Privacy policy

The data controller for the processing of your personal data is:

LeasePlan Danmark A/S, Midtager 20, DK-2605 Brøndby ("LeasePlan")

Please note that this privacy policy does not apply to Euro Insurances DAC Ltd. (Irish insurance company) with the secondary name LeasePlan Insurance or other insurance-related activities. Services provided by that company and other companies in the LeasePlan group are governed by separate privacy policies.

Responsibilities of business customers When LeasePlan’s customers, in their capacity as employers, have access to personal data about their employees, e.g. drivers, the customer is data controller.

This privacy policy describes our processing of personal data about the following persons:

• •
  Users/visitors on our website - see section 2.1
• •
  Business customers' employees, e.g. fleet managers and drivers and management in relation to anti-money laundering and anti-terrorist financing - see section 2.2
• •
  Business customers' management and beneficial owners in relation to anti-money laundering and anti-terrorist financing - see section 2.3
• •
  Private leasing customers - see section 2.4
• •
  Purchases of second-hand vehicles by private individuals - see section 2.5
• •
  Professional buyers of second-hand vehicles - see section 2.6
• •
  Suppliers to LeasePlan, including private leasing dealers - see section 2.7

and potential customers for sections 2.1 – 2.6, also referred to individually and collectively as "you", "your" or "yours".

Below, you can unfold the category or categories to which you belong. Sections 3 – 5 contain additional information that applies to all categories of data subjects.

Abbreviations: In the text below, we write GDPR as an abbreviation of the EU General Data Protection Regulation 2016/679. In the text below, we write DBL as an abbreviation of the Danish Data Protection Act.

We receive personal data when you visit our website from

• •
  you
• •
  your equipment

We need to collect personal data in order to provide you with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

We process the following personal data for the purposes set out below:

• •
  Identification data, including name, address, telephone number and e-mail address, name of your company, if applicable, and job title
• •
  Number plate or registration number
• •
  Subjects you may be interested in (as indicated by you on our website)
• •
  Information about your use of our website, including which pages you have visited, for how long, technical information about browser and physical device

We process the following data from cookies and other tracking:

• •
  IP address
• •
  Unique visitor ID, cookie ID and other identification codes
• •
  Technical data about your equipment (browser version, language, etc.)
• •
  Geographical location
• •
  User behaviour on the website

We process personal data when necessary for the following purposes:

• •
  For administration, statistics and user experience. Administration of our website and to display the pages correctly, e.g. content in the right language. By tracking the pages you visit on our website, we can detect errors and patterns in the use of the site to correct errors and develop the website, etc. See more about cookies and tracking below
• •
  Marketing purposes. We process personal data for advertising and marketing purposes. Based on your visit on the website, we can show you personally adapted advertisements outside the LeasePlan website. To understand what is relevant for you, we need to analyse data about you. See more about cookies and tracking below.
• •
  To conduct surveys. In surveys, we ask for feedback on our websites and/or services
• •
  To safeguard other legitimate purposes, including

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or others' rights, data protection, safety, security, business and/or property, including in relation to the implementation of security measures ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage

• •
  in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets or stock (including in connection with bankruptcy or similar proceedings). Such third parties may include e.g. an acquiring entity and advisers connected with the transaction.

Cookies and other tracking We process information from cookies for various business-related purposes, e.g. website and data analysis, customising functionality and flow on the website and other services, e.g. based on usage patterns, development of new products, measurement of the effectiveness of our campaigns, and operation and expansion of our business activities.

See also our cookie policy here

We process personal data on the following legal basis:

• •

  Your consent, see Article 6(1)(a) of the GDPR ‒to the disclosure of personal data for marketing purposes

• •

  Our legitimate interests, see Article 6(1)(f) of the GDPR, in the following: ‒ to have a functional and user-optimised website ‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to statistically analyse the use of the website ‒ to conduct surveys ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to enforce our terms, conditions and policies ‒ to protect our, your or third parties' rights, data protection, safety, security, business or property, including in relation to the implementation of security measures ‒ in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings).

• •

  Consent, see section 3 of the Executive Order on requirements for information and consent when storing or accessing data in the end user's terminal equipment (the Cookie Order).

We disclose or leave personal data to the following recipients:

• •

  Within the LeasePlan group, for the purposes described in this privacy policy. You can see the list and location of LeasePlan entities here.

• •

  To suppliers, e.g. companies that help us run our business, including maintenance of IT networks, infrastructure and security and access controls to facilities, etc.

• •

  Recipients in special cases, e.g. (a) the police or other public and governmental authorities, insurance companies, investigators or private individuals, inside or outside Denmark; and (b) third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer or other disposal of all or a portion of our business, assets or stock (including in connection with bankruptcy or similar proceedings). Such third parties may include e.g. an acquiring entity and the related advisers.

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

• •
  The length of time we have a relationship with the user and provide the services to you.
• •
  Whether we are subject to a legal obligation.
• •
  Whether storage is advisable in light of our legal position e.g. with regard to applicable statutes of limitation, litigation or regulatory investigations.

General inquiries (with no relation to customer relations) to LeasePlan and the responses thereto are stored for up to 12 months.

Cookies are stored as indicated in the cookie manager on your device. We erase information collected on the basis of cookies when the information is no longer necessary to prepare statistics. The storage period also depends on the nature of the data and the purpose of the storage as stated in the cookie manager.

We receive personal data from:

• •
  You
• •
  Your employer (our customer)
• •
  The vehicle
• •
  Repair shops and service centres
• •
  Insurance companies.

Supplementary for drivers in special cases, e.g. incidents and claims handling:

• •
  Persons who have been involved in or witnessed an incident, e.g. an accident, and their representatives, e.g. insurance companies and lawyers
• •
  Authorities, e.g. the police, the courts or other local authorities
• •
  Cooperation partners providing training programmes, e.g. within driver safety and risk management

We need to collect personal data in order to provide you with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

We process the following personal data for the purposes set out below:

About business customers’ employees, e.g. fleet managers and drivers:

• •
  Your name and contact information as well as employer
• •
  Username and login data for MyFleet.

Supplementary for drivers:

• •
  Customer-generated driver ID
• •
  Your date of birth and a copy of your driver’s licence
• •
  Nationality and civil registration number, if applicable (if required by law or for tax purposes)
• •
  Vehicle registration number, leasing category, make and model, chassis number, service history and operational contact with you
• •
  Fuel or EV card number, fuel information and consumption, number of kilometres driven and related expenses
• •
  Delivery address or pick-up point of the vehicle
• •
  Insurance information, third-party claims, police reports and witness statements as well as fines, fees and taxes imposed
• •
  Damage and incidents, e.g. offences or accidents, including extent, location, time and expenses, assistance provided, personal injury and property damage, pictures from incidents, number and identity of passengers in the vehicle, information about third parties, e.g. the identity of passengers and driver in other vehicles, the identity of witnesses
• •
  Traffic fines and/or parking fees.

We process personal data when necessary for the following purposes:

• •
  Marketing purposes. We process personal data for marketing purposes in connection with electronic marketing by e-mail about webinars, newsletters, feedback on webinars, etc
• •
  To conduct surveys. In surveys we ask for feedback on our webinars and/or satisfaction with LeasePlan's services/suppliers, e.g. repair shops. When we contact you about surveys, we may do so e.g. by e-mail. If you do not wish to receive such communications from us, you can use the opt-out options in the communication or contact us via the rights form or the general contact details below in section 4 of the privacy policy
• •
  To communicate with you. When you contact us via an online contact form or by phone, e.g. when you send us questions, proposals, compliments or complaints, or when you request a quote for our services and use of vehicles, etc.
• •
  To safeguard other legitimate purposes, including

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or third parties' rights, data protection, safety, security, business or property, including in relation to the implementation of security measures ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings

Supplementary for drivers

• •
  Repairs, service and tyres. We process data in connection with repairs, maintenance and tyre replacements, as well as for planning maintenance and repairs for the vehicle
• •
  Incident management. We record and manage incidents, e.g. accidents, that you and/or the vehicle may be involved in, in order to restore mobility and handle claims, e.g. by (i) notification to customer service, (ii) roadside assistance and/or replacement car, (iii) repair and other follow-up, (iv) valuation of repairs according to claims management and excess rules
• •
  Traffic offences. The following may depend on the country in which the driver may have violated road traffic legislation and/or parking rules. As LeasePlan is the registered owner of vehicles, traffic fines and/or parking fees incurred by the driver, will be sent to LeasePlan by the relevant authority, and LeasePlan will seek reimbursement from our customer
• •
  Fuel card, EV charging and fees. We provide a service of managing payment for consumption on fuel cards for payment at petrol stations using a LeasePlan payment system, and EV charge cards for charging vehicles at charging points
• •
  Traffic safety programme; preparation, handling and administration of training. When you participate in driver safety and risk management training programmes, we process data for that purpose, including providing training offers and carrying out safety assessments via a cooperation partner. Personal data collected by the cooperation partner in this context is subject to their privacy policy. We receive feedback from these third parties about your "risk index" (information on potential risks identified in questionnaires), about the type of courses you have been offered, participated in and completed
• •
  Various online portals and apps for drivers. If you use our online portals and apps, we process data to perform the functions provided therein, e.g. notifying a loss, booking an appointment for repair, service or tyre change, overview of vehicle usage, e.g. fuel efficiency, damage, etc.
• •
  LeasePlan’s business purposes. We process personal data about you for various business purposes, such as data analysis, audits, developing new products, improving or modifying our services, identifying usage patterns, measuring the effectiveness of our campaigns, and operating and expanding our business activities
• •
  Fleet management. Calculations for customers of fleet management (e.g. cost and risk) to implement a balanced fleet management approach in relation to cost, environmental impact and safety, manage the implementation of the fleet policy, reporting on global CO2 emissions, etc. Based on this information, a customer can make decisions on reducing CO2 emissions in their country's fleet, e.g. by offering drivers training courses on ecodriving and by acquiring more climate-neutral vehicles.

We process personal data on the following legal basis:

• •

  Our legitimate interests, see Article 6(1)(f) of the GDPR, in the following: ‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to send electronic marketing by e-mail with your consent ‒ to carry out surveys, both general and irregularity surveys ‒ to provide the services to you and perform the leasing agreement concluded with your employer ‒ to perform our agreement with Euro Insurances DAC in relation to insurance brokerage and claims service ‒ to value repairs according to our claims handling and excess rules, to statistically analyse the use of apps, etc.

• •

  to inform our customers, including their fleet managers, about vehicles ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to enforce our terms, conditions and policies ‒ to protect our, your or third parties' rights, data protection, safety, security, business or property, including in relation to the implementation of security measures ‒ in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings).

• •

  Processing is necessary to collect fines for traffic offences, parking fees, see section 8 of the DBL.

• •

  Processing is necessary to establish, exercise or defend legal claims, see Article 9(2)(f) of the GDPR

We can disclose or leave personal data to the following recipients:

• •

  Our customers (your employer)

• •

  The customer’s authorised (international) fleet manager

• •

  Other third parties, e.g. dealers, repairers, fitters or roadside assistance providers, insurance companies, road safety programme providers, car rental agencies, as well as providers of fuel card delivery and management, charging solutions and payments, etc.

• •

  Auto Claim Handling Danmark A/S, with whom LeasePlan cooperates on claims handling, including e.g. questions on insurance cover. See their privacy policy here

• •

  Within the LeasePlan group, for the purposes described in this privacy policy. You can see the list and location of LeasePlan entities here

• •

  To suppliers, e.g. companies that help us run our business, including maintenance of IT networks, infrastructure and security and access control to facilities, etc.

• •

  Recipients in special cases, e.g. (a) debt collection agencies, (b) the police or other public and governmental authorities, regulators and tax authorities, (c) third parties in the event of reorganisation, merger, sale, joint venture, assignment, transfer or other disposal of all or part of our business, assets or stock (including in connection with bankruptcy or similar proceedings). Such third parties may include e.g. an acquiring entity and the related advisers.

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

• •
  The length of time we have a relationship with the customer and provide the services to the customer
• •
  Whether we are subject to a legal obligation (certain laws require us to keep records of transactions for a certain period of time before we can erase them); or
• •
  Whether storage is advisable in light of our legal position (e.g. with regard to applicable statutes of limitation, legal proceedings or regulatory investigations).

We store personal data under the rules of the Danish Bookkeeping Act, according to which accounting material is stored for at least five years plus the current accounting period.

Dutch financial legislation requires various data to be stored for five, 10 and 30 years, respectively, after which they are erased.

Inquiries to LeasePlan and responses thereto are stored for up to 12 months, unless you are a customer.

LeasePlan stores personal data during the processing of a claim for identification purposes in the case of customer contact and when the claim is relevant for the insurance contract, the leasing agreement or LeasePlan. The timeframe depends on the duration of the case.

LeasePlan is obligated to provide information about our processing of personal data under Articles 13, 14 and 21 of the GDPR and about the processing we carry out in the field of anti-money laundering and anti-terrorist under section 16(1) of the Anti-Money Laundering Act and Dutch legislation, see below.

We receive personal data from:

• •
  You
• •
  The company in which you are registered as member of the management or beneficial owner (our customer)
• •
  Our investigation of publicly available data
• •
  The CVR Register
• •
  International directories used to provide information about management and ownership structures and to identify persons subject to international sanctions.

We compare the data based on documents, data or information obtained from reliable and independent sources, e.g. the Danish CVR Register.

When our customer is a legal person, we collect information about ownership and control, group structure, beneficial owners, directors and other associated persons.

The information includes

• •
  Identification data, including name, address, country and civil registration number
• •
  contact details, e.g. e-mail address, telephone number
• •
  role in relation to our business customer, including owner and ownership interest or basis of control of the business customer
• •
  status as a politically exposed person (PEP) or as a close associate or close business partner of a PEP
• •
  copy of e.g. passport, driver’s licence, health insurance card, health card, equivalent national ID with unique identification number and birth, baptism or name certificate
• •
  other documentation, e.g. origin of funds, utility bills, etc.
• •
  negative press coverage
• •
  sanctions imposed under international regulations

We process personal data when necessary for the following purposes:

Dutch anti-money laundering legislation applies to the entire group by virtue of LeasePlan’s parent company's bank licence in the Netherlands.

Anti-money laundering legislation requires KYC as well as investigation, registration, notification and storage obligations. Before LeasePlan can enter into agreements with customers, we must carry out adequate KYC procedures. The obligations cover e.g. identification and legitimation of the our customers.

We are also required to investigate transactions if we suspect that they are related to money laundering or terrorist financing. If the investigations do not disprove the suspicion, we are obligated to notify the Money Laundering Secretariat in Denmark and the corresponding authority in the Netherlands and, if necessary, to terminate the customer relationship. This also applies if the customer cancels the transaction during the KYC procedure or refuses to submit identity information.

If we reject a potential or existing customer, we will record the name of the customer, the reason for rejection and the documentation reviewed.

In an ongoing customer relationship, we will contact you to ensure that our information and copies of identification documents are up to date.

In summary, the purposes are the following:

• •
  Compliance with anti-money laundering and anti-terrorist legislation in Denmark and the Netherlands, including
• •
  Anti-money laundering legislation in Denmark in relation to financial leasing
• •
  The EU’s and UN’s sanctions lists
• •
  Part 2 of the Dutch anti-money laundering act (Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft))
• •
  Sanctiewet 1977 (the Dutch sanctions act)
• •
  to comply with orders from authorities
• •
  to establish, exercise or defend legal claims

In addition, in connection with a sale or business transaction, we may disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer or other disposal of all or a portion of our business, assets or stock (including in connection with bankruptcy or similar proceedings). Such third parties may include e.g. an acquiring entity and its advisers connected with the transaction.

We process personal data on the following legal basis:

• •

  Processing is necessary for the performance of a task carried out in the public interest in relation to compliance with Danish and Dutch legislation relating to money laundering, terrorist financing and sanctions, see Article 6(1)(e) of the GDPR.

• •

  We process information about civil registration numbers on the basis of section 11(2)(1) of the DBL, cf. section 11(1)(1)(a) of the Anti-Money Laundering Act and/or the Dutch legislation cited above.

• •

  If we reject a customer, our legal basis for processing personal data is Article 6(1)(f) of the GDPR, as we have a legitimate interest in documenting that we have addressed money laundering and terrorist financing risks.

• •

  Our legitimate interests, see Article 6(1)(f) of the GDPR in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings.

We can disclose or leave personal data to the following recipients:

• •

  If we process transactions that are suspected of being related to money laundering or terrorist financing, or we are otherwise obligated to notify the Money Laundering Secretariat and similar authorities in the Netherlands, we will disclose the information, and we are obligated to inform the Danish Business Authority if there is no correlation between the documentation received and official records.

• •

  Within the LeasePlan group to attend to the above purpose. You can see the list and location of LeasePlan entities here.

• •

  To suppliers, e.g. companies to whom we have outsourced processes relating to money laundering etc. or companies that e.g. help us maintain IT networks, infrastructure and security and access control to facilities, etc.

• •

  Recipients in special cases, e.g. (a) the police or other public and governmental authorities, regulators and tax authorities; and (b) third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer or other disposal of all or part of our business, assets or stock (including in connection with bankruptcy or similar proceedings). Such third parties may include e.g. an acquiring entity and the related advisers.

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

• •
  The length of time we have a relationship with the customer and provide the services to the customer
• •
  Whether we are subject to a legal obligation (certain laws require us to keep records of transactions for a certain period of time before we can erase them); or
• •
  Whether storage is advisable in light of our legal position (e.g. with regard to applicable statutes of limitation, legal proceedings or regulatory investigations).

LeasePlan stores the above personal data for five years

• •
  from the rejection of a customer
• •
  termination of the customer relationship

LeasePlan is obligated to provide information about our processing of personal data under Articles 13, 14 and 21 of the GDPR and about the processing we carry out and in the field of anti-money laundering and anti-terrorism under section 16(1) of the Anti-Money Laundering Act and Dutch legislation to which the LeasePlan group is subject.

We receive personal data from:

• •
  You
• •
  The vehicle
• •
  Repair shops and service centres
• •
  Insurance companies
• •
  Persons who have been involved in or witnessed an incident, e.g. an accident, and their representatives, including e.g. insurance companies and lawyers
• •
  Authorities, e.g. police, courts or other local authorities
• •
  Our investigation of publicly available data
• •
  The CVR Register
• •
  International directories used to identify persons who are subject to sanctions

We compare the data based on documents, data or information obtained from reliable and independent sources, e.g. the Danish CVR Register.

We need to collect personal data in order to provide you with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

We process the following personal data for the purposes set out below:

• •
  Your name, contact details, residential address and country
• •
  Copy of e.g. passport, driver’s licence, health insurance card, health card, equivalent national ID with unique identification number and baptism, birth or name certificate
• •
  Financial affairs
• •
  Other documentation, e.g. origin of the funds, pay slips, utility bills, etc.
• •
  Negative press coverage
• •
  Status as a politically exposed person (PEP) or as a close associate or close business partner of a PEP
• •
  Sanctions imposed under international regulations
• •
  Vehicle registration number, leasing category, make and model, chassis number, service history and operational contact with you
• •
  Delivery address or pick-up point
• •
  Fuel or EV card number, fuel information and consumption, number of kilometres driven and related expenses. In case of refunds, bank details are collected
• •
  E-Mobility card number, mileage and related costs
• •
  The agreed terms of the private leasing agreement as well as your financial obligations to us
• •
  Transaction data (such as order, amount payable, payment date);
• •
  Bank account number and authorisation to register for direct debit with Betalingsservice
• •
  Insurance information, third-party claims, police reports and witness statements, as well as road and/or parking fees and charges imposed
• •
  Damage and incidents, e.g. offences or accidents, including extent, location, time and cost, assistance provided, personal injury and property damage, pictures from incidents, number and identity of passengers in the vehicle, information about third parties, e.g. identity of passengers and driver in other vehicles and witnesses.

Dutch anti-money laundering legislation applies to the entire group by virtue of LeasePlan’s parent company's bank licence in the Netherlands.

Anti-money laundering legislation requires KYC as well as investigation, registration, notification and storage obligations. Before LeasePlan can enter into agreements with customers, we must carry out adequate KYC procedures. The obligations cover e.g. identification and legitimation of the our customers.

We are also required to investigate transactions if we suspect that they are related to money laundering or terrorist financing. If the investigations do not disprove the suspicion, we are obligated to notify the Money Laundering Secretariat in Denmark and the corresponding authority in the Netherlands and, if necessary, to terminate the customer relationship. This also applies if the customer cancels the transaction during the KYC procedure or refuses to submit identity information.

If we reject a potential or existing customer, we will record the name of the customer, the reason for rejection and the documentation reviewed.

In an ongoing customer relationship, we will contact you to ensure that our information and copies of identification documents are up to date.

In summary, the purposes are the following:

• •
  Compliance with anti-money laundering and anti-terrorist legislation in Denmark and the Netherlands, including
• •
  The Anti-Money Laundering Act in Denmark in relation to financial leasing
• •
  The EU’s and UN’s sanctions lists
• •
  Part 2 of the Dutch anti-money laundering act (Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft))
• •
  Sanctiewet 1977 (the Dutch sanctions act)
• •
  to comply with orders from authorities

In addition to the above, we process personal data when necessary for the following purposes:

• •
  Registration - acceptance of you as lessee. We collect information when you apply for registration as lessee. This processing of data is necessary for the conclusion of the leasing contract, including identification and credit assessment
• •
  Marketing purposes. We process personal data to send you marketing material to keep you updated about events, special offers or upcoming products and services from LeasePlan. When we contact you with marketing, we will do so by e-mail (newsletters/brochures/magazines) if you have given your consent. To understand what is relevant to you, we may use information from cookies and/or pixels. If you no longer wish to receive marketing communication from us, you can unsubscribe via the link in the e-mails sent to you
• •
  To conduct surveys. In surveys we ask for feedback on our webinars and/or satisfaction with LeasePlan's services/suppliers, e.g. repair shops. When we contact you about surveys, we may do so e.g. by e-mail. If you do not wish to receive such communications from us, you can use the opt-out options in the communication or contact us via the rights form or the general contact details below
• •
  To communicate with you. When you contact us via an online contact form or by phone, e.g. when you send us questions, proposals, compliments or complaints, or when you request a quote
• •
  Repairs, service and tyres. We process data in connection with repairs, maintenance and tyre replacements, as well as for planning maintenance and repairs for the vehicle and settlement thereof
• •
  Incident management. We record and manage incidents, e.g. accidents, that you and/or the vehicle may be involved in, in order to restore mobility and handle claims, e.g. by (i) notification to customer service, (ii) roadside assistance and/or replacement car, (iii) repair and other follow-up, (iv) valuation of repairs according to claims management and excess rules
• •
  Traffic offences. The following may depend on the country in which the driver may have violated road traffic legislation and/or parking rules. As LeasePlan is the registered owner of vehicles, traffic fines and/or parking fees incurred by the driver, will be sent to LeasePlan by the relevant authority having issued the traffic fine or parking fee (e.g. the police or the municipality). The purpose is to process and administer payment of the fine/fee and obtain reimbursement from you
• •
  LeasePlan’s business purposes. We process personal data about you for various business purposes, such as data analysis, audits, developing new products, improving or modifying our services, identifying usage patterns, measuring the effectiveness of our campaigns, and operating and expanding our business activities
• •
  To safeguard other legitimate purposes, including

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or third parties' rights, data protection, safety, security, business or property, including in relation to the implementation of security measures ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage. ‒ in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings).

We process personal data on the following legal basis:

• •

  Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract, see Article 6(1)(b) of the GDPR, including assessment and acceptance of you as customer, including credit control and claims handling.

• •

  Our social obligations, see Article 6(1)(e) of the GDPR, ‒ to carry out creditworthiness checks, see section 7c of the Danish Credit Agreement Act ‒ to provide and document information in relation to insurance, see the Executive Order on good practices among insurance distributors (Executive Order no. 2021/1779), in relation to the rules for ancillary insurance intermediaries, without limitation parts 6-10 ‒ compliance with Danish and Dutch legislation in relation to money laundering, terrorist financing and sanctions

• •

  Our legitimate interests, see Article 6(1)(f) of the GDPR, in the following: ‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to document that we have addressed money laundering and terrorist financing risks in case we reject a customer. ‒ to conduct surveys ‒ to market LeasePlan ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to enforce our terms, conditions and policies ‒ to protect our, your or third parties' rights, data protection, safety, security, business or property, including in relation to the implementation of security measures ‒ in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings).

• •

  Processing is necessary to collect fines for traffic offences and parking fees, see section 8 of the DBL

• •

  Processing is necessary to establish, exercise or defend legal claims, see Article 9(2)(f) of the GDPR.

• •

  We process information about civil registration number on the basis of section 11(2)(1) of the DBL, cf. section 11(1)(1)(a) of the Anti-Money Laundering Act and/or the Dutch legislation cited above as well as section 12b of the Danish Insurance Mediation Act.

We can disclose or leave personal data to the following recipients:

• •

  If we process transactions that are suspected of being related to money laundering or terrorist financing, or we are otherwise obligated to notify the Money Laundering Secretariat and similar authorities in the Netherlands, we will disclose the information to these authorities.

• •

  Regulators and tax authorities

• •

  Third parties, e.g. dealers, repair shops, fitters or roadside assistance providers

• •

  Insurance companies

• •

  We cooperate with Auto Claim Handling Danmark A/S on damage to vehicles. The claim is handled by LeasePlan during our claims handling process for, among other things, repair of the damage and calculating the costs of the damage. When there is also a question of insurance cover, the insurance claim will be handled by our claims examiner, Auto Claim Handling Danmark A/S

• •

  Within the LeasePlan group, for the purposes described in this privacy policy. You can see the list and location of LeasePlan entities here

• •

  To suppliers, e.g. companies to whom we have outsourced processes relating to money laundering etc. or companies that e.g. help us maintain IT networks, infrastructure and security and access control to facilities, etc.

• •

  Recipients in special cases, e.g. (a) debt collection agencies, (b) the police or other public and governmental authorities, regulators and tax authorities, (c) third parties in the event of reorganisation, merger, sale, joint venture, assignment, transfer or other disposal of all or part of our business, assets or stock (including in connection with bankruptcy or similar proceedings). Such third parties may include e.g. an acquiring entity and the related advisers.

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

• •
  The criteria used to determine our storage periods include:
• •
  The length of time we have a relationship with the customer and provide the services to the customer
• •
  Whether we are subject to a legal obligation (certain laws require us to keep records of transactions for a certain period of time before we can erase them); or
• •
  Whether storage is advisable in light of our legal position (e.g. with regard to applicable statutes of limitation, legal proceedings or regulatory investigations).

We store personal data under the rules of the Danish Bookkeeping Act, according to which accounting material is stored for at least five years plus the current accounting period.

Dutch financial legislation requires various data to be stored for five, 10 and 30 years respectively, after which they are erased.

LeasePlan stores personal data during the processing of a claim for identification purposes in the case of customer contact and when the claim is relevant for the insurance contract, the leasing agreement or LeasePlan. The timeframe depends on the duration of the case.

In relation to the purpose of anti-money laundering etc., personal data may be stored for five years from the rejection of a customer or the customer relationship.

Inquiries to LeasePlan and responses thereto are stored for up to 12 months, unless you are a customer.

We collect personal data from

• •
  You
• •
  Portals on which we post vehicles for sale
• •
  Our investigation of publicly available data
• •
  The CVR Register
• •
  International directories to clarify the management and the ownership and to identify persons subject to international sanctions
• •
  CCTV

We compare the data based on documents, data or information obtained from reliable and independent sources, e.g. the Danish CVR Register.

We need to collect personal data in order to provide you with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

We process the following personal data for the purposes set out below:

• •
  your name, address, gender, title, (company) contact details (including your e-mail address, telephone number, name of your company), information relating to vehicles trading, as well as information necessary to complete the transaction, including bank account details
• •
  copy of e.g. passport, driver’s licence, health insurance card, health card, equivalent national ID with unique identification number and birth, baptism or name certificate
• •
  Financial affairs
• •
  Other documentation, e.g. origin of the funds, pay slips, utility bills, etc.
• •
  negative press coverage
• •
  status as a politically exposed person (PEP) or as a close associate or close business partner of a PEP
• •
  sanctions imposed under international regulations
• •
  information you give us in the empty field in the contact form, where you can e.g, ask questions, describe your proposal, make commendations or submit a complaint
• •
  correspondence with LeasePlan, use of services
• •
  CCTV recordings if you visit LeasePlan premises

In relation to purchase of vehicles, LeasePlan only processes personal data for purpose within money laundering and terrorist financing when the purchase price is EUR 15,000 (DKK 112,500) or more.

Dutch anti-money laundering legislation applies to the entire group by virtue of LeasePlan’s parent company's bank licence in the Netherlands.

Anti-money laundering legislation requires KYC as well as investigation, registration, notification and storage obligations. Before LeasePlan can enter into agreements with customers, we must carry out adequate KYC procedures. The obligations cover e.g. identification and legitimation of the our customers.

We are also required to investigate transactions if we suspect that they are related to money laundering or terrorist financing. If the investigations do not disprove the suspicion, we are obligated to notify the authorities in the Netherlands and, if necessary, terminate the customer relationship. This also applies if the customer cancels the transaction during the KYC procedure or refuses to submit identity information.

If we reject a potential or existing customer, we will record the name of the customer, the reason for rejection and the documentation reviewed.

In an ongoing customer relationship, we will contact you to ensure that our information and copies of identification documents are up to date.

In summary, the purposes are the following:

• •
  Compliance of Dutch anti-money laundering and anti-terrorist legislation, including
• •
  The EU’s and UN’s sanctions lists
• •
  Part 2 of the Dutch anti-money laundering act (Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft))
• •
  Sanctiewet 1977 (the Dutch sanctions act)
• •
  to comply with orders from authorities

In addition to the above, we process personal data when necessary for the following purposes:

• •
  Purchase of a vehicle. We process personal data about you in relation to your (potential) purchase of a second-hand car from LeasePlan where your old car or other related services could be included in the transaction. This includes performance of the purchase agreement, the provision of services and the execution of the payment transaction
• •
  To communicate with you. When you contact us via an online contact form (or provide us with information at one of our second-hand car outlets) or by phone, e.g. when you send us questions, proposals, compliments or complaints, or when you request a quote for our services
• •
  LeasePlan’s business purposes. We process personal data about you for various business purposes, such as data analysis, audits, developing new products, improving or modifying our services, identifying usage patterns, measuring the effectiveness of our campaigns, and operating and expanding our business activities
• •
  To safeguard other legitimate purposes, including

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or others' rights, data protection, safety, security, business and/or property, including e.g. implementing security measures in the form of access and security controls if you visit us at LeasePlan’s premises. ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage

• •
  in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings

We process personal data on the following legal basis:

• •

  Prior steps and conclusion of a contract with you, see Article 6(1)(b) of the GDPR)

• •

  Our social obligations, see Article 6(1)(e) of the GDPR, to ‒ comply with Dutch legislation in relation to money laundering, terrorist financing and sanctions

• •

  Our legitimate interests, see Article 6(1)(f) of the GDPR, in the following: ‒ to respond to inquiries ‒ to document that we have addressed money laundering and terrorist financing risks if we reject a (potential) customer ‒ to conduct surveys ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to enforce our terms, conditions and policies ‒ to protect our, your or third parties' rights, data protection, safety, security, business or property, including in relation to the implementation of security measures ‒ in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings).

• •

  We process information about civil registration numbers on the basis of section 11(2)(1) of the DBL, cf. section 11(1)(1)(a) of the Anti-Money Laundering Act, and the Dutch legislation cited above.

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

• •
  The length of time we have a relationship with the customer and provide the services to the customer
• •
  Whether we are subject to a legal obligation (certain laws require us to keep records of transactions for a certain period of time before we can erase them); or
• •
  Whether storage is advisable in light of our legal position (e.g. with regard to applicable statutes of , legal proceedings or regulatory investigations).

We store personal data under the rules of the Danish Bookkeeping Act, according to which accounting material is stored for at least five years plus the current accounting period.

Dutch financial legislation requires various data to be stored for five, 10 and 30 years respectively, after which they are erased.

In relation to the purpose of anti-money laundering etc., personal data may be stored for five years from the rejection of a customer or the customer relationship.

Inquiries to LeasePlan and responses thereto are stored for up to 12 months, unless you are a customer.

CCTV recordings are erased after 30 days.

We receive personal data from:

• •
  You
• •
  Portals on which we post vehicles for sale
• •
  International directories to clarify the management and the ownership and to identify persons subject to international sanctions
• •
  CCTV

We need to collect personal data in order to provide you or your employer with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

We process the following personal data for the purposes set out below:

• •
  Your name, contact details (including your e-mail address, telephone number), your ID and information relating to your company, including documents from the Danish Business Authority and CVR number
• •
  copy of e.g. passport, driver’s licence, health insurance card, health card, equivalent national ID with unique identification number and birth, baptism or name certificate
• •
  Financial affairs
• •
  other documentation, e.g. origin of the funds, pay slips, utility bills, etc.
• •
  negative press coverage
• •
  status as a politically exposed person (PEP) or as a close associate or close business partner of a PEP
• •
  sanctions imposed under international regulations
• •
  information necessary to complete the transaction, e.g. bank account details with the buyer
• •
  correspondence with LeasePlan
• •
  CCTV recording if you visit LeasePlan premises.

Dutch anti-money laundering legislation applies to the entire group by virtue of LeasePlan’s parent company's bank licence in the Netherlands.

Anti-money laundering legislation requires KYC as well as investigation, registration, notification and storage obligations. Before LeasePlan can enter into agreements with customers, we must carry out adequate KYC procedures. The obligations cover e.g. identification and legitimation of the our customers.

We are also required to investigate transactions if we suspect that they are related to money laundering or terrorist financing. If the investigations do not disprove the suspicion, we are obligated to notify the authorities in the Netherlands and, if necessary, terminate the customer relationship. This also applies if the customer cancels the transaction during the KYC procedure or refuses to submit identity information.

If we reject a potential or existing customer, we will record the name of the customer, the reason for rejection and the documentation reviewed.

In an ongoing customer relationship (where you buy several vehicles), we will contact you to ensure that our information and copies of identification documents are up to date.

In summary, the purposes are the following:

• •
  Compliance of Dutch anti-money laundering and anti-terrorist legislation, including
• •
  The EU’s and UN’s sanctions lists
• •
  Part 2 of the Dutch anti-money laundering act (Wet ter voorkoming van witwassen en financieren van terrorisme (Wwft))
• •
  Sanctiewet 1977 (the Dutch sanctions act)
• •
  to comply with orders from authorities

In addition to the above, we process personal data when necessary for the following purposes:

• •
  Registration as professional dealer. To be able to buy a second-hand car from LeasePlan at an auction or to buy a vehicle via one of our websites for resale of vehicles, the traders must be registered with LeasePlan as professional dealers
• •
  Purchase of a LeasePlan Occasion. We process personal data about you in connection with your potential purchase of second-hand vehicles from LeasePlan and other related services via an auction or via our website for resale of vehicles, including performance of the purchase agreement, delivery and completion of the payment transaction
• •
  To communicate with you. When you contact us via an online contact form (or provide us with information at one of our second-hand car outlets) or by phone, e.g. when you send us questions, proposals, compliments or complaints, or when you request a quote for our services
• •
  LeasePlan’s business purposes. We process personal data about you for various business purposes, such as data analysis, audits, developing new products, improving or modifying our services, identifying usage patterns, measuring the effectiveness of our campaigns, and operating and expanding our business activities
• •
  To safeguard other legitimate purposes, including

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or others' rights, data protection, safety, security, business and/or property, including e.g. implementing security measures in the form of access and security controls if you visit us at LeasePlan’s premises. ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage

• •
  in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings

We process personal data on the following legal basis:

Prior steps and conclusion of a contract with you, see Article 6(1)(b) of the GDPR (if you carry on a personal business)

• •

  Our social obligations, see Article 6(1)(e) of the GDPR, ‒ to comply with of Dutch legislation relating to money laundering, terrorist financing and sanctions

• •

  Our legitimate interests, see Article 6(1)(f) of the GDPR, in the following: ‒ to respond to inquiries ‒ to document that we have addressed money laundering and terrorist financing risks if we reject a (potential) customer ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to enforce our terms, conditions and policies ‒ to protect our, your or third parties' rights, data protection, safety, security, business or property, including in relation to the implementation of security measures ‒ in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings).

• •

  We process information about civil registration number on the basis of section 11(2)(1) of the DBL, cf. the Dutch legislation cited above.

We can disclose or leave personal data to the following recipients:

• •
  If we process transactions in which a suspicion of money laundering or terrorist financing arises, or we are otherwise obligated to notify the Dutch authorities, we disclose data to these.
• •
  Financial partners.
• •
  Within the LeasePlan group, for the purposes described in this privacy policy. You can see the list and location of LeasePlan entities here.
• •
  To suppliers, e.g. companies to whom we have outsourced processes relating to money laundering etc. or companies that e.g. help us maintain IT networks, infrastructure and security and access control to facilities, etc.
• •
  Recipients in special cases, e.g. (a) debt collection agencies, (b) the police or other public and governmental authorities, regulators and tax authorities, (c) third parties in the event of reorganisation, merger, sale, joint venture, assignment, transfer or other disposal of all or part of our business, assets or stock (including in connection with bankruptcy or similar proceedings). Such third parties may include e.g. an acquiring entity and the related advisers.

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

• •
  The length of time we have a relationship with the customer and provide the services to the customer
• •
  Whether we are subject to a legal obligation (certain laws require us to keep records of transactions for a certain period of time before we can erase them); or
• •
  Whether storage is advisable in light of our legal position (e.g. with regard to applicable statutes of limitation, legal proceedings or regulatory investigations).

We store personal data under the rules of the Danish Bookkeeping Act, according to which accounting material is stored for at least five years plus the current accounting period.

Dutch financial legislation requires various data to be stored for five, 10 and 30 years respectively, after which they are erased.

In relation to the purpose of anti-money laundering etc., personal data may be stored for five years from the rejection of a customer or the customer relationship.

Inquiries to LeasePlan and responses thereto are stored for up to 12 months, unless you are a customer.

CCTV recordings are erased after 30 days.

We receive personal data from:

• •
  You
• •
  Your employer (our customer)
• •
  CCTV
• •
  The CVR Register
• •
  International directories used to identify persons who are subject to sanctions

We need to collect personal data in order to provide your employer with the services you request or to handle inquiries, comments or complaints about our services. If you do not provide us with this information, we may not be able to offer the products, services or facilities you request.

We process the following personal data for the purposes set out below:

• •
  Your full name and contact details as well as employer
• •
  Login details for our provider’s online accounts (e.g. user name and password)
• •
  CCTV recordings if you visit LeasePlan premises.
• •
  Sanctions imposed under international regulations on owners of the company if the supplier’s service falls within LeasePlan’s core services (leasing, sale of used vehicles, banking and insurance)

We process personal data when necessary for the following purposes:

• •
  Screening of sanctions of owners of the company if the provider’s service falls within LeasePlan’s core services (leasing, sale of second-hand vehicles, banking and insurance) and under Sanctiewet 1977 (the Dutch sanctions act) and the EU's and UN's sanctions lists
• •
  Administration of supplier account. Daily handling and administration of supplier accounts. We maintain e.g. contracts and inform about measures in relation to the services provided by your organisation and other information of relevance to the contract and the account
• •
  To communicate with you. When you contact us via an online contact form or by phone, e.g. when you send us questions, proposals, compliments or complaints, or when giving a quote for services. We can also contact you, e.g. regarding the daily administration of your supplier account
• •
  To conduct surveys. In surveys we ask for feedback on our webinars and/or satisfaction with LeasePlan's services/suppliers, e.g. repair shops. When we contact you about surveys, we may do so e.g. by e-mail. If you do not wish to receive such communications from us, you can use the opt-out options in the communication or contact us via the rights form or the general contact details below
• •
  LeasePlan’s business purposes. We process personal data about you for various business purposes, e.g. data analysis, audits, development of new products, improvement or modification of our services, identification of usage patterns, measuring the effectiveness of our campaigns, and operation and expansion of our business activities
• •
  To safeguard other legitimate purposes, including

‒ to provide a good service, e.g. responding to your inquiries and requests from third parties ‒ to enforce our terms, conditions and policies ‒ to protect our, your or others' rights, data protection, safety, security, business and/or property, including e.g. implementing security measures in the form of access and security controls if you visit us at LeasePlan’s premises. ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to establish, exercise or defend legal claims, including e.g. limitation of potential damage ‒ in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings).

• •

  Our social obligations, see Article 6(1)(e) of the GDPR, ‒ to comply with Dutch legislation relating to screening of sanctions

• •

  Our legitimate interests, see Article 6(1)(f) of the GDPR, in the following: ‒ to enter into and perform contracts with our suppliers ‒ to respond to inquiries ‒ to conduct surveys ‒ to comply with legal obligations or to comply with regulatory requests and orders ‒ to enforce our terms, conditions and policies ‒ to protect our, your or third parties' rights, data protection, safety, security, business or property, including in relation to the implementation of security measures

• •

  in connection with a sale or business transaction, e.g. to disclose or transfer personal data to third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer, or other disposal of all or a portion of our business, assets, or stock (including in connection with bankruptcy or similar proceedings).

We can disclose or leave personal data to the following recipients:

• •

  Within the LeasePlan group, for the purposes described in this privacy policy. You can see the list and location of LeasePlan entities here.

• •

  To suppliers, e.g. companies to whom we have outsourced processes relating to screening of sanctions etc. or companies that e.g. help us maintain IT networks, infrastructure and security and access control to facilities, etc.

• •

  Recipients in special cases, e.g. (a) debt collection agencies, (b) the police or other public and governmental authorities, regulators and tax authorities, (c) third parties in the event of reorganisation, merger, sale, joint venture, assignment, transfer or other disposal of all or part of our business, assets or stock (including in connection with bankruptcy or similar proceedings). Such third parties may include e.g. an acquiring entity and the related advisers.

We store personal data about you for as long as necessary or permitted for the purposes described in this privacy policy and in accordance with existing legislation.

The criteria used to determine our storage periods include:

• •
  The length of time we have a relationship with the supplier and provide the services to the supplier
• •
  Whether we are subject to a legal obligation (certain laws require us to keep records of transactions for a certain period of time before we can erase them); or
• •
  Whether storage is advisable in light of our legal position (e.g. with regard to applicable statutes of limitation, legal proceedings or regulatory investigations).

We store personal data under the rules of the Danish Bookkeeping Act, according to which accounting material is stored for at least five years plus the current accounting period.

Dutch financial legislation requires various data to be stored for five, 10 and 30 years respectively, after which they are erased.

In relation to screening of sanctions, we store personal data for five years from rejection or termination of a supplier relationship.

Inquiries to LeasePlan and responses thereto are stored for up to 12 months, unless you are a customer.

CCTV recordings are erased after 30 days.

Based on the global nature of our organisation and services, personal data about you may be stored and/or processed in another country than the country you live in.

Some countries outside the EEA are recognised by the European Commission as having a sufficient data protection level according to EEA standards.

In case of transfers from the EEA to countries which the European Commission does not find sufficiently secure, we transfer personal data based on e.g. the European Commission’s standard contractual clauses on transfer of data to third countries. For a copy of these standard contractual clauses, please contact LeasePlan.

We transfer personal data to Australia, China, India, Indonesia, Mexico, Surinam, Thailand, Turkey, the USA, Japan (secure third countries).

If you wish to exercise your rights as further described below, please use the contact details below or contact us via the link accessible on the relevant LeasePlan entity’s local website to exercise your rights.

You have the following rights:

• •
  Right of access: You are entitled to obtain access to the personal data processed about you, including how the data are processed, the sources, etc
• •
  Right to rectification: You are entitled to have incorrect personal data rectified
• •
  Right to erasure: In certain cases, you are entitled to have personal data erased before the general erasure in accordance with our general procedure concerning erasure
• •
  Right to restricted processing: In certain cases, you are entitled to restricted processing of your personal data. If you are entitled to restricted processing, we may only process your personal data - except for storage - with your consent to establish, exercise or defend a legal claim or to protect a person or important public interests
• •
  Right to data portability: You are entitled to data portability to the extent our processing of your personal data is based on your consent or an agreement, and the processing takes place automatically. This means that you are entitled to have your personal data forwarded in a structured, generally applied and machine-readable format which you are entitled to transmit to another service provider
• •
  Right to object: In certain cases, you are entitled to object to the processing of your personal data, including if our processing is based on our legitimate interests under Article 6(1)(f) of the GDPR, or the purpose of the processing is direct marketing. You may e.g. deregister again if you do not wish to receive inquiries from us containing surveys either by using the opt-out options in the communication or by contacting us via the rights form or the general contact details below
• •
  Right to withdraw consent: To the extent our processing is based on your consent, you are entitled to withdraw your consent wholly or partly. Withdrawal of your consent will not affect the legality of our processing until your consent has been withdrawn.

For more information about your rights, see the Danish Data Protection Agency’s guidelines describing the data subject’s rights on www.datatilsynet.dk.

You are welcome to contact our Data Privacy Office via the link on our website to exercise your rights. Please ensure that it is completely clear in your request which personal data your request concerns. For your protection, we only handle requests as regards the personal data connected to the specific e-mail address you stated in the contact form, and we may ask you to confirm your identify before you implement your request. We will try to respond to your request as quickly as practically possible and in all circumstances within the statutory time limits. Please note that we may store certain data for registration purposes and/or complete transactions which started before we requested a change or erasure. There may also be residual information that remains in our databases and other records that will not be removed.

If you exercise your rights, we will also process personal data in connection with receiving and responding to requests. If there is doubt about your identity, we are entitled to ask for additional data to confirm your identity. We will then process and register the additional data about you for this purpose.

If you wish to complain about our processing of your personal data, you may submit a complaint to the Danish Data Protection Agency. You can find the contact details of the Danish Data Protection Agency on www.datatilsynet.dk.

Questions? If you have any questions or complaints about this privacy policy, please contact us via link on the relevant LeasePlan entity’s local website to exercise your rights

We reserve the right to amend or update this privacy policy. The latest update of this privacy policy appears from “Latest update” at the top. Any amendments to this privacy policy come into force when we publish the updated privacy policy.