Privacy Statement

Privacy Statement

Wholesale & Rural North America Privacy Statement

1. Our Privacy Statement

At Coöperatieve Rabobank U.A., New York Branch, Rabo AgriFinance LLC, and applicable affiliates [1] (collectively referred to herein as ‘Rabobank’), protecting your privacy and safeguarding the personal information [2] or other information that you provide us is a priority.  Whether you are a website visitor, loan applicant and / or consumer of our services, we respect your privacy and your trust is important to us.

The following sets forth Rabobank’s Privacy Statement  (“Statement”) applicable to the collection and processing [3] of personal or other information that you disclose to us or when you visit our website: www.rabobankwholesalebankingna.com (Wholesale), www.raboag.com (Rural) or that you provide to Rabobank as part of a product or service that you request and we provide to you.  

It describes the personal and other information that Rabobank may collect, process, store, use and/or disclose, as well as the safeguard measures that we have in place to protect it. The Statement also applies to the operations performed on behalf of Rabobank by our affiliates and/or external service providers that may be involved in the collection and/or processing of your personal or other information.

2. How does Rabobank receive your personal data?

Rabobank collects personal and other information that you voluntary provide in order to enable us to deliver the products or services that you have requested, which may come from the following sources:

• Information we receive directly from you, including but not limited to, information on applications or other forms;
• Information about your transactions with us;
• Information about your transactions with our affiliates; and
• Information from a consumer reporting agency. 
• Information to satisfy our legal and regulatory obligations under anti-money laundering, terrorist financing or similar laws.

3. Which personal data does Rabobank process?

The following are the general categories of personal information that we may collect and provide to vendors for the business purpose of provide financial services to you:

• Name(s)
• USPS Mailing Address and Physical Address
• Location Device – Internet Provider (IP) Address information: city, region, country internet service provider
• Email address
• Signatures
• Account Name
• Government-Issued (Federal or State) Identification and Numbers
• Phone number(s)
• Banking Information
• Credit Information
• Financial and Identity Verification Information from Credit Reporting Agencies
• Loan Details/Business Needs and Operational Information, including transactions
• Video/Audio recordings
• Business Entity Information
• Financial Information
• Military Status
• Marital Status
• Date of Birth
• Inferences on your preferences
• Personal Information from U.S. and Foreign Government Registries, as necessary
• Browser type and/or operating system
• User login/authentication data
• Functionality settings that recall user preferences

We categorize the above Personal Data in the following way:

1. Identifiers — Personal unique identifiers, such as full name and federal or state issued identification numbers, including Social Security number, driver’s license number, and passport number;
2. Personal Information — Personal information, including contact details such as telephone number and address, signature, financial information (e.g., account number and balance), payment card details (e.g., credit and debit card numbers), and medical and health insurance information;
3. Characteristics of Protected Classes — Characteristics of protected classes or groups under state or federal law, such as sex, age, disability, citizenship, primary language, immigration status, and marital status;
4. Purchase Information — Purchase information, such as products and services obtained and histories of transactions;
5. Biometric Information — We do not collect Biometric Information;
6. Internet or Online Information — Internet or online information (e.g., browsing history) and information regarding interaction with our websites, applications, or advertisements;
7. Geolocation Data — We do not collect precise Geolocation data;
8. Audio and Visual Information — Audio, electronic, visual, or similar information, such as call and video recordings;
9. Employment Information — Professional or employment-related information, such as work history and prior employer, information from background checks, resumes, and personnel files;
10. Education Information — such as university attended, areas of study and references to graduation status;
11. Inferences — Inferences based on information about an individual to create a summary about, for example, an individual’s preferences and characteristics; and
12. Sensitive Personal Information —
    1. Social Security number, driver’s license, state identification card, or passport number;
    2. Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account – We do not collect combinations of your external account and external access information that would allow us access to any of your external accounts beyond performing transactions you request;
    3. Precise geolocation – We do not collect Precise geolocation;
    4. Racial or ethnic origin, religious or philosophical beliefs, citizenship, or immigration status – We do not collect information on your religious or philosophical beliefs;
    5. The contents of mail, email, and text messages unless we are the intended recipient of the communication;
    6. Biometric information processed to uniquely identify an individual – We do not collect Biometric information; and
    7. Health information, sexual orientation – We do not collect Heath information nor sexual orientation information.
    8. Citizenship information

We will not collect categories of personal information other than those disclosed in this notice.  If we intend to collect additional categories of personal information or intend to use the personal information for additional purposes that are incompatible with the disclosed purpose for which the personal information was collected, we will provide a new notice at collection and request explicit consent.

4. Who is responsible for the processing of your personal data?

This privacy statement describes how we deal with personal data processing by Rabobank. Personal data may be disclosed within Rabobank to the extent that this is permitted by law. When disclosing data within Rabobank, we comply with the rules that we have agreed within our internal policies. These policies describe how the divisions of Rabobank deal with personal data. 

Within Rabobank, your personal data can be accessed only by the individuals who have both a need and an appropriate business purpose to have access. All of these people are bound by a duty of confidentiality. 

The table below shows, for each Personal Data category we may have collected, the categories of third parties to whom we disclosed for our business purposes information from that Personal Data category during the preceding 12 months. The table below contains brief descriptions of the categories of Personal Data and third parties.

* Only if the disclosure of data is reconcilable with the purpose for which the personal data were collected and if this is compliant with other requirements following from applicable privacy laws and regulations.

5. Whose personal data are processed by Rabobank?

We process personal and other information of individuals or of entities (“Subject Entity) with whom we have, wish to have, or previously had, a direct or indirect relationship. We also provide personal and other information to third parties, to allow us to provide products or services which you seek. This may include:

• Clients and their representatives;
• Persons who show an interest in our products and services; or
• Persons who are associated with a business or organization with which we have, wish to have, or previously had, a relationship. Please note: if your business or organization provides us with personal information of employees, you are under the obligation to inform your employees thereof. You may provide your employees with this privacy policy so that they may see how Rabobank treats their personal information.

6. How does Rabobank treat my personal data?

Your personal data are stored carefully and no longer than necessary for the purpose for which they were processed. 

Within Rabobank, your personal data can be used only by employees who require access to such data for the performance of their duties. Our employees are subject to a confidentiality obligation. If we wish to use data for a purpose other than that for which they were originally processed, then we may only do so if the two purposes are closely related. Your personal data may also be disclosed between various Rabobank divisions and subsidiaries, but only if this is reconcilable with the purpose for which the personal data were collected and if this is compliant with other requirements following from applicable privacy laws and regulations. We sometimes engage third parties who can edit personal data, e.g., a printer who carries out a client mailing for us and prints names and addresses details on envelopes. We can engage third parties only if this fits the purpose for which we have processed your personal data, e.g., for promotional and marketing purposes. In addition, such a third party may only obtain our order if he has demonstrably taken appropriate security measures and warrants confidentiality. Your personal data may also be shared with third parties that we engage in our operations for the provision of our services (for example, data hosting, data processing, processing of payment transactions, and similar services). Some of these third parties may be located outside of the United States. Your personal data may, both during and after processing, be subject to investigation by competent national authorities in the countries where such data are located for purposes of the processing. Your personal data will not be sold or hired out.

We have collected information such as that described above in the last twelve months. We may disclose personal information our affiliates insofar as reasonably necessary for the purposes, and on the legal bases, set out in this notice to include the processing and delivery of a product or service. We may also disclose your personal information to third parties that are not related by common ownership or control, such as service providers, credit bureaus and other nonaffiliated third parties when required and permitted by law. We do not collect more personal information than is necessary for the purposes set forth below.  As such, there is no optional data collected.  We will not collect, use, retain, and/or share your personal information for any purpose that is unrelated or incompatible with the purpose(s) for which the personal information was originally collected or processed.  We will request explicit consent if we intend to collect, use, retain, and/or share your personal information for any purpose that is unrelated or incompatible with the purpose(s) for which the personal information was originally collected or processed.

It will be the responsibility of the Individuals to inform Rabobank regarding any changes in his or her Personal Data in order to keep the Individual’s Personal Data accurate, complete and up to date. Individuals should inform Rabobank regarding any changes.

7. For what purposes does Rabobank process personal data of individuals?

We process personal data of individuals for the following purposes:

• To be able to enter into a relationship
  If you as 1) an individual, 2) an individual associated with a Subject Entity that wishes to become a Rabobank client, or 3)  an individual are associated with an entity that wishes to purchase a new product or a new service, we will require personal data, such as within the course of receiving a business credit application. For example, we will have to carry out an investigation to review whether we can accept the Subject Entity as a client, or whether we can provide an individual or an individual associated with a Subject Entity with a loan.  We may also require personal data of an individual or an individual associated with a Subject Entity in order to provide access to an account.  To that end, we can collect data from you (as an individual) such as your name and contact information, date of birth, citizenship, government-issued identification, financial information (such as your net worth and income), and banking information. We may also collect credit, financial, and identity information from credit reporting agencies, references, and persons with whom you have a financial relationship. We may also collect personal data from government registries (inside and outside of the United States) as necessary to satisfy our legal and regulatory obligations under anti-money laundering, terrorist financing, or similar laws. 

As applicable, automated tools may be used to make decisions about individuals but decisions with a negative outcome for the individual will not be based solely on the results provided by the automated tool.  Exceptions generally include the following:

• The use of automated tools is necessary for the performance of a task carried out to comply with a legal obligation or sectorial recommendation to which the Rabobank is subject, including the prevention of money laundering, financing of terrorism and other crimes, customer due diligence and the duty of care towards Customers (e.g., credit monitoring);
• The decision is made by the Rabobank for purposes of (a) entering into or performing a contract or (b) managing the contract, with the individual; or
• The individual has given their explicit consent.

• To maintain the relationship with you and to execute orders
  If you are an individual associated with a Subject Entity, we want to provide you with quality service. For that purpose, we process personal data. We will use your name and address details, for example, to maintain contact with you. Furthermore, we need your name to be able to execute payment orders. We may also disclose your name to others, e.g., in the context of payment transactions.
• To protect your individual personal interests as well as our own
  To protect your personal interests as well as our own and the security and integrity of the financial sector, we may process personal data. For instance, to combat or investigate fraud. For this purpose, we may consult, and enter personal data in, the incident registers and alert systems of the financial sector. Furthermore, we may also for this purpose consult public sources such as public registers, newspapers, and the Internet.
• For purposes of development and improvement of our products and services
  In order to be able to continue to provide you, an individual or an individual associated with a Subject Entity, with quality service, we are constantly developing and improving our products and services. In some cases, this may involve the processing of personal data, for example, if you have a question about a product or compiling statistics for analysis of visits and use of our websites.
• For promotional and marketing purposes
  We may process your personal data for promotional or marketing purposes. For example, to inform you about a new product that may be of interest to you, or to better anticipate your wishes. If you do not wish to be contacted for commercial purposes, please notify the Rabobank location that you do business with.
• Conclusion and execution of agreements with suppliers and corporate clients
  If you as an individual have business contacts with Rabobank, we may process your personal data. For example, to be able to ascertain that you are authorized to represent your company. Or to grant you access to our offices.
• To perform statutory obligations
  We are required by certain national and international laws and regulations to collect data about you. For example, we are sometimes required to initiate a (further) investigation if you have certain assets or in the event of an unusual transaction in your account. Furthermore, we might be required to ascertain who the ultimate beneficial owner (UBO) is of a company with which we have a relationship. Laws and regulations may also require us to disclose data about you to a government or regulatory body inside or outside of the United States.  These activities are performed as necessary in order to comply with legal requirements, as the lawful basis of a contract, or to protect your personal interests or that of our organization (such as combating or investigating fraud). In addition, based on our duty of care, we are required to process personal data whenever there is cause to do so.
• For purposes of our operations
  As a financial service provider, it is important to us, and necessary, to have a good overview of our client relations. That includes knowing whether you collaborate with other parties that may pose a risk. To obtain such an overview, and to take measures, we process personal data, e.g., in order to assess our risk when providing a loan and to decide whether we wish to take out insurance in that respect.
• For archiving purposes
  We do not collect more personal data than is necessary for the purposes set forth above. If we do not store the data for those purposes, we may nonetheless do so for archiving purposes. That means that they will only be used for legal proceedings, or for historic, statistical, or scientific purposes.

We require that you do not supply any other person’s personal information to us, unless we prompt you to do so.

8. Does Rabobank also process sensitive data?

Sensitive personal data are special types of personal data, as demonstrated here:

• Social Security number, driver’s license, state identification card, or passport number;
• Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account – We do not collect combinations of your external account and external access information that would allow us access to any of your external accounts beyond performing transactions you request;
• Precise geolocation – We do not collect Precise geolocation;
• Racial or ethnic origin, religious or philosophical beliefs, citizenship, or immigration status – We do not collect information on your religious or philosophical beliefs;
• The contents of mail, email, and text messages unless we are the intended recipient of the communication;
• Biometric information processed to uniquely identify an individual – We do not collect Biometric information; and
• Health information, sexual orientation – We do not collect Heath information nor sexual orientation information.
• Citizenship information

We process your sensitive data on limited basis and only in order to fulfill requirements for providing financial services to you. We disclose your sensitive personal data to our vendors, but only to the extent they need the information in order to fulfill requirements for assisting us in providing financial services to you and only when you have been informed prior to the disclosure to our vendors.

Rabobank participates in incident registers and alert systems for the financial sector and may process data concerning criminal records for that purpose. The purpose of an incident register or alert system is to protect the interests of financial institutions and their clients, e.g., by detecting fraud. Furthermore, we will process sensitive data only if so required by law, to protect your vital interests (but only where it is impossible to obtain consent first), to the extent necessary for reasons of substantial public interest, with your consent, or at your request. If you request us to record sensitive data about you, or if you disclose such data yourself, we will only process them if that is necessary for our services.

9. Exercising Your Individual Rights

Subject to Rabobank’s verification of a consumer’s identity per statutory laws and regulations, you/consumers may exercise any one of the following consumer right(s) with Rabobank listed below. When communicating your request, please select one of the following options:

Submit your request to the following email address: (RaboPrivacyOffice@raboag.com) or submit your request by using the following toll-free phone number to reach a Customer Connect Service Representative to assist you: (855-722-7766). If you are viewing this Privacy Statement online, you may click here to be taken to a form where you may begin the process of exercising your rights.  If you are not viewing this Privacy statement online, you may visit us online to fill out a webform or contact us by email or phone, as listed above.

In order for Rabobank to respond to a request, you will be asked to provide, over the phone, personal information that will assist us in verifying your identity. This step is for your protection and to ensure Rabobank’s due diligence to demonstrate our commitment to preventing identify theft or fraudulent activities of individuals who may attempt to claim the identity of an individual for which they are not. Information which you might be asked to provide includes, but is not limited to, Tax ID information, address, date of birth, loan information such as account number, loan date, and transactional information. If you authorize someone else, such as an authorized agent, to request information on your behalf, Rabobank will require that you provide evidence of this authorization, prior to executing any actions on your behalf.  Rabobank reserves the right to determine in its sole discretion, information/documentation that is appropriate to evidence a consumer’s authorization of an agent. 

COMPLAINTS: When you/consumer has a general question about the processing of personal data or a complaint, the above email address or phone number is applicable. Rabobank will, together with you/consumer, look for a solution.   If you remain dissatisfied with our handling of your request, you may register a complaint with a regulatory agency.

9.1. Right to Know About Personal Information Collected, Disclosed or Sold

You have the right to know about the personal and other information which we collect, use, disclose and sell. More specifically, you may request information regarding the following:

• The categories of personal information that we have collected about you;
• The categories of sources from which the personal information was collected;
• The business purpose or commercial purpose for collecting the personal information;
• The categories of third parties with whom or which the personal information is disclosed; and,
• The specific pieces of personal information we have collected about you.

Rabobank is obligated to respond to no more than two right-to-access requests in a 12-month period.

9.2. Right to rectification

If you believe that your personal information has been processed incorrectly or incompletely, or if you believe that such processing was unnecessary, then you may file a request for editing, supplementation or removal of your personal information with the Rabobank using the one of the two methods and guidance provided earlier in this section titled “Exercising your Individual Rights”.

9.3. Right to restriction

You may request that we temporarily restrict the personal data relating to you that we process. This means that we will temporarily process less personal data relating to you.

Please be aware that if we are able to restrict the personal data you are requesting, it will only be done within the terms of any agreement we have in place with you.

9.4. Right to Data Deletion

With certain exceptions, you have the right to request deletion of your personal information which we maintain. A verifiable consumer request, as described above, for deletion of any personal information collected will be honored by Rabobank, insofar that the request does not conflict with legal and regulatory data retention and record keeping requirements to which Rabobank must adhere. Rabobank will also request and make reasonable efforts to ensure that our service providers delete your personal information as well. 

The deletion right does not apply when the business needs the personal information for any of the following:

• To complete the transaction or provide a good or service requested by the consumer for which the business collected the personal information or otherwise perform a contract between the business and the consumer;
• To detect or prevent security incidents or illegal activity;
• To identify and correct errors that impair existing functionality;
• For the exercise of a legal right or to ensure another consumer can exercise his or her legal right;
• To comply with the California Electronic Communications Privacy Act;
• To engage in public or peer-reviewed scientific, historical, or statistical research in the public interest if deletion of the personal information is likely to make the research impossible or seriously impair it;
• Solely for internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business;
• To comply with a legal obligation or for lawful internal uses that are compatible with the context in which the consumer provided the personal information to the business.

9.5. Right to Opt-Out of Personal Information Sold

An individual has the right to instruct a business that sells personal information not to sell the consumer’s personal information – also known as the Right to Opt-Out. Once a consumer opts out, the business must honor the opt-out request for at least 12 months, but subsequently may sell the consumer’s personal information if the consumer provides his or her “express authorization”. At Rabobank, we do not sell your personal information to any person or to third parties nor do we share the information for the purpose of cross-contextual behavioral advertising to you. This also includes the sale or sharing of the information of minors.  

9.6. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights (Equal Service and Price)

You have the right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the California Consumer Privacy Act. However, Rabobank is permitted to offer different products or services if the difference is reasonably related to the value of the consumer’s data.  At this time, Rabobank does not offer different products or services based upon the value of a consumer’s data.  Should our data practices change, we will update this statement as provided later in this section titled “Changes to this Privacy Policy”.

9.7. Right to Notification of Personal Information to be Collected

When Rabobank collects an individual’s personal or other information, we must disclose through a notice at or before the time of collection:

• A list of categories of your personal information collected.
• For the categories of personal information collected, the business or commercial purpose for which it is to be used.
• If the business sells personal information, a link to opt-out of the sale of information, or a statement that no sale or disclosure was made; and
• A link to this Privacy Statement. 

As noted above, Rabobank does not sell any personal information to any person or to third parties.

9.8. Right to Data Portability

As part of your options for receiving a copy of the specific personal information we retain about you, it includes an electronic format that is in a readily usable format. 

9.9.  Object to direct marketing

We may also disclose the following information provided below to our affiliates that are financial service providers:

Transaction and experience information from our account records, such as:

• Name
• Address
• Types of accounts you hold

Personal information we receive from you on applications or other forms, such as:

• Social security number
• Assets and liabilities
• Income

Our affiliates may use this information to make marketing solicitations to you about their products and services. You may opt-out of the disclosure to our affiliates of personal information, excluding information required for our transactions and experiences with you (i.e., information we receive from you on applications or other forms). You may also elect not to receive marketing solicitations from our affiliates. Please note that if you make this election, we will still call you and send you mail in order to service your existing relationship with us or to provide account related information (and when doing so, our mailings may include pre-printed marketing materials).   If you opt-out, it is effective within thirty days of receipt and will remain effective until you tell us to change your choice.  When you are no longer a customer, we continue to share your information as disclosed in this notice, unless otherwise advised by an opt-out action you have exercised.  You may contact us using option 1 or option 2 to request to opt-out status as describe above in the section titled “Exercising Your Individual Rights.”

10. Data retention and your personal data

Our data retention policies and procedure are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information. Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. However, we may need to hold Personal Data beyond these retention periods due to regulatory requirements or in response to a regulatory audit, investigation, or other legal matter. These requirements also apply to our third-party service providers.

In some cases it is not possible for us to specify in advance the periods for which your personal information will be retained. Notwithstanding the other provisions of this statement, we may retain your personal information where such retention is necessary for compliance with a legal obligation and in accordance with banking regulations to which we are subject, or in order to protect your vital interests or the vital interests of another person.

11. Security and safeguarding personal information

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place the appropriate physical, administrative and technical controls and procedures in place in order to safeguard and secure the information that you provide to Rabobank online.  Rabobank uses many advanced security measures to protect you while you are using our websites.  Below are just a few of the measures we use:

• Unique login IDs and passwords – You select your own login ID and password.
• Firewalls – Blocks unauthorized access to the Rabobank computer system, where your information is kept.
• 128-bit Encryption – Scrambles information being transmitted between Rabobank and online banking into a code that is virtually impossible for outsiders to decipher.
• Monitoring – We monitor for unusual activity on your accounts. However, this is not fool-proof and does not take the place of you regularly monitoring your accounts.

11.1. Technology

We protect our computer system with backup files, virus detection software, firewalls, and other computer software and hardware. By taking these measures to protect the integrity of our computer system, we are also helping ensure the safety of your personal information.

11.2. Limited Employee Access

Access to account information is restricted to only those employees who are required to have access to it in order to assist you. Rabobank employees are required to keep customer information confidential and are subject to disciplinary action or termination if they fail to do so.

11.3. Physical Security

Strict policies and procedures are used at all Rabobank locations to protect the physical security of you, our staff and any sensitive information. These procedures are regularly reviewed and updated to account for changing threats and ensure compliance with federal laws.

11.4. Confidentiality and Security

We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you. We maintain physical, electronic and procedural safeguards that comply with Federal regulations to guard such information. For additional information, please visit our websites at:  www.rabobankwholesalebankingna.com (Wholesale), www.raboag.com (Rural).

12. Changes to this Privacy Statement

We may choose to make changes to this Statement at any time. If we decide to change this Statement, we will post the changes on one or more of our websites and/or other places where we deem appropriate. We may, but are not obligated, to send you an email or other notification of such change; but you should review this statement from time to time for significant changes that may affect you. If you agree to the changes, you do not need to do anything. But if you do not agree to the changes, you must discontinue use of our sites and services. If you continue to use our sites and services after the effective date of any change, you are deemed to have accepted the change.

13. Exceptions

Except as stated below, we will use information in accordance with this statement as it may be changed from time to time as set forth above. Notwithstanding anything else in this statement to the contrary, we may collect personal information and use and disclose such information in ways other than those described above if we are required to do so by any applicable law or if we deem it advisable and lawful in the course of (i) assisting law enforcement activities, or (ii) investigating and resolving disputes between users; and (iii) protecting our site(s) or other property, including, without limitation, investigating, preventing or taking action with respect to illegal activities, suspected fraud, situations involving the potential safety of any person, violations of Rabobank’s terms of use, or as otherwise required by law. Without limiting the foregoing, we reserve the right to use and disclose any information that you provide to us if we deem it advisable in the prosecution or defense of any litigation involving your use of Rabobank’s website.

14. Contact information

If you have questions regarding this statement, you may contact us using the following information:

Rabobank
P.O. Box 411995
Chesterfield, Missouri 63017
Attn: Customer Connect
(855) 722-7766

RaboPrivacyOffice@raboag.com

You may also contact our Privacy Office as identified below:

Rabobank
P.O. Box 411995
Chesterfield, Missouri 63017
Attn: Privacy Office
(855) 722-7766

RaboPrivacyOffice@raboag.com

15. Privacy Statement last updated:

12/19/2023

16. California Consumer Privacy Act Disclosure

California Consumer Privacy Act Disclosure

[1] For purposes of this statement, an “affiliate” is a company controlled by, or is under common control with the referenced company.

[2] “Personal information” means information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular natural person or household.  

[3] This includes any operation performed on personal data, such as collection, storage use and removal of data.