Effective Date: August 19, 2019
Last Updated – August 2019
Effective Date: August 19, 2019
Last Updated – August 2019
LAS and LVS provides various commercial lease management, sourcing and accounting services to lessees, lessors and vendors (the “Services”). LAS uses the Websites as a platform to assist lessees in managing their commercial lease portfolios and leased assets, to source equipment lease financing, and to account for lease transactions under applicable accounting standards. LVS uses the Applications as a platform to assist lessors and vendors with lease finance programs to automate equipment finance and asset management tasks, processes, workflows, and reporting.
Our primary goal in collecting information from Users is to facilitate the proper functioning of the services we offer through our Applications and Websites and to enable the internal use of software-as-a-service based lease applications and access to the Services. The Usage Information we collect allows us to provide features that most likely meet our Users’ needs, and to customize our Websites to make Users’ experiences easier and faster.
(a) Registrant and User Information. For Registrants requesting additional information about the Services, or registering for an event, we require you to provide us with personal contact information, such as name, company name, phone number, and email address (“Registrant Information”). For our Lease Accounting Summit website information such as credit card details, and billing address will also be collected. (https://www.leaseaccountingsummit.com) To access and use Applications, each User or an authorized agent of the User’s employer (“Registrar”) must register using our online registration form, where the User is required to provide us with user information consisting of the User’s name and work e-mail address, and may also elect to provide business telephone numbers, business address, and employer-assigned employee number for the User.
(b) Transaction Information. Each commercial lease transaction managed, sourced (including requests for proposals, quotes and other bidding activities) or accounted for using the Services is called a “Transaction”. Information regarding each Transaction (“Transaction Information”) includes the operative lease terms (e.g. corporate name of lessor and lessee, start and end date, end of term options, conditions to funding, breach, remedies and notice provisions), payment terms (e.g. number and amount) and a description of the property that is the subject of the Transaction (e.g. property cost and where it is to be located). Because LAS and LVS only provide Services with respect to Transactions between businesses, Personal information included within Transaction Information is limited and may include the name, job title, email address, office address and phone number of individuals who are identified in the sourcing communications as contacts and in notice or contact provisions of or as signatories to the lease documentation as representatives of the lessee, lessor or other party to the Transaction. Users must also provide us with Transaction Information concerning Transactions initiated through our Application. Requests for proposals (“RFPs”) by Users seeking lease financing (“RFP Authors”) are available to multiple financing sources for bidding (“RFP Bidders”). RFP Bidders’ proposal responses (“Proposals”) are private among the RFP Author, the responsive RFP Bidder and us. Award terms are private among the RFP Author, the selected RFP Bidder (the “Selected Bidder”) and us. Those RFP Bidders whose Proposals are rejected are notified of such rejection.
(c) Usage Information. We also automatically track, using different techniques, certain session information about Users based upon their behavior while on our Application and Website. Such information may include the website pages visited, the files that are downloaded, the videos that are played, URL that the User just came from, which URL the User next goes to, what browser the User is using, and the User’s IP address.
We do not collect or use, and Users must not to provide us, information that constitutes “sensitive personal information”, including, for example, information specifying medical or health conditions, racial or ethnic origin, or trade union membership.
We limit the use of Registrant Information and User Information to administration of our Websites, to delivery of the requested Services to our Users and to communications with and marketing to Registered Users regarding their interest in our Services. The Usage Information we collect allows us to provide features that most likely meet our Users’ needs, and to customize our Applications and Websites to make Users’ experiences easier and quicker.
Our policies regarding the sharing of User Information and Transaction Information are as follows:
In cases of onward transfer to third parties of data of EU, UK and Swiss individuals received pursuant to the EU-US Privacy Shield and Swiss-US Privacy Shield (see Paragraph 14 below), we remain liable for the transfer of personal data to agent third parties unless we can prove we were not a party to the events giving rise to the damages.
We may occasionally aggregate our User Information or Transaction Information and disclose such information to third parties in aggregate form for a number of business purposes, including running and enhancing our Application and Website. In these situations, we do not disclose any information that could be used to identify our Users.
We reserve the right to disclose or report information about our Users in limited circumstances where we believe in good faith that disclosure is required to protect our rights or the rights of our Users.
We may disclose User Information or Transaction Information as we reasonably believe the User has authorized us to do so.
We may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
We acknowledge the right of individuals to access their personal data to review, correct, or delete their information. Users can correct factual errors in the User’s personally identifiable information (name, e-mail address, etc.) by contacting the party who asked the User to register as a User or by sending an e-mail to: email@example.com. To protect a User’s privacy and security, we will also take reasonable steps to verify the User’s identity before making corrections. Users requesting information regarding our Services may request our deletion of the Users contact information by sending an e-mail to: firstname.lastname@example.org.
The Application provides Users the opportunity to disclose their own information to other Users. Users are solely responsible for, and we have no control over and do not audit, such disclosures.
We take security measures to help safeguard User Information and Transaction Information from unauthorized access. For example, our corporate policies provide that employees with access to confidential information about our Users may not use or disclose the information except for our business use.
The Application enables inter- and intra-company Q&A communication and collaboration communications directly between Users. Q&A communications are private between lender and borrower, syndicator or vendor. Collaboration communications are private within a User’s organization and cannot be viewed by any third-party Users. Q&A communications between Users and collaboration communications between or among individuals within a User’s organization are secure utilizing the same technology as described in Section 6, above. E-mail communications between Users and between the Users and us are subject to the limitations of general Internet security.
A User password is a private entry key into the User’s workspace, i.e. “My RFPs” for borrowers, syndicators and vendors and “My RFPs & Proposals” for lenders. A User should never share his password with anyone and the User should change it periodically. A User will be required to change his password after repeated failed attempts. A User can change his password at any time by logging in to our Website and accessing the User’s Profile. After a User has finished accessing the applications, the User must log off. This prevents someone else from accessing User Information and Transaction Information if the User leaves his computer unattended.
Users have access to and the ability to update their contact information within LeaseAccelerator. If a User has a concern about their User Information, or wants to correct, update, or confirm such information, the User should log in to our Application and view and/or change such information. For instructions on how to make such changes, please refer to our “Help” menu. Please note: Users will not have the ability to do the aforementioned on our websites or Alliance Portal (http://enterpriseleaseaccounting.com/)
Each User agrees that he will not and will not assist any other person in attempting to access information it is not authorized to see. Each User agrees not to disclose to third parties the User’s password. Each User agrees not to attempt to circumvent any of our security measures.
Our Application and Website is intended for business/commercial use only. Our Application and Website is not intended for consumer use. Each User agrees not to use our Website to provide or store any consumer information, including without limitation, social security numbers, credit card numbers or individual bank account information. Each User agrees not to disclose personal information, other than as described in Section 1(a) and its employer assigned identifying information (e.g. employee number), about any individual when using our Website.
10740 Parkridge Blvd. Suite 701
Reston, VA 20191
LeaseAccelerator Services, LLC. has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other
redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction
To protect a User’s privacy and security, we will also take reasonable steps to verify the User’s identity before making corrections.
We are subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC).
Under our Exhibit A-2 LeaseAccelerator Services, LLC confirms our commitment to comply with the terms of the European Union General Data Protection Regulation 2016/679 (“GDPR”) as a “processor” for you as “controller,” as those terms are defined in the GDPR.
In our contractual documents the Parties agree that the General Terms, the Order Form, your provision of instructions via configuration tools such as the APIs made available by us for the Environments and all email, electronic and telephonic communications from you to us within the scope of our Support Services or Professional Services constitute your instructions regarding our processing of “Personal Data,” as that term is defined in the GDPR (“Instructions”). We will process Personal Data only in accordance with your Instructions unless required by applicable law. If we are required to process Personal Data under an applicable law, we shall inform you of that requirement before processing the Personal Data to the extent permitted under applicable law. “Processing” and its derivations shall have the meaning set forth in the GDPR.
The standard contractual clauses for the transfer of personal data to processors established in third countries under Directive 95/46/EC of the European Commission Decision of 5 February 2010 are incorporated herein by reference (the “Standard Clauses”). You are the “data exporter” and we are the “data importer” as such terms are used in the Standard Clauses.
The subject matter of the Processing under an Agreement is Your Data. As between us and you, the duration of the data processing under an Agreement is the term of the Agreement. The purpose of the Processing of Your Data is the provision of Services as defined in the General Terms and Order Form, including any statement of work attached thereto. The nature of the Processing is to compute, store and process incident to the provision of the Services. The data subjects may include your Users.
We shall take reasonable steps to ensure the reliability of any employee, agent, contractor, or subcontractor of ours who may have access to Personal Data, ensuring in each case that the access is strictly limited to those individuals who need to know or access the relevant Personal Data, as strictly necessary under the Agreement or as required under applicable law. We shall ensure that any such employee, agent, contractor, or subcontractor is subject to reasonable confidentiality obligations or professional or statutory obligations of confidentiality.
Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and security for the rights and freedoms of natural purposes, we shall implement appropriate technical and organizational measures to assure a level of security appropriate to that risk, including as appropriate the measures referred to in Article 32(1) of the GDPR.
We have advised you of the sub-processors (as that term is defined in the GDPR) that are performing services for us as of the date of the applicable Order From. We will give you prior written notice of the intended appointment of any new sub-processor, including full details of the processing to be undertaken by the sub-processor. If you object to the new sub-processor within 30 days of receipt of that notice, then without prejudice to any termination rights you otherwise have under the Order Form and General Terms and subject to the applicable terms and conditions, within 180 days of the notice of engagement, you may notify us of your termination of the Order Form and obtain a refund of any pre-paid subscription fees allocable on a pro rata basis to the post-termination period.
We will ensure that any agreement between us and any party acting as a sub-processor for us is governed by a written contract that includes terms that offer at least the same level of protection for Personal Data as set forth in our Exhibit A-2 and meets the requirements of Article 28(3) of the GDPR.
Taking into account the nature of the processing, we will assist you by implementing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of your obligations, as reasonably understood by you, to respond to requests by data subjects to exercise their rights under applicable data protection laws.
We will (a) promptly notify you if we or our sub-processors receive a request from a data subject under any data protection law in connection with Personal Data related to you; and (b) ensure that we and any sub-processor do not respond to that request except on your documented instructions or as required under any applicable law. If we are obligated to provide any such notice under applicable law, we will notify you of that legal requirement before responding to any data subject’s request, unless prohibited under applicable law.
We will notify you without undue delay upon becoming aware of a breach affecting the Personal Data and will provide you with sufficient information to permit you to meet any obligations to report or inform the affected data subjects of the breach as required by applicable law. We will co-operate with you and your designees and take such reasonable commercial steps as are directed by you to assist in the investigation, mitigation, and remediation of each such breach.
We will provide reasonable assistance to you with any data protection impact assessments, and prior consultations with any competent data protection authorities, required of Client by Article 35 or Article 36 of the GDPR or equivalent provisions of any other data protection law, in each case solely in relation to processing of your Personal Data by, and taking into account the nature of the processing and information available to, us and our sub-processors.
Deletion of Personal Data.
Subject to the provisions below, we will promptly and in any event within 30 days of the termination date of the Agreement, delete and assure deletion of all copies of Personal Data provided by or on behalf of you under the Agreement.
Subject to the provisions below, you may in your absolute discretion by written notice to us within ten days of the termination date of the Agreement require us and our sub-processors to (a) return a complete copy of all Personal Data to you by secure file transfer in such format as is reasonably notified by you to us; or (b) delete and assure deletion of all other copies of Personal Data provided by or on behalf of you. We will comply with any such notice within 30 days of the receipt of such notice.
We and our sub-processors may retain Personal Data to the extent required under applicable law and only to the extent and for such period as required by applicable law and always provided that we will ensure the confidentiality of such Personal Data and will ensure that the Personal Data is only processed as necessary for the purposes specified by the applicable law and for no other purposes.
We will notify customers of the security incident without undue delay as it applies to their environment.
You reserve the right to audit us at any time during the period of the Agreement to determine our compliance with this Exhibit A-2 and the GDPR. The audits may be internal or conducted by external appointed auditor. We will make available to you all information reasonably necessary to demonstrate compliance with this Exhibit A-2 and the GDPR. Audits conducted by you will be at your expense and you will compensate us at our then applicable Professional Services rates for our Services to you required by such audit. You agree to exercise any right of audit or inspection by instructing us to carry out such audit and that such audit instruction may be complied with by provision to you of a responsive SOC audit. If we decline to follow any instruction from you regarding any audit, you are entitled to terminate the Agreement and our only liability to you shall be to refund to you any Refundable Prepaid Fees.
Please access the link provided for more information regarding our supervising Data Protection Authority: