Privacy Statement

Copeland Toyota, Inc.

Information Security Program

Through the ordinary course of business Copeland Toyota, Inc. (hereinafter referred to as Copeland) comes in contact, collects, uses, and stores in our database personal identifying information unique to our finance, lease, and insurance customers. In the respect, and in compliance with the Federal Trade Commission’s “Information Safeguard Rule,” Copeland has developed this Information Security Program (hereinafter referred to as the “Program”).

This is an elastic document that is subject to additions and/or changes at any time. Changes in dealership personnel, information systems maintained by this dealership, service vendors used, discrepancies discovered through self-testing and information security monitoring, technological innovations, or any other unforeseen events that may jeopardize the confidentiality and integrity of our customer information may result in a modification of this program.

Copeland does not sell or share any of our customer information with any other practice other than our computer system service provider, Reynolds and Reynolds, and our vehicle manufacturer/franchisor Toyota Motor Sales, Inc. as provided for under the Gramm-Leach Bliley Act.

Information Security Manager

Copeland’s designated Information Security Program Manager is Patricia Pearce, who is also Copeland’s Controller. Patricia is in charge of the implementation and oversight of Copeland’s program. She shall conduct periodic audits and testing of sensitive customer information from time to time on a random basis to ensure the integrity of our program. She shall report her findings to James W. Egan and J. Todd Copeland, the owners and dealer principals. Patricia shall also consult the finance, insurance, and sales managers regarding the information gathering and transmission issues.

Employee Managements and Training

Risk: If employees don’t have the proper training and education regarding the necessity of information security, there is a greater risk of breach, both intentionally and unintentionally.

The program manager shall set up and oversee education and training of dealership employees who have access to any sensitive customer information. Training and education shall be ongoing. Employees should know what information is sensitive, who is authorized to access it, and recognize unauthorized attempts to obtain and/or use customer information.

The program manager will refer any breaches in security to the dealer principal. Any breach is a very serious matter, and the dealer reserves the right to take whatever disciplinary measure he deems appropriate.

Information Gathering Process and Security Risks

Risk: The dealership obtains protected, sensitive customer information generally when sales and/or F&I people receive it from a customer who is seeking help in securing financing and/or purchasing insurance products in conjunction with a lease or purchase of a motor vehicle. Whenever there is a chain of custody, it must be ensured that all links are secure.

Copeland Toyota has set up a system wherein using its best efforts it ensures that all the links are secure.

Information Storage, Use, and Maintenance

Risk: From time to time Copeland Toyota must maintain customer information on its main computer system and transmit customer information electronically. Whenever anything is stored on a computer that is accessible by a number of different people or transmitted electronically there is a risk hat information security could be breach or a transmission could be intercepted.

Once a transaction is completed that information will be deleted from the dealership’s main computer system when possible. There may be times when customer information must remain within the dealership’s computer system to enable the customer to exercise benefits from products or warranties that he or she purchased. Copeland Toyota will scan all customer information and delete as much customer information as possible without jeopardizing customer benefits. Customer information that remains on the dealership’s main computer system shall be kept in password protected files.

Auditing and Testing the Program

Risk: If the system is not checked for flaws it could fail without the program manager’s knowledge, resulting in a breach of security.

The program manager shall set up a series of tests from time t time to test the program and how the information that is being protected s actually used. The program manager shall establish a dummy customer account from time to time on a random basis to use as a control and monitor the use of that account to detect unauthorized contacts.

Third Party and Service Providers

Risk: In the course of doing business, Copeland Toyota allows other parties limited access to its customer information. Copeland Toyota’s Franchisor has a legitimate business purpose to have access, and Copeland Toyota contracts with a third-party provider for customer systems operations and management. Copeland Toyota must take precautions to prevent parties that have legitimate business purpose from abusing their access to Toyota customer information.

Copeland Toyota has a service contract with Reynolds & Reynolds Processing Company. R&R provides Copeland Toyota with operating software and technical support, and assists with Copeland Toyota’s customer relations management program. Under this relationship R&R has access to some of Copeland Toyota’s customer data. Therefore, Copeland Toyota has received and has on file a contractual assurance (including indemnification) that R&R will not use, sell, or share any of Copeland Toyota’s customer information for anything other than purposes authorized by Copeland Toyota.

The program manager and dealer shall meet periodically with service providers and franchisor to discuss their use of dealership’s customer information to ensure that it is not being misused.

Managing System Failures

Risk: From time to time computers don’t do what we think they should. There are security breaches, software glitches and breakdown, or total crashes.

The program manager shall be responsible for ensuring the integrity of the security system for all computers that store any sensitive customer information. Some of the things that program manager shall do to ensure that up-to-date firewalls are installed and functioning properly, back up on a regular basis all customer information that remains in the dealership’s computer system, and install patches to resolved software vulnerabilities on an as needed basis.

If at any time there is a breach of security and Copeland Toyota’s sensitive customer information is misused, the program manager or dealer principal will immediately contact all customers who information security has been compromised.