, for example to regulators, and to analyze and monitor our business and portfolio.

    Data may be shared with Partners and within Rabobank Group to the extent that is permitted by law. When sharing data within Rabobank Group, we comply with the rules that we have agreed within Rabobank Group, the Rabobank Privacy Code, which serve as the Binding Corporate Rules of the Group.

     

    A DLL Group Data Protection Officer (“DLL Group DPO”) has been appointed for De Lage Landen International B.V. and its subsidiaries. The DLL Group DPO can be contacted by email via privacyoffice@dllgroup.com.

     

  • ‘Personal data’ means any information directly or indirectly relating to an individual or any information that can be used to identify an individual.

    In relation to Customers the personal data that is processed by DLL mainly consists of personal data relating to the Customer’s directors, representatives and UBOs since DLL in principal does not enter into Customer relationships with individuals but rather with legal entities.

    With regard to Suppliers, DLL occasionally enters into contracts with individuals, but also in most cases contracts with legal entities. This means that also with regard to Suppliers the personal data DLL processes mainly relates to directors and representatives of our Suppliers.

    Personal data is ‘processed’ when any activity or set of activities is performed on the personal data. This includes the collection, storage, access, use, transfer, disclosure and removal of personal data.

    We process the following personal data:

    • Contact and identification data. Name, address, telephone number, (business) e-mail address, copy of ID, date of birth, business VAT number (if applicable) and copy of proof of residency;
    • Contract/Agreement data. Information about your financial situation, information related to our products or services, information related to obtaining financial services, bank account information, your risk profile;
    • Data we require to ensure your and our security, to prevent and investigate fraud, to prevent money laundering and financing of terrorism. The personal data that are processed in the external and internal referral registers of Rabobank, any personal data processed in relation to credit reference agencies and in national and international sanctions lists;
    • Recorded calls, (recordings of video chat and online chat sessions), video surveillance, documentation of e-mails. Conversations we have with you, and you have with us, by telephone or in online chat sessions. E-mails you send to us and which we receive from you. Camera images that we record in our offices;
    • Data related to the use of our website, portals or (mobile) applications. Cookies may collect your IP address, data about the applications and devices you use to visit our website, use of our portals or mobile applications in the context of using our services.

  • Special categories of personal data are considered to be more sensitive. This can be confidential information regarding, for example, a person’s health condition, criminal record or data relating to ethnic or racial origin.

    We will only process special categories of personal data where necessary for the applicable purposes. Please see below the special categories of personal data and the purpose related to it.

    Special category of personal data Purpose
    Personal data concerning criminal convictions We may process data related to your criminal record or criminal convictions in the context of anti-money laundering, fraud prevention and regulatory reporting from open sources (e.g. media searches).
    Biometric data If you have registered your fingerprint in any electronic application operated by us (‘App’) to quickly access the App, we process your biometric data.
    Race or ethnic background In the context of preventing terrorism and for tax obligations, we are required to record information about your country of birth. 
    We also might have/take/store your photograph or film you on our CCTV (closed-circuit television).
    However, we do not register your race or ethnic background as a category and we do not use race or ethnic background to make decisions.
     

  • We collect your personal data in the following ways:

    • when an application is made for a financial solution (including a Partner Agreement);
    • when you offer a product or service to us;
    • when you visit our ‘DLL Group’ website (for further details, see cookie statement https://www.dllgroup.com/en/cookie-statement);
    • by receiving it from third parties (e.g., personal data we receive from our Partners, Companies House, credit reference agencies, HM Revenue and Customs and personal data that we receive from companies to which you have given consent to share your data with us);
    • if you enter your personal data on our website with the request to contact you;
    • via email or telephone (if you contact us);
    • when you visit a DLL office via our visitor-registration and if in operation via closed circuit television (‘CCTV);
    • from Rabobank or any of its affiliates, including subsidiaries within DLL Group (see paragraph 10).

  • By law, every personal data processing activity must have a legal basis. This is a justifiable reason to process your personal data.

    Prior to the processing of personal data, we will define the purpose(s) of the processing and will not process personal data in a manner which is not compatible with those purposes.

    We process your personal data for the following purposes:

    To enter into a Customer or Supplier relationship and contract with you.

    Purposes
    Prior to entering into a Customer or Supplier relationship with you, we need to process your personal data. For example, we need to do the following examinations in order to assess whether we can accept you as a Customer or Supplier:

    • Integrity check: When entering into a relationship, as a financial institution, we consult available external and internal referral registers of Rabobank, incidents registers and warning systems and national and international sanctions lists.
    • Verify identity: When entering into a relationship, as a financial institution, we confirm the identity of our customers, their representatives and UBOs. We can do this by making a copy of identity documents, which we will only use for identification and verification purposes.  
    • Know Your Customer: We believe it is important and necessary that we have good knowledge of our Customers and Suppliers. 

    For checking integrity and identity, we may also rely on checks performed by other financial institutions.

    • Credit check: We evaluate whether we are comfortable with entering into a Customer or Supplier relationship.

    As part of the evaluation we assess your credentials from a risk perspective and validate whether you are able to fulfil the payment obligations under the contract. This method is called credit scoring, which is based on automated decision-making. More details, including the logic and legal basis for automated credit scoring, are described in Paragraph 8.

    Legal basis
    We process your data for these purposes because we are under a legal obligation to do so and/or because it is necessary to enter into a contract with you.

    To fulfil your contract.

    Purposes
    Once we have entered into a contract with you, we process your personal data to fulfil the contract as set out below:

    • Account management and contract management: We process personal data for the purpose of establishing and maintaining our business relationship. We also may contact you to seek solutions if arrears should emerge or to share information about the remaining term or outstanding obligations.
    • Services: To provide certain services that are part of the agreement involving third parties.
    • Use of (mobile) applications: We allow you to use our online services. If you use our (mobile) applications and/or portals, we collect your personal data for identity and access management purposes.
    • Complaint handling: We may process your personal data to enable us to handle any complaint or claim that you might have.

    Legal basis
    We process personal data for these purposes because this is necessary in order to perform in terms of the Supplier or Customer contract or because we have a legitimate business interest to pursue or to protect.

    To comply with legal obligations.

    Purposes

    • Observing laws and regulations and providing data to governments, authorities and regulators: We are obliged, based on (international) laws and regulations, to collect, analyze and sometimes transfer your personal data to relevant governments or (supervisory) authorities. See also paragraph 10.

      We must observe laws and regulations to be able to offer financial services to you.

      In addition, we must observe laws and regulations to prevent fraud and criminality, such as the law for preventing money laundering and financing terrorism, which includes that we must determine the ultimate beneficial owner (‘UBO’) of the company with whom we enter into an agreement.

      Where tax authorities, courts or other appropriately authorized governmental authorities request your personal data, we are legally obliged to cooperate with the investigation and for that purpose disclose your personal data.
    • Risk models: Based on European regulations we are legally obliged to develop risk models, which can include personal data. This allows us to determine our risks as well as the extent of the financial buffer we must hold, when providing financial services. These risk models calculate the chances of arrears. These enable us, to prevent possible payment difficulties and/or handle these faster.

    Legal basis
    We process personal data because we are under a legal obligation to do so, or because we would otherwise not be permitted by law to conclude an agreement so that we can comply with a statutory or other legal obligation. In case a law or regulation does not specifically require us to process personal data to meet a legal obligation, but we do require such processing in order to meet that legal obligation we have a legitimate interest to apply such processing.

    To ensure the security and integrity of you, us, and the financial sector.

    Purposes
    As a financial institution, we process your personal data securely and prevent fraud, money laundering and the financing of terrorism.

    • Incident registers and warning systems:We check both prospective and existing Customers against internal (Group) incident registers and warning systems. Also, public authorities provide us with names of individuals with whom financial institutions must not do business or to whom the financial sector must pay extra attention to. We must enter these names into our warning systems. If we consult incident registers and/or warning systems, we may enter your personal data in these registers/systems. In that case, we will notify you unless we are not allowed to do so, for example because the police instructed us not to notify you in the interests of their investigation.
    • Continuous integrity check and Know Your Customer: As a financial institution, we continue to consult external and internal referral registers of Rabobank, incidents registers and warning systems and national and international sanctions lists. We also perform Know Your Customer checks on an ongoing basis.
    • Publicly accessible sources: We consult publicly accessible sources, such as public registers, newspapers and the internet, in an effort to combat fraud, anti-money laundering and prevention of terrorist financing.
    • Security of our offices: We process your personal data to secure and manage physical access to our premises. We will for instance enter your personal information in our visitor registration systems when you visit our premises. In addition, we may also collect personal data through camera surveillance for security reasons.

    Legal basis
    We process your data because this is necessary in order to comply with a legal obligation. If we are not under a direct legal obligation to process your data, we process the data on the basis of the performance of a contact or in the legitimate interest of DLL, the financial sector or our Customers and employees. Such legitimate interest being the protection of the integrity and security of each of the aforementioned parties.

    To help develop and improve products and services.

    Purposes
    We develop and improve products and services on an ongoing basis. We, our Customers or other parties benefit from such activities./p>

    • Improving our website: We may process your personal data when analyzing your visit to our website with the aim of improving our website, portals or (mobile) apps. We use functional cookies and comparable technology for this. Where needed, we will obtain your consent (e.g. for marketing and analytical cookies). See our Cookie Statement for more information.
    • Improving quality of our services: We make and may store recordings of telephone conversations, e-mail messages and online (video) chat sessions. We do this to improve the quality of our services, for example by assessing, coaching and training our employees.
    • Research to improve our products and services: We may carry out research to improve our products and services, by asking you for example to voluntarily provide your feedback or to review a product or service. Such research is either managed internally or we engage a third-party who will solely process your personal data on our instructions and for this purpose only.
    • Creating Customer profiles and interest profiles: Analyzing personal data allows us to see how our products and services are being used.

    Legal basis
    We process personal data because we have a legitimate interest in acquiring information to improve the products and services that we offer as such enabling us to become a preferred and better qualified supplier for our Customers. Where needed we may also ask you for your consent to process your personal data for the purpose of developing and improving our products and services. If you do not provide your consent, this will not affect the services we offer. You can withdraw your consent at any time.

    For promotional and marketing purposes.

    Purposes
    We process personal data for promotional and marketing purposes. We optimize our business relationships by informing our Customers about similar products and services.

    We may use the services of advertisers to advertise to specific target groups, which is done based on established profiles. We never share your personal data with such advertisers.

    Legal basis
    We process personal data because we have a legitimate interest in optimizing our business relationships and informing our Customers about possibilities to extend such business relationships.

    To carry out business processes, management reporting and internal management.

    Purposes
    To carry out business processes, management reporting, and internal management we process personal data:

    • Credit risk: Financial products involve credit risk. We have to determine the level of that risk, so that we can calculate the financial buffer we need to maintain.
    • Transfer of receivables/securitisation: In the event that we cede our agreement with a Customer to another financial institution, our agreement is transferred, or if a merger or demerger occurs, your personal data may be processed by a third party acquiring such contract with us, however, it will be a condition of any such transfer that such third party agrees to comply with applicable privacy and data protection laws and regulations.
    • Internal audits and studies: Where needed, we may use personal data to perform internal audits and investigations, for example in order to examine how well new rules have been introduced or to identify risks.
    • Carry out our business processes: We use personal data to carry out, analyze and improve our business processes so that we can help our Customers more effectively. Where possible, we will anonymize or pseudonymize personal data first.

    Legal basis
    We have a legitimate interest to categorize and establish risks that are inherent to our business, and to take measures to minimize or transfer (part of) these risks accordingly and to improve our business processes for the benefit of our Customers and ourselves.

    For archiving purposes, scientific or historic research purposes or statistical purposes.

    Purposes
    We may process your personal data if this is necessary for archiving purposes in the public interest, scientific or historic research purposes or statistical purposes. Where possible, we will anonymize or pseudonymize your personal data first.

    Legal basis
    When processing personal data for archiving purposes, scientific or historic research purposes or statistical purposes, we process the data on the basis of the legitimate interest of DLL, the financial sector or our clients and employees.

    Where we have indicated that we have a legitimate interest in such processing activity, we have ensured that our legitimate interest does not override your fundamental rights and freedoms.

  • DLL in principal does not enter into business relationships with individuals but rather with legal entities. Therefore automated individual decision-making is not used by DLL. DLL, however, assists local subsidiaries of DLL group in their (automated) credit scoring activities which may include individual decision-making. Such assistance includes, for example, the development and design of risk-models and so called scorecards.

  • Only personnel who require access for the purposes as stated in paragraph 5 and 7 will process your personal data. All our personnel are bound by a duty of confidentiality.

    DLL will process your personal data for the purposes for which these were originally collected. Personal data may also be processed for a legitimate business purpose different from the original purpose (secondary purpose), but only if the secondary purpose relates to the original purpose.

    We are committed to keeping your personal data secure. To prevent unauthorized access or disclosure, we have taken technical and organizational measures to safeguard and secure your personal data. These security measures are aimed at preventing your personal data from being used illegitimately or fraudulently. In particular, we use security measures to ensure the confidentiality, integrity, and availability of your data as well as the resilience of the systems and services that process them and the ability to restore data in the event of a data breach. Where possible, we aim to secure your personal data using pseudonymization or encryption measures. In addition, we test, verify and regularly evaluate the effectiveness of our technical and organizational measures in order to ensure continuous improvement in the security of processing personal data.

  • a. Within the Group

    We are a wholly owned subsidiary of Coöperatieve Rabobank U.A. (‘Rabobank’ and together with its subsidiaries, the (‘Group’).

    Your personal data may be shared within the Group for legitimate purposes, when those entities comply with the rules of Rabobank described in the Rabobank Privacy Code. For example, because your application for a financial product needs involvement of Rabobank when it exceeds certain hurdles.

    This Rabobank Privacy Code describes the requirements that all Group entities globally must meet and guarantee an appropriate level of protection of personal data and serve as the Binding Corporate Rules of the Group.

    b. Outside the Group
    Your personal data may also be transferred to third parties outside the Group if we are legally obliged to do so. We may also pass on your personal data to tax and supervisory authorities or (national) data protection authorities.

    We may cede our agreement with a Customer to another financial institution. Once the agreements have been ceded, the other party will (also) process your personal data. We contractually require compliance with privacy and data protection laws and regulations from such other party prior to sharing your personal data.

    We may share personal data with third parties (such as our marketing agencies or suppliers) that process personal data on our behalf for commercial/marketing purposes.

    Sometimes we engage third parties for processing personal data on our instructions where it is necessary in connection with the purpose for which we collected your personal data. For example, when a company stores data for us.

    We may also disclose your personal data to any relevant party, claimant, complainant, enquirer, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights in accordance with applicable law. Besides that, we may also disclose your personal data to any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security in accordance with applicable law.

    The third parties must first be deemed sufficiently reliable from a privacy and data protection perspective. We only engage third parties if this fits the purposes for which we process your personal data. In addition, these third parties can only be involved if they enter into proper contracts with us, have implemented appropriate security measures, and guarantee that your personal data will remain confidential.

    If we transfer your personal data to third parties outside the European Economic Area (‘EEA’), we take additional measures to protect your personal data. In some countries outside the EEA, the rules for privacy and protection of personal data are different from those that apply within the EEA. If we transfer your personal data to third parties outside the EEA and the European Commission determined that the country in which this third party is located does not offer adequate protection in the area of processing personal data, we will only transfer your personal data in line with the requirements and if approved safeguards are in place, such as the EU Standard Contractual Clauses approved by the European Commission.

  • We do not store your personal data for longer than we need to to achieve the purposes for which we have collected it. We have implemented appropriate technical and organizational measures to ensure that only people that have a right to access your information can access it. For example, our marketing department has access for a shorter period compared to our tax department.

    We will delete personal data at an earlier time if you request us to delete your personal data, unless another law prevails. In certain cases, we may use different retention periods. For example, if a supervisory authority requires us to store certain personal data longer, if you have filed a complaint that makes it necessary to keep the underlying personal data for a longer period, or in specific cases for archiving, legal proceedings, or for historical, scientific research or statistical purposes.

  • a. Right to access and rectification
    You may request access to your personal data processed by us. Should you believe that your personal data is incorrect or incomplete, then you may request us to rectify or supplement your personal data.

    b. Right to erasure (right to be forgotten)
    You may request us to erase your personal data as processed by us. If we do not have any legal obligations or legitimate business reasons to retain your personal data, we will execute your request./p>

    c. Right to restrict personal data
    You may request to limit the personal data processed by us. We may refuse a restriction request if we have a lawful reason to continue the processing of the personal data (e.g. the exercise of a contract, a legal archiving duty, or the establishment, exercise or defense of legal claims).

    d. Right to data portability
    You may request us to provide you with the personal data that you provided to us in connection with a contract with us or which was provided to us with your consent, in a structured and machine readable format or to transfer your personal data to a third party. Should you ask us to transfer personal data directly to a third party, then this can only be done if it is technically possible.

    e. Right to object
    You have the right to object to the processing of your personal data, for example if we record telephone conversations. If you object to processing, we will determine whether your personal data may indeed no longer be used for those purposes. We may then decide to cease the processing of your personal data. We will inform you about our decisions and motivations. You have also the right to request that we stop using your personal data for direct marketing purposes. We will then take steps to ensure you are no longer contacted for direct marketing purposes.

    f. Right to withdraw consent
    If you have provided your consent for specific processing of your personal data, you may at any time withdraw your consent. From that moment, we are no longer allowed to process your personal data.

  • For questions related to this Privacy Statement, please contact our privacy officer via: privacyoffice@dllgroup.com.

    If you would like to exercise any of your rights, please do so by completing this form:

    Submit a request or complaint

    We will respond within one month after we have received your request. In specific cases, we are allowed to extend this period with another 2 months. In order to process your request, we will request you to provide sufficient information to identify you. We may also ask that you further specify your request.

    We will do our best to handle your request, question or complaint in a timely and appropriate fashion.

    If you feel we did not handle your request, question or complaint timely or appropriately, you may also lodge a complaint using the same button in this section.

    If you still feel we did not handle your request, question or complaint timely or appropriately, you can also contact your local Data Protection Authority. You can find the contact details of your local Data Protection Authority below:

    Autoriteit Persoonsgegevens
    P.O. Box 93374
    The Hague, the Netherlands
    Wilmslow
    Telephone number: +31 (0)70 888 85 00

  • This Statement will be updated from time to time. For example, in case of additional legal requirements or if we process personal data for new purposes. Please note that you can find the latest version of this Statement on our website www.dllgroup.com.

Archive

Privacy statement 5 April 2019