POLICIES
Only Authorized, Trained Team Members May Access Customer Information • Limit Customer Information to team members who have a business reason for seeing it. • Only authorized team members may access customer information systems. • When your employment ends, return all keys and swipe cards. All system logins and password access will be terminated. • Complete the Customer Information Safeguards training, and do not provide Customer Information to any untrained team member. Customer Information May Only Be Kept In Secure, Authorized Locations • When working with Customer Information, make sure it is shielded from public view. Keep materials and screens turned away from public view. Lock the screen whenever you leave a computer terminal unattended. • Store paper documents containing Customer Information in a room, cabinet, or other container that is locked when unattended. • Financial Customer Information must be stored in locked drawers and must not be left out in the open, even in locked rooms, after hours, to avoid access by cleaning crews, security personnel or other individuals who may not be trained in handling Customer Information. • You must never remove Customer Information from the dealership, either in paper form, or electronically through email, download or upload, or file-to-file transfer. Customer Information May Be On Secure, Authorized Devices And Applications, Only • Store Customer Information on authorized devices that are password protected, and subject to anti-virus software, two factor authentication, firewall protections and other security protections. Customer Information must not be accessible to unauthorized users through file-to-file sharing. • Use password-activated screensavers. • Never store Customer Information locally on a computer’s hard drive. • Do not email, download or upload Customer Information into any unauthorized network or hardware, including but not limited to Google drives, USB and external hard drives. • Do not text, email, download, upload or store financial Customer Information on any personal smart phone or other personal mobile device, tablet or computer or personal email accounts. • Nonfinancial Customer Information may be texted, emailed, downloaded or uploaded as authorized by the guest. For example, you may not email a credit application to a guest because it is Financial Customer Information subject to highest safeguard protections. But you may email a Repair Order to a guest’s confirmed email address because it is nonfinancial Customer Information. • Do not take pictures of Customer Information on personal smart phone applications or other personal devices. You may take pictures of Consumer Information through approved Company applications such as the CRM if authorized by the guest to complete a transaction. For example, it is not appropriate to use your personal smart phone to take pictures of a guest’s driver’s license unless you have the CRM application on your phone and take the picture through that application. • Use strong passwords. • Do not write down passwords, and never share your password. • Encrypt Financial Customer Information when it is transmitted electronically over networks or stored online. Nonfinancial Customer Information must be encrypted when comingled with Financial Customer Information.
61 No policy should be construed to confer any express or implied contractual relationship or rights to any Team Member. The Company reserves the right to modify any policy as necessary, in its sole discretion, to the extent permitted by law. Violation of any Company policies or procedures can result in disciplinary action up to and including termination of employment. If you have any questions about this handbook or Company policies, please feel free to discuss with your Manager or HR.
Made with FlippingBook flipbook maker