POLICIES
Data Breaches and Other Incidents Involving Confidential Information
21 No policy should be construed to confer any express or implied contractual relationship or rights to any Team Member. The Company reserves the right to modify any policy as necessary, in its sole discretion, to the extent permitted by law. Violation of any Company policies or procedures can result in disciplinary action up to and including termination of employment. If you have any questions about this handbook or Company policies, please feel free to discuss with your Manager or HR. • Never engage in your own marketing to Guests and prospective Guests. For example, you may NOT engage your own marketing company, purchase Customer lists, call, send emails, texts, mailers, birthday cards or other forms of communication with consumers outside of approved Company applications. While these activities may seem positive, there could be severe legal consequences if you contact a Guest or engage in unauthorized marketing. If you have an idea for a Guest communication or For further discussion concerning “Confidential Information,” see the Data Classification Policy section below. NOTE: Team Members should understand that nothing in this Policy or any other Company policy should be interpreted in a manner that unlawfully prohibits the right of Team Members to engage in protected concerted activity or otherwise interfere with the rights of employees to discuss or share information related to their wages, hours or other terms and conditions of employment under the National Labor Relations Act (“NLRA”). The Company respects the Section 7 rights of Team Members and has and always will comply fully with its obligations under the NLRA, and the Company emphasizes that this Policy does not intend to cover conduct engaged in by Team Members that is protected by the NLRA. Privacy Company policy, new technology, new regulations and individuals’ expectations require that Team Members respect the privacy of Company Guests, potential Guests, fellow Team Members and other individuals with whom the Company interacts. At a high level this means: • Do not collect unnecessary personal information. • Do not share personal information with anyone within the Company unless that Team Member has a need to know for Company business purposes. Our Company and Team Members must take all reasonable precautions to protect the security of Confidential Information. If you become aware of an incident involving a potential or actual breach of Confidential Information, you must immediately report the incident to the Chief Information Officer at 770.418.8200 . You may also report the incident to the Company hotline Lighthouse at 1.855.222.1904/ www.lighthouse-services.com/asburyauto or the Asbury IT Help Desk, especially if you discover an incident during non-office hours. Here are a few examples of incidents that must be reported: • A Team Member loses a laptop containing Team Member data. • A violation of our Confidential Information policy. • Theft of a box containing Guest deal jackets. • A password is compromised in a phishing attack. • A hacker accesses the Company’s bank records. • A vendor sends notice of a breach of their systems which may include Company Confidential Information. “Confidential Information” shall mean any and all information used by the Company or its affiliates or developed by or for the Company or its affiliates that is not readily available in or known to the general public, and which includes, but is not limited to, financial data, accounting materials, strategies, trends, monthly income and financial statements, sales projections and figures, historical sales data, compliance data and information, inventory lists, trade secrets, CSI data, service and sales advisor reports, Company performance data, Guest lists, Guest contact information, Team Member data and contact information, contracts, information regarding potential business opportunities, materials related to OEM and vendor relationships, etc. • Do not share personal information with anyone outside of the Company unless it is an authorized vendor (such as an OEM, lender or marketing partner) with whom we have an appropriate confidentiality and information sharing agreement.
Made with FlippingBook flipbook maker