Contact Us
(888) 207-9812
LEXUS OF TULSA
An Elite of Lexus Dealer                                         "Luxury and value can exist together, and they do at Lexus of Tulsa"

Your Privacy Rights

 

Information Security Policy
DON THORNTON AUTOMOTIVE, LLC
Safeguarding Customer Information

Information Security Plan

Lexus of Tulsa and Land Rover Tulsa

Introduction / Background

On July 1,2001 the Gramm-Leach-Bliley Act and the FTC Privacy Rule was imposed, obligating Don Thornton Automotive, LLC (DTA) to disclose to our finance, lease and insurance customers how we use and share consumer information. On May 23,2003, the Federal Trade Commission has issued a rule governing the safeguarding of customer records and information for the financial institutions subject to its jurisdiction. The Rule implements the safeguards provisions of the Gramm-Leach-Bliley Act (GLB Act), which requires dealers to develop, implement and maintain a comprehensive written information security program. It also requires dealers to ensure their affiliates maintain appropriate safeguards, and dealers must select and retain service providers that are capable of maintaining appropriate safeguards, for the customer information dealers share with them. The compliance date for the Privacy Rule was July 1, 2001 and the final compliance date for the Safeguard Rule is May 23,2003.




Information Security Policy Objectives
Policy Objectives

· Insure the confidentiality and the security of our customer's private information

· Protect against any anticipated threats to the security of our customer's private information

· Protect against any unauthorized access to our customer's information that could result in any damage or inconvenience to them


For purposes of this policy, the Privacy Rule protects a consumer's "nonpublic personal information" (NPI). NPI is any "personally identifiable financial information" that a financial institution collects about an individual in connection with providing a dealership product or service, unless that information is otherwise publicly available.

NPI is:

Any information an individual has given to get a dealership product or service (name, address, income, social security number, or other information on an application)

Any information from a transaction involving our financial products or services (for example, the fact that an individual is our customer, account numbers, payment history, loan or deposit balances, and credit or debit card purchases)

Any information received from an individual in connection with providing a dealership product or service (for example, information from court records or from a consumer report




Information Security Policy
Program Coordinators
The Managing Program Coordinator has been assigned to periodically review our compliance and document any and all inconsistencies to the Vice President of Operations. Corrections will be made as dictated. Each manager is responsible and accountable for the compliance of their employees and their department. The Managing Program Coordinator is David Litzinger, the General Manager at Lexus of Tulsa. Department Program Coordinators are as follows:

· New Vehicle Sales - Lexus  of Tulsa - Todd Morrison 
· Used Vehicle Sales - Lexus of Tulsa - Todd Morrison
· Service Department - Lexus of Tulsa - Ted Dollar
· Parts Department - Lexus of Tulsa- Rich Epperson 
· Accounting- Lexus of Tulsa - Wayne Pitts
· Information Systems - Lexus of Tulsa - Larry Thomas
· F & I Department - Lexus - Reagan Allison Ford

The safeguard program shall be implemented and maintained by the above personnel as designated by the Dealership. The Managing Program Coordinator shall maintain continuing education of safeguard data protection and shall report to the Vice President of Operations as new policies or procedures may become necessary. Delegation and outsourcing the performance of any function under the Information Security Program may be necessary from time to time.


In the event any coordinator leaves the employment of the Dealership, the Vice President of Operations shall take over those responsibilities until a new coordinator is designated.

Risk Assessment
The Vice President of Operations shall inspect the Dealership and determine any and all risks to the security of customer information. The inspection shall cover all relevant areas of the operation and shall include the following:

· Employee/Management training
· Systems and procedures
· Network and software
· Response to system failures or attack

Once risks have been identified, the Vice President of Operations and the Managing Program Coordinator will determine whether the current policies and procedures are adequate to comply with the established privacy standards. If the risks are too great, the PC (Program Coordinator) shall revise and implement new policies and procedures to protect the customer's "non-public information".

Audits and Inspections
The Managing Program Coordinator shall test/audit the effectiveness of the policies and procedures periodically but at least on a quarterly basis. The results of those inspections should be presented in writing to the Vice President of Operations.

Service Providers
The Managing Program Coordinator shall be responsible for overseeing service providers who have access to our customer information and that they are capable of maintaining appropriate safeguards for their NPI. It may be necessary to require them by contract to implement and maintain such safeguard policies. The Vice President of Operations shall review and approve each service provider contract/policy prior to its execution by the Dealership.

The Dealership shall keep the Managing Program Coordinator apprised of the nature and extent of all third party relationships and any operational changes or other matters that may impact the security or integrity of the Dealership' s customer information.

Lexus of Tulsa , and Lexus, a division of Toyota Motor Sales, USA Ibc., are nonaffiliated third parties.  Therefore the Lexus of Tulsa Privacy Policy applies to the Lexus of Tulsa website only, and not the Lexus Corporate website.

Personally identifiable information generated by the Lexus of Tulsa website forms will be used and tracked by Lexus Corporate, and my be used by Lexus for their own marketing purposes.