POLICIES
Payment Card Compliance Policy Please familiarize yourself with the following credit and debit card processing responsibilities: • Guests should always maintain control and sight of their payment cards when buying products and services. Do not handle the Guest payment card. • Never store payment card numbers in any format. We do not use credit card authorization forms. • Do not ask the Guest to put credit/debit card numbers on authorization forms, nor email or text a credit/debit card number to you. • If the Guest and card are present, the Guest must swipe/insert it in the machine. • Absentee Guests may be emailed an invoice to pay online through Invite2Pay (or Stripe or PayPal if enabled at your dealership). Ask your Accounting Manager if you have any trouble setting up online invoicing. • You may not take a credit card number over the phone. • Never manually enter a credit card number. • Some departments have additional rules for payments: • Parts: Please see Parts Guest Payment Policy. • Service & Collision: Please see Guest Payment Policy. • Variable: Please see Variable Compliance Policies, Guest Payment section. • Payment card numbers, card verification codes, personal identification numbers (PIN), and expiration dates should never be captured and stored in any Asbury computer system (or written down on paper) including the network files system, email, CDK DMS, eLead CRM, spreadsheets, databases, or any other system. • Electronically stored payment card data will be deleted immediately, if found through routine audits, by the IT Department. • The credit card system will allow you to charge a returning Guest provided they have done business with your store in the past twelve months using their card as the method of payment. Encryption Policy Asbury Team Members are required to employ Asbury approved encryption solutions to preserve the confidentiality and integrity of, and control accessibility to, Asbury data classified as Sensitive where this data is processed, stored or transmitted. Encryption Rules • All Asbury owned devices must be encrypted (if they can be encrypted). • USB devices must be encrypted by the end user if the device has Company confidential or sensitive information. • Emails that leave the Company must be encrypted if they contain sensitive information. • For emails requiring encryption, Team Members must add one of the following to the subject line of the email being sent: [e], [encrypt], [secure]. Mobile Device Security Policy If a Team Member elects to download Asbury email onto their mobile device(s) (smart phone, tablet, etc.), the device(s) will be registered to prompt the Team Member to set either a password or a 4-digit Personal Identification Number (“PIN”) pass code to unlock the device after a timeout period. Team Members conducting business using Asbury email on their personal mobile device(s) are expected to comply with the Company’s retention policy while employed with the Company. If the Team Member leaves the Company, the Asbury email including email stored contacts will be automatically removed. Team Members are required to notify Asbury IT immediately if their Company issued devices are stolen or if their personal devices are stolen, which contain Asbury data, such as email.
41 No policy should be construed to confer any express or implied contractual relationship or rights to any Team Member. The Company reserves the right to modify any policy as necessary, in its sole discretion, to the extent permitted by law. Violation of any Company policies or procedures can result in disciplinary action up to and including termination of employment. If you have any questions about this handbook or Company policies, please feel free to discuss with your Manager or HR.
Made with FlippingBook flipbook maker