Privacy and Data

This Privacy Statement explains how John Deere and its controlled affiliates Process Personal Data. This Statement also answers specific questions that you may have regarding the privacy and security of collected data. This Statement is addressed to individuals with whom we interact, including visitors or users of our websites, applications (web or mobile), or online products and services; current and prospective customers; management and personnel of corporate customers and vendors; management and personnel of authorized dealerships and distributors; visitors to our facilities, museums, and attractions; and other recipients of our products and services. We refer to individuals whose Personal Data is Processed as 'you' in this Statement.

Personal Data is shared with members of the John Deere Group. A list of members belonging to the John Deere Group is available here and within the Binding Corporate Rules. Members belonging to the John Deere Group may jointly Process Personal Data in certain circumstances.

Country or product-specific privacy supplements may apply to the Processing of Personal Data in relation to specific products or services offered by John Deere that may generally require Processing of additional categories of Personal Data or Processing for different purposes.

John Deere products and services are distributed through a network of authorized dealers and distributors. The majority of these authorized dealers and distributors are independently owned and operated businesses that may have their own privacy statements.

1. Types of Personal Data We Collect

We Process Personal Data about you. This section contains some common examples. Depending on your country/region and Applicable Law, the examples below may be considered Personal Data and/or may be collected from you.

Personal Details and Contact Information

  • Name, date of birth, government identifiers, signature, image
  • Address, phone number, email address
  • Demographic information (such as gender, marital status, household, general location)
  • Username, password, social media profile
  • GPS location

2. How We Collect Personal Data

We collect Personal Data from a variety of sources, including:

Information We Collect Directly from You:

We collect Personal Data when you interact with us. You may provide Personal Data to us electronically, in writing, or verbally. Common interactions where you provide Personal Data to us include when you:

  • Sign up for or purchase services or buy products and equipment
  • Register for an account
  • Use our online services, including our website
  • Sign up to receive a newsletter
  • Contact us for customer service purposes or register your warranty
  • Apply for financing
  • Respond to surveys

3. How We Use Personal Data (the "Purposes")

We will Process Personal Data where we are satisfied that we have an appropriate legal basis. Common legal bases and purposes for processing Personal Data include the following, unless another legal basis applies under the requirements of country or product specific laws:

Processing to fulfill contractual obligations: We process personal data as required to fulfill our contractual obligations to you. This processing consists of:

  • Collecting and using personal data to provide the requested products and services.
  • Delivering goods and services that you request
  • For related services such as product delivery, maintenance, customer and product support and service (including warranty service), financing, leasing, and credit services; and operation of the online services
  • Assessing your creditworthiness, in some countries/regions this is done through the use of automatic decision making
  • Servicing and collecting your account, responding to your related inquiries, processing your feedback, and providing you with support
  • Providing you with general customer services and to respond to your queries and complaints in relation to our services
  • Maintaining your access to related services and applications
  • Sending you service communications regarding maintenance, availability, functionality, or other matters

4. Why Personal Data is Disclosed by John Deere

We share Personal Data in the manner and for the purposes described below and in accordance with this Privacy Statement and any transaction specific document, unless we have informed you otherwise or if the Processing is in conflict with Applicable Law:

  • With the John Deere Group, where such sharing is helpful to provide you with our services or products or to manage our business
  • With other companies to perform specialized or professional functions for us
  • With third party service providers (who will operate under our instructions set out in a written agreement with us) to assist us in providing information, products, or services to you, in conducting and managing our business, or in managing and improving our products or services. We share your Personal Data with these third parties to perform services, subject to appropriate contractual restrictions and security measures. These include IT service providers who help manage our IT and back-office systems and machine services, including internet and software services: data hosting, data conversion, and cloud computing capabilities, account management and security, testing, debugging, error reporting, and usage analytics, as well as mobile telecommunication providers
  • With regulators and courts, to comply with all Applicable Laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies

5. Cookies and Similar Collection Technologies

Technical information that may also constitute personal data (your browser type, operating system, IP address, domain name) may be collected via cookies and other tracking technologies (such as transparent GIF files). Please see our Cookie Statement at the bottom of our homepage for further information.

6. How to Access and Control your Personal Data

You have certain rights in relation to Personal Data, subject to certain exemptions and depending on your country/region, and in some cases dependent upon the Processing activity we are undertaking. If you have these rights in your country/region, such as in the EU/UK, and if you wish to access, correct, update, request deletion, request information, object, request restriction of processing, request data portability, not be subject to decisions based solely on automated processing, or otherwise take action with respect to Personal Data, you can do so at any time by contacting us using the contact details provided in Section 12 ("How to Contact Us") below.

If we have Processed Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any Processing we conducted prior to your withdrawal, nor will it affect Processing of Personal Data conducted in reliance on lawful processing grounds other than consent.

7. Information & Data Security

We have implemented and maintain appropriate technical and organizational security measures, policies, and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access of Personal Data. For further information on our cybersecurity program, please see our latest company Sustainability Report or contact us as outlined in Section 12 below.

8. Data Retention

We will store Personal Data for as long as is necessary for the purposes for which it was collected, as explained in this Privacy Statement or in any transaction specific document. In some circumstances we may store Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements. In specific circumstances, we may store Personal Data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to Personal Data or your dealings. Personal Data is retained in accordance with our record retention schedule and with applicable legal provisions. Subject to our record retention schedule and with applicable legal requirements, we will delete and/or anonymize Personal Data that are no longer needed.

9. Transferring Personal Data Globally

John Deere operates on a global basis. Accordingly, Personal Data may be transferred and stored in countries around the world, including the European Union ("EU"), the United States of America, Brazil, India, and other countries where John Deere has offices, authorized dealers and distributors, or service providers. These locations often have different standards of data protection. Realizing these differences, when we transfer Personal Data to other countries, we will protect that information as described below in this Privacy Statement or as disclosed to you at the time of data collection.

John Deere will take appropriate steps to ensure that transfers of Personal Data are in accordance with Applicable Law and carefully managed to protect your privacy rights and interests. We have established and implemented a set of Binding Corporate Rules ("BCRs") for the EU amongst members of the John Deere Group that have been recognized by EU data protection authorities as providing an adequate level of protection to the Personal Data we process globally. A copy of our BCRs is available here.

10. Children's Privacy

The John Deere website and applications are not directed to children or adolescents, and we do not knowingly collect any Personal Data directly from children under the age of 18. If you believe that we are processing information pertaining to a child, please contact us using the information provided under the "How to Contact Us" section below so that we may investigate and restrict the data.

11. Changes to this Privacy Statement

From time to time, we may update this Statement to reflect new or different privacy practices. If we make changes, we will revise the "Last Updated" date at the bottom of this Statement.

12. How to Contact Us/Common Controllers

Please contact us if you have any questions or comments about our privacy practices or this Privacy Statement. Our appointed data privacy officers (or similar) are also noted here.

Definitions

Personal Data is defined under Applicable Law. It often means any information relating to an identified or identifiable natural person ("Data Subject"). An identifiable natural person often means one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.

In South Africa and in Argentina, Personal Data of corporate entities is also protected by applicable data privacy laws. When processing such Personal Data in South Africa and in Argentina, we will process it in accordance with this Privacy Statement.

Processing is defined under Applicable Law, including but not limited to actions such as collecting, storing, using, accessing, amending, deleting, destroying, or sharing data.

Machine Data is data generated by, collected by, or stored in your equipment or any hardware or device interfacing with your equipment.

Applicable Law means any relevant and applicable laws, rules, regulations, decrees, statutes, enactments, orders, mandates, and resolutions pertaining to data security, data protection, privacy, and/or the Processing of Personal Data, and which applies to the John Deere Group.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The Deere entity with which you have a primary relationship with is the controller of personal data collected from individuals within the scope of this Statement.  This entity may vary depending on the situation.  It may be the entity that concluded services/supply contract with you or with your employer the entity that has provided you with marketing and promotional materials and communications; the primary entity in the country operating the John Deere website which you visited; the entity that operates the local facilities that you visited, the entity which (co)-organized an event; etc.

When there is more than one entity responsible for the processing, such as: when two Deere entities co-sign a business contract with your company, such entities are jointly responsible for the lawfulness of a specific processing activity ("Joint Controllers").

On some occasions, more than one Deere entity may process your personal data as independent controllers.  If you have any questions about controllership, do not hesitate to contact us (see Section 12 for contact information).

Last Updated: November 1, 2021