We process your personal information:

• Transparent: We help you understand how your data is collected and used
• Privacy by design: We ensure that our services are privacy friendly
• Control: We provide you with an easy manner to access, correct or delete your data
• Safe with LeasePlan: We secure your data as best as we can and personal information is only shared with third parties when necessary and under appropriate conditions.
• Innovating and responsive: We keep thinking of ways how to improve our services and your privacy and are open for all suggestions and complaints

This Privacy Statement informs you of our privacy practices. Please make sure to visit the local version of this privacy statement in the country you are using LeasePlan’s services, as to be found on the local website of a LeasePlan leasing entity.

Please read the Privacy Statement carefully so that you understand how we collect and use your personal data.

1. Scope of this Privacy Statement

2. Who we are

3. How we collect your data

4. For which purposes we use your data4.1 Data pertaining to website visitors. 4.2 Data pertaining to business clients. 4.3 Data pertaining to drivers (employees of our Clients). 4.4 Data pertaining to private lease clients. 4.5 Data pertaining to private buyers of used vehicles 4.6 Data pertaining to professional buyers of used vehicles

4.7 Data pertaining to suppliers of goods and services

5. Sharing data with third parties

6. International transfer of personal data

7. Security and retention

8. Children’s privacy

9. Your rights and contacting us

10. Changes to this Privacy Statement

I. Website visitors/users (“Website Visitors”); II. Business Clients (“Clients”); III. Clients’ employees/drivers (“Drivers”). IV. Private lease clients (including one man businesses) (“Private Lease Clients”) V. Private buyers of used vehicles (“Buyers”) VI. Professional buyers of used vehicles (“Traders”). VII. Suppliers of goods and services ("Suppliers").

(or prospects in relation to the above; individually and collectively also referred to as “you”, “your” or “yours”)

We collect and use your personal information through our various vehicle and fleet leasing, management and driver mobility services and in the course of performing our business activities, as further described in Section 1 (“Services”). Please note that this Privacy Statement does not apply to the following affiliates and/or services:

• •
  Euro Insurances DAC trading as LeasePlan Insurance or other insurance-related activities;
• •
  PowerD also trading under the name LeasePlan Energy;
• •
  CarNext BV and its affiliates;
• •
  LeasePlan Bank in The Netherlands or in Germany.

The services provided by these affiliates are governed by separate privacy statements.

Please also note that specific services may be subject to a separate privacy statement referenced in the respective terms like the processing of your personal information in relation to our telematics services for which a separate telematics statement is applicable separate.

Responsibilities of Business Clients Insofar as Clients in their capacity as employers have access to personal information of their employees, the Client is the data controller responsible for the processing and use thereof in such capacity. This Privacy Statement does not apply to the processing and use of personal information of Drivers by Clients.

The local LeasePlan entity is the company responsible for the processing of your personal information (data controller):

Address: Telecomlaan 9 bus 6, 1831, Diegem, Belgium

The local LeasePlan entity may share your personal information with LeasePlan Corporation N.V. or LeasePlan Global B.V., in which case these are acting as joint controllers:

Address: Gustav Mahlerlaan 360, 1082 ME Amsterdam, the Netherlands

The relevant local LeasePlan entity and LeasePlan Corporation N.V. and LeasePlan Global B.V. are jointly referred to as “LeasePlan” and “we”, “our” or “us”.

**Through the Services ** Most of the data we collect are in relation to the vehicle management services we provide to you as the driver and to our Client, your employer, if you are using a company car. This starts with the registration of the leased vehicle (in some circumstances we may do some preliminary credit checks before his) and continues when we communicate with you about our services, e.g., to arrange for periodic maintenance and repairs. We may also process your data when your vehicle inadvertently is involved in an accident, to ensure that we restore mobility and handle any damage, or where we are the recipient of traffic fines in relation to your leased vehicle. Next to our core-leasing activities, we also provide a number of other related services, such as e-mobility services, fuel card services, charging services, car rental services, and roadside assistance. Another service we provide relates to car remarketing, sales of used LeasePlan vehicles.

**Offline **We collect personal information from you offline, e.g., when you visit our experience stores, place an order over the phone, or contact customer service.

**From Other Sources **We receive your personal information from other sources, for example:

• •
  Drivers’ employers, if you use a company car;
• •
  The relevant authority (e.g., police) where we are the recipient of traffic fines in relation to your leased vehicle;
• •
  From our independent Service Partners who assist us in providing our leasing and other services to you, including car dealerships, car maintenance providers, body repair shops;
• •
  Publicly available databases, credit reference agencies and other sources;
• •
  Visiting our websites or social media channels;
• •
  joint marketing partners, when they share the information with us; and
• •
  If you connect your social media account to your Services account or where you share information from our websites to your social media platforms, you will share certain personal information from your social media account with us, for example, your name, email address, photo, list of social media contacts, and any other information that may be or you make accessible to us when you connect your social media account to your Services account.

We need to collect personal information in order to provide the requested Services to you or to handle queries, questions, comments, complaints related to our Services. If you do not provide the information requested, we may not be able to provide the Services. If you disclose any personal information relating to other persons to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Statement.

Monitoring of communications Subject to applicable laws, we will monitor and record calls, email, text messages and other communications we have with you. We do this for compliance with regulatory rules, self-regulatory practices or procedures relevant to our business, to prevent or detect crime, in the interests of protecting the security of our communication systems and procedures, and for quality control and staff training purposes.

For example, where we are required by a regulator to record certain telephone lines (as relevant) we will do so. In addition, where appropriate and having regard to applicable data protection law, our monitoring will be to check for inappropriate content in communications. In very limited and specific circumstances we may conduct short term carefully controlled monitoring of your activities where this is necessary for our legitimate interests or to comply with a legal obligation. We may do this for instance where we have reason to believe that fraud or other crime is being committed, where offences are suspected and where the monitoring is proportionate to the type of the disciplinary offence, or where we suspect non-compliance with anti-money laundering regulations to which we are subject. In particular, telephone calls may be recorded for these purposes.

In addition to what is indicated for each purpose above regarding sharing of personal information, we may also share personal information:

• •

  Within the LeasePlan group for the purposes described in this Privacy Statement. You can consult the list and location of our Leaseplan entities here.

• •

  To our third-party service partners and providers, to facilitate services they provide to you and us. In order to provide you with our services, we often work closely with Service Partners and Service Providers. Our independent Service Partners assist us in providing our leasing and other services to you, and include car dealerships, car maintenance providers, body repair shops, and roadside assistance providers, but also rental service companies and the administrators of our driver safety programs. Car dealerships or supplies of (electric) vehicles may require contact details of a driver to activate a personal account necessary to be set up as a driver, otherwise the vehicle does not work.

  Service Providers are companies we retain that support us in running our business, for example to help us maintain our IT network and related infrastructure and security and access controls to our premises.

We also use and disclose your personal information as necessary or appropriate, especially when we have a legal obligation or legitimate interest to do so:

• •

  To comply with applicable law and regulations.

  -This can include laws outside your country of residence.

• •

  To cooperate public and government authorities.

  -To respond to a request or to provide information we believe is important

  -These can include authorities outside your country of residence.

• •

  To cooperate with law enforcement.

  -For example, when we respond to law enforcement requests and orders or provide information we believe is important.

• •

  For other legal reasons.

  -To enforce our terms and conditions; and

  -To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others.

• •

  In connection with a sale or business transaction.

  -We have a legitimate interest in disclosing or transferring your personal information to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) Such third parties may include, for example, an acquiring entity and its advisors.

Due to the global nature of our organization and Services, your personal information may be stored and/or processed in a country other than the one you reside in.

Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as through LeasePlan’s own Binding Corporate Rules or through contractual arrangements put in place with third parties. You may obtain a copy of these measures by contacting the local LeasePlan entity.

How we secure personal information We seek to use reasonable organizational, technical and administrative measures to protect personal information within our organization.

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us in accordance with the contact details provided in this Privacy Statement.

How long we retain personal information We will retain your personal information for as long as necessary or permitted in light of the purposes outlined in this Privacy Statement and consistent with applicable law.

The criteria used to determine our retention periods include:

• •
  The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you use a LeasePlan vehicle);
• •
  Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
• •
  Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Our Services are not directed at individuals under the age of 18.

Your rights If you would like to request to review, correct, update, suppress, restrict or delete your personal information processed by us, object to the processing of personal information, or if you would like to request to receive an electronic copy of your personal information for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us via the link available on the local website of the relevant LeasePlan entity to exercise your rights. We will respond to your request consistent with applicable law.

In your request, please make as clear as possible what personal information your request relates to. For your protection, we will only implement requests with respect to the personal information associated with the particular email address as you indicated in the contact form and we may request you to provide verification of your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable and in any event within any applicable legally required timeframes.

Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that began prior to requesting such change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.

Questions? If you have any questions or complaints about this Privacy Statement, please contact us via the link available on the local website of the relevant LeasePlan entity to exercise your rights. Because email communications are not always secure, please do not include sensitive information in your emails to us.

Additional information regarding EEA citizen You may also:

• •
  Contact our Data Protection Officer (“DPO”) via the contact form or via: LeasePlan Corporation N.V., attn. Data Protection Officer, Gustav Mahlerlaan 360, 1082 ME Amsterdam, the Netherlands
• •
  Lodge a complaint with a data protection authority of your country or region or where an alleged infringement of applicable data protection law occurs.

We reserve the right to change or update this Privacy Statement at any time. Please take a look at the ‘Last Updated’ legend at the top of this document to see when this Privacy Statement was last revised. Any changes to this Privacy Statement will become effective when we post the revised Statement on the Services.