Privacy policy

Global declaration on privacy protection

Privacy policy

Date: June 2023

LeasePlan is committed to protecting the personal data we process and to informing the persons whose data we process. We do so in this privacy policy.

Privacy and data security procedures are integral parts of LeasePlan’s services, corporate governance, risk management and overall accountability.

1. Who we are - data control

The data controller for the processing of your personal data is:

LeasePlan Danmark A/S, Midtager 20, DK-2605 Brøndby ("LeasePlan")

Please note that this privacy policy does not apply to Euro Insurances DAC Ltd. (Irish insurance company) with the secondary name LeasePlan Insurance or other insurance-related activities. Services provided by that company and other companies in the LeasePlan group are governed by separate privacy policies.

Responsibilities of business customers When LeasePlan’s customers, in their capacity as employers, have access to personal data about their employees, e.g. drivers, the customer is data controller.

2. Data subjects

This privacy policy describes our processing of personal data about the following persons:

and potential customers for sections 2.1 – 2.6, also referred to individually and collectively as "you", "your" or "yours".

Below, you can unfold the category or categories to which you belong. Sections 3 – 5 contain additional information that applies to all categories of data subjects.

Abbreviations: In the text below, we write GDPR as an abbreviation of the EU General Data Protection Regulation 2016/679. In the text below, we write DBL as an abbreviation of the Danish Data Protection Act.

2.1 USERS/VISITORS ON OUR WEBSITE

2.1.1 Sources of personal data

We receive personal data when you visit our website from

We need to collect personal data in order to provide you with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

2.1.2 Personal data processed

We process the following personal data for the purposes set out below:

We process the following data from cookies and other tracking:

2.1.3 Purpose of the processing of personal data

We process personal data when necessary for the following purposes:

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or others' rights, data protection, safety, security, business and/or property, including in relation to the implementation of security measures ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage

Cookies and other tracking We process information from cookies for various business-related purposes, e.g. website and data analysis, customising functionality and flow on the website and other services, e.g. based on usage patterns, development of new products, measurement of the effectiveness of our campaigns, and operation and expansion of our business activities.

See also our cookie policy here

2.1.4 Basis of processing

We process personal data on the following legal basis:

2.1.5 Recipients of personal data

We disclose or leave personal data to the following recipients:

2.1.6 Time of erasure of personal data

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

General inquiries (with no relation to customer relations) to LeasePlan and the responses thereto are stored for up to 12 months.

Cookies are stored as indicated in the cookie manager on your device. We erase information collected on the basis of cookies when the information is no longer necessary to prepare statistics. The storage period also depends on the nature of the data and the purpose of the storage as stated in the cookie manager.

2.2 BUSINESS CUSTOMER'S EMPLOYEES, E.G FLEET MANAGERS AND DRIVERS

2.2.1 Sources of personal data

We receive personal data from:

Supplementary for drivers in special cases, e.g. incidents and claims handling:

We need to collect personal data in order to provide you with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

2.2.2 Personal data processed

We process the following personal data for the purposes set out below:

About business customers’ employees, e.g. fleet managers and drivers:

Supplementary for drivers:

2.2.3 Purpose of the processing of personal data

We process personal data when necessary for the following purposes:

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or third parties' rights, data protection, safety, security, business or property, including in relation to the implementation of security measures ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings

Supplementary for drivers

2.2.4 Basis of processing

We process personal data on the following legal basis:

2.2.5 Recipients of personal data

We can disclose or leave personal data to the following recipients:

2.2.6 Time of erasure of personal data

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

We store personal data under the rules of the Danish Bookkeeping Act, according to which accounting material is stored for at least five years plus the current accounting period.

Dutch financial legislation requires various data to be stored for five, 10 and 30 years, respectively, after which they are erased.

Inquiries to LeasePlan and responses thereto are stored for up to 12 months, unless you are a customer.

LeasePlan stores personal data during the processing of a claim for identification purposes in the case of customer contact and when the claim is relevant for the insurance contract, the leasing agreement or LeasePlan. The timeframe depends on the duration of the case.

2.3 MANAGEMENT AND BENEFICIAL OWNERS OF BUSINESS CUSTOMERS IN RELATION TO ANTI-MONEY LAUNDERING AND TERRORIST FINANCING

LeasePlan is obligated to provide information about our processing of personal data under Articles 13, 14 and 21 of the GDPR and about the processing we carry out in the field of anti-money laundering and anti-terrorist under section 16(1) of the Anti-Money Laundering Act and Dutch legislation, see below.

2.3.1 Sources of personal data

We receive personal data from:

We compare the data based on documents, data or information obtained from reliable and independent sources, e.g. the Danish CVR Register.

2.3.2 Personal data

When our customer is a legal person, we collect information about ownership and control, group structure, beneficial owners, directors and other associated persons.

The information includes

2.3.3 Purpose of the processing of personal data

We process personal data when necessary for the following purposes:

Dutch anti-money laundering legislation applies to the entire group by virtue of LeasePlan’s parent company's bank licence in the Netherlands.

Anti-money laundering legislation requires KYC as well as investigation, registration, notification and storage obligations. Before LeasePlan can enter into agreements with customers, we must carry out adequate KYC procedures. The obligations cover e.g. identification and legitimation of the our customers.

We are also required to investigate transactions if we suspect that they are related to money laundering or terrorist financing. If the investigations do not disprove the suspicion, we are obligated to notify the Money Laundering Secretariat in Denmark and the corresponding authority in the Netherlands and, if necessary, to terminate the customer relationship. This also applies if the customer cancels the transaction during the KYC procedure or refuses to submit identity information.

If we reject a potential or existing customer, we will record the name of the customer, the reason for rejection and the documentation reviewed.

In an ongoing customer relationship, we will contact you to ensure that our information and copies of identification documents are up to date.

In summary, the purposes are the following:

In addition, in connection with a sale or business transaction, we may disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer or other disposal of all or a portion of our business, assets or stock (including in connection with bankruptcy or similar proceedings). Such third parties may include e.g. an acquiring entity and its advisers connected with the transaction.

2.3.4 Basis of processing

We process personal data on the following legal basis:

2.3.5 Recipients of personal data

We can disclose or leave personal data to the following recipients:

2.3.6 Time of erasure of personal data

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

LeasePlan stores the above personal data for five years

2.4 PRIVATE LEASING CUSTOMERS

LeasePlan is obligated to provide information about our processing of personal data under Articles 13, 14 and 21 of the GDPR and about the processing we carry out and in the field of anti-money laundering and anti-terrorism under section 16(1) of the Anti-Money Laundering Act and Dutch legislation to which the LeasePlan group is subject.

2.4.1 Sources of personal data

We receive personal data from:

We compare the data based on documents, data or information obtained from reliable and independent sources, e.g. the Danish CVR Register.

We need to collect personal data in order to provide you with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

2.4.2 Personal data

We process the following personal data for the purposes set out below:

2.4.3 Purpose of the processing of personal data

Dutch anti-money laundering legislation applies to the entire group by virtue of LeasePlan’s parent company's bank licence in the Netherlands.

Anti-money laundering legislation requires KYC as well as investigation, registration, notification and storage obligations. Before LeasePlan can enter into agreements with customers, we must carry out adequate KYC procedures. The obligations cover e.g. identification and legitimation of the our customers.

We are also required to investigate transactions if we suspect that they are related to money laundering or terrorist financing. If the investigations do not disprove the suspicion, we are obligated to notify the Money Laundering Secretariat in Denmark and the corresponding authority in the Netherlands and, if necessary, to terminate the customer relationship. This also applies if the customer cancels the transaction during the KYC procedure or refuses to submit identity information.

If we reject a potential or existing customer, we will record the name of the customer, the reason for rejection and the documentation reviewed.

In an ongoing customer relationship, we will contact you to ensure that our information and copies of identification documents are up to date.

In summary, the purposes are the following:

In addition to the above, we process personal data when necessary for the following purposes:

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or third parties' rights, data protection, safety, security, business or property, including in relation to the implementation of security measures ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage. ‒ in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings).

2.4.4 Basis of processing

We process personal data on the following legal basis:

2.4.5 Recipients of personal data

We can disclose or leave personal data to the following recipients:

2.4.6 Time of erasure of personal data

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

We store personal data under the rules of the Danish Bookkeeping Act, according to which accounting material is stored for at least five years plus the current accounting period.

Dutch financial legislation requires various data to be stored for five, 10 and 30 years respectively, after which they are erased.

LeasePlan stores personal data during the processing of a claim for identification purposes in the case of customer contact and when the claim is relevant for the insurance contract, the leasing agreement or LeasePlan. The timeframe depends on the duration of the case.

In relation to the purpose of anti-money laundering etc., personal data may be stored for five years from the rejection of a customer or the customer relationship.

Inquiries to LeasePlan and responses thereto are stored for up to 12 months, unless you are a customer.

2.5 PRIVATE BUYERS OF SECOND-HAND VEHICLES

2.5.1 Sources of personal data

We collect personal data from

We compare the data based on documents, data or information obtained from reliable and independent sources, e.g. the Danish CVR Register.

We need to collect personal data in order to provide you with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

2.5.2 Personal data processed

We process the following personal data for the purposes set out below:

2.5.3 Purpose of the processing of personal data

In relation to purchase of vehicles, LeasePlan only processes personal data for purpose within money laundering and terrorist financing when the purchase price is EUR 15,000 (DKK 112,500) or more.

Dutch anti-money laundering legislation applies to the entire group by virtue of LeasePlan’s parent company's bank licence in the Netherlands.

Anti-money laundering legislation requires KYC as well as investigation, registration, notification and storage obligations. Before LeasePlan can enter into agreements with customers, we must carry out adequate KYC procedures. The obligations cover e.g. identification and legitimation of the our customers.

We are also required to investigate transactions if we suspect that they are related to money laundering or terrorist financing. If the investigations do not disprove the suspicion, we are obligated to notify the authorities in the Netherlands and, if necessary, terminate the customer relationship. This also applies if the customer cancels the transaction during the KYC procedure or refuses to submit identity information.

If we reject a potential or existing customer, we will record the name of the customer, the reason for rejection and the documentation reviewed.

In an ongoing customer relationship, we will contact you to ensure that our information and copies of identification documents are up to date.

In summary, the purposes are the following:

In addition to the above, we process personal data when necessary for the following purposes:

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or others' rights, data protection, safety, security, business and/or property, including e.g. implementing security measures in the form of access and security controls if you visit us at LeasePlan’s premises. ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage

2.5.4 Basis of processing

We process personal data on the following legal basis:

2.5.5 Time of erasure of personal data

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

We store personal data under the rules of the Danish Bookkeeping Act, according to which accounting material is stored for at least five years plus the current accounting period.

Dutch financial legislation requires various data to be stored for five, 10 and 30 years respectively, after which they are erased.

In relation to the purpose of anti-money laundering etc., personal data may be stored for five years from the rejection of a customer or the customer relationship.

Inquiries to LeasePlan and responses thereto are stored for up to 12 months, unless you are a customer.

CCTV recordings are erased after 30 days.

2.6 PROFESSIONAL BUYERS OF SECOND-HAND VEHICLES (DEALERS)

2.6.1 Sources of personal data

We receive personal data from:

We need to collect personal data in order to provide you or your employer with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

2.6.2 Personal data processed

We process the following personal data for the purposes set out below:

2.6.3 Purpose of the processing of personal data

Dutch anti-money laundering legislation applies to the entire group by virtue of LeasePlan’s parent company's bank licence in the Netherlands.

Anti-money laundering legislation requires KYC as well as investigation, registration, notification and storage obligations. Before LeasePlan can enter into agreements with customers, we must carry out adequate KYC procedures. The obligations cover e.g. identification and legitimation of the our customers.

We are also required to investigate transactions if we suspect that they are related to money laundering or terrorist financing. If the investigations do not disprove the suspicion, we are obligated to notify the authorities in the Netherlands and, if necessary, terminate the customer relationship. This also applies if the customer cancels the transaction during the KYC procedure or refuses to submit identity information.

If we reject a potential or existing customer, we will record the name of the customer, the reason for rejection and the documentation reviewed.

In an ongoing customer relationship (where you buy several vehicles), we will contact you to ensure that our information and copies of identification documents are up to date.

In summary, the purposes are the following:

In addition to the above, we process personal data when necessary for the following purposes:

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or others' rights, data protection, safety, security, business and/or property, including e.g. implementing security measures in the form of access and security controls if you visit us at LeasePlan’s premises. ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage

2.6.4 Bases of processing

We process personal data on the following legal basis:

Prior steps and conclusion of a contract with you, see Article 6(1)(b) of the GDPR (if you carry on a personal business)

2.6.5 Recipients of personal data

We can disclose or leave personal data to the following recipients:

2.6.6 Time of erasure of personal data

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

We store personal data under the rules of the Danish Bookkeeping Act, according to which accounting material is stored for at least five years plus the current accounting period.

Dutch financial legislation requires various data to be stored for five, 10 and 30 years respectively, after which they are erased.

In relation to the purpose of anti-money laundering etc., personal data may be stored for five years from the rejection of a customer or the customer relationship.

Inquiries to LeasePlan and responses thereto are stored for up to 12 months, unless you are a customer.

CCTV recordings are erased after 30 days.

2.7 SUPPLIERS TO LEASEPLAN, INCLUDING PROVIDERS OF PRIVATE LEASING

2.7.1 Sources of personal data

We receive personal data from:

We need to collect personal data in order to provide your employer with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

2.7.2 Personal data processed

We process the following personal data for the purposes set out below:

2.7.3 Purpose of the processing of personal data

We process personal data when necessary for the following purposes:

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or others' rights, data protection, safety, security, business and/or property, including e.g. implementing security measures in the form of access and security controls if you visit us at LeasePlan’s premises. ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage ‒ in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings).

2.7.4 Basis of processing

2.7.5 Recipients of personal data

We can disclose or leave personal data to the following recipients:

2.7.6 Time of erasure of personal data

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

We store personal data under the rules of the Danish Bookkeeping Act, according to which accounting material is stored for at least five years plus the current accounting period.

Dutch financial legislation requires various data to be stored for five, 10 and 30 years respectively, after which they are erased.

In relation to screening of sanctions, we store personal data for five years from rejection or termination of a supplier relationship.

Inquiries to LeasePlan and responses thereto are stored for up to 12 months, unless you are a customer.

CCTV recordings are erased after 30 days.

3 INTERNATIONAL TRANSFER OF PERSONAL DATA

Based on the global nature of our organisation and services, personal data about you may be stored and/or processed in another country than the country you live in.

Some countries outside the EEA are recognised by the European Commission as having a sufficient data protection level according to EEA standards.

In case of transfers from the EEA to countries which the European Commission does not find sufficiently secure, we transfer personal data based on e.g. the European Commission’s standard contractual clauses on transfer of data to third countries. For a copy of these standard contractual clauses, please contact LeasePlan.

We transfer personal data to Australia, China, India, Indonesia, Mexico, Surinam, Thailand, Turkey, the USA, Japan (secure third countries).

4 YOUR RIGHTS AND HOW TO CONTACT US

If you wish to exercise your rights as further described below, please use the contact details below or contact us via the link accessible on the relevant LeasePlan entity’s local website to exercise your rights.

You have the following rights:

For more information about your rights, see the Danish Data Protection Agency’s guidelines describing the data subject’s rights on www.datatilsynet.dk.

You are welcome to contact our Data Privacy Office via the link on our website to exercise your rights. Please ensure that it is completely clear in your request which personal data your request concerns. For your protection, we only handle requests as regards the personal data connected to the specific e-mail address you stated in the contact form, and we may ask you to confirm your identify before you implement your request. We will try to respond to your request as quickly as practically possible and in all circumstances within the statutory time limits. Please note that we may store certain data for registration purposes and/or complete transactions which started before we requested a change or erasure. There may also be residual information that remains in our databases and other records that will not be removed.

If you exercise your rights, we will also process personal data in connection with receiving and responding to requests. If there is doubt about your identity, we are entitled to ask for additional data to confirm your identity. We will then process and register the additional data about you for this purpose.

If you wish to complain about our processing of your personal data, you may submit a complaint to the Danish Data Protection Agency. You can find the contact details of the Danish Data Protection Agency on www.datatilsynet.dk.

Questions? If you have any questions or complaints about this privacy policy, please contact us via link on the relevant LeasePlan entity’s local website to exercise your rights

5 AMENDMENTS TO THIS PRIVACY POLICY

We reserve the right to amend or update this privacy policy. The latest update of this privacy policy appears from “Latest update” at the top. Any amendments to this privacy policy come into force when we publish the updated privacy policy.