(Last Updated: November 22, 2019)

1. Introduction

At Northpoint Commercial Finance (“Northpoint”), we respect your privacy and are committed to protecting any personal information you entrust us with. For us, that is just part of doing business.

Our Privacy Policy tells you how we protect your privacy and the confidentiality of your personal information and applies to all our dealings with you. It also explains how Northpoint collects and what Northpoint does to keep this information secure. We want you to know how we manage that information to serve you and that you have choices about how it is used and shared. It further explains how you can contact us if you have a question about or want to make a change to any personal information that Northpoint has collected about you in order for us to comply with our regulatory requirements. We strongly recommend that you take the time to read this Privacy Policy and retain it for future reference.

Your personal information is information that identifies you; such as your name and can include other information like your address, government issued identification numbers, financial account numbers, credit and payment history, income, age and gender.

In this Privacy Policy, “Northpoint” refers to Northpoint Commercial Finance LLC and Northpoint Commercial Finance Canada Inc.

2. Why We Ask for Your Personal Information

When we collect personal information about individuals, we explain why we do so. The main reason why we ask for your personal information is to serve you or your company as our client. We collect your personal information when you or your company interacts with us by applying for credit, using our websites, emailing us, or calling us. Furthermore, we may also collect, use or disclose personal information of job candidates for the purpose of establishing an employment relationship at Northpoint.
For example, we may ask for your personal information for the following purposes:

  • To establish, verify, and safeguard your identity;
  • To service and improve the products and services you have with us;
  • To assess your or your company’s eligibility for the credit products or services you requested from us;
  • To communicate with you in relation with the products and services you have with us and other products and services that may be of interest to you;
  • To help us manage operations and risk within Northpoint and our affiliates (including compliance with legal and regulatory requirements or communications with our regulators);
  • To detect and prevent fraud and unauthorized or illegal activities; and
  • To perform analytics.

3. Personal Information We Collect

We only collect the personal information we need for the purposes explained to you in Section 2 above. We may ask for your personal information when you begin a relationship with us and/or during the course of our relationship.

We collect most of your personal information directly from you, from publicly or commercially available sources or, with your consent from third parties. For example, for credit products, we obtain credit reports to verify employment and income and to determine your credit worthiness.

Specifically, when you apply for a job at Northpoint, we collect your personal information mainly from you as well as other information collected or generated as part of any engagements regarding working for Northpoint and any associated recruitment related processes and activities.

Here are some examples of personal information we may collect:

  • Name;
  • Address;
  • Birthdate;
  • Signature;
  • Personal identification number (PIN);
  • Financial information such as personal financial and transaction records;
    Health information; and
  • Employment information.

If you are a U.S. resident, we may also ask for your social security number.

If you are a Canadian resident, we may also ask for your social insurance number (SIN). We are required to request your SIN for reporting information to the Canada Revenue Agency. If we ask for your SIN for other purposes, you may choose not to provide it to us.

Please note that you may also be subject to video surveillance for security purposes when you visit our office locations.

4. Knowledge and Consent

We collect personal information about you only when you voluntarily provide it, it is from publicly available sources, or you authorize us to collect it from a third party. Typically, we will seek consent for the use or disclosure of your personal information at the time of collection. The form of consent depends on the sensitivity of the personal information and other circumstances.

Your express consent is obtained verbally, online or in writing. Depending on your use of a product or service or when you contact us to obtain our products or services you may provide us with your implied consent.

We do not use your personal information without your consent unless:

  • It is for the same purpose for which the information was originally collected or consistent with that purpose; or
  • As authorized or permitted by law.

In certain circumstances, consent may be sought after the information has been collected but before use. For example, when we want to use or disclose the information for a purpose that we have not previously identified.

Subject to legal or contractual exceptions, you can refuse to provide or withdraw your consent at any time with reasonable notice. Please note that in certain situations, refusing or withdrawing your consent may deny you access to certain products, services or to important information. Please refer to “Contacting Us” section below on details on how to withdraw your consent and our staff will be pleased to explain your options and any consequences of withdrawing your consent.

5. Sharing Your Personal Information Within Northpoint

We may share your personal information within Northpoint and our affiliates to provide our services to you, manage our operations and business needs and risks as well as to comply with legal and regulatory requirements.

Specifically, when you apply for a job at Northpoint, your personal information may be shared between the various entities of Laurentian Bank Financial Group (LBCFG) for the purpose of processing your application.

6. Sharing Your Personal information with Third Parties

We do not sell client lists or other client personal information to others.

We may share your personal information with third parties with your consent or as permitted or required by law in certain scenarios:

    • Service Providers: We may share your personal information with our service providers to assist us in providing you with a service. This disclosure is limited to what is necessary to perform their services and the personal information cannot be used for other purposes. We are committed to ensuring that these service providers have appropriate safeguards in place to protect your personal information. These service providers may be in Canada, the U.S, or other countries and may release your personal information in response to valid demands from governments, regulators, courts and law enforcement authorities of their countries;

More specifically for personal information collected, used, shared or stored in Alberta: If Northpoint shares your personal information with a service provider outside of Canada, it will also tell you the name of the country where the service provider is located and the purpose for which the service provider has been authorized to use your personal information. For example, your personal information will be shared with service providers located in the United States who assist Northpoint with managing your applications and accounts, such as providing the verifications required to comply with their anti-money laundering and terrorist financing obligations, including “know your client” requirements, providing an account management software platform, providing collateral inspections, and providing office IT platforms and maintenance.

  • Credit Bureaus and Other Lenders: We may release your credit history, identifiable information and your repayment history to credit bureaus and other lenders on an ongoing basis to support the credit process. This permits the financial system to function efficiently and allows for the detection and prevention of fraud and allows us to continue to offer services to you;
  • Compliance, Lawful Requests, Regulators and Self-Regulatory Organizations: We may disclose your personal information if a law, regulation, search warrant, subpoena, court order or valid demand legally requires or authorizes us to do so. This may include requests from regulators and self- regulatory organizations that are responsible for overseeing Northpoint and its affiliates’ business such as the Office of the Privacy Commissioner of Canada, the Office of the Superintendent of Financial Institutions of Canada, the U.S. Federal Trade Commission or a U.S. state Attorney General;
  • Investigation and Fraud: Your personal information may be released in the case of a breach of an agreement or contravention of law to help prevent fraud, money laundering and other criminal activity.
  • Debt Collection: We may also release your personal information to help us collect a debt from you; and
  • Transfers of Business: We may buy businesses or sell parts of Northpoint from time to time and personal information regarding the accounts or services purchased or sold, including client personal information, is generally one of the assets to be transferred and released to all parties to a transaction. In such case, we will require the relevant third parties to provide comparable levels of protection as Northpoint provides with respect to the information we transfer.

7. Protecting Your Personal information

We protect your personal information with appropriate physical, procedural and technological safeguards and security measures. Here are some of the ways in which we protect your information:

  • Our employees are trained to adhere to specific policies and procedures to safeguard your personal information. Doing so is not only specified in our code of ethics, procedures and employment agreements but is also regularly re-confirmed in writing by our employees.
  • We authorize our employees, agents and consultants to get information about you only when they need it to do their work for us;
  • We require service providers to protect your personal information. In addition, they agree to use it only to prove the services we ask them to perform for us;
  • We keep information under physical, electronic or procedural controls appropriate to the sensitivity of the information;
  • We test & audit our safeguards and security measures regularly to ensure that they are properly administered and that they remain effective and appropriate for the sensitivity of the personal information.

8. Retention

We retain your personal information for as long as is necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws. The length of time we retain your personal information varies depending on the product or service and the nature of the personal information. The retention period may sometimes extend beyond the end of your relationship with us but only for so long as is necessary for us to have sufficient personal information to manage any issue that may arise later or to comply with any law, regulation or guideline issued by a governmental or self-regulating entity.

9. Ensuring Your Personal information is Accurate and Up-to-Date

We make every reasonable effort to keep your personal information accurate and up-to-date. Having accurate personal information enables us to comply with the law and give you the best possible service.

We rely on you to help us maintain the accuracy of your personal information by notifying us of any changes to your information. (i.e. telephone numbers, address). If you do not inform us of changes to your personal information we may no longer be able to communicate with you or continue providing our services to you. If you find any errors in your personal information with us, please let us know and we will make the corrections.

10. Accessing Your Personal information

If you are resident of Canada or California, we give you access to your personal information.

If you are a client of Northpoint, most of your personal information is in your transaction records. These are available to you through your account statements or by accessing your account online.

If you require other personal information, please contact us with a written request at Northpoint Commercial Finance, P.O. Box 1445, Alpharetta, GA, U.S.A., 30009, Attn: Compliance Lead. We may ask for reasonable fees depending on the information requested and will advise you of such fees prior to providing you with the information.

Please note that we may refuse to communicate some information contained in our records in accordance with applicable law and, in that case, will advise you in writing of our refusal. For instance, we cannot provide you with personal information in our records that contain references to other persons, Northpoint’s or its affiliates’ proprietary information, information that relates to an investigation of a breach of an agreement and, a contravention of a law, or information that is subject to legal privilege or that cannot be disclosed for other legal reasons. You may file a complaint in accordance with the applicable complaint procedure if you are not satisfied with our decision as set out in “Addressing Your Concerns” below.

11. Contacting Us

For any questions or concerns regarding your personal information, including to withdraw your consent or access your personal information, please contact us in writing at Northpoint Commercial Finance, P.O. Box 1445, Alpharetta, GA, U.S.A., 30009, Attn: Compliance Lead or at info@northpointcf.com.

12. Addressing Your Concerns

To address your concerns or to escalate any dissatisfaction with regard to privacy protections, we suggest you follow these steps:

Step 1:
You can contact notify us in writing at Northpoint Commercial Finance, P.O. Box 1445, Alpharetta, GA, U.S.A., 30009, Attn: Compliance Lead or at info@northpointcf.com.

Step 2:
If you are not satisfied with how your request was handled or if you wish to escalate any other concerns relating to privacy, you may get in touch with the appropriate Privacy Commissioner:

Residents of Québec:

Complaint Services
Commission d’accès à l’information du Québec
525 René-Lévesque Boulevard East, Suite 2.36, Québec, Québec G1R 5S9
Phone: 514-864-8808 (Montréal), 418-528-7741 (Québec) or toll-free 1-888-528-7741
plaintes@cai.gouv.qc.ca
www.cai.gouv.qc.ca

Residents of Alberta:

Office of the Information and Privacy Commissioner (OIPC)
Edmonton
9925 109 Street NW, Suite 410, Edmonton, Alberta T5K 2J8
Phone: 780-422-6860 or toll-free 1-888-878-4044
Fax: 780-422-5682
generalinfo@oipc.ab.ca
www.oipc.ab.ca

Calgary
801 6 Avenue SW, Suite 2460, Calgary, Alberta T2P 3W2
Phone: 403-297-2728 or toll-free 1-888-878-4044
Fax: 403-297-2711
generalinfo@oipc.ab.ca
www.oipc.ab.ca

Residents of British Columbia:

Office of the Information and Privacy Commissioner
PO Box 9038, Stn. Prov. Govt., Victoria, British Columbia V8W 9A4
Phone: 250-387-5629 or toll-free 1-800-663-7867
Fax: 250-387-1696
info@oipc.bc.ca
www.oipc.bc.ca

Residents of any other Canadian provinces or territories or for any concerns relating to interprovincial or international transfers of personal information from or to Canada, as applicable:

Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, Québec K1A 1H3
Phone: 819-994-5444 or toll-free 1-800-282-1376
www.priv.gc.ca

Residents of California:

If you are a California resident, please refer to the “Additional Information Regarding California” section at the end of this Privacy Policy for more information about the requests you may make under the California Consumer Privacy Act of 2018 (“CCPA”).

13. Online Privacy

This section supplements our Privacy Policy and applies to the collection, use and disclosure of personal information through all Northpoint websites.

13.1. Personal Information Collected Online

When you browse our websites or access our online services, we may collect information such as:

  • Online usage information such as pages you visited, downloaded content and the address of the websites that you visited immediately before coming to our websites, which we collect through the use of cookies. For more information, please refer to “Use of Cookies” below;
  • Device information such as IP addresses;
  • Login ID and password to access our online services;
  • Setting preferences;
  • Information you provide to us originating from inquiries or online application forms; and
  • Financial and transactional information when you use our online services.

13.2. Why We Collect and Use Personal Information Online

We collect and use your personal information online mainly to serve you as our client but also to prevent fraud and ensure security, to personalize your online experience, and for other purposes as set in “Why We Ask for Your Personal Information” above.

13.3. Safeguarding Your Personal Information Online

We use encryption techniques to protect the confidentiality of your personal information online, which are among the safest encoding methods available on the market. We encode exchanges to prevent intruders from accessing personal information entered during a session or information we transmit through our exchanges. Our encryption methods are recognized data codification processes that ensure the safety of information transmitted. To access our online services, you must use an Internet navigator equipped with compatible encryption.

13.4. Consent

By using our websites and/or our online services you consent to the collection, use and disclosure of your personal information as provided in this Privacy Policy and, where applicable, in other terms and conditions of our products or services. This Privacy Policy may change from time to time and your continued use of the websites and/or our online services will mean that you consent to any modification regarding the collection, use and disclosure of your personal information.

13.5. Sharing

We may share your personal information collected online in accordance with the section regarding “Releasing Your Personal Information to Third Parties” above.

13.6. Cookies

A cookie is a small file that is passed from a website to an end user’s (your) computer. The cookie is used to save information about the interaction between you and the site, such as login credentials, preferences, and any work in progress.

There are three common types of cookies that we may use, among others

  • Session cookies store information only for the period of time that you are connected to a website. They are not written to your hard drive. Once you leave the website, the cookie no longer has the information that was contained in it.We use session cookies as a security feature for online services. For example, when you log in to our online services and are authenticated through your log-in ID and password, a cookie will store the identification number of your browser. Throughout your session, the cookie acts as a digital signature to identify your current session to the web server.We also use session cookies to track your visits within our websites. We use this information to determine the type of information that you are looking for on our site and to improve our site.We use information about the site you visited immediately prior to our site to assess the viability of links to our site that we have created on third party sites.
  • Persistent cookies write information to your hard drive that remains there until the expiry date of the cookie. We use persistent cookies to store non-sensitive information that you are aware of and have agreed to. For example, if you choose the option on our log-in screen to remember your Northpoint login access number, the system will remember and automatically input your login access number each time you use the service from that computer. All persistent cookies used by our online services are encrypted for additional security.
  • Local shared objects, sometimes referred to as “flash cookies”, are data files that a website creates when you visit the site. Local shared objects are most often used to enhance your web- browsing experience.A local shared object can store data that is more complex than simple text. Local shared objects, by themselves, can’t do anything to or with the data on your computer. Local shared objects also cannot access or remember your e-mail address or other personal information about you unless you provide the information.We use local shared objects to store information such as IP address and browser type. This information is collected to assist us in authenticating you and your computer.

We may use cookies to share your personal information with third parties such as advertising services providers so they will display ads on certain websites based on the products and services you have browsed on our website.

For our online services to operate, your browser must be set to accept cookies. If you are concerned about having your browser enabled to accept cookies while you are visiting other websites, we recommend that you enable your browser to notify you when it is receiving a cookie. This gives you the ability of accepting or rejecting any cookie presented by the web server you are visiting.

13.7. E-mail

We do not sell your e-mail addresses to anyone.

When you e-mail us or when you ask us to e-mail you, we learn your e-mail address and any information you include in the e-mail.

We use your e-mail address to acknowledge your comments and reply to your questions, and we store your communication and our replies in case we correspond with you again.

We may use your e-mail address to send you information about offers for products and services that we believe may be of interest to you.

If you ask to be on an e-mail mailing list for us to provide you with information on a regular basis, or if we send you information about our offers for products and services by e-mail, you may ask us to remove you from the list at any time using the unsubscribe instructions provided in each e-mail.

Generally, e-mail is unencrypted. We recommend that you use caution when sending us e-mails and that you do not include confidential information such as account numbers.

Fraudsters send fake e-mails impersonating financial institutions requesting that you verify personal and banking information. These e-mails often ask the recipient to click on a link in the e-mail that directs them to a pop-up window or counterfeit online banking log-in page to enter their bank’s log-in ID and password. We will never send you e-mails asking for confidential information like passwords, social insurance number or account numbers. Please do not respond to any e-mails asking for information like this.

14. Minors

Our services are not intended for persons under 18 years of age. We do not knowingly solicit or collect personal information from or about children under 18, and we do not knowingly market our products or services to children under 18.

15. Third Party Services

Except for information that we share with third parties, this Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which our services link. The inclusion of a link on such services does not imply endorsement of the linked site or service by us.

16. Updates to this Privacy Policy

The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post a revised Privacy Policy.

17. Additional Information Regarding California

Pursuant to the California Consumer Privacy Act of 2018 (“CCPA”), we are providing the following additional details regarding the categories of personal information about California residents that we have collected or disclosed within the preceding 12 months:

17.1 Categories of Personal Information Collected

We collected the following categories of personal information:

  • Identifiers, such as name, contact information, online identifiers, Social Security numbers and other government-issued identifiers;
  • Personal information, as defined in the California customer records law, such as name, contact information, signature, government ID numbers, medical, health insurance, and physical characteristics, insurance and financial account information, and education and employment information;
  • Commercial information, such as transaction information and transaction history;
  • Internet or network activity information, such as browsing history and interactions with our website;Geolocation data, such as device location and IP location;
  • Professional or employment-related information, such as work history and prior employer;
  • Education information covered by the federal Family Educational Rights and Privacy Act; and
  • Inferences drawn from any of the personal information listed above to create a profile/summary about, for example, an individual’s preferences and characteristics.

As described above, we may use this personal information to operate, manage, and maintain our business, to provide our products and services, for our employment and vendor management purposes, and to accomplish our business purposes and objectives, including, for example, using personal information to: develop, improve, repair, and maintain our products and services; personalize, advertise, and market our products and services; conduct research, analytics, and data analysis; maintain our property; undertake quality and safety assurance measures; conduct risk and security control and monitoring; detect and prevent fraud; perform identity verification; perform accounting, audit, and other internal functions, such as internal investigations; comply with law, legal process, and internal policies; maintain records; and exercise and defend legal claims.

17.2 Disclosures Made to Third Parties

We disclosed the following personal information to third parties such as our service providers and affiliates for our operational business purposes:

  • Identifiers, such as name, contact information, online identifiers, Social Security numbers and other government-issued identifiers;
  • Personal information, as defined in the California customer records law, such as name, contact information, signature, government ID numbers, medical, health insurance, and physical characteristics, insurance and financial account information, and education and employment information;
  • Commercial information, such as transaction information and transaction history;
  • Internet or network activity information, such as browsing history and interactions with our website;
  • Geolocation data, such as device location and IP location;
  • Professional or employment-related information, such as work history and prior employer;
  • Inferences drawn from any of the personal information listed above to create a profile/summary about, for example, an individual’s preferences and characteristics.

17.3 “Sales” of Personal Information

We have not “sold” personal information for purposes of the CCPA.

For purposes of this Privacy Policy, “sold” or “sale” means the disclosure of personal information for monetary or other valuable consideration but does not include, for example, the transfer of personal information as an asset that is part of a merger, bankruptcy, or other disposition of all or any portion of our business.

17.4 Access Requests

If you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request:

  • The categories of personal information we collected about you and the categories of sources from which we collected such personal information;
  • The specific pieces of personal information we collected about you;
  • The business or commercial purpose for collecting personal information about you; and
  • The categories of personal information about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such personal information (if applicable).

To make such a request, please contact us in accordance with the “Contacting Us” section above. In some instances, we may decline to honor your request where an exception applies, such as where the disclosure of personal information would adversely affect the rights and freedoms of another California resident.

17.5 Deletion Requests

If you are a California resident, you may request that we delete personal information we collected from you.

To make such a request, please contact us in accordance with the “Contacting Us” section above. In some instances, we may decline to honor your request where an exception applies, such as where the disclosure of personal information would adversely affect the rights and freedoms of another California resident.

17.6 Unlawful Discrimination

You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.

CONTACTING US

If you have any questions regarding this Privacy Policy, please contact:

  • Northpoint Commercial Finance
  • P.O. Box 1445
  • Alpharetta, GA 30009
  • Attn: Compliance Lead
  • info@northpointcf.com