(Last Updated: November 22, 2019)
At Northpoint Commercial Finance (“Northpoint”), we respect your privacy and are committed to protecting any personal information you entrust us with. For us, that is just part of doing business.
Your personal information is information that identifies you; such as your name and can include other information like your address, government issued identification numbers, financial account numbers, credit and payment history, income, age and gender.
2. Why We Ask for Your Personal Information
When we collect personal information about individuals, we explain why we do so. The main reason why we ask for your personal information is to serve you or your company as our client. We collect your personal information when you or your company interacts with us by applying for credit, using our websites, emailing us, or calling us. Furthermore, we may also collect, use or disclose personal information of job candidates for the purpose of establishing an employment relationship at Northpoint.
For example, we may ask for your personal information for the following purposes:
- To establish, verify, and safeguard your identity;
- To service and improve the products and services you have with us;
- To assess your or your company’s eligibility for the credit products or services you requested from us;
- To communicate with you in relation with the products and services you have with us and other products and services that may be of interest to you;
- To help us manage operations and risk within Northpoint and our affiliates (including compliance with legal and regulatory requirements or communications with our regulators);
- To detect and prevent fraud and unauthorized or illegal activities; and
- To perform analytics.
3. Personal Information We Collect
We only collect the personal information we need for the purposes explained to you in Section 2 above. We may ask for your personal information when you begin a relationship with us and/or during the course of our relationship.
We collect most of your personal information directly from you, from publicly or commercially available sources or, with your consent from third parties. For example, for credit products, we obtain credit reports to verify employment and income and to determine your credit worthiness.
Specifically, when you apply for a job at Northpoint, we collect your personal information mainly from you as well as other information collected or generated as part of any engagements regarding working for Northpoint and any associated recruitment related processes and activities.
Here are some examples of personal information we may collect:
- Personal identification number (PIN);
- Financial information such as personal financial and transaction records;
Health information; and
- Employment information.
If you are a U.S. resident, we may also ask for your social security number.
If you are a Canadian resident, we may also ask for your social insurance number (SIN). We are required to request your SIN for reporting information to the Canada Revenue Agency. If we ask for your SIN for other purposes, you may choose not to provide it to us.
Please note that you may also be subject to video surveillance for security purposes when you visit our office locations.
4. Knowledge and Consent
We collect personal information about you only when you voluntarily provide it, it is from publicly available sources, or you authorize us to collect it from a third party. Typically, we will seek consent for the use or disclosure of your personal information at the time of collection. The form of consent depends on the sensitivity of the personal information and other circumstances.
Your express consent is obtained verbally, online or in writing. Depending on your use of a product or service or when you contact us to obtain our products or services you may provide us with your implied consent.
We do not use your personal information without your consent unless:
- It is for the same purpose for which the information was originally collected or consistent with that purpose; or
- As authorized or permitted by law.
In certain circumstances, consent may be sought after the information has been collected but before use. For example, when we want to use or disclose the information for a purpose that we have not previously identified.
Subject to legal or contractual exceptions, you can refuse to provide or withdraw your consent at any time with reasonable notice. Please note that in certain situations, refusing or withdrawing your consent may deny you access to certain products, services or to important information. Please refer to “Contacting Us” section below on details on how to withdraw your consent and our staff will be pleased to explain your options and any consequences of withdrawing your consent.
5. Sharing Your Personal Information Within Northpoint
We may share your personal information within Northpoint and our affiliates to provide our services to you, manage our operations and business needs and risks as well as to comply with legal and regulatory requirements.
Specifically, when you apply for a job at Northpoint, your personal information may be shared between the various entities of Laurentian Bank Financial Group (LBCFG) for the purpose of processing your application.
Laurentian Bank Financial Group (LBCFG) is a diversified financial services provider whose mission is to help customers improve their financial health. The Laurentian Bank of Canada and its entities, including Northpoint, are collectively referred to as Laurentian Bank Financial Group.
6. Sharing Your Personal information with Third Parties
We do not sell client lists or other client personal information to others.
We may share your personal information with third parties with your consent or as permitted or required by law in certain scenarios:
- Service Providers: We may share your personal information with our service providers to assist us in providing you with a service. This disclosure is limited to what is necessary to perform their services and the personal information cannot be used for other purposes. We are committed to ensuring that these service providers have appropriate safeguards in place to protect your personal information. These service providers may be in Canada, the U.S, or other countries and may release your personal information in response to valid demands from governments, regulators, courts and law enforcement authorities of their countries;
More specifically for personal information collected, used, shared or stored in Alberta: If Northpoint shares your personal information with a service provider outside of Canada, it will also tell you the name of the country where the service provider is located and the purpose for which the service provider has been authorized to use your personal information. For example, your personal information will be shared with service providers located in the United States who assist Northpoint with managing your applications and accounts, such as providing the verifications required to comply with their anti-money laundering and terrorist financing obligations, including “know your client” requirements, providing an account management software platform, providing collateral inspections, and providing office IT platforms and maintenance.
- Credit Bureaus and Other Lenders: We may release your credit history, identifiable information and your repayment history to credit bureaus and other lenders on an ongoing basis to support the credit process. This permits the financial system to function efficiently and allows for the detection and prevention of fraud and allows us to continue to offer services to you;
- Compliance, Lawful Requests, Regulators and Self-Regulatory Organizations: We may disclose your personal information if a law, regulation, search warrant, subpoena, court order or valid demand legally requires or authorizes us to do so. This may include requests from regulators and self- regulatory organizations that are responsible for overseeing Northpoint and its affiliates’ business such as the Office of the Privacy Commissioner of Canada, the Office of the Superintendent of Financial Institutions of Canada, the U.S. Federal Trade Commission or a U.S. state Attorney General;
- Investigation and Fraud: Your personal information may be released in the case of a breach of an agreement or contravention of law to help prevent fraud, money laundering and other criminal activity.
- Debt Collection: We may also release your personal information to help us collect a debt from you; and
- Transfers of Business: We may buy businesses or sell parts of Northpoint from time to time and personal information regarding the accounts or services purchased or sold, including client personal information, is generally one of the assets to be transferred and released to all parties to a transaction. In such case, we will require the relevant third parties to provide comparable levels of protection as Northpoint provides with respect to the information we transfer.
7. Protecting Your Personal information
We protect your personal information with appropriate physical, procedural and technological safeguards and security measures. Here are some of the ways in which we protect your information:
- Our employees are trained to adhere to specific policies and procedures to safeguard your personal information. Doing so is not only specified in our code of ethics, procedures and employment agreements but is also regularly re-confirmed in writing by our employees.
- We authorize our employees, agents and consultants to get information about you only when they need it to do their work for us;
- We require service providers to protect your personal information. In addition, they agree to use it only to prove the services we ask them to perform for us;
- We keep information under physical, electronic or procedural controls appropriate to the sensitivity of the information;
- We test & audit our safeguards and security measures regularly to ensure that they are properly administered and that they remain effective and appropriate for the sensitivity of the personal information.
We retain your personal information for as long as is necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws. The length of time we retain your personal information varies depending on the product or service and the nature of the personal information. The retention period may sometimes extend beyond the end of your relationship with us but only for so long as is necessary for us to have sufficient personal information to manage any issue that may arise later or to comply with any law, regulation or guideline issued by a governmental or self-regulating entity.
9. Ensuring Your Personal information is Accurate and Up-to-Date
We make every reasonable effort to keep your personal information accurate and up-to-date. Having accurate personal information enables us to comply with the law and give you the best possible service.
We rely on you to help us maintain the accuracy of your personal information by notifying us of any changes to your information. (i.e. telephone numbers, address). If you do not inform us of changes to your personal information we may no longer be able to communicate with you or continue providing our services to you. If you find any errors in your personal information with us, please let us know and we will make the corrections.
10. Accessing Your Personal information
If you are resident of Canada or California, we give you access to your personal information.
If you are a client of Northpoint, most of your personal information is in your transaction records. These are available to you through your account statements or by accessing your account online.
If you require other personal information, please contact us with a written request at Northpoint Commercial Finance, P.O. Box 1445, Alpharetta, GA, U.S.A., 30009, Attn: Compliance Lead or at email@example.com. We may ask for reasonable fees depending on the information requested and will advise you of such fees prior to providing you with the information.
Please note that we may refuse to communicate some information contained in our records in accordance with applicable law and, in that case, will advise you in writing of our refusal. For instance, we cannot provide you with personal information in our records that contain references to other persons, Northpoint’s or its affiliates’ proprietary information, information that relates to an investigation of a breach of an agreement and, a contravention of a law, or information that is subject to legal privilege or that cannot be disclosed for other legal reasons. You may file a complaint in accordance with the applicable complaint procedure if you are not satisfied with our decision as set out in “Addressing Your Concerns” below.
11. Contacting Us
For any questions or concerns regarding your personal information, including to withdraw your consent or access your personal information, please contact us in writing at Northpoint Commercial Finance, P.O. Box 1445, Alpharetta, GA, U.S.A., 30009, Attn: Compliance Lead or at firstname.lastname@example.org.
12. Addressing Your Concerns
To address your concerns or to escalate any dissatisfaction with regard to privacy protections, we suggest you follow these steps:
You can contact notify us in writing at Northpoint Commercial Finance, P.O. Box 1445, Alpharetta, GA, U.S.A., 30009, Attn: Compliance Lead or at email@example.com.
If you are not satisfied with how your request was handled or if you wish to escalate any other concerns relating to privacy, you may get in touch with the appropriate Privacy Commissioner:
Residents of Québec:
Commission d’accès à l’information du Québec
525 René-Lévesque Boulevard East, Suite 2.36, Québec, Québec G1R 5S9
Phone: 514-864-8808 (Montréal), 418-528-7741 (Québec) or toll-free 1-888-528-7741
Residents of Alberta:
Office of the Information and Privacy Commissioner (OIPC)
9925 109 Street NW, Suite 410, Edmonton, Alberta T5K 2J8
Phone: 780-422-6860 or toll-free 1-888-878-4044
Residents of British Columbia:
Office of the Information and Privacy Commissioner
PO Box 9038, Stn. Prov. Govt., Victoria, British Columbia V8W 9A4
Phone: 250-387-5629 or toll-free 1-800-663-7867
Residents of any other Canadian provinces or territories or for any concerns relating to interprovincial or international transfers of personal information from or to Canada, as applicable:
Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, Québec K1A 1H3
Phone: 819-994-5444 or toll-free 1-800-282-1376
Residents of California:
13. Online Privacy
13.1. Personal Information Collected Online
When you browse our websites or access our online services, we may collect information such as:
- Device information such as IP addresses;
- Login ID and password to access our online services;
- Setting preferences;
- Information you provide to us originating from inquiries or online application forms; and
- Financial and transactional information when you use our online services.
13.2. Why We Collect and Use Personal Information Online
We collect and use your personal information online mainly to serve you as our client but also to prevent fraud and ensure security, to personalize your online experience, and for other purposes as set in “Why We Ask for Your Personal Information” above.
13.3. Safeguarding Your Personal Information Online
We use encryption techniques to protect the confidentiality of your personal information online, which are among the safest encoding methods available on the market. We encode exchanges to prevent intruders from accessing personal information entered during a session or information we transmit through our exchanges. Our encryption methods are recognized data codification processes that ensure the safety of information transmitted. To access our online services, you must use an Internet navigator equipped with compatible encryption.
We may share your personal information collected online in accordance with the section regarding “Releasing Your Personal Information to Third Parties” above.
A cookie is a small file that is passed from a website to an end user’s (your) computer. The cookie is used to save information about the interaction between you and the site, such as login credentials, preferences, and any work in progress.
There are three common types of cookies that we may use, among others
- Session cookies store information only for the period of time that you are connected to a website. They are not written to your hard drive. Once you leave the website, the cookie no longer has the information that was contained in it.We use session cookies as a security feature for online services. For example, when you log in to our online services and are authenticated through your log-in ID and password, a cookie will store the identification number of your browser. Throughout your session, the cookie acts as a digital signature to identify your current session to the web server.We also use session cookies to track your visits within our websites. We use this information to determine the type of information that you are looking for on our site and to improve our site.We use information about the site you visited immediately prior to our site to assess the viability of links to our site that we have created on third party sites.
- Persistent cookies write information to your hard drive that remains there until the expiry date of the cookie. We use persistent cookies to store non-sensitive information that you are aware of and have agreed to. For example, if you choose the option on our log-in screen to remember your Northpoint login access number, the system will remember and automatically input your login access number each time you use the service from that computer. All persistent cookies used by our online services are encrypted for additional security.
- Local shared objects, sometimes referred to as “flash cookies”, are data files that a website creates when you visit the site. Local shared objects are most often used to enhance your web- browsing experience.A local shared object can store data that is more complex than simple text. Local shared objects, by themselves, can’t do anything to or with the data on your computer. Local shared objects also cannot access or remember your e-mail address or other personal information about you unless you provide the information.We use local shared objects to store information such as IP address and browser type. This information is collected to assist us in authenticating you and your computer.
For our online services to operate, your browser must be set to accept cookies. If you are concerned about having your browser enabled to accept cookies while you are visiting other websites, we recommend that you enable your browser to notify you when it is receiving a cookie. This gives you the ability of accepting or rejecting any cookie presented by the web server you are visiting.
We do not sell your e-mail addresses to anyone.
When you e-mail us or when you ask us to e-mail you, we learn your e-mail address and any information you include in the e-mail.
We use your e-mail address to acknowledge your comments and reply to your questions, and we store your communication and our replies in case we correspond with you again.
We may use your e-mail address to send you information about offers for products and services that we believe may be of interest to you.
If you ask to be on an e-mail mailing list for us to provide you with information on a regular basis, or if we send you information about our offers for products and services by e-mail, you may ask us to remove you from the list at any time using the unsubscribe instructions provided in each e-mail.
Generally, e-mail is unencrypted. We recommend that you use caution when sending us e-mails and that you do not include confidential information such as account numbers.
Fraudsters send fake e-mails impersonating financial institutions requesting that you verify personal and banking information. These e-mails often ask the recipient to click on a link in the e-mail that directs them to a pop-up window or counterfeit online banking log-in page to enter their bank’s log-in ID and password. We will never send you e-mails asking for confidential information like passwords, social insurance number or account numbers. Please do not respond to any e-mails asking for information like this.
Our services are not intended for persons under 18 years of age. We do not knowingly solicit or collect personal information from or about children under 18, and we do not knowingly market our products or services to children under 18.
15. Third Party Services
17. Additional Information for California Residents
With a limited exception, certain provisions of the CCPA do not apply to:
- Personal information that we collect about you when you are acting as our job applicant, employee, owner, director, officer, medical staff member, or contractor to the extent that we collect and use your personal information solely within the context of that role. This also includes your emergency contact information and personal information that is necessary for us to retain to administer benefits for you.
- Personal information we receive from you reflecting a communication or transaction between us and another business when you are acting as an employee, owner, director, officer, or contractor of such company, partnership, sole proprietorship, nonprofit, or government agency and you are seeking a product or service from us for the company, partnership, sole proprietorship, nonprofit, or government agency (“Business Consumer”). We have outlined the limited rights afforded to Business Consumers below.
17.1 Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information:
- Identifiers, such as name, contact information, online identifiers, Social Security numbers and other government-issued identifiers;
- Personal information, as defined in the California customer records law, such as name, contact information, signature, government ID numbers, medical, health insurance, and physical characteristics, insurance and financial account information, and education and employment information;
- Commercial information, such as transaction information and transaction history;
- Internet or network activity information, such as browsing history and interactions with our website;
- Geolocation data, such as device location and IP location
- Professional or employment-related information, such as work history and prior employer;
- Education information covered by the federal Family Educational Rights and Privacy Act; and
- Inferences drawn from any of the personal information listed above to create a profile/summary about, for example, an individual’s preferences and characteristics.
In the past 12 months, we have collected personal information from the following categories of sources:
- Related customers
- Consumer reporting agencies
- Online databases and websites
- Third party auditors
We may collect and use the categories of personal information identified above for the following business or commercial purposes:
- Operate, manage, and maintain our business,
- Provide our products and services, for our employment and vendor management purposes;
- Develop, improve, repair, and maintain our products and services;
- Personalize, advertise, and market our products and services;
- Conduct research, analytics, and data analysis;
- Maintain our property;
- Undertake quality and safety assurance measures;
- Conduct risk and security control and monitoring;
- Detect and prevent fraud;
- Perform identity verification;
- Perform accounting, audit, and other internal functions, such as internal investigations;
- Comply with law, legal process, and internal policies;
- Maintain records; and
- Exercise and defend legal claims.
17.2 Disclosures Made to Third Parties
We may disclose your personal information to service providers and third parties in order to carry out specific business or commercial purposes. In the preceding 12 months, we disclosed the following categories of personal information for business or commercial purposes to the following categories of third parties:
- Identifiers to collection agencies, government entities, service providers, related customers, and our affiliates.
- Personal information described in the California Customer Records Statute to collection agencies, government entities, service providers, related customers, and our affiliates.
- Commercial information to collection agencies, government entities, service providers, related customers, and our affiliates.
- Internet or network activity information to collection agencies, government entities, service providers, related customers, and our affiliates.
- Geolocation data to collection agencies, government entities, service providers, related customers, and our affiliates.
- Professional or employment-related information to collection agencies, government entities, service providers, related customers, and our affiliates.
- Education information covered by the federal Family Educational Rights and Privacy Act to collection agencies, government entities, service providers, related customers, and our affiliates.
- Inferences drawn from any of the personal information to collection agencies, government entities, service providers, related customers, and our affiliates.
17.3 “Sales” of Personal Information
In the preceding twelve (12) months, we have not “sold” personal information for purposes of the CCPA. Also, it is our business practice not to sell the personal information of minors under 16 years of age and we have no actual knowledge of doing so.
17.4 Access Requests
If you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request:
- The categories of personal information we collected about you and the categories of sources from which we collected such personal information;
- The specific pieces of personal information we collected about you;
- The business or commercial purpose for collecting personal information about you; and
- The categories of personal information about you that we otherwise shared or disclosed about you and, for each category identified, the categories of third parties with whom we shared or to whom we disclosed such personal information (if applicable).
In some instances, we may decline to honor your request where an exception applies, such as where the disclosure of personal information would adversely affect the rights and freedoms of another California resident. Additionally, we cannot disclose certain information to you, including your Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answer.
This right does not apply to Business Consumers.
17.5 Deletion Requests
If you are a California resident, you may request that we delete personal information we collected from you.
In some instances, we may decline to honor your request where an exception applies, such as where the disclosure of personal information would adversely affect the rights and freedoms of another California resident.
This right does not apply to Business Consumers.
17.6 Submitting an Access Request or a Deletion Request
To exercise your right to access or right to delete, please submit a verifiable consumer request to us by either:
- Calling us at 1.866.781.2420
- Emailing us at firstname.lastname@example.org
Only you (or an authorized agent) may make a verifiable consumer request.
Verifying Your Identity
Once you submit your verifiable consumer request, we will verify your identity by matching the information you provided us with information in our systems. If you submit a request to know specific pieces of personal information or a request to delete certain information, in addition to verifying your identity with information we have on file, you also may be required to submit a signed declaration under penalty of perjury stating that the requestor is the consumer whose personal information is the subject of the request. If we are unable to respond to your request for specific pieces of information, we will evaluate your request as if it is a request to know the categories of personal information that we have collected about you.
If you have a password-protected account with us, we may verify your identity through our existing authentication practices for your account and we will also require you to re-authenticate yourself before we disclose your personal information. If we suspect fraudulent or malicious activity on or from your account, we will not comply with your request until we perform further verification to determine whether your request is authentic and you are the person about whom we have collected the personal information.
We will generally avoid requesting additional information from you to verify you. However, if we cannot verify your identity based on the information we currently maintain, we may request additional information from you, which will only be used to verify your identity and for security or fraud-prevention purposes. We will delete any new personal information we collect to verify your identity as soon as practical after processing your request unless otherwise required by the CCPA.
Generally, if we are unable to verify your identity, we will deny your request and inform you of our inability to verify your identity and explain why we were unable to do so.
Please note that we are only required to respond to your request for access to your personal information twice within a 12-month period.
Responding to Your Access or Deletion Requests
Once we receive your verifiable consumer request, we will confirm our receipt of your request within 10 business days and provide you with additional information about how we will process the request. Our goal is to respond to your request within 45 calendar days of receiving the request, beginning on the day we receive the request. However, in the event that we need more time (up to 90 calendar days) to respond to your request, we will provide you with notice and an explanation of the reasons that we will take more than 45 calendar days to respond. Any disclosures we provide will cover the 12-month period preceding the verifiable consumer request’s receipt. If we are unable to comply with a given request, we will provide you with a response explaining why we have not taken action on your request and identifying any rights you may have to appeal the decision.
We will not charge you or your authorized agent to verify your identity. In addition, we will not charge you or your authorized agent a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Authorized Agent for Requests
You may designate an authorized agent to make a request on your behalf. Unless you have a power of attorney, if you would like to use an authorized agent, which is an individual or business registered with the Secretary of State that you have authorized to act on your behalf, to submit a request, you must provide the authorized agent with written and signed permission to do so, verify your own identity directly with us, and directly confirm that you provided the authorized agent with permission to submit the request. We may deny a request from an authorized agent that does not submit proof that they are authorized to act on your behalf.
17.7 Unlawful Discrimination
We will not discriminate against you for exercising your rights under the CCPA.
17.8 Changes to Section 17
We are required by law to update this California Privacy Statement at least once each year. This California Privacy Statement was last updated on September 20, 2021.
- Northpoint Commercial Finance
- P.O. Box 1445
- Alpharetta, GA 30009
- Attn: Legal & Compliance Representative