Data Handling Policy
Data Handling Policy – Automotive B2B Software Provider (Lot Wizard)
1. Purpose
This policy outlines how we collect, process, store, and protect data on behalf of our automotive dealership clients, ensuring compliance with applicable data protection laws and industry best practices.
2. Scope
Applies to all employees, contractors, systems, and third-party services involved in handling client and end-customer data across our Lot Wizard DMS platform, dealership websites, and inventory distribution services.
3. Data Collection
We collect data in three primary contexts:
– Lot Wizard DMS: Customer contact details, lead information, communication history, and sales activity.
– Dealership Websites: Visitor analytics, form submissions, and browsing behavior.
– Inventory Distribution: Vehicle listings, pricing, photos, and metadata for syndication to third-party platforms.
All data collected is limited to what is necessary for service delivery and is obtained with appropriate client authorization.
4. Data Storage
– Data is stored in secure, access-controlled environments.
– We use cloud infrastructure providers that meet industry standards (e.g., AWS, Azure) with SOC 2 and ISO 27001 certifications.
– Client DMS data is logically separated to prevent cross-access between dealerships.
5. Data Usage
– Data is used solely for delivering contracted services, including Lot Wizard DMS functionality, website performance, and inventory syndication.
– We do not use client or customer data for internal marketing, profiling, or resale.
– Usage analytics may be aggregated and anonymized for product improvement.
6. Data Sharing
– Data is shared only with:
– Authorized third-party platforms (e.g., vehicle marketplaces) for inventory distribution.
– Service providers (e.g., hosting, analytics) under strict data processing agreements.
– We ensure all third parties adhere to equivalent data protection standards.
7. Data Retention
– Lot Wizard DMS and website data is retained for the duration of the client relationship or as required by law.
– Inventory data is retained only as long as it is active or relevant for distribution.
– Clients may request data export or deletion at any time.
8. Client and Consumer Rights
– Clients may:
– Access, correct, or delete their data.
– Request data processing logs or audit trails.
– Receive breach notifications within 48 hours of discovery.
– End-users (e.g., dealership customers) may exercise rights through the dealership, with our support as a data processor.
9. Incident Response
– All data breaches are logged, investigated, and reported in accordance with legal and contractual obligations.
– Affected clients are notified promptly with remediation steps.
10. Policy Review
This policy is reviewed upon significant changes in technology, regulation, or business operations.