The privacy and the protection of Personal Data is important to De Lage Landen Financial Services Canada Inc. (“DLL”). This Canadian Privacy Statement (the “Privacy Statement”) outlines in a transparent manner how we collect, use and store Personal Data and meet our data protection obligations.
For questions related to the Privacy Statement or the processing of Personal Data in general, please contact us via: CanadianPrivacy@dllgroup.com
This Privacy Statement was last updated on: April 1, 2022
This Privacy Statement is applicable to processing of Personal Data of:
- Customers and Suppliers of DLL;
- Individuals that visit DLL’s office or use our services on dllgroup.com or other applicable websites;
“Customers” means anyone who has at any time agreed to, or applied for, a (financial or Partner) solution offered by DLL, either as an end-user/client or as a Partner.“Partners” means equipment manufacturers and software developers and their respective distribution partners (from authorized distributors and independent dealers to resellers).
“(DLL) Member” means current and former employees, (supervisory) directors, consultants, temporary staff, individual contractors, interns, secondees and contract employees (also referred to as ‘you’ or ‘your’).
“Suppliers” means anyone who has at any time agreed, or offered to, provide any product or service to DLL.
Within the different groups as identified above we may apply different forms of processing. If such differentiation is applicable and deemed relevant by us, we will mark that out in this Privacy Statement.
As a Customer or Supplier, if you transfer any Personal Data concerning your employees, representatives or ultimate beneficial owners (UBOs) to us, we also expect your employees, representatives or UBOs to be informed about this. You can give this Privacy Statement to them so that they can learn how and why we process their Personal Data.
DLL is a finance partner for equipment and technology assets. We deliver sustainable and effective solutions to move assets to market, throughout the entire asset life cycle: commercial finance, retail finance and used equipment finance. We work closely with our Partners to provide financing solutions to end-users of equipment and technology assets.
DLL processes your Personal Data in accordance with applicable privacy and data protection laws and as stipulated in this Privacy Statement. With this Privacy Statement we want to inform you in a transparent manner on the most important standard activities and legal bases on which we process your Personal Data.
De Lage Landen Financial Services Canada Inc.
5046 MAINWAY, UNIT 1
Telephone: +1 (877) 500 5355
DLL is a wholly owned subsidiary of De Lage Landen International B.V., which is a wholly owned subsidiary of Coöperatieve Rabobank U.A. (“Rabobank” and together with its subsidiaries, the “Rabobank Group”). Data may be shared within Rabobank Group to the extent such sharing is permitted by law. When sharing data within Rabobank Group, DLL will comply with the rules that we have agreed within Rabobank Group, the Rabobank Privacy Code, which serve as the Binding Corporate Rules of the Rabobank Group.
Questions about this Privacy Statement or the processing of Personal Data in general can be directed to our local compliance officer at CanadianPrivacy@DLLgroup.com.
“Personal Data” means any information directly or indirectly relating to an individual, or any other information, that can be used to identify an individual.
Personal Data is ‘processed’ when any activity or set of activities is performed on the Personal Data. This includes the collection, storage, access, use, transfer, disclosure and removal of Personal Data.
DLL may process the following Personal Data when you apply for a job or position at DLL, once you are selected to work for DLL, throughout your employment with DLL and after the end of your employment:
Recorded calls, (recordings of video chat and online chat sessions), video surveillance, documentation of e-mails
Conversations we have with you, and you have with us, by telephone or in online chat sessions. E-mails you send to us and which we receive from you. Camera images that we record in our offices. These are captured for quality and auditing purposes.
Data related to the use of our website, portals or (mobile) applications.
- Cookies may collect your IP address, data about the applications and devices you use to visit our website, use of our portals or mobile applications in the context of using our services.
- Information on your social networking and instant messaging accounts (LinkedIn, XING, etc.).
- Data generated by your participation in behavior/cognitive assessments. You will receive more information about the nature of such assessments before you participate in any of them.
- Information related to pre-employment screening on integrity and capability, depending on the position you are applying for.
Bank account numbers, credit card numbers, cardholder or accountholder name and details, instruction records, transaction details, only as collected through our Pre-authorized Debit Agreement.
Closed-circuit television (‘CCTV’):
Your photograph and video recordings when on DLL property.
Recording of telephone conversations for improving quality of our services:
- Recording (details), name, telephone number, performance conversation details.
- Signed source documents of requested changes to data.
- Email correspondence related to performance/dispute/legal cases.
- Photographs, video or audio tapes, transcriptions or other recordings.
- We may process data related to your criminal record or criminal convictions in the context of anti-money laundering, fraud prevention, pre-employment screening and regulatory reporting from open sources (e.g. media searches).
- We consult (directly or via third parties) financial industry incident databases and alert systems in which for example cases of fraud against financial institutions are registered.
If you have registered your fingerprint in any electronic application operated by us (‘App’) to quickly access the App, we process your biometric data.
- In the context of preventing terrorism and for tax obligations, we are required to record information about your country of birth.
- We also might have/take/store your photograph or film you on our CCTV (closed-circuit television).
- However, we do not register your race or ethnic background as a category, and we do not use race or ethnic background to make decisions.
- It is necessary to register that you are out ill from work, and in that event, DLL is obliged to make efforts for your reintegration and/or to support you in your recovery, DLL will process information relating to that situation.
- If you have health problems that must be addressed by the provision of certain facilities in the workplace, this will also involve the processing of Personal Data concerning health. For example, modification of your workspace or the evaluation of whether you are capable of performing certain working activities.
Religion or philosophy of life
This data may be processed for the purposes of accommodating religious or philosophical practices, dietary wishes, or religious holidays.
We may collect your Personal Data in the following ways:
- If you apply for a financial or Partner solution, either as an end-user/client or as a Partner.
- If you offer a product or service to us.
- By receiving it from third parties (e.g. Personal Data we receive from our Partners, a Credit Reporting Agency, your financial institution and Personal Data that we receive from companies to which you have given consent to share your data with us).
- If you enter your Personal Data on our website with the request to contact you; when you visit any of our websites or use any features or resources available on or through a website or Member App (for further details, see cookie statement on applicable website, portal or (mobile) app).
- Via email or telephone (if you contact us).
- When you visit a DLL office via our visitor-registration and if in operation via Closed Circuit Television (‘CCTV);
- From affiliates within the Rabobank Group
- When you give your consent to take and use your photographs, video or audio tapes, transcriptions or other recordings for e.g. DLL website or social media;
By law, every use of Personal Data must have a legal basis. This is a justifiable reason to use your Personal Data.
Prior to using any Personal Data, we will define the purpose(s) of the use and will not use Personal Data in a manner which is not compatible with those purposes.
We use your Personal Data for the following purposes:
Purpose Explanation To enter into a Customer relationship and contract with you. Prior to entering into a Customer or Supplier relationship, we use Personal Data in order to perform an integrity, background and credit check. This allows us to validate whether you are able to fulfil the payment obligations under the contract. This method is called credit scoring, which is based on automated decision-making. Automated decision- making is dealt with below. To fulfil your contract. Once we have entered into a contract with you, we use your Personal Data to maintain our business relationship with you. We may contact you to seek solutions if arrears should emerge or to inform you about the remaining term or outstanding obligations. Certain services that we provide involve the use of third parties and require us to share certain Personal Data. This agreement also allows you to use our mobile and online services. We may use your Personal Data to enable us to handle any complaint or claim that you might have. To comply with legal obligations. We are obliged, based on (both international and local) laws and regulations, to collect, analyze and sometimes transfer your Personal Data to relevant governments or (supervisory) authorities. We must observe laws and regulations to prevent fraud and criminality. Where tax authorities, courts or other appropriately authorized governmental authorities request your Personal Data, we are legally obliged to cooperate with the investigation and for that purpose may need to disclose your Personal Data. Personal Data may also be used in risk models. To ensure the security and integrity of you, us, and the financial sector. As a financial institution, we process your Personal Data securely and prevent fraud, money laundering and the financing of terrorism. We consult internal (Group) incident registers and warning systems. Public authorities also provide us with names of individuals, with whom financial institutions must not do business. We continue to consult external and internal referral registers of Rabobank; incidents registers and warning systems and national and international sanctions lists. We will process your Personal Data to secure and manage physical access to our premises. To help develop and improve products and services. We develop and improve products and services on an ongoing basis. We, our Customers or other parties benefit from such activities. This allows us to improve our services, website, and products. It also allows us to enhance the user experience. For promotional and marketing purposes. We may use Personal Data we have obtained from you and from other parties (such as Partners). We optimize our business relationship with you by informing you about similar products and services, within the boundaries suitable for you. This enables you to make use of our solutions to their maximum potential. We may also ask your consent to process your data for promotional and marketing purposes.
We may use the services of advertisers to advertise to specific target groups, which is done based on established profiles. We never share your Personal Data with such advertisers.
To carry out business processes, management reporting and internal management. Including: Credit risk, Internal/ external audits, and to carry out and improve our business processes.
In the event that we transfer our agreement with you to another financial institution, our agreement is taken over, or if a merger or demerger occurs, your Personal Data may be processed by a third party acquiring your contract with us, however, it will be a condition of any such transfer that such third party agrees to comply with applicable privacy and data protection laws and regulations.
For archiving purposes, scientific or historic research purposes or statistical purposes. We may process your Personal Data if this is necessary for archiving purposes in the public interest, scientific or historic research purposes or statistical purposes. Where possible, we will anonymize or pseudonymize your Personal Data first.
We will only make a decision based solely on automated processing including profiling which produces legal effects concerning you or significantly affects you, in the event it is allowed by law, and we have notified you.
Logic of automated credit-scoring
A pre-defined minimum-score is required to have you accepted as a Customer. The higher the score, the smaller the risk you pose to creditors. In addition, you may be disqualified by showing up on watch-lists published by the financial sector or the Rabobank Group.
The credit-score is calculated based upon several components:
Below, we list the most important components that influence your credit score:
- Your financial standing: Based upon Personal Data provided by you in the process of credit-scoring, we consult external credit rating agencies to acquire relevant financial information (credit-rating, financial statements, turn-over/solvency, payment history). If you already have or had a relation with us in the past, we combine the aforementioned (external) financial information with internal payment history related to you;
- The applicable conditions and characteristics of the DLL Partner Program under which you apply for a financial solution;
- Activity codes of the branch(es) in which you operate and the type of asset(s) you want to finance with us.
Significance and envisaged consequences of automated credit-scoring
In a case where the minimum-score is not achieved, a DLL member will review the credit application. If, after this review, we still cannot grant credit for any reason, the DLL member will then issue a decline.
Specific rights you have relating to automated decision making
Your credit score may be calculated based on automated decision making, however, this will always be balanced against your right to request a manual review of the decision. You have the right not to be subject to a decision based solely on automated credit-scoring. Based upon the notification that automated credit scoring will be applied to you, you can object to such automated credit scoring. In that case a manual human intervention will be part of the credit scoring applied by us.
When automated credit scoring is finalized and you want to express your point of view and contest the (automated) decision, you also have the right to invoke human intervention. In that case a person will review and reassess the automatically generated decision.
Legal basis of the credit score
There are different applicable legal grounds that apply to different credit checks, which will vary case-by-case and are described below:
- the decision is made by DLL for purposes of (a) entering into, or performing a contract or (b) managing the contract, provided the underlying request leading to a decision by DLL was made by you; or
- In certain cases where the legal ground mentioned under a) does not apply to us, we may base our processing of your Personal Data on a legal obligation to do so. Such ground will be depending on the existence of applicable law that requires us to assess your ability to fulfill your payment-obligations under the contract with us before entering into such a contract.
- We, or our Partners, will ask your consent before we, or our Partners, perform a credit check or credit score.
Only personnel who require access for the purposes as stated in this Privacy Statement will use your Personal Data. All our personnel are bound by a duty of confidentiality.
Generally, we use your Personal Data for the purpose(s) for which these were originally collected. Personal Data may also be used for a corresponding purpose.
For example, you apply for a position that in the end does not suit you, but when we think you are suitable for another/similar position, we might include you in the procedure for the other/similar position.
We are committed to keep your Personal Data secure. To prevent unauthorized access or disclosure, we have taken technical and organizational measures to safeguard and secure your Personal Data. These security measures are aimed at preventing your Personal Data from being used illegitimately or fraudulently. In particular, we use security measures to ensure the confidentiality, integrity, and availability of your Personal Data as well as the resilience of the systems and services that process them and the ability to restore Personal Data in the event of a data breach. Where possible, we aim to secure your Personal Data using pseudonymization or encryption measures. In addition, we test, verify and regularly evaluate the effectiveness of our technical and organizational measures in order to ensure continuous improvement in the security of processing Personal Data.
a. Personal Data Within the Group
We are a wholly owned subsidiary of De Lage Landen International B.V., who is a wholly owned subsidiary of Coöperatieve Rabobank U.A. (“Rabobank” and together with its subsidiaries, the (“Group”).
Your Personal Data may be shared within the Group for legitimate purposes, when those entities comply with the rules of Rabobank described in the Rabobank Privacy Code (“Privacy Code”). This Privacy Code describes the requirements that all Group entities worldwide must meet and guarantee an appropriate level of protection of Personal Data and serve as the Binding Corporate Rules of the Group.
b. Outside the Group
Your Personal Data may also be transferred to third parties outside the Group if we are legally obliged to do so, because we need to identify you before we enter into an agreement with you or because we use a third party for meeting the obligations, we entered into with you. We may also pass on your Personal Data to tax and supervisory authorities or (national) data protection authorities.
If you do not pay on time, we may transfer your Personal Data to third parties that we need in the context of our services (for example, bailiffs and lawyers).
We may pass on your Personal Data to Partners to work together on Customer opportunities and/or remarketing strategies. For example, we can share the start and end date of the contract or relevant developments that happen during the duration of the contract with our Partners.
We may transfer our agreement with you to another financial institution. Once the agreements have been transferred, the other party will also process your Personal Data. We agree with the other party that it must comply with privacy and data protection laws and regulations.
We may share Personal Data with third parties (such as our marketing agencies or suppliers) that process Personal Data on our behalf for commercial/marketing purposes.
Sometimes we engage Partners and third parties for processing Personal Data on our instructions where it is necessary in connection with the purpose for which we collected your Personal Data. For example, when a Partner supports us in providing our services to you or a company that stores data for us.
We could also disclose your Personal Data to any relevant party, claimant, complainant, enquirer, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights in accordance with applicable law. Besides that, we could also disclose your Personal Data to any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security in accordance with applicable law.
The third parties must first be deemed sufficiently reliable from a privacy and data protection perspective. We only engage third parties if this fits the purposes for which we process your Personal Data. In addition, these third parties can only be involved if they enter into proper contracts with us, have implemented appropriate security measures and guarantee that your Personal Data will remain confidential.
If we transfer your Personal Data to third parties located in a country which is deemed not to provide an adequate level of data protection, we take extra measures to protect your Personal Data.
We do not store your Personal Data longer than we need to for the purposes for which we have collected it. We have implemented appropriate technical and organizational measures to ensure that only people that have a right to access your information can access it. In addition, we take applicable law and regulations into account when your Personal Data is stored which means that we can use different storage periods. For example, if the supervisory authority requires us to store certain Personal Data longer or if you have filed a complaint that makes it necessary to keep the underlying Personal Data for a longer period.
We will delete Personal Data at an earlier time if you request us to delete your Personal Data, unless another law prevails. In certain cases, we may use different retention periods. For example, if a supervisory authority requires us to store certain Personal Data longer, if you have filed a complaint that makes it necessary to keep the underlying Personal Data for a longer period, or in specific cases for archiving, legal proceedings, or for historical, scientific research or statistical purposes.
Right to access and rectification
You can ask us to access your Personal Data collected by us. Should you believe that your Personal Data is incorrect or incomplete, then you can ask us to rectify or supplement your Personal Data.
Right to restrict Personal Data
You can ask us to limit the Personal Data used by us. We may refuse a restriction request if we have a lawful reason to continue using the Personal Data (e.g. the exercise of a contract, a legal archiving duty, or the establishment, exercise or defense of legal claims).
Right to data portability
You have the right to ask us to receive the Personal Data that you provided to us with your consent, in a structured and machine readable format or to transfer your Personal Data to a third party. Should you ask us to transfer Personal Data directly to a third party, then this can only be done if it is technically possible.
Right to object
You have the right to object if we process your Personal Data, for example if we record telephone conversations. If you object to processing, we will determine whether your Personal Data can indeed no longer be used for those purposes. We can then decide to cease using your Personal Data. We will inform you about our decisions and motivations. You have also the right to request that we stop using your Personal Data for direct marketing purposes. We will then take steps to ensure you are no longer contacted for direct marketing purposes.
Right to withdraw consent
If you have given your consent to us for specific uses of your Personal Data, you can at any time withdraw your consent. From that moment, we are no longer allowed to use your Personal Data.
Please refer to DLL’s Global Privacy Standard and Procedures on Individual Rights for more information on Individual Rights Requests.
For questions related to this Privacy Statement, please contact our local privacy officer or local compliance officer via CanadianPrivacy@DLLgroup.com.
If you would like to exercise any of your rights, please do so by completing this form:Submit a request or complaint
We will respond within one month after we have received your request. In specific cases, we are allowed to extend this period with another 2 months. In order to process your request, we will request you to provide sufficient information to identify you. We may also ask that you further specify your request.
We will do our best to handle your request, question or complaint in a timely and appropriate fashion.
If you feel we did not handle your request, question or complaint timely or appropriately, you may also lodge a complaint using the same button in this section.
If you still feel we did not handle your request, question or complaint timely or appropriately, you can also contact your local Data Protection Authority. You can find the contact details of your local Data Protection Authority below:Toll-free: 1-800-282-1376
Office of the Privacy Commissioner
30, Victoria Street
Phone: (819) 994-5444
This Privacy Statement will be updated from time to time. For example, in case of additional legal requirements or if we process Personal Data for new purposes. Please note that you can find the latest version of this Privacy Statement on our website dllgroup.com or at this link Privacy statement | DLL - financial solutions partner (dllgroup.com)