GDPR Compliance

Frequently Asked Questions

1. Does New Leaf do business with people in the EU?

No, and has no intention of doing so.

2. What is the current status of New Leaf GDPR compliance?

New Leaf intends and expects to comply with GDPR, as applicable, by its effective date on 25 May 2018, including having a legal basis under Article 6 GDPR for processing any personal data.

3. How does New Leaf Software as Service products process personal data?

New Leaf does not collect, use, or process personal data from individuals in the EU, or offer services or goods to people in the EU.

4. Is sensitive data stored within New Leaf tools?

New Leaf does not currently believe that it processes, let alone seeks or expects that it will seek to process, any personal data that is subject to Article 9 GDPR, “Processing of special categories of personal data,” which, in reference to GDPR, is generally referred to as “sensitive personal data.”

5. Are you a data processor, as you store and organize data from other sources?

New Leaf currently does not believe it is a data processor for a data controller as it applies to the GDPR.

6. If applicable, is New Leaf able or will New Leaf be able to respond to data subject requests under GDPR?

Yes.

7. In particular, if applicable, if I am a data subject and New Leaf is a data controller to my personal data, can New Leaf comply with my request “to be forgotten”?

Yes. If you are a data subject as defined by the GDPR and have requests of New Leaf under GDPR related to your individual rights in your personal data, including a “request to be forgotten/for erasure,” “rectification,” etc., please email help@NewLeafDebt.ca. New Leaf will promptly review your request and respond to you.

8. Which personal data does your company collect?

New Leaf does not currently believe that it processes, let alone seeks or expects that it will seek to process, any personal data that is subject to Article 9 GDPR, “Processing of special categories of personal data,” which, in reference to GDPR, is generally referred to as “sensitive personal data.”

New Leaf’s efforts to identify all existing and any new sources of personal data collection are ongoing toward being compliant with GDPR by 25 May 2018.

9. Where is the headquarters of your company?

New Leaf is headquartered at

360 Bayly Street West, Suite 201, Ajax, ON L1S 1P1

10. Are you planning to align, where applicable, all your contracts, Terms of Use, and Privacy Policies with the GDPR?

Yes.

11. Are you offering data storage and all processing for your EU customers to take place within the EU?

As New Leaf is headquartered in Canada and is not “established” anywhere in the EU, it does not see any advantage in hosting personal data in the EU, since New Leaf will have no personnel in the EU to process any of the personal data in order to perform its obligations to its subscribers.

12. Are you willing to sign the mandatory data processing agreement?

As answered in Question 4 (above), New Leaf currently does not believe it is a data processor for a data controller, necessitating that it enter into customary and compliant data processing agreements with data controllers. However, should that change, in order to comply with GDPR, New Leaf believes that both New Leaf as a data processor and the data controller will need to enter into a compliant data processor agreement.

 
Updated October 4, 2019