Wholesale and Rural North America Privacy Statement
1. Our Privacy Statement
At Coöperatieve Rabobank U.A., New York Branch, Rabo AgriFinance LLC, and applicable affiliates (collectively referred to herein as ‘Rabobank’), protecting your privacy and safeguarding the personal information or other information that you provide us is a priority. Whether you are a website visitor, loan applicant and / or consumer of our services, we respect your privacy and your trust is important to us.
The following sets forth Rabobank’s Privacy Statement (“Statement”) applicable to the collection and processing of personal or other information that you share with us or when you visit our website: www.rabobankwholesalebankingna.com (Wholesale), www.raboag.com (Rural) or that you provide to Rabobank as part of a product or service that you request and we provide to you.
It describes the personal and other information that Rabobank may collect, process, store, use and/or disclose, as well as the safeguard measures that we have in place to protect it. The Statement also applies to the operations performed on behalf of Rabobank by our affiliates and/or external service providers that may be involved in the collection and/or processing of your personal or other information.
2. How does Rabobank receive your personal data?
Rabobank collects personal and other information that you voluntary provide in order to enable us to deliver the products or services that you have requested, which may come from the following sources:
- Information we receive directly from you, including but not limited to, information on applications or other forms;
- Information about your transactions with us;
- Information about your transactions with our affiliates; and
- Information from a consumer reporting agency.
- Information to satisfy our legal and regulatory obligations under anti-money laundering, terrorist financing or similar laws.
3. Which personal data does Rabobank process?
The following are the general categories of personal information that we may collect:
- USPS Mailing Address and Physical Address
- Location Device – Internet Provider (IP) Address information: city, region, country internet service provider
- Email address
- Account Name
- Government-Issued (Federal or State) Identification and Numbers
- Phone number(s)
- Banking Information
- Credit Information
- Financial and Identity Verification Information from Credit Reporting Agencies
- Loan Details/Business Needs and Operational Information
- Business Entity Information
- Financial Information
- Military Status
- Marital Status
- Date of Birth
- Personal Information from U.S. and Foreign Government Registries, as necessary
- Browser type and/or operating system
- User login/authentication data
- Functionality settings that recall user preferences
4. Who is responsible for the processing of your personal data?
This privacy statement describes how we deal with personal data processing by the Rabobank. Personal data may be shared within Rabobank to the extent that this is permitted by law. When sharing data within Rabobank, we comply with the rules that we have agreed within our internal policies. These policies describe how the divisions of Rabobank deal with personal data.
Within Rabobank, your personal data can be accessed only by the individuals who have both a need and an appropriate business purpose to have access. All of these people are bound by a duty of confidentiality.
5. Whose personal data are processed by Rabobank?
We process personal and other information of individuals or of entities (“Subject Entity) with whom we have, wish to have, or previously had, a direct or indirect relationship. We also provide personal and other information to third parties, to allow us to provide products or services which you seek. This may include:
- Clients and their representatives;
- Persons who show an interest in our products and services; or
6. How does Rabobank treat my personal data?
Your personal data are stored carefully and no longer than necessary for the purpose for which they were processed.
Within Rabobank, your personal data can be used only by employees who require access to such data for the performance of their duties. Our employees are subject to a confidentiality obligation. If we wish to use data for a purpose other than that for which they were originally processed, then we may only do so if the two purposes are closely related. Your personal data may also be shared between various Rabobank divisions and subsidiaries, but only if this is reconcilable with the purpose for which the personal data were collected and if this is compliant with other requirements following from applicable privacy laws and regulations. We sometimes engage third parties who can edit personal data, e.g. a printer who carries out a client mailing for us and prints names and addresses details on envelopes. We can engage third parties only if this fits the purpose for which we have processed your personal data, e.g. for promotional and marketing purposes. In addition, such a third party may only obtain our order if he has demonstrably taken appropriate security measures and warrants confidentiality. Your personal data may also be shared with third parties that we engage in our operations for the provision of our services (for example, data hosting, data processing, processing of payment transactions, and similar services). Some of these third parties may be located outside of the United States. Your personal data may, both during and after processing, be subject to investigation by competent national authorities in the countries where such data are located for purposes of the processing. Your personal data will not be sold or hired out.
We have collected information such as that described above in the last twelve months. We may disclose personal information our affiliates insofar as reasonably necessary for the purposes, and on the legal bases, set out in this notice to include the processing and delivery of a product or service. We may also disclose your personal information to third parties that are not related by common ownership or control, such as service providers, credit bureaus and other nonaffiliated third parties when required and permitted by law. We do not collect more personal information than is necessary for the purposes set forth below. As such, there is no optional data collected.
It will be the responsibility of the Individuals to inform Rabobank regarding any changes in his or her Personal Data in order to keep the Individual’s Personal Data accurate, complete and up-to-date. Individuals should inform Rabobank regarding any changes.
7. For what purposes does Rabobank process personal data of individuals?
We process personal data of individuals for the following purposes:
- To be able to enter into a relationship
If you as 1) an individual, 2) an individual associated with a Subject Entity that wishes to become a Rabobank client, or 3) an individual are associated with an entity that wishes to purchase a new product or a new service, we will require personal data, such as within the course of receiving a business credit application. For example, we will have to carry out an investigation to review whether we can accept the Subject Entity as a client, or whether we can provide an individual or an individual associated with a Subject Entity with a loan. We may also require personal data of an individual or an individual associated with a Subject Entity in order to provide access to an account. To that end, we can collect data from you (as an individual) such as your name and contact information, date of birth, citizenship, government-issued identification, financial information (such as your net worth and income), and banking information. We may also collect credit, financial, and identity information from credit reporting agencies, references, and persons with whom you have a financial relationship. We may also collect personal data from government registries (inside and outside of the United States) as necessary to satisfy our legal and regulatory obligations under anti-money laundering, terrorist financing, or similar laws.
As applicable, automated tools may be used to make decisions about individuals but decisions with a negative outcome for the individual will not be based solely on the results provided by the automated tool. Exceptions generally include the following:
- The use of automated tools is necessary for the performance of a task carried out to comply with a legal obligation or sectorial recommendation to which the Rabobank is subject, including the prevention of money laundering, financing of terrorism and other crimes, customer due diligence and the duty of care towards Customers (e.g. credit monitoring);
- The decision is made by the Rabobank for purposes of (a) entering into or performing a contract or (b) managing the contract, with the individual; or
- The individual has given their explicit consent.
- To maintain the relationship with you and to execute orders
If you are an individual associated with a Subject Entity, we want to provide you with quality service. For that purpose, we process personal data. We will use your name and address details, for example, to maintain contacts with you. Furthermore, we need your name to be able to execute payment orders. We may also disclose your name to others, e.g. in the context of payment transactions.
- To protect your individual personal interests as well as our own
To protect your personal interests as well as our own and the security and integrity of the financial sector, we may process personal data. For instance, to combat or investigate fraud. For this purpose, we may consult, and enter personal data in, the incident registers and alert systems of the financial sector. Furthermore, we may also for this purpose consult public sources such as public registers, newspapers, and the Internet.
- For purposes of development and improvement of our products and services
In order to be able to continue to provide you, an individual or an individual associated with a Subject Entity, with quality service, we are constantly developing and improving our products and services. In some cases, this may involve the processing of personal data, for example, if you have a question about a product or compiling statistics for analysis of visits and use of our websites.
- For promotional and marketing purposes
We may process your personal data for promotional or marketing purposes. For example, to inform you about a new product that may be of interest to you, or to better anticipate your wishes. If you do not wish to be contacted for commercial purposes, please notify the Rabobank location that you do business with.
- Conclusion and execution of agreements with suppliers and corporate clients
If you as an individual have business contacts with Rabobank, we may process your personal data. For example to be able to ascertain that you are authorized to represent your company. Or to grant you access to our offices.
- To perform statutory obligations
We are required by certain national and international laws and regulations to collect data about you. For example, we are sometimes required to initiate a (further) investigation if you have certain assets or in the event of an unusual transaction in your account. Furthermore, we might be required to ascertain who the ultimate beneficial owner (UBO) is of a company with which we have a relationship. Laws and regulations may also require us to disclose data about you to a government or regulatory body inside or outside of the United States. These activities are performed as necessary in order to comply with legal requirements, as the lawful basis of a contract, or to protect your personal interests or that of our organization (such as combating or investigating fraud). In addition, based on our duty of care, we are required to process personal data whenever there is cause to do so.
- For purposes of our operations
As a financial service provider, it is important to us, and necessary, to have a good overview of our client relations. That includes knowing whether you collaborate with other parties that may pose a risk. To obtain such an overview, and to take measures, we process personal data, e.g. in order to assess our risk when providing a loan and to decide whether we wish to take out insurance in that respect.
- For archiving purposes
We do not collect more personal data than is necessary for the purposes set forth above. If we do not store the data for those purposes, we may nonetheless do so for archiving purposes. That means that they will only be used for legal proceedings, or for historic, statistical, or scientific purposes.
We require that you do not supply any other person’s personal information to us, unless we prompt you to do so.
8. Does Rabobank also process sensitive data?
Sensitive data are special types of personal data, for example, data concerning physical or mental health, criminal data, or racial or ethnic data
Rabobank participates in incident registers and alert systems for the financial sector and may process data concerning criminal records for that purpose. The purpose of an incident register or alert system is to protect the interests of financial institutions and their clients, e.g. by detecting fraud. Furthermore, we will process sensitive data only if so required by law, to protect your vital interests (but only where it is impossible to obtain consent first), to the extent necessary for reasons of substantial public interest, with your consent, or at your request. If you request us to record sensitive data about you, or if you disclose such data yourself, we will only process them if that is necessary for our services.
9. Exercising Your Individual Rights
Subject to Rabobank’s verification of a consumer’s identity per statutory laws and regulations, you/consumers may exercise any one of the following consumer right(s) with Rabobank listed below. When communicating your request, please select one of the following 2 options:
Submit your request to the following email address: (RaboPrivacyOffice@raboag.com) or submit your request by using the following toll free phone number to reach a Customer Connect Service Representative to assist you: (855-722-7766).
In order for Rabobank to respond to a request, you will be asked to provide, over the phone, personal information that will assist us in verifying your identity. This step is for your protection and to ensure Rabobank’s due diligence to demonstrate our commitment to preventing identify theft or fraudulent activities of individuals who may attempt to claim the identity of an individual for which they are not. Information which you might be asked to provide includes, but is not limited to, Tax ID information, address, date of birth, loan information such as account number, loan date, and transactional information. If you authorize someone else, such as an authorized agent, to request information on your behalf, Rabobank will require that you provide evidence of this authorization, prior to executing any actions on your behalf. Rabobank reserves the right to determine in its sole discretion, information/documentation that is appropriate to evidence a consumer’s authorization of an agent.
COMPLAINTS: When you/consumer has a general question about the processing of personal data or a complaint, the above email address or phone number is applicable. Rabobank will, together with you/consumer, look for a solution. If you remain dissatisfied with our handling of your request, you may register a complaint with a regulatory agency.
9.1. Right to Know About Personal Information Collected, Disclosed or Sold
You have the right to know about the personal and other information which we collect, use, disclose and sell. More specifically, you may request information regarding the following:
- The categories of personal information that we have collected about you;
- The categories of sources from which the personal information was collected;
- The business purpose or commercial purpose for collecting the personal information;
- The categories of third parties with whom or which the personal information is disclosed; and,
- The specific pieces of personal information we have collected about you.
Rabobank is obligated to respond to no more than two right-to-access requests in a 12-month period.
9.2. Right to rectification
If you believe that your personal information has been processed incorrectly or incompletely, or if you believe that such processing was unnecessary, then you may file a request for editing, supplementation or removal of your personal information with the Rabobank using the one of the two methods and guidance provided earlier in this section titled “Exercising your Individual Rights”.
9.3. Right to restriction
You may request that we temporarily restrict the personal data relating to you that we process. This means that we will temporarily process less personal data relating to you.
Please be aware that if we are able to restrict the personal data you are requesting, it will only be done within the terms of any agreement we have in place with you.
9.4. Right to Data Deletion
With certain exceptions, you have the right to request deletion of your personal information which we maintain. A verifiable consumer request, as described above, for deletion of any personal information collected will be honored by Rabobank, insofar that the request does not conflict with legal and regulatory data retention and record keeping requirements to which Rabobank must adhere. Rabobank will also request and make reasonable efforts to ensure that our service providers delete your personal information as well.
The deletion right does not apply when the business needs the personal information for any of the following:
- To complete the transaction or provide a good or service requested by the consumer for which the business collected the personal information or otherwise perform a contract between the business and the consumer;
- To detect or prevent security incidents or illegal activity;
- To identify and correct errors that impair existing functionality;
- For the exercise of a legal right or to ensure another consumer can exercise his or her legal right;
- To comply with the California Electronic Communications Privacy Act;
- To engage in public or peer-reviewed scientific, historical, or statistical research in the public interest if deletion of the personal information is likely to make the research impossible or seriously impair it;
- Solely for internal uses that are reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business;
- To comply with a legal obligation or for lawful internal uses that are compatible with the context in which the consumer provided the personal information to the business.
9.5. Right to Opt-Out of Personal Information Sold
An individual has the right to instruct a business that sells personal information not to sell the consumer’s personal information – also known as the Right to Opt-Out. Once a consumer opts out, the business must honor the opt-out request for at least 12 months, but subsequently may sell the consumer’s personal information if the consumer provides his or her “express authorization”. At Rabobank, we do not sell your personal information to any person or to third parties. This also includes the sale of information of minors.
9.6. Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights (Equal Service and Price)
9.7. Right to Notification of Personal Information to be Collected
When Rabobank collects an individual’s personal or other information, we must disclose through a notice at or before the time of collection:
- A list of categories of your personal information collected.
- For the categories of personal information collected, the business or commercial purpose for which it is to be used.
- If the business sells personal information, a link to opt-out of the sale of information, or a statement that no sale or disclosure was made; and
- A link to this Privacy Statement.
As noted above, Rabobank does not sell any personal information to any person or to third parties.
9.8. Right to Data Portability
As part of your options for receiving a copy of the specific personal information we retain about you, it includes an electronic format that is in a readily usable format.
9.9. Object to direct marketing
We may also disclose the following information provided below to our affiliates that are financial service providers:
Transaction and experience information from our account records, such as:
- Types of accounts you hold.
Personal information we receive from you on applications or other forms, such as:
- Social security number
- Assets and liabilities
Our affiliates may use this information to make marketing solicitations to you about their products and services. You may opt-out of the disclosure to our affiliates of personal information, excluding information required for our transactions and experiences with you (i.e. information we receive from you on applications or other forms). You may also elect not to receive marketing solicitations from our affiliates. Please note that if you make this election, we will still call you and send you mail in order to service your existing relationship with us or to provide account related information (and when doing so, our mailings may include pre-printed marketing materials). If you opt-out, it is effective within thirty days of receipt and will remain effective until you tell us to change your choice. When you are no longer a customer, we continue to share your information as disclosed in this notice, unless otherwise advised by an opt-out action you have exercised. You may contact us using option 1 or option 2 to request to opt-out status as describe above in the section titles “Exercising Your Individual Rights.”
10. Data retention and your personal data
Our data retention policies and procedure are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information. Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
In some cases it is not possible for us to specify in advance the periods for which your personal information will be retained. Notwithstanding the other provisions of this statement, we may retain your personal information where such retention is necessary for compliance with a legal obligation and in accordance with banking regulations to which we are subject, or in order to protect your vital interests or the vital interests of another person.
11. Security and safeguarding personal information
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place the appropriate physical, administrative and technical controls and procedures in place in order to safeguard and secure the information that you provide to Rabobank online. Rabobank uses many advanced security measures to protect you while you are using our websites. Below are just a few of the measures we use:
- Unique login IDs and passwords – You select your own login ID and password.
- Firewalls – Blocks unauthorized access to the Rabobank computer system, where your information is kept.
- 128-bit Encryption – Scrambles information being transmitted between Rabobank and online banking into a code that is virtually impossible for outsiders to decipher.
- Monitoring – We monitor for unusual activity on your accounts. However, this is not fool-proof and does not take the place of you regularly monitoring your accounts.
We protect our computer system with backup files, virus detection software, firewalls, and other computer software and hardware. By taking these measures to protect the integrity of our computer system, we are also helping ensure the safety of your personal information.
11.2. Limited Employee Access
Access to account information is restricted to only those employees who are required to have access to it in order to assist you. Rabobank employees are required to keep customer information confidential, and are subject to disciplinary action or termination if they fail to do so.
11.3. Physical Security
Strict policies and procedures are used at all Rabobank locations to protect the physical security of you, our staff and any sensitive information. These procedures are regularly reviewed and updated to account for changing threats and ensure compliance with federal laws.
11.4. Confidentiality and Security
We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you. We maintain physical, electronic and procedural safeguards that comply with Federal regulations to guard such information. For additional information, please visit our websites at: www.rabobankwholesalebankingna.com (Wholesale), www.raboag.com (Rural).
12. Changes to this Privacy Statement
We may choose to make changes to this Statement at any time. If we decide to change this Statement, we will post the changes on one or more our websites and/or other places where we deem appropriate. We may, but are not obligated, to send you an email or other notification of such change; but you should review this statement from time to time for significant changes that may affect you. If you agree to the changes, you do not need to do anything. But if you do not agree to the changes, you must discontinue use of our sites and services. If you continue to use our sites and services after the effective date of any change, you are deemed to have accepted the change.
14. Contact information
If you have questions regarding this statement, you may contact us using the following information:
P.O. Box 411995
Chesterfield, Missouri 63017
Attn: Customer Connect
You may also contact our Privacy Office as identified below:
P.O. Box 411995
Chesterfield, Missouri 63017
Attn: Privacy Office
15. Policy last updated:
October 4, 2022
16. California Consumer Privacy Act Disclosure
California Consumer Privacy Act Disclosure
 For purposes of this statement, an “affiliate” is a company controlled by, or is under common control with the referenced company.
 “Personal information” means information that identifies, relates to, describes, is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular natural person or household.
 This includes any operation performed on personal data, such as collection, storage use and removal of data.