LeaseAccelerator Privacy Policy

Effective Date: August 19, 2019
Last Updated – August 2019

LeaseAccelerator Services, LLC (“LAS”) and its sister company LeaseAccelerator Vendor Services, LLC (“LVS”, which are collectively referred to below as “we” or “us” and in the possessive “our”) are committed to protecting the privacy of persons who visit our websites (“Visitors”), whether as customers or personnel of customers who are registered to use our Services (“Users”) or visitors who register for additional information or to attend our presentations (“Registrants”). This Privacy Policy describes how we collect, use and disclose information about Visitors and their use of our applications (lease accounting, management, and sourcing) and our websites https://explore.leaseaccelerator.com/; https://www.lessornetwork.com, https://leaseaccounting.com; https://enterpriseleaseaccounting.com; https://www.leaseaccountingsummit.com; https://explore.leaseaccelerator.com/learning-center/; http://lifeatleaseaccelerator.com/; http://leaseacceleratorstore.com/ and subdomains (our “Websites”).

We respect the privacy of our Visitors. This Privacy Policy and the steps we take in compliance with its terms are driven by this respect for privacy. Each Visitor to our Application and Website must respect the needs of all other Visitors by complying with our Privacy Policy. Please read this Privacy Policy carefully with this in mind. This Privacy Policy is incorporated into and subject to the terms of our Terms of Use. These Terms of Use are also accessible from the home page of our corporate Website https://explore.leaseaccelerator.com/.

This Privacy Policy governs our conduct and the conduct of individuals we employ or manage. If a Visitor visits a website that we mention or link to, any information the User provides to that site will be governed by that site’s privacy policy.

LAS and LVS provides various commercial lease management, sourcing and accounting services to lessees, lessors and vendors (the “Services”). LAS uses the Websites as a platform to assist lessees in managing their commercial lease portfolios and leased assets, to source equipment lease financing, and to account for lease transactions under applicable accounting standards. LVS uses the Applications as a platform to assist lessors and vendors with lease finance programs to automate equipment finance and asset management tasks, processes, workflows, and reporting.

1) Information We Collect

Our primary goal in collecting information from Users is to facilitate the proper functioning of the services we offer through our Applications and Websites and to enable the internal use of software-as-a-service based lease applications and access to the Services. The Usage Information we collect allows us to provide features that most likely meet our Users’ needs, and to customize our Websites to make Users’ experiences easier and faster.

(a) Registrant and User Information. For Registrants requesting additional information about the Services, or registering for an event, we require you to provide us with personal contact information, such as name, company name, phone number, and email address (“Registrant Information”). For our Lease Accounting Summit website information such as credit card details, and billing address will also be collected. (https://www.leaseaccountingsummit.com) To access and use Applications, each User or an authorized agent of the User’s employer (“Registrar”) must register using our online registration form, where the User is required to provide us with user information consisting of the User’s name and work e-mail address, and may also elect to provide business telephone numbers, business address, and employer-assigned employee number for the User.

(b) Transaction Information. Each commercial lease transaction managed, sourced (including requests for proposals, quotes and other bidding activities) or accounted for using the Services is called a “Transaction”. Information regarding each Transaction (“Transaction Information”) includes the operative lease terms (e.g. corporate name of lessor and lessee, start and end date, end of term options, conditions to funding, breach, remedies and notice provisions), payment terms (e.g. number and amount) and a description of the property that is the subject of the Transaction (e.g. property cost and where it is to be located). Because LAS and LVS only provide Services with respect to Transactions between businesses, Personal information included within Transaction Information is limited and may include the name, job title, email address, office address and phone number of individuals who are identified in the sourcing communications as contacts and in notice or contact provisions of or as signatories to the lease documentation as representatives of the lessee, lessor or other party to the Transaction. Users must also provide us with Transaction Information concerning Transactions initiated through our Application. Requests for proposals (“RFPs”) by Users seeking lease financing (“RFP Authors”) are available to multiple financing sources for bidding (“RFP Bidders”). RFP Bidders’ proposal responses (“Proposals”) are private among the RFP Author, the responsive RFP Bidder and us. Award terms are private among the RFP Author, the selected RFP Bidder (the “Selected Bidder”) and us. Those RFP Bidders whose Proposals are rejected are notified of such rejection.

(c) Usage Information. We also automatically track, using different techniques, certain session information about Users based upon their behavior while on our Application and Website. Such information may include the website pages visited, the files that are downloaded, the videos that are played, URL that the User just came from, which URL the User next goes to, what browser the User is using, and the User’s IP address.

We do not collect or use, and Users must not to provide us, information that constitutes “sensitive personal information”, including, for example, information specifying medical or health conditions, racial or ethnic origin, or trade union membership.

2) Our Use of Information We Collect from and about Users and Registrants

We limit the use of Registrant Information and User Information to administration of our Websites, to delivery of the requested Services to our Users and to communications with and marketing to Registered Users regarding their interest in our Services. The Usage Information we collect allows us to provide features that most likely meet our Users’ needs, and to customize our Applications and Websites to make Users’ experiences easier and quicker.

We use the information about Users that we capture in our Applications to facilitate communications with stakeholders involved in the leasing process. We use User Information and Transaction Information to manage our business, verify the eligibility of Users for our Application, validate the authenticity of the User, monitor compliance with our Terms of Use, process User requests and Transactions, contact Users regarding their use of, changes to, or new services available on our Application, for billing purposes, and do internal research on our Users’ demographics, interests, and behavior to better understand and serve our Users. We collect source IP addresses for all system activity in order to ensure audit trailing and to determine the source of any malicious use of the system. We use information about our Users to improve our content and product offerings and to customize our Application and Website’s content, layout, and services. We believe these uses allow us to improve our Application and Website to better tailor it to meet our Users’ needs.

3) Our Disclosure of Information to Third Parties

Our policies regarding the sharing of User Information and Transaction Information are as follows:

  • We may disclose User Information or Transaction Information to the companies with whom the User is employed or deals, directly or indirectly, in connection with a Transaction or other dealings using our Application.
  • We may disclose User Information or Transaction Information to third parties we engage to facilitate our Services. In such instances, we obligate those third parties to conform to our privacy standards. Instances where this sharing of information may occur include the following illustrative (but not exclusive) examples:
    • We may share User Information and Transaction Information to allow potential RFP Authors to decide if a User should be sent an RFP or otherwise contacted to see if the User might be a potential RFP Bidder.
    • When a User elects to solicit, send out or respond to an RFP, we may share User Information and Transaction Information with the potential participants.
  • Other than in the course of providing our Services as described above, we do not share personal data whether included in User Information or Transaction Information with third parties. However, our data is stored by third party SAAS providers. LAS obtains a non-disclosure agreement from each third-party vendor to ensure all information remains confidential. If our business model changes in the future and we decide to use any personal information other than to provide our Services as described above or we decide to share personal information with non-agent third parties, before such change in use or sharing, we will notify each individual whose personal information we have and give such person the choice to “opt-out” of such change in use or disclosure of such personal information.

In cases of onward transfer to third parties of data of EU, UK and Swiss individuals received pursuant to the EU-US Privacy Shield and Swiss-US Privacy Shield (see Paragraph 14 below), we remain liable for the transfer of personal data to agent third parties unless we can prove we were not a party to the events giving rise to the damages.

We may occasionally aggregate our User Information or Transaction Information and disclose such information to third parties in aggregate form for a number of business purposes, including running and enhancing our Application and Website. In these situations, we do not disclose any information that could be used to identify our Users.

We reserve the right to disclose or report information about our Users in limited circumstances where we believe in good faith that disclosure is required to protect our rights or the rights of our Users.

We may disclose User Information or Transaction Information as we reasonably believe the User has authorized us to do so.

We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

We acknowledge the right of individuals to access their personal data to review, correct, or delete their information. Users can correct factual errors in the User’s personally identifiable information (name, e-mail address, etc.) by contacting the party who asked the User to register as a User or by sending an e-mail to: support@leaseaccelerator.com. To protect a User’s privacy and security, we will also take reasonable steps to verify the User’s identity before making corrections. Users requesting information regarding our Services may request our deletion of the Users contact information by sending an e-mail to: support@leaseaccelerator.com.

4) Disclosure by Users

The Application provides Users the opportunity to disclose their own information to other Users. Users are solely responsible for, and we have no control over and do not audit, such disclosures.

5) How We Use Cookies

We use cookies to assist us in securing a User’s transactions and to enhance the performance of our Application. We use a common technique, HTTP-header cookies, to identify one page request from another. They merely allow us to recognize that a page request comes from someone who has already logged on. While a User’s browser may allow the User to “reject” cookies, our Application requires that each User accept all cookies in order for the features and security mechanisms to function fully.

Cookies are stored on a User’s hard drive, not on our Website. If a User navigates away from the Website applications, they are required to log in again to preserve the security of our Website services.

Additionally, we use persistent cookies to personalize and enhance the experience of users visiting our Website. Our application will collect unique identifiers about each registered user and tracks the web pages visited, files downloaded, and videos played. The information collected in cookies is used to enhance the user experience and website design. It is not shared with third parties.

Learn how to use your browser to disable / block cookies here https://www.wikihow.com/Disable-Cookies.

6) How We Protect User Information and Transaction Information

We take security measures to help safeguard User Information and Transaction Information from unauthorized access. For example, our corporate policies provide that employees with access to confidential information about our Users may not use or disclose the information except for our business use.

We use encryption in the transmission of sensitive information between the User’s system and ours. Any time a User enters information on our Application and Website, we encrypt it using Secure Socket Layer (SSL) technology. SSL protects information as it crosses the Internet. To support this technology, Users need an SSL-capable browser. We recommend using the most recently released version of Chrome, Firefox, Safari, or Edge. These browsers will activate SSL automatically whenever a User signs on to our Website. We want our Users to feel confident using our Application and Website to transact business. However, due to the nature of the Internet, we cannot ensure that all of our Users’ private communications and personally identifiable information will never be disclosed in ways not otherwise described in this Privacy Policy.

7) Q&A and Collaboration

The Application enables inter- and intra-company Q&A communication and collaboration communications directly between Users. Q&A communications are private between lender and borrower, syndicator or vendor. Collaboration communications are private within a User’s organization and cannot be viewed by any third-party Users. Q&A communications between Users and collaboration communications between or among individuals within a User’s organization are secure utilizing the same technology as described in Section 6, above. E-mail communications between Users and between the Users and us are subject to the limitations of general Internet security.

8) Passwords and Logging Off

A User password is a private entry key into the User’s workspace, i.e. “My RFPs” for borrowers, syndicators and vendors and “My RFPs & Proposals” for lenders. A User should never share his password with anyone and the User should change it periodically. A User will be required to change his password after repeated failed attempts. A User can change his password at any time by logging in to our Website and accessing the User’s Profile. After a User has finished accessing the applications, the User must log off. This prevents someone else from accessing User Information and Transaction Information if the User leaves his computer unattended.

9) Changes to User Information and Transaction Information

Users have access to and the ability to update their contact information within LeaseAccelerator. If a User has a concern about their User Information, or wants to correct, update, or confirm such information, the User should log in to our Application and view and/or change such information. For instructions on how to make such changes, please refer to our “Help” menu. Please note: Users will not have the ability to do the aforementioned on our websites or Alliance Portal (http://enterpriseleaseaccounting.com/)

10) Inadvertent Disclosure of Confidential Information

In the event that a User receives information which the User knows was not intended to be disclosed to the User, our Privacy Policy requires that the User advise us by email of the disclosure and request instruction on what to do. We will contact the disclosing person and get direction of what should be done with the disclosed information. We may request that a User delete or otherwise destroy the information or take action to return the information to the disclosing User. Each User agrees to comply with such requests.

11) No Attempt to Access Restricted Information

Each User agrees that he will not and will not assist any other person in attempting to access information it is not authorized to see. Each User agrees not to disclose to third parties the User’s password. Each User agrees not to attempt to circumvent any of our security measures.

12) Not a Consumer Website; Consumer Information Must Not be Provided

Our Application and Website is intended for business/commercial use only. Our Application and Website is not intended for consumer use. Each User agrees not to use our Website to provide or store any consumer information, including without limitation, social security numbers, credit card numbers or individual bank account information. Each User agrees not to disclose personal information, other than as described in Section 1(a) and its employer assigned identifying information (e.g. employee number), about any individual when using our Website.

13) Changes to this Privacy Policy

We will occasionally update this privacy policy. We will change the “Last Updated” date at the top of this privacy policy when we make those changes. If we make a material change in the way we collect, use and/or share User Information or Transaction Information, we will notify our Users by sending an email to the email address we have for the User and/or posting a notice on our Application and/or Website.

14) Notice to European Union (“EU”) and Switzerland

Our operations primarily are located in the United States Canada, Europe, UK, India, and Australia. EU, UK and Swiss User information will be transferred out of the EU, UK and/or Switzerland to the United States, India and Canada. By registering as a User, he or she consents to the storage and use as described in this Privacy Policy of any personally identifiable information provided us.

LeaseAccelerator Inc. complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, United Kingdom, and Switzerland to the United States, respectively. LeaseAccelerator Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the US-EU and Swiss-US Privacy Shield Principles, LeaseAccelerator Inc. commits to resolve complaints about your privacy and our collection or use of your personal information. European Union, United Kingdom or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact LeaseAccelerator Inc. at:

David McCullough
LeaseAccelerator
10740 Parkridge Blvd. Suite 701
Reston, VA 20191

LeaseAccelerator Services, LLC. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other

redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction

To protect a User’s privacy and security, we will also take reasonable steps to verify the User’s identity before making corrections.

15) Regulatory Agency

We are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).

16) GDPR Compliance for EU Individuals

Under our Exhibit A-2 LeaseAccelerator Services, LLC confirms our commitment to comply with the terms of the European Union General Data Protection Regulation 2016/679 (“GDPR”) as a “processor” for you as “controller,” as those terms are defined in the GDPR.

In our contractual documents the Parties agree that the General Terms, the Order Form, your provision of instructions via configuration tools such as the APIs made available by us for the Environments and all email, electronic and telephonic communications from you to us within the scope of our Support Services or Professional Services constitute your instructions regarding our processing of “Personal Data,” as that term is defined in the GDPR (“Instructions”). We will process Personal Data only in accordance with your Instructions unless required by applicable law. If we are required to process Personal Data under an applicable law, we shall inform you of that requirement before processing the Personal Data to the extent permitted under applicable law. “Processing” and its derivations shall have the meaning set forth in the GDPR.

The standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Commission Decision of 5 February 2010 are incorporated herein by reference (the “Standard Clauses”). You are the “data exporter” and we are the “data importer” as such terms are used in the Standard Clauses.

The subject matter of the Processing under an Agreement is Your Data. As between us and you, the duration of the data processing under an Agreement is the term of the Agreement. The purpose of the Processing of Your Data is the provision of Services as defined in the General Terms and Order Form, including any statement of work attached thereto. The nature of the Processing is to compute, store and process incident to the provision of the Services. The data subjects may include your Users.

We shall take reasonable steps to ensure the reliability of any employee, agent, contractor, or subcontractor of ours who may have access to Personal Data, ensuring in each case that the access is strictly limited to those individuals who need to know or access the relevant Personal Data, as strictly necessary under the Agreement or as required under applicable law. We shall ensure that any such employee, agent, contractor, or subcontractor is subject to reasonable confidentiality obligations or professional or statutory obligations of confidentiality.

Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and security for the rights and freedoms of natural purposes, we shall implement appropriate technical and organizational measures to assure a level of security appropriate to that risk, including as appropriate the measures referred to in Article 32(1) of the GDPR.

We have advised you of the sub-processors (as that term is defined in the GDPR) that are performing services for us as of the date of the applicable Order From. We will give you prior written notice of the intended appointment of any new sub-processor, including full details of the processing to be undertaken by the sub-processor. If you object to the new sub-processor within 30 days of receipt of that notice, then without prejudice to any termination rights you otherwise have under the Order Form and General Terms and subject to the applicable terms and conditions, within 180 days of the notice of engagement, you may notify us of your termination of the Order Form and obtain a refund of any pre-paid subscription fees allocable on a pro rata basis to the post-termination period.

We will ensure that any agreement between us and any party acting as a sub-processor for us is governed by a written contract that includes terms that offer at least the same level of protection for Personal Data as set forth in our Exhibit A-2 and meets the requirements of Article 28(3) of the GDPR.

Taking into account the nature of the processing, we will assist you by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of your obligations, as reasonably understood by you, to respond to requests by data subjects to exercise their rights under applicable data protection laws.

We will (a) promptly notify you if we or our sub-processors receive a request from a data subject under any data protection law in connection with Personal Data related to you; and (b) ensure that we and any sub-processor do not respond to that request except on your documented instructions or as required under any applicable law. If we are obligated to provide any such notice under applicable law, we will notify you of that legal requirement before responding to any data subject’s request, unless prohibited under applicable law.

We will notify you without undue delay upon becoming aware of a breach affecting the Personal Data and will provide you with sufficient information to permit you to meet any obligations to report or inform the affected data subjects of the breach as required by applicable law. We will co-operate with you and your designees and take such reasonable commercial steps as are directed by you to assist in the investigation, mitigation, and remediation of each such breach.

We will provide reasonable assistance to you with any data protection impact assessments, and prior consultations with any competent data protection authorities, required of Client by Article 35 or Article 36 of the GDPR or equivalent provisions of any other data protection law, in each case solely in relation to processing of your Personal Data by, and taking into account the nature of the processing and information available to, us and our sub-processors.

Deletion of Personal Data.

Subject to the provisions below, we will promptly and in any event within 30 days of the termination date of the Agreement, delete and assure deletion of all copies of Personal Data provided by or on behalf of you under the Agreement.

Subject to the provisions below, you may in your absolute discretion by written notice to us within ten days of the termination date of the Agreement require us and our sub-processors to (a) return a complete copy of all Personal Data to you by secure file transfer in such format as is reasonably notified by you to us; or (b) delete and assure deletion of all other copies of Personal Data provided by or on behalf of you. We will comply with any such notice within 30 days of the receipt of such notice.

We and our sub-processors may retain Personal Data to the extent required under applicable law and only to the extent and for such period as required by applicable law and always provided that we will ensure the confidentiality of such Personal Data and will ensure that the Personal Data is only processed as necessary for the purposes specified by the applicable law and for no other purposes.

We will notify customers of the security incident without undue delay as it applies to their environment.

You reserve the right to audit us at any time during the period of the Agreement to determine our compliance with this Exhibit A-2 and the GDPR. The audits may be internal or conducted by external appointed auditor. We will make available to you all information reasonably necessary to demonstrate compliance with this Exhibit A-2 and the GDPR. Audits conducted by you will be at your expense and you will compensate us at our then applicable Professional Services rates for our Services to you required by such audit. You agree to exercise any right of audit or inspection by instructing us to carry out such audit and that such audit instruction may be complied with by provision to you of a responsive SOC audit. If we decline to follow any instruction from you regarding any audit, you are entitled to terminate the Agreement and our only liability to you shall be to refund to you any Refundable Prepaid Fees.

Please access the link provided for more information regarding our supervising Data Protection Authority:

http://ec.europa.eu/justice/article-29/structure/dataprotection-authorities/index_en.htm

17) Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us by email at legal@leaseaccelerator.com or by telephone at 1-866-446-0980 or one of our local offices https://explore.leaseaccelerator.com/contact/.