Policy Statement

This policy explains how Huron Tractor Ltd. (“Huron Tractor”, “we”, “us”, “our”) collects, uses, discloses and protects personal information in the course of our business operations, including sales and service of agricultural, turf and compact construction equipment, and our use of connected equipment platforms (e.g., John Deere Operations Center, JDLink telematics, remote diagnostics and Remote Display Access).

Huron Tractor is an independently owned and operated John Deere dealer in Ontario, Canada. We access and process data in systems provided by John Deere (e.g., Operations Center, JDLink, Connected Support/Remote Display Access), these services also have their own terms and privacy notices from John Deere. Customers can control access and permissions in these platforms as per Section “Connected Equipment & John Deere Platforms”.

Scope

Huron Tractor Ltd. is based in Ontario, Canada and operates retail sales, parts and service locations across Ontario. This policy applies to our websites (including www.hurontractor.com), mobile interactions, in‑store/phone transactions, and our support of connected equipment platforms. It covers personal information about customers, prospective customers, website visitors, applicants, operators of machines whose data we access, and representatives of our business customers.

Definitions

  • Personal information: Information about an identifiable individual (e.g., name, contact details, account identifiers, an equipment identifier when reasonably linkable to a person).
  • Machine/telematics data: Data generated by connected equipment (e.g., location, engine hours, fault/diagnostic codes, fuel consumption, geofencing alerts, performance/health data).
  • Agronomic/operations data: Field boundaries, prescriptions, application/planting/harvest layers, maps, job/implement settings, and similar information stored in Operations Center or displays.
  • Business contact information: Name, title, work address/email/phone of a business representative.

What We Collect

A. Information you provide to us

  • Contact and identity (name, mailing address, email, phone, preferred language).
  • Account, purchase and service history; trade‑ins, financing preferences/references (e.g., if you apply for credit through a third party).
  • Parts orders, warranty registrations/claims, service requests and tickets, support chats/calls.
  • Marketing preferences and communications (including subscription/unsubscribe choices).
  • Job applications (résumés, qualifications) when you apply for employment.

B. Information we collect automatically

  • Website/device data (IP address, device and browser type, pages visited, cookies or similar identifiers); see “Cookies, Analytics and Similar Technologies”.
  • In‑store and perimeter video surveillance (where posted), for security and loss prevention.

C. Information from connected equipment platforms (with your authorization)

If you connect equipment or share access with us, we may receive:

  • Telematics/machine data: machine identifiers (e.g., serial number), location, hours, utilization, diagnostics/alerts, maintenance status and similar information.
  • Remote diagnostics/Remote Display Access (RDA) session data: screen‑sharing/support session logs, settings adjusted, timestamps and the technician’s identity.
  • Agronomic/operations data you share with us in Operations Center (e.g., field boundaries, guidance lines, application/planting/harvest data) to support setup, troubleshooting and agronomic services.

We only access connected data when you (or your organization) have granted us permissions in Operations Center/JDLink or during a consented support session, and only for the purposes described in Section “How We Use Information”.

D. Information from communication and support platforms

We use tools to support our service and ticketing processes. These tools may record and retain:

  • Voice calls and transcriptions.
    Text messages, images and attachments.
  • Emails and related support communications.
  • Metadata (timestamps, participants, ticket references).

We use this information only to provide support, maintain service records, improve service quality and for training/audit purposes.

How We Collect Information

  • Directly from you in store, by phone, by email or through our website forms.
  • From your equipment and John Deere platforms when you enable sharing or request connected support.
  • From third‑party partners when you ask us to coordinate services (e.g., OEMs, financing partners, service providers, agronomists/contractors you authorize).
  • From communication/ticketing platforms that capture service interactions

How We Use Information

We use personal, machine, communications and agronomic information to:

  • Sell, deliver and service equipment and parts; schedule repairs; manage warranties; process payments and fulfill orders.
  • Provide connected support: monitor machine alerts you authorize us to see, diagnose issues, prepare for service visits, perform Remote Display Access sessions and implement customer‑requested optimizations.
  • Support communications: log, record and analyze calls, messages and tickets to deliver and document customer support, improve service quality and maintain accurate records.
  • Set up and support Operations Center and display configurations: import/export data, configure displays, boundaries, prescriptions and file transfers.
  • Communicate with you about quotes, orders, service status, recalls and safety notices, and—where permitted—about products, services, events and promotions.
  • Operate and secure our websites and systems: prevent fraud, secure accounts, debug and improve our services.
  • Meet legal, regulatory and audit requirements, including recordkeeping and responding to lawful requests.
  • De‑identify and aggregate data to improve services, quality and training; we do not attempt to re‑identify de‑identified data.

We rely on consent as our primary basis for collection, use and disclosure. In limited cases, we may process information without consent where permitted by law (e.g., investigations, fraud prevention, debt collection, or as required by law/court orders).

Marketing Communications (Email, SMS)

We send commercial electronic messages only with consent or as otherwise permitted by law. Every message includes our identification and an unsubscribe mechanism. You can change your marketing preferences at any time (see “Your Choices and Rights”).

Connected Equipment & John Deere Platforms

  • Your control: Customers can manage which dealers and partners can access their Operations Center and JDLink data and at what permission level. You may revoke or modify our access at any time in those platforms.
  • Remote Display Access (RDA): RDA sessions occur only with your (or your organization’s) consent for support/troubleshooting. Sessions may be logged for audit and training.
  • Fleet owners/employers: If you share operator data with us, you confirm you have provided appropriate notice to operators and obtained any required consents and authorizations to share their information and machine location/telematics data.
  • OEM relationships: As an authorized John Deere dealer, we may share limited information with John Deere and approved service providers to fulfill service, warranty or safety obligations, to enable connected support features you have activated, and to comply with OEM program requirements.

When We Share Information

We do not sell personal information. We disclose information only as needed to:

  • OEMs and platform providers (e.g., John Deere) to deliver services you request, enable connected features, complete warranty/service transactions, and support safety/recall programs.
  • Equipment manufacturers and distributors (OEMs): We may share limited customer and equipment information with other manufacturers and distributors of the equipment we sell and service (e.g., for warranty registration, recall notifications, product support, incentive programs, and connected feature enablement).
  • Service providers who support our operations, including payment processing, dealer management/business systems, cloud analytics and automation tools, cybersecurity monitoring, accounting/audit firms, logistics, IT hosting, communications and customer support. These providers act under our instructions and are subject to confidentiality and security safeguards.
  • Other parties you authorize, such as your agronomist, contractor, insurer or financing partner.
  • Business transactions (e.g., sale/merger) where allowed by law and subject to appropriate safeguards.
  • Legal and safety: to comply with laws, respond to lawful requests, enforce our agreements, or protect people, property and systems.

Cookies, Analytics and Similar Technologies

We use cookies and similar tools to operate our website, remember preferences, understand usage and improve performance. Where required, we will request consent for non‑essential cookies. You can adjust your browser settings to decline cookies, though some site features may not function properly. If we use third‑party analytics or advertising tools, those providers may set their own cookies in accordance with their notices; we will provide links to their controls where applicable.

Cross-border Transfers

Some of our service providers and OEM platforms (including John Deere services) may process information outside of Canada. When personal information is transferred for processing in another country, it is subject to the laws of that jurisdiction and may be accessed by courts, law enforcement and national security authorities. We use contractual and organizational measures with our service providers to protect personal information that is processed outside Canada.

Security

We use administrative, technical and physical safeguards appropriate to the sensitivity of the information, including access controls, encryption for data in transit where feasible, network monitoring, secure configuration and staff training. No system is perfectly secure; we encourage you to use strong, unique passwords and to notify us immediately of any suspected unauthorized activity.

Retention

We retain personal information only as long as necessary for the purposes described in this policy, to meet legal, regulatory, tax and audit requirements, to maintain accurate records, and to resolve disputes. Retention periods vary by record type (e.g., sales, parts, service, warranty). When information is no longer required, we securely delete or anonymize it in accordance with our retention schedule.

Your Choices and Rights

Subject to legal or contractual restrictions, you may:

  • Access and correct your personal information in our custody, and request copies in a reasonable, structured format.
  • Withdraw consent for future uses/disclosures (e.g., marketing, connected access) and change cookie preferences.
  • Manage platform permissions for Operations Center/JDLink and revoke our access at any time.

To make a request, contact us using the details in "Additional Information For Connected Equipment Users". We will respond within statutory timeframes. We may ask for information to verify your identity and may charge a reasonable fee where permitted by law.

Breach Notification

If a breach of security safeguards creates a real risk of significant harm, we will notify affected individuals and report to the appropriate regulator and keep prescribed records.

Children's Privacy

Our products and services are intended for adults and businesses. We do not knowingly collect personal information from children under the age required by applicable law without verifiable parental consent.

Additional Information for Connected Equipment Users

To help you manage connected features effectively:

  • Permissions & roles: Use Operations Center roles/permissions to limit access to only what your organization and our support teams need. Review permissions periodically.
  • Session transparency: For Remote Display Access, ensure operators understand when a session is initiated and that a banner/indicator is visible in‑cab during the session where supported.
  • Operator notice: If you are an employer/fleet owner, provide your operators with clear notice that machines transmit telematics and location data and that you may share that data with Huron Tractor for support and service.
  • Revocation: You may revoke our access or request that we delete locally stored copies of connected data (subject to legal and warranty record requirements).

Contact Us (Privacy Officer)

Privacy Officer – M. Brown
Head Office: 39995 Harvest Road, Exeter, Ontario N0M 1S7
Email: privacy@hurontractor.com
Phone: 519‑235‑1115

If we are unable to resolve your concern, you may contact the Office of the Privacy Commissioner of Canada or, where applicable, your provincial privacy regulator.

Jurisdiction

This policy is intended for customers in Canada and is governed by the laws of the province of Ontario and the federal laws of Canada applicable therein. If you are located in a jurisdiction with additional privacy rights, please contact us so we can address your request.

Changes to this Policy

We may update this policy from time to time to reflect changes to our practices or applicable laws. We will post the updated policy on our website with the effective date. Material changes will be highlighted for a reasonable period.

  • Connected equipment data clarified: Added detailed descriptions of the telematics, diagnostic and agronomic/operations data we may access via John Deere Operations Center, JDLink and Remote Display Access, and how permissions are granted/revoked.
  • New communication/ticketing platform: Added a description of how service calls, text messages, emails, pictures and related communications may be recorded, transcribed and stored in our support systems for service, training and recordkeeping purposes.
  • Expanded disclosures about sharing: Added clearer categories for disclosures to (i) OEM/platform providers (including John Deere), (ii) other equipment manufacturers and distributors for warranty/recall/support, and (iii) operational service providers (payment processing, business systems, analytics/automation, cybersecurity, audit/accounting, hosting and communications).
  • Cookies & analytics: Introduced a cookies/analytics section and commitment to obtain consent where required for non‑essential cookies and provide controls.
  • Cross‑border processing transparency: Clarified that certain service providers and OEM platforms may process information outside Canada, with safeguards.
  • Security & breach response: Added a summary of safeguards and a statement about mandatory breach reporting/record‑keeping where there is a real risk of significant harm.
  • Retention & rights: Clarified limiting‑retention commitments and expanded information on access, correction, consent withdrawal and platform permission management.
  • Children’s privacy: Confirmed our services are intended for adults/businesses and that we do not knowingly collect information from children without parental consent.
  • Governance: Identified a Privacy Officer contact and summarized our accountability approach.
  • New communication/ticketing platform: Added a description of how service calls, text messages, emails, pictures and related communications may be recorded, transcribed and stored in our support systems for service, training and recordkeeping purposes.

Effective Date: October 2020
Revised Date: October 2025
Next Review Date: September 2026