(Last Updated: May 31, 2023)
1. Introduction
At Northpoint Commercial Finance (“Northpoint”), we respect your privacy and are committed to protecting any personal information you entrust us with. For us, that is just part of doing business.
Our Privacy Policy tells you how we protect your privacy and the confidentiality of your personal information and applies to all our dealings with you. It also explains how Northpoint collects your personal information and what Northpoint does to keep this information secure. We want you to know how we manage that information to serve you and that you have choices about how it is used and shared. It further explains how you can contact us if you have a question about or want to make a change to any personal information that Northpoint has collected about you in order for us to comply with our regulatory requirements. We strongly recommend that you take the time to read this Privacy Policy and retain it for future reference.
Your personal information is information that identifies you; such as your name and can include other information like your address, government issued identification numbers, financial account numbers, credit and payment history, income, age and gender.
In this Privacy Policy, “Northpoint” refers to Northpoint Commercial Finance LLC and Northpoint Commercial Finance Canada Inc.
If you are a California resident, please refer to the “Additional Information Regarding California – California Privacy Notice” (“California Privacy Notice”) section at the end of this Privacy Policy for more information about we collect, use, retain, and disclose personal information about California residents. The California Privacy Notice also explains certain rights that California residents have under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.
2. Why We Ask for Your Personal Information
When we collect personal information about individuals, we explain why we do so. The main reason why we ask for your personal information is to serve you or your company as our client. We collect your personal information when you or your company interacts with us by applying for credit, using our websites, emailing us, or calling us. Furthermore, we may also collect, use or disclose personal information of job candidates for the purpose of establishing an employment relationship at Northpoint.
For example, we may ask for your personal information for the following purposes:
- To establish, verify, and safeguard your identity;
- To service and improve the products and services you have with us;
- To assess your or your company’s eligibility for the credit products or services you requested from us;
- To communicate with you in relation with the products and services you have with us and other products and services that may be of interest to you;
- To help us manage operations and risk within Northpoint and our affiliates (including compliance with legal and regulatory requirements or communications with our regulators);
- To detect and prevent fraud and unauthorized or illegal activities; and
- To perform analytics.
3. Personal Information We Collect
We only collect the personal information we need for the purposes explained to you in Section 2 above. We may ask for your personal information when you begin a relationship with us and/or during the course of our relationship.
We collect most of your personal information directly from you, from publicly or commercially available sources or, with your consent from third parties. For example, for credit products, we obtain credit reports to verify employment and income and to determine your credit worthiness.
Specifically, when you apply for a job at Northpoint, we collect your personal information mainly from you as well as other information collected or generated as part of any engagements regarding working for Northpoint and any associated recruitment related processes and activities.
Here are some examples of personal information we may collect:
- Name;
- Address;
- Birthdate;
- Signature;
- Personal identification number (PIN);
- Financial information such as personal financial and transaction records;
Health information; and - Employment information.
If you are a U.S. resident, we may also ask for your social security number.
If you are a Canadian resident, we may also ask for your social insurance number (SIN). We are required to request your SIN for reporting information to the Canada Revenue Agency. If we ask for your SIN for other purposes, you may choose not to provide it to us.
Please note that you may also be subject to video surveillance for security purposes when you visit our office locations.
4. Knowledge and Consent
We collect personal information about you only when you voluntarily provide it, it is from publicly available sources, or you authorize us to collect it from a third party. Typically, we will seek consent for the use or disclosure of your personal information at the time of collection. The form of consent depends on the sensitivity of the personal information and other circumstances.
Your express consent is obtained verbally, online or in writing. Depending on your use of a product or service or when you contact us to obtain our products or services you may provide us with your implied consent.
We do not use your personal information without your consent unless:
- It is for the same purpose for which the information was originally collected or consistent with that purpose; or
- As authorized or permitted by law.
In certain circumstances, consent may be sought after the information has been collected but before use. For example, when we want to use or disclose the information for a purpose that we have not previously identified.
Subject to legal or contractual exceptions, you can refuse to provide or withdraw your consent at any time with reasonable notice. Please note that in certain situations, refusing or withdrawing your consent may deny you access to certain products, services or to important information. Please refer to “Contacting Us” section below on details on how to withdraw your consent and our staff will be pleased to explain your options and any consequences of withdrawing your consent.
5. Sharing Your Personal Information Within Northpoint
We may share your personal information within Northpoint and our affiliates to provide our services to you, manage our operations and business needs and risks as well as to comply with legal and regulatory requirements.
Specifically, when you apply for a job at Northpoint, your personal information may be shared between the various entities of Laurentian Bank Financial Group (LBCFG) for the purpose of processing your application.
Laurentian Bank Financial Group (LBCFG) is a diversified financial services provider whose mission is to help customers improve their financial health. The Laurentian Bank of Canada and its entities, including Northpoint, are collectively referred to as Laurentian Bank Financial Group.
6. Sharing Your Personal information with Third Parties
We do not sell client lists or other client personal information to others.
We may share your personal information with third parties with your consent or as permitted or required by law in certain scenarios:
- Service Providers: We may share your personal information with our service providers to assist us in providing you with a service. This disclosure is limited to what is necessary to perform their services and the personal information cannot be used for other purposes. We are committed to ensuring that these service providers have appropriate safeguards in place to protect your personal information. These service providers may be in Canada, the U.S, or other countries and may release your personal information in response to valid demands from governments, regulators, courts and law enforcement authorities of their countries;
More specifically for personal information collected, used, shared or stored in Alberta: If Northpoint shares your personal information with a service provider outside of Canada, it will also tell you the name of the country where the service provider is located and the purpose for which the service provider has been authorized to use your personal information. For example, your personal information will be shared with service providers located in the United States who assist Northpoint with managing your applications and accounts, such as providing the verifications required to comply with their anti-money laundering and terrorist financing obligations, including “know your client” requirements, providing an account management software platform, providing collateral inspections, and providing office IT platforms and maintenance.
- Credit Bureaus and Other Lenders: We may release your credit history, identifiable information and your repayment history to credit bureaus and other lenders on an ongoing basis to support the credit process. This permits the financial system to function efficiently and allows for the detection and prevention of fraud and allows us to continue to offer services to you;
- Compliance, Lawful Requests, Regulators and Self-Regulatory Organizations: We may disclose your personal information if a law, regulation, search warrant, subpoena, court order or valid demand legally requires or authorizes us to do so. This may include requests from regulators and self- regulatory organizations that are responsible for overseeing Northpoint and its affiliates’ business such as the Office of the Privacy Commissioner of Canada, the Office of the Superintendent of Financial Institutions of Canada, the U.S. Federal Trade Commission or a U.S. state Attorney General;
- Investigation and Fraud: Your personal information may be released in the case of a breach of an agreement or contravention of law to help prevent fraud, money laundering and other criminal activity.
- Debt Collection: We may also release your personal information to help us collect a debt from you; and
- Transfers of Business: We may buy businesses or sell parts of Northpoint from time to time and personal information regarding the accounts or services purchased or sold, including client personal information, is generally one of the assets to be transferred and released to all parties to a transaction. In such case, we will require the relevant third parties to provide comparable levels of protection as Northpoint provides with respect to the information we transfer.
7. Protecting Your Personal information
We protect your personal information with appropriate physical, procedural and technological safeguards and security measures. Here are some of the ways in which we protect your information:
- Our employees are trained to adhere to specific policies and procedures to safeguard your personal information. Doing so is not only specified in our code of ethics, procedures and employment agreements but is also regularly re-confirmed in writing by our employees.
- We authorize our employees, agents and consultants to get information about you only when they need it to do their work for us;
- We require service providers to protect your personal information. In addition, they agree to use it only to prove the services we ask them to perform for us;
- We keep information under physical, electronic or procedural controls appropriate to the sensitivity of the information;
- We test & audit our safeguards and security measures regularly to ensure that they are properly administered and that they remain effective and appropriate for the sensitivity of the personal information.
8. Retention
We retain your personal information for as long as is necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws. The length of time we retain your personal information varies depending on the product or service and the nature of the personal information. The retention period may sometimes extend beyond the end of your relationship with us but only for so long as is necessary for us to have sufficient personal information to manage any issue that may arise later or to comply with any law, regulation or guideline issued by a governmental or self-regulating entity.
9. Ensuring Your Personal information is Accurate and Up-to-Date
We make every reasonable effort to keep your personal information accurate and up-to-date. Having accurate personal information enables us to comply with the law and give you the best possible service.
We rely on you to help us maintain the accuracy of your personal information by notifying us of any changes to your information. (i.e. telephone numbers, address). If you do not inform us of changes to your personal information we may no longer be able to communicate with you or continue providing our services to you. If you find any errors in your personal information with us, please let us know and we will make the corrections.
10. Accessing Your Personal information
If you are resident of Canada or California, we give you access to your personal information.
If you are a client of Northpoint, most of your personal information is in your transaction records. These are available to you through your account statements or by accessing your account online.
If you require other personal information, please contact us with a written request at Northpoint Commercial Finance, P.O. Box 1445, Alpharetta, GA, U.S.A., 30009, Attn: Compliance Lead or at [email protected]. We may ask for reasonable fees depending on the information requested and will advise you of such fees prior to providing you with the information.
Please note that we may refuse to communicate some information contained in our records in accordance with applicable law and, in that case, will advise you in writing of our refusal. For instance, we cannot provide you with personal information in our records that contain references to other persons, Northpoint’s or its affiliates’ proprietary information, information that relates to an investigation of a breach of an agreement and, a contravention of a law, or information that is subject to legal privilege or that cannot be disclosed for other legal reasons. You may file a complaint in accordance with the applicable complaint procedure if you are not satisfied with our decision as set out in “Addressing Your Concerns” below.
11. Contacting Us
For any questions or concerns regarding your personal information, including to withdraw your consent or access your personal information, please contact us in writing at Northpoint Commercial Finance, P.O. Box 1445, Alpharetta, GA, U.S.A., 30009, Attn: Compliance Lead or at [email protected].
12. Addressing Your Concerns
To address your concerns or to escalate any dissatisfaction with regard to privacy protections, we suggest you follow these steps:
Step 1:
You can contact notify us in writing at Northpoint Commercial Finance, P.O. Box 1445, Alpharetta, GA, U.S.A., 30009, Attn: Compliance Lead or at [email protected].
Step 2:
If you are not satisfied with how your request was handled or if you wish to escalate any other concerns relating to privacy, you may get in touch with the appropriate Privacy Commissioner:
Residents of Québec:
Complaint Services
Commission d’accès à l’information du Québec
525 René-Lévesque Boulevard East, Suite 2.36, Québec, Québec G1R 5S9
Phone: 514-864-8808 (Montréal), 418-528-7741 (Québec) or toll-free 1-888-528-7741
[email protected]
www.cai.gouv.qc.ca
Residents of Alberta:
Office of the Information and Privacy Commissioner (OIPC)
Edmonton
9925 109 Street NW, Suite 410, Edmonton, Alberta T5K 2J8
Phone: 780-422-6860 or toll-free 1-888-878-4044
Fax: 780-422-5682
[email protected]
www.oipc.ab.ca
Calgary
801 6 Avenue SW, Suite 2460, Calgary, Alberta T2P 3W2
Phone: 403-297-2728 or toll-free 1-888-878-4044
Fax: 403-297-2711
[email protected]
www.oipc.ab.ca
Residents of British Columbia:
Office of the Information and Privacy Commissioner
PO Box 9038, Stn. Prov. Govt., Victoria, British Columbia V8W 9A4
Phone: 250-387-5629 or toll-free 1-800-663-7867
Fax: 250-387-1696
[email protected]
www.oipc.bc.ca
Residents of any other Canadian provinces or territories or for any concerns relating to interprovincial or international transfers of personal information from or to Canada, as applicable:
Office of the Privacy Commissioner of Canada
30 Victoria Street, Gatineau, Québec K1A 1H3
Phone: 819-994-5444 or toll-free 1-800-282-1376
www.priv.gc.ca
Residents of California:
If you are a California resident, please refer to the “Additional Information Regarding California” section at the end of this Privacy Policy for more information about the requests you may make under the California Consumer Privacy Act of 2018 (“CCPA”).
13. Online Privacy
This section supplements our Privacy Policy and applies to the collection, use and disclosure of personal information through all Northpoint websites.
13.1. Personal Information Collected Online
When you browse our websites or access our online services, we may collect information such as:
- Online usage information such as pages you visited, downloaded content and the address of the websites that you visited immediately before coming to our websites, which we collect through the use of cookies. For more information, please refer to “Use of Cookies” below;
- Device information such as IP addresses;
- Login ID and password to access our online services;
- Setting preferences;
- Information you provide to us originating from inquiries or online application forms; and
- Financial and transactional information when you use our online services.
13.2. Why We Collect and Use Personal Information Online
We collect and use your personal information online mainly to serve you as our client but also to prevent fraud and ensure security, to personalize your online experience, and for other purposes as set in “Why We Ask for Your Personal Information” above.
13.3. Safeguarding Your Personal Information Online
We use encryption techniques to protect the confidentiality of your personal information online, which are among the safest encoding methods available on the market. We encode exchanges to prevent intruders from accessing personal information entered during a session or information we transmit through our exchanges. Our encryption methods are recognized data codification processes that ensure the safety of information transmitted. To access our online services, you must use an Internet navigator equipped with compatible encryption.
13.4. Consent
By using our websites and/or our online services you consent to the collection, use and disclosure of your personal information as provided in this Privacy Policy and, where applicable, in other terms and conditions of our products or services. This Privacy Policy may change from time to time and your continued use of the websites and/or our online services will mean that you consent to any modification regarding the collection, use and disclosure of your personal information.
13.5. Sharing
We may share your personal information collected online in accordance with the section regarding “Releasing Your Personal Information to Third Parties” above.
13.6. Cookies
A cookie is a small file that is passed from a website to an end user’s (your) computer. The cookie is used to save information about the interaction between you and the site, such as login credentials, preferences, and any work in progress.
There are three common types of cookies that we may use, among others
- Session cookies store information only for the period of time that you are connected to a website. They are not written to your hard drive. Once you leave the website, the cookie no longer has the information that was contained in it.We use session cookies as a security feature for online services. For example, when you log in to our online services and are authenticated through your log-in ID and password, a cookie will store the identification number of your browser. Throughout your session, the cookie acts as a digital signature to identify your current session to the web server.We also use session cookies to track your visits within our websites. We use this information to determine the type of information that you are looking for on our site and to improve our site.We use information about the site you visited immediately prior to our site to assess the viability of links to our site that we have created on third party sites.
- Persistent cookies write information to your hard drive that remains there until the expiry date of the cookie. We use persistent cookies to store non-sensitive information that you are aware of and have agreed to. For example, if you choose the option on our log-in screen to remember your Northpoint login access number, the system will remember and automatically input your login access number each time you use the service from that computer. All persistent cookies used by our online services are encrypted for additional security.
- Local shared objects, sometimes referred to as “flash cookies”, are data files that a website creates when you visit the site. Local shared objects are most often used to enhance your web- browsing experience.A local shared object can store data that is more complex than simple text. Local shared objects, by themselves, can’t do anything to or with the data on your computer. Local shared objects also cannot access or remember your e-mail address or other personal information about you unless you provide the information.We use local shared objects to store information such as IP address and browser type. This information is collected to assist us in authenticating you and your computer.
We may use cookies to share your personal information with third parties such as advertising services providers so they will display ads on certain websites based on the products and services you have browsed on our website.
For our online services to operate, your browser must be set to accept cookies. If you are concerned about having your browser enabled to accept cookies while you are visiting other websites, we recommend that you enable your browser to notify you when it is receiving a cookie. This gives you the ability of accepting or rejecting any cookie presented by the web server you are visiting.
13.7. E-mail
We do not sell your e-mail addresses to anyone.
When you e-mail us or when you ask us to e-mail you, we learn your e-mail address and any information you include in the e-mail.
We use your e-mail address to acknowledge your comments and reply to your questions, and we store your communication and our replies in case we correspond with you again.
We may use your e-mail address to send you information about offers for products and services that we believe may be of interest to you.
If you ask to be on an e-mail mailing list for us to provide you with information on a regular basis, or if we send you information about our offers for products and services by e-mail, you may ask us to remove you from the list at any time using the unsubscribe instructions provided in each e-mail.
Generally, e-mail is unencrypted. We recommend that you use caution when sending us e-mails and that you do not include confidential information such as account numbers.
Fraudsters send fake e-mails impersonating financial institutions requesting that you verify personal and banking information. These e-mails often ask the recipient to click on a link in the e-mail that directs them to a pop-up window or counterfeit online banking log-in page to enter their bank’s log-in ID and password. We will never send you e-mails asking for confidential information like passwords, social insurance number or account numbers. Please do not respond to any e-mails asking for information like this.
14. Minors
Our services are not intended for persons under 18 years of age. We do not knowingly solicit or collect personal information from or about children under 18, and we do not knowingly market our products or services to children under 18.
15. Third Party Services
Except for information that we share with third parties, this Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which our services link. The inclusion of a link on such services does not imply endorsement of the linked site or service by us.
16. Updates to this Privacy Policy
The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post a revised Privacy Policy.
17. Additional Information for California Residents – California Privacy Notice
This section is for California residents only and supplements the Privacy Policy. With respect to California residents only, to the extent any provision set forth in this Section 17 conflict with any provision set forth in any other section of this Privacy Policy, the provision set forth in this Section 17 shall govern. This section describes the personal information that we collect, explains how this information is collected, used, shared, or disclosed, describes rights provided by the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”) to California Residents (“consumers” or “you”) regarding their personal information, and explains how consumers can exercise those rights.
We may collect, use, share, or disclose your personal information. Personal information is information that identifies, relates to, describes, is reasonably capable of being associated with or could reasonably be linked, directly or indirectly, with you. It can also include other pieces of information that can be used to identify you, either directly or indirectly, such as a cookie. Personal information does not include: (1) publicly available information, such as information that is lawfully made available from federal, state, or local records, or (2) de-identified or aggregate consumer information.
With a limited exception, certain provisions of the CCPA do not apply to personal information covered by or collected under industry-specific privacy laws including but not limited to, the Health Insurance Portability and Accountability Act of 1966 (certain health information), the California Confidentiality of Medical Information Act (certain medical information), the Gramm-Leach-Bliley Act (certain financial information privacy laws), the California Financial Information Privacy Act, the Fair Credit Reporting Act (information relating to your credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, and mode of living), and the Driver’s Privacy Protection Act of 1994.
17.1 Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information:
- Identifiers, such as name, contact information, online identifiers, Social Security numbers and other government-issued identifiers;
- Personal information, as defined in the California customer records law, such as name, contact information, signature, government ID numbers, medical, health insurance, and physical characteristics, insurance and financial account information, and education and employment information;
- Commercial information, such as transaction information and transaction history;
- Biometric information, such as fingerprint images;
- Internet or other electronic network activity information, such as browsing history and interactions with our website;
- Geolocation data, such as device location and IP location;
- Audio, electronic, visual, thermal, olfactory, or similar information,
- Professional or employment-related information, such as work history and prior employer;
- Education information, such as information that is not publicly available personally identifiable information as defined in the federal Family Educational Rights and Privacy Act;
- Inferences drawn from any of the personal information listed above to create a profile/summary about, for example, an individual’s preferences and characteristics; and
- Sensitive Personal Information, such as social security, driver’s license, state identification card, or passport number, account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account, a consumer’s precise geolocation, a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership, or the contents of a consumer’s mail, email, and text messages unless the business is the intended recipient of the communication.
In the past 12 months, we have collected personal information from the following categories of sources:
- You or other individuals or organizations acting on your behalf
- Related customers
- Consumer reporting agencies
- Online databases and websites
- Third party auditors
- Internet service providers
- Government entities
- Operating systems and platforms
- Social networks
We may collect and use the categories of personal information identified above for the following business or commercial purposes:
- Operate, manage, and maintain our business,
- Provide our products and services and for our employment/human resources and vendor management purposes;
- Develop, improve, repair, and maintain our products and services;
- Personalize, advertise, and market our products and services;
- Conduct research, analytics, and data analysis;
- Maintain our property;
- Undertake quality and safety assurance measures;
- Conduct risk and security control and monitoring;
- Detect and prevent fraud;
- Perform identity verification;
- Perform accounting, audit, and other internal functions, such as internal investigations;
- Debugging to identify and repair errors that impair existing intended functionality;
- Comply with law, legal process, legal obligations, and internal policies;
- Maintain records; and
- Exercise and defend legal claims.
We will only use your personal information for the reasons for which we collected it. If we need to use your personal information for another purpose, we will tell you about it, explain the legal basis which allows us to do so, and obtain your explicit consent.
17.2 Disclosures Made to Third Parties
We may disclose your personal information to service providers and third parties in order to carry out specific business or commercial purposes. In the past 12 months, we disclosed the following categories of personal information for business or commercial purposes to the following categories of service providers and third parties:
- Identifiers to collection agencies, government entities, service providers, contractors, related customers, individuals and organizations acting on your behalf, operating systems and platforms, social networks, other financial institutions and strategic partners, our agents, and our affiliates.
- Personal information described in the California Customer Records Statute to collection agencies, government entities, service providers, contractors, related customers, individuals and organizations acting on your behalf, operating systems and platforms, social networks, other financial institutions and strategic partners, our agents, and our affiliates.
- Commercial information to collection agencies, government entities, service providers, contractors, related customers, individuals and organizations acting on your behalf, operating systems and platforms, social networks, other financial institutions and strategic partners, our agents,, and our affiliates.
- Internet or network activity information to collection agencies, government entities, service providers, contractors, related customers, individuals and organizations acting on your behalf, operating systems and platforms, social networks, other financial institutions and strategic partners, our agents,, and our affiliates.
- Geolocation data to collection agencies, government entities, service providers, contractors, related customers, individuals and organizations acting on your behalf, operating systems and platforms, social networks, other financial institutions and strategic partners, our agents,, and our affiliates.
- Professional or employment-related information to collection agencies, government entities, service providers, contractors, related customers, individuals and organizations acting on your behalf, operating systems and platforms, social networks, other financial institutions and strategic partners, our agents,, and our affiliates.
- Education information covered by the federal Family Educational Rights and Privacy Act to collection agencies, government entities, service providers, contractors, related customers, individuals and organizations acting on your behalf, operating systems and platforms, social networks, other financial institutions and strategic partners, our agents,, and our affiliates.
- Inferences drawn from any of the personal information to collection agencies, government entities, service providers, contractors, related customers, individuals and organizations acting on your behalf, operating systems and platforms, social networks, other financial institutions and strategic partners, our agents,, and our affiliates.
- Biometric information to collection agencies, government entities, service providers, contractors, related customers, individuals and organizations acting on your behalf, operating systems and platforms, social networks, other financial institutions and strategic partners, our agents, and our affiliates.
We may disclose the categories of personal information identified above for the business or commercial purposes identified in Section 17.1.
17.3 Sensitive Personal Information
We have not used or disclosed Sensitive Personal Information outside of the exceptions allowed for in the CCPA and its implementing regulations. The following are examples of the permissible purposes for which we collect or use Sensitive Personal Information:
- To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services, which may include but not be limited to maintaining and servicing accounts, providing customer service, verifying consumer information, processing payments, and providing financing.
- To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted Personal Information.
- To resist malicious, deceptive, fraudulent, or illegal actions directed at us and to prosecute those responsible for those actions.
- To perform services on our behalf.
- To verify or maintain the quality or safety of a product, service, or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured by, manufactured for, or controlled by us.
17.4 “Sale” or “Sharing” of Personal Information
In the past twelve (12) months, we have not “sold” or “shared” personal information for purposes of the CCPA. Also, it is our business practice not to sell or share the personal information of minors under 16 years of age and we have no actual knowledge of doing so.
“Sold” or “sale” means disclosing your personal information for money or other thing of value but does not include, for example, the transfer of personal information as an asset that is part of a merger, bankruptcy, or other disposition of all or any portion of our business. “Share” means disclosing your personal information to a third-party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
17.5 Your Rights as a Consumer under the CCPA
The CCPA provides you with certain rights regarding the collection, use, and disclosure of your personal information. As described in more detail below, the CCPA provides you with the following rights:
- The Right to Know/Access what personal information we have collected about you. Before or when we collect your personal information, you have the right to know:
- The categories of personal information (including Sensitive Personal Information) we collect, the business or commercial purpose for which we collect and use the personal information, and whether we sell or share that information; and
- How long we intend to keep each category of personal information, including Sensitive Personal Information.
You also have the right to request that we provide you with certain information about the personal information we collect, use, share, disclose, or sell, as well as the categories and specific pieces of information that we have collected about you. Specifically, you have the right to know and request the following information:
-
- The categories of personal information we collect.
- The categories of sources from which the personal information is collected.
- The business or commercial purpose for collecting, selling, or sharing personal information.
- The categories of third parties to whom we disclose personal information.
- If we sold or shared your personal information, which we do not, the categories of personal information that we collected and shared about you and, for each category identified the categories of third parties to which we, shared that particular category of personal information.
- If we disclosed your personal information for a business purpose, the categories of personal information that we disclosed about you and the categories of third parties to which we disclosed that personal information for a business purpose.
- The specific pieces of personal information we have collected about you.
- The Right to Delete the personal information we collected and maintained about you once we verify your request. However, there may be reasons we need to keep your personal information and we will inform you if that is the case.
- The Right to Correct inaccurate personal information we have collected from you and maintained about you. Once we verify your request, including the inaccurate information, we will update your inaccurate personal information from our records and our service provider’s records.
- The Right to Opt-Out of the sale or sharing of your personal information. The Right to Opt-Out is a right afforded to you, the consumer, under the CCPA. However, we do not sell or share your personal information.
- The Right to Limit the Use and Disclosure of Sensitive Personal Information if we use the information for reasons that are not aligned with why we obtained such information. However, we can use this information as permitted by law, to follow the law, and to give you the best service.
- The right to Non-Discrimination or Non-Retaliation, which means we cannot discriminate or retaliate against you if you exercise your rights under the CCPA.
17.6 Submitting an Access Request, Correction Request, or a Deletion Request
To exercise your right to access, right to correct, or right to delete, please submit a verifiable consumer request to us by either:
- Calling us at 1.866.781.2420
- Emailing us at [email protected] and [email protected]
- Completing and submitting the form below.
Only you (or an authorized agent) may make a verifiable consumer request.
Verifying Your Identity
Once you submit your verifiable consumer request, we will verify your identity by matching the information you provided us with information in our systems. If you submit a request to know specific pieces of personal information or a request to delete certain information, in addition to verifying your identity with information we have on file, you also may be required to submit a signed declaration under penalty of perjury stating that the requestor is the consumer whose personal information is the subject of the request. If we are unable to respond to your request for specific pieces of information, we will evaluate your request as if it is a request to know the categories of personal information that we have collected about you.
If you have a password-protected account with us, we may verify your identity through our existing authentication practices for your account and we will also require you to re-authenticate yourself before we disclose your personal information. If we suspect fraudulent or malicious activity on or from your account, we will not comply with your request until we perform further verification to determine whether your request is authentic and you are the person about whom we have collected the personal information.
We will generally avoid requesting additional information from you to verify you. However, if we cannot verify your identity based on the information we currently maintain, we may request additional information from you, which will only be used to verify your identity and for security or fraud-prevention purposes. We will delete any new personal information we collect to verify your identity as soon as practical after processing your request unless otherwise required by the CCPA.
Generally, if we are unable to verify your identity, we will deny your request and inform you of our inability to verify your identity and explain why we were unable to do so.
Responding to Your Access or Deletion Requests
Once we receive your verifiable consumer request, we will confirm our receipt of your request within 10 business days and provide you with additional information about how we will process the request. Our goal is to respond to your request within 45 calendar days of receiving the request, beginning on the day we receive the request. However, in the event that we need more time (up to 90 calendar days) to respond to your request, we will provide you with notice and an explanation of the reasons that we will take more than 45 calendar days to respond. If we are unable to comply with a given request, we will provide you with a response explaining why we have not taken action on your request and identifying any rights you may have to appeal the decision.
We will not charge you or your authorized agent to verify your identity. In addition, we will not charge you or your authorized agent a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Authorized Agent for Requests
You may designate an authorized agent to make a request on your behalf. Unless you have a power of attorney, if you would like to use an authorized agent, which is an individual or business that you have authorized to act on your behalf to submit a request, you must provide the authorized agent with written and signed permission to do so, verify your own identity directly with us, and directly confirm that you provided the authorized agent with permission to submit the request. We may deny a request from an authorized agent that does not submit proof that they are authorized to act on your behalf.
Unlawful Discrimination or Retaliation
We will not discriminate or retaliate against you for exercising your rights under the CCPA.
17.8 Changes to Section 17
We are required by law to update this California Privacy Notice at least once each year. This California Privacy Notice was last updated on May 31, 2023.
CONTACTING US
If you have any questions regarding this Privacy Policy, including our California Privacy Notice, the ways in which we collect, use, or disclose your personal information, or how to exercise your rights under the CCPA, please contact us at:
- Northpoint Commercial Finance
- P.O. Box 1445
- Alpharetta, GA 30009
- Attn: Legal & Compliance Representative
- [email protected] and [email protected]
Submit a Request
To exercise your right to know/access, right to correct, or right to delete, please submit a verifiable consumer request to us by filling out the form below and we will review your request and get back to you as soon as possible.
"*" indicates required fields