Privacy
- Privacy by Design
- Data Minimization
- Transparency
- Data Access Control
- Risk Mitigation
- Dealerware’s Platform and API are designed to comply with relevant privacy laws, regulations, and industry group guidance related to the processing of data, including the California Consumer Privacy Act (CCPA) and the Payment Card Industry Data Security Standard (PCI DSS).
- Our Information Security and Privacy (IS&P) program integrates across the business and policies are regularly reviewed to maintain compliance with the applicable privacy laws and ensure the security of customer data.
- As a service provider, Dealerware is fully equipped to respond to any customer data requests, including those under CCPA, such as requests to access or delete information we have on an individual.
- Please be sure to review our Privacy Policy for important notices about our business uses or collect your data.
Privacy by Design
Data Minimization & Transparency
We aim to be as clear as possible about how we may use your data or share your data in order to provide you services. We implement several levels of access controls and security measures to limit unauthorized access to this data and established protocols to identify, authenticate, and control who may access to your data.
Data Access
Please review our Privacy Policy for more information on what data is collected and understand your rights to your data.
Privacy Risk Mitigation
- Operational and security related IT system objectives
- Client data storage and processing
- IT assets used to provide our service
- Existence and effectiveness of controls in place to mitigate identified risks
- Remediation of controls to address risks not sufficiently mitigated
- Evaluation of exceptions noted
Privacy FAQs
Does Dealerware have a privacy policy?
Yes. See Dealerware’s Privacy Policy (https://www.dealerware.com/privacy-policy)
Has Dealerware developed and maintained a formal privacy program for the protection of personal information collected, accessed, processed, disclosed, or retained on behalf of the client?
Yes. See Dealerware’s Privacy Policy. It is enforced via internal corporate policy, limited for the purposes described in Dealerware’s privacy notice and by technical means where reasonable.
Does Dealerware have mechanisms in place to address privacy inquiries, complaints, and recourse for violations of privacy compliance?
Yes. Dealerware adheres to its data breach response guidelines and maintains procedures for handling privacy inquiries, complaints, and recourse for violations of privacy compliance. You can read more at our Privacy Notice.
What are the types of data collected by Dealerware?
The types of data collected about you or a user depends on the type of user or customer. Please see Privacy Policy for more information.
Can a user withdraw their consent for Dealerware to collect personal data?
Yes. Users can opt out of or unsubscribe from emails, and can request deletion of personal data by permanently closing their account.
How does Dealerware obtain user consent to collect personal data?
When signing up to use the Dealerware Services, Retailers give consent for Dealerware to collect data necessary to administer the Services by acknowledging that their use of the product is subject to Dealerware’s License Terms and Conditions and Privacy Policy.
How does Dealerware handle personal information within its products?
Please see Dealerware Privacy Policy. (https://www.dealerware.com/privacy-policy)
How does Dealerware handle data deletion requests?
Depending on the applicable jurisdiction that applies to the request, upon receiving a data deletion request, Dealerware will validate the user’s identity, check to see if there are any relevant contractual provisions requiring notification to the Customer before processing and handling the request as required by applicable privacy laws. Dealerware operates in the U.S. in Canada and complies with data deletion requests in the relevant state, provincial, and local jurisdictions if such requests are made.
Yes. We won’t provide data to a government entity or third party requesting customer data unless there is a legal reason to do so (such as a subpoena). Before providing any information in response to a subpoena or other type of legal request, we will notify the customer (to the extent legally permitted) and provide reasonable assistance, at the customer’s cost, if the customer wishes to contest the disclosure.
Does Dealerware use customer-derived data for its own purposes?
Dealerware uses customer data to improve the services and uses customer data in an aggregated manner to identify trends over time, and then uses that information to evaluate/implement feature enhancements and functionality improvements. However Dealerware may look at this data at the individual user level to suggest personal recommendations or for debugging or troubleshooting issues.
Does Dealerware collect a user's IP address?
Dealerware collects IP address data for enhancement of its product, for log and auditing purposes.
Do contractors sign confidentiality agreements?
Contractors sign Proprietary Information and Invention Assignment Agreement (PIIAA), which covers confidentiality.
Do Dealerware employees have access to customer data?
Access to customer data is highly restricted to particular employees on Dealerware’s support and operations teams who have access to customer data for support, troubleshooting, and business continuity purposes. Access to customer data is restricted according to the principle of least privilege.
Describe how employees and contractors are made aware of relevant and privacy policies and their obligations to protect customer data.
Employees and contractors are required to review and acknowledge several security and privacy policies, procedures and standards including, but not limited to information related to the Information & Security Data, Privacy Compliance, Confidentiality agreements, and Data Execution upon hire. All new hires are required to complete security and privacy awareness training modules within KnowBe4. Security and privacy awareness training is required for all staff annually.
Is there a due diligence process in place to identify and manage risks associated with 3rd parties (key suppliers, business partners, and vendors)?
Dealerware has implemented a Vendor Risk Management Policy, which defines a framework for vetting, managing, and identifying any risks during the lifecycle of vendor relationships. This policy requires vendors to complete a security questionnaire as part of the due diligence process and again based on the assigned risk rating.
Does Dealerware collect, access, process, disclose, or retain customer data that can be classified as consumer report information provided by a consumer reporting agency?
No. Dealerware’s License Terms do not permit the inclusion of highly regulated content.
Does Dealerware have a process for notifying customers of privacy/security breaches?
Yes. Notification of an incident will be in accordance with applicable laws, regulations, and contractual terms and within timeframes dictated by the same.
How can I exercise my data protection rights to access, correct, delete or restrict access to my data?
Under applicable data protection law, you have certain rights to how your Personal Information is collected, stored, used and shared. Please see our Privacy page for more information on how you can exercise these rights
