Effective Date August 21 2020
Last Updated August 21 2020
LAS and EZ Lease provides various commercial lease management, sourcing and accounting services to lessees, lessors and vendors (the “Services”). LAS uses the Websites as a platform to assist lessees in managing their commercial lease portfolios and leased assets, to source equipment lease financing, and to account for lease transactions under applicable accounting standards. EZ Lease uses the Applications as a platform to assist lessors and lessees with lease finance programs to automate equipment finance and asset management tasks, processes, workflows, and reporting.
2) What information do we collect?
Our primary goal in collecting information from Users is to facilitate the proper functioning of the services we offer through our Applications or Websites and to enable the internal use of software-as-a-service based lease applications and access to the Services. The User Information we collect allows us to provide features that most likely meet our Users’ needs, and to customize our Websites to make Users’ experiences easier and faster.
We do not collect or use, and Users must not to provide us, information that constitutes “sensitive personal information”, including, for example, information specifying medical or health conditions, racial or ethnic origin, or trade union membership. However, some of our Websites do collect some basic consumer or personal information including first and last name, company name, business email address, and country of residence. Sometimes, we also collect telephone numbers, and only occasionally do we collect mailing address or job title.
(a) Registrant and User Information. For Registrants requesting additional information about the Services, or registering for an event, we require you to provide us with personal contact information, such as name, company name, phone number, and email address (“Registrant Information”). For our Lease Accounting Summit website information such as credit card details, and billing address will also be collected at https://www.leaseaccountingsummit.com. To access and use Applications, each User or an authorized agent of the User’s employer (“Registrar”) must register using our online registration form, where the User is required to provide us with User information consisting of the User’s name and work e-mail address, and may also elect to provide business telephone numbers, business address, and employer-assigned employee number for the User.
(b) Transaction Information. Each commercial lease transaction managed, sourced (including requests for proposals, quotes and other bidding activities) or accounted for using the Services is called a “Transaction”. Information regarding each Transaction (“Transaction Information”) includes the operative lease terms (e.g. corporate name of lessor and lessee, start and end date, end of term options, conditions to funding, breach, remedies and notice provisions), payment terms (e.g. number and amount) and a description of the property that is the subject of the Transaction (e.g. property cost and where it is to be located). Because LAS and EZ Lease only provide Services with respect to Transactions between businesses, Personal information included within Transaction Information is limited and may include the name, job title, email address, office address and phone number of individuals who are identified in the sourcing communications as contacts and in notice or contact provisions of or as signatories to the lease documentation as representatives of the lessee, lessor or other party to the Transaction. Users must also provide us with Transaction Information concerning Transactions initiated through our Application. Requests for proposals (“RFPs”) by Users seeking lease financing (“RFP Authors”) are available to multiple financing sources for bidding (“RFP Bidders”). RFP Bidders’ proposal responses (“Proposals”) are private among the RFP Author, the responsive RFP Bidder and us. Award terms are private among the RFP Author, the selected RFP Bidder (the “Selected Bidder”) and us. Those RFP Bidders whose Proposals are rejected are notified of such rejection.
(c) Usage Information. We also automatically track, using different techniques, certain session information about Users based upon their behavior while on our Application and Website. Such information may include the website pages visited, the files that are downloaded, the videos that are played, URL that the User just came from, which URL the User next goes to, what browser the User is using, and the User’s IP address.
(d) Data of Children. We do not knowingly collect data of anyone under the age of 18. The Websites are not directed toward individuals under the age of 18, and we request that such individuals do not provide us Personal Information. If we learn that a minor has provided us with Personal Information through the Websites, we will delete this information from our files. If you are the parent or legal guardian of a minor and believe we have been provided personal information of a minor, please see how to contact us below.
3) How do we use information we collect from and about Users and Registrants?
We limit the use of Registrant Information and User Information to administration of our Websites, to delivery of the requested Services to our Users and to communications with and marketing to Registered Users regarding their interest in our Services. The Usage Information we collect allows us to provide features that most likely meet our Users’ needs, and to customize our Applications and Websites to make Users’ experiences easier and quicker.
4) What information do we disclose to third parties?
Our policies regarding the sharing of User Information and Transaction Information are as follows:
- We may disclose User Information or Transaction Information to the companies with whom the User is employed or deals, directly or indirectly, in connection with a Transaction or other dealings using our Application.
- We may disclose User Information or Transaction Information to third parties we engage to facilitate our Services. In such instances, we obligate those third parties to conform to our privacy standards. Instances where this sharing of information may occur include the following illustrative (but not exclusive) examples:
- We may share User Information and Transaction Information to allow potential RFP Authors to decide if a User should be sent an RFP or otherwise contacted to see if the User might be a potential RFP Bidder.
- When a User elects to solicit, send out or respond to an RFP, we may share User Information and Transaction Information with the potential participants.
- Other than in the course of providing our Services as described above, we do not share personal data whether included in User Information or Transaction Information with third parties. However, our data is stored by third party SAAS providers. LAS obtains a non-disclosure agreement from each third-party vendor to ensure all information remains confidential. If our business model changes in the future and we decide to use any personal information other than to provide our Services as described above or we decide to share personal information with non-agent third parties, before such change in use or sharing, we will notify each individual whose personal information we have and give such person the choice to “opt-out” of such change in use or disclosure of such personal information.
- We do not sell information collected from you to any third parties.
In cases of onward transfer to third parties of data of EU, UK and Swiss individuals received pursuant to the EU-US Privacy Shield and Swiss-US Privacy Shield (see Paragraph 14 below), we remain liable for the transfer of personal data to agent third parties unless we can prove we were not a party to the events giving rise to the damages.
We may occasionally aggregate our User Information or Transaction Information and disclose such information to third parties in aggregate form for a number of business purposes, including running and enhancing our Application and Website. In these situations, we do not disclose any information that could be used to identify our Users.
We reserve the right to disclose or report information about our Users in limited circumstances where we believe in good faith that disclosure is required to protect our rights or the rights of our Users.
We may disclose User Information or Transaction Information as we reasonably believe the User has authorized us to do so.
We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
We acknowledge the right of individuals to access their personal data to review, correct, or delete their information. Users can correct factual errors in the User’s personally identifiable information (name, e-mail address, etc.) by contacting the party who asked the User to register as a User or by sending an e-mail to: email@example.com. To protect a User’s privacy and security, we will also take reasonable steps to verify the User’s identity before making corrections. Users requesting information regarding our Services may request our deletion of the Users contact information by sending an e-mail to:firstname.lastname@example.org.
5) How do we manage disclosures by Users?
The Application provides Users the opportunity to disclose their own information to other Users. Users are solely responsible for, and we have no control over and do not audit, such disclosures.
That said, cookies are stored on a User’s hard drive, and not on our Website. If a User navigates away from the Website applications, they are required to log in again to preserve the security of our Website services.
Additionally, we use persistent cookies to personalize and enhance the experience of users visiting our Website. Our application will collect unique identifiers about each registered user and tracks the web pages visited, files downloaded, and videos played. The information collected in cookies is used to enhance the user experience and website design. It is not shared with third parties.
Learn how to use your browser to disable / block cookies here https://www.wikihow.com/Disable-Cookies.
7) How do we protect User information and transaction information?
We take security measures to help safeguard User Information and Transaction Information from unauthorized access. For example, our corporate policies provide that employees with access to confidential information about our Users may not use or disclose the information except for our business use.
8) How do we manage Q&A and collaboration?
The Application enables inter- and intra-company Q&A communication and collaboration communications directly between Users. Q&A communications are private between lender and borrower, syndicator or vendor. Collaboration communications are private within a User’s organization and cannot be viewed by any third-party Users. Q&A communications between Users and collaboration communications between or among individuals within a User’s organization are secure utilizing the same technology as described in Section 7, above. E-mail communications between Users and between the Users and us are subject to the limitations of general Internet security.
9) How do we expect Users to manage passwords and logging off?
A User password is a private entry key into the User’s workspace, i.e. “My RFPs” for borrowers, syndicators and vendors and “My RFPs & Proposals” for lenders. A User should never share his password with anyone and the User should change it periodically. A User will be required to change his password after repeated failed attempts. A User can change his password at any time by logging in to our Website and accessing the User’s Profile. After a User has finished accessing the applications, the User must log off. This prevents someone else from accessing User Information and Transaction Information if the User leaves his computer unattended.
10) How do we manage changes to User information and transaction information?
Users have access to and the ability to update their contact information within LeaseAccelerator. If a User has a concern about their User Information, or wants to correct, update, or confirm such information, the User should log in to our Application and view and/or change such information. For instructions on how to make such changes, please refer to our “Help” menu. Please note: Users will not have the ability to do the aforementioned on our websites or Alliance Portal (https://enterpriseleaseaccounting.com/).
11) What happens in the event of inadvertent disclosure of confidential information?
12) How do we manage attempts to access restricted information?
Each User agrees that he will not and will not assist any other person in attempting to access information it is not authorized to see. Each User agrees not to disclose to third parties the User’s password. Each User agrees not to attempt to circumvent any of our security measures.
13) Is this a consumer website?
No. Our Application and Website is intended for business/commercial use only. Our Application and Website is not intended for consumer use. Each User agrees not to use our Website to provide or store any consumer information, including without limitation, social security numbers, credit card numbers or individual bank account information. Each User agrees not to disclose personal information, other than as described in Section 2(a) and its employer assigned identifying information (e.g. employee number), about any individual when using our Website.
15) How do we manage GDPR Compliance for EU data subjects?
If you are located in the European Economic Area, you may have the following rights to the extent provided by law:
- Request access to and receive information about the Personal Information we may maintain about you, update and correct inaccuracies in your Personal Information, restrict or object to the processing of your Personal Information, have the information deleted, or exercise your right to data portability to easily transfer your Personal Information to another company.
- Lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where an incident took place.
- Withdraw any consent you previously provided to us regarding the processing of your Personal Information, at any time and free of charge. We will apply your preferences going forward and this will not affect the lawfulness of the processing before your consent withdrawal.
In our contractual documents with Users the parties agree that the General Terms, the Order Form, your provision of instructions via configuration tools such as the APIs made available by us for the Environments and all email, electronic and telephonic communications from you to us within the scope of our Support Services or Professional Services constitute your instructions regarding our processing of “Personal Data,” as that term is defined in the GDPR (“Instructions”). We will process Personal Data only in accordance with your Instructions unless required by applicable law. If we are required to process Personal Data under an applicable law, we shall inform you of that requirement before processing the Personal Data to the extent permitted under applicable law. “Processing” and its derivations shall have the meaning set forth in the GDPR.
The subject matter of the Processing under an Agreement is Your Data. As between us and you, the duration of the data processing under an Agreement is the term of the Agreement. The purpose of the Processing of Your Data is the provision of Services as defined in the General Terms and Order Form, including any statement of work attached thereto. The nature of the Processing is to compute, store and process incident to the provision of the Services. The data subjects may include your Users.
We shall take reasonable steps to ensure the reliability of any employee, agent, contractor, or subcontractor of ours who may have access to Personal Data, ensuring in each case that the access is strictly limited to those individuals who need to know or access the relevant Personal Data, as strictly necessary under the Agreement or as required under applicable law. We shall ensure that any such employee, agent, contractor, or subcontractor is subject to reasonable confidentiality obligations or professional or statutory obligations of confidentiality.
Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and security for the rights and freedoms of natural purposes, we shall implement appropriate technical and organizational measures to assure a level of security appropriate to that risk, including as appropriate the measures referred to in Article 32(1) of the GDPR.
Taking into account the nature of the processing, we will assist you by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of your obligations, as reasonably understood by you, to respond to requests by data subjects to exercise their rights under applicable data protection laws.
We will (a) promptly notify you if we or our sub-processors receive a request from a data subject under any data protection law in connection with Personal Data related to you; and (b) ensure that we and any sub-processor do not respond to that request except on your documented instructions or as required under any applicable law. If we are obligated to provide any such notice under applicable law, we will notify you of that legal requirement before responding to any data subject’s request, unless prohibited under applicable law.
In the event of a security incident, we will notify you without undue delay upon becoming aware of a breach affecting the Personal Data and will provide you with sufficient information to permit you to meet any obligations to report or inform the affected data subjects of the breach as required by applicable law. We will co-operate with you and your designees and take such reasonable commercial steps as are directed by you to assist in the investigation, mitigation, and remediation of each such breach.
We will provide reasonable assistance to you with any data protection impact assessments, and prior consultations with any competent data protection authorities, required of Client by Article 35 or Article 36 of the GDPR or equivalent provisions of any other data protection law, in each case solely in relation to processing of your Personal Data by, and taking into account the nature of the processing and information available to, us and our sub-processors.
Deletion of Personal Data.
Subject to the provisions below, we will promptly and in any event within 30 days of the termination date of the Agreement, delete and assure deletion of all copies of Personal Data provided by or on behalf of you under the Agreement.
Subject to the provisions below, you may in your absolute discretion by written notice to us within ten days of the termination date of the Agreement require us and our sub-processors to (a) return a complete copy of all Personal Data to you by secure file transfer in such format as is reasonably notified by you to us; or (b) delete and assure deletion of all other copies of Personal Data provided by or on behalf of you. We will comply with any such notice within 30 days of the receipt of such notice.
We and our sub-processors may retain Personal Data to the extent required under applicable law and only to the extent and for such period as required by applicable law and always provided that we will ensure the confidentiality of such Personal Data and will ensure that the Personal Data is only processed as necessary for the purposes specified by the applicable law and for no other purposes.
Please access the link provided for more information regarding our supervising Data Protection Authority:
16) How do we manage California privacy requirements?
Other than cookies obtained from website visitors, and user email addresses, we do collect some basic consumer personal information including first and last name, company name, business email address, and country of residence. Sometimes, we also collect telephone numbers, and only occasionally do we collect mailing address or job title. To that end, if you reside in California and suspect you have provided your Personal Information to Lease Accelerator, you have the right to request that we:
- Disclose the categories and specific pieces of Personal Information we have collected;
- Disclose the categories of sources from which the Personal Information is collected;
- Disclose the purpose for collecting or selling your Personal Information;
- Disclose the categories of third parties with whom we share your Personal Information;
- Delete any Personal Information about you that we have collected from you, subject to certain exceptions; and
- Not sell your Personal Information.
Such requests must be submitted to us in writing at the e-mail address or physical address indicated under hot to contact us below.
17) How do we handle European Union (“EU”) and Switzerland notice requirements?
LeaseAccelerator Services, LLC. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
To protect a User’s privacy and security, we will also take reasonable steps to verify the User’s identity before making corrections.
18) What is the main U.S. regulatory agency that governs us?
We are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
19) Do we link to other websites?
The fact that we provide links to a given website is not an endorsement, authorization or representation that we are affiliated with that third party, neither is it an endorsement of their privacy or information security policies or practices. These other websites may place their own cookies or other files on your computer, collect data, or solicit personal information from you. We are not responsible for the content or privacy and security practices and policies of third-party websites or services. We encourage you to learn about third parties’ privacy and security policies before providing them with personal information.
20) How to contact us?
10740 Parkridge Blvd. Suite 701
Reston, VA 20191
North America: +1 866 446 0980
Europe: +44 800 048 8544
Asia Pacific: +61 2 8310 8814