IT & Data Security

Information Security

Autorolas information security practices are governed by a set of fundamental principles, ensuring alignment with industry standards, a cohesive and robust security framework, and a commitment to safeguarding sensitive data while enabling our business to thrive and maintain a positive reputation.

Compliance with International Standards: Our information security management system adheres to globally recognized best practices, such as ISO 27001, ISO 27002, and ISO 27005.

Leadership and Guidance: The Chief Information Security Officer (CISO) leads the Information Security function, responsible for creating the Information Security Manual, encompassing policies, standards, procedures, and guidelines. This function serves as an internal center of excellence, providing leadership and guidance on all information security matters.

Prudent Investment in Security: We make wise investments in proven information security controls based on lifecycle cost/benefit assessments and risk analyses.

Organization-Wide Responsibility: Information security is embedded throughout the entire organization, safeguarding all information assets under our care, including those we own and those entrusted to us. It is integrated into our IT architecture, operational processes, and management procedures, making every individual accountable for information security.

Integral to Corporate Governance: Information security is a core element of corporate governance, closely intertwined with IT management, physical site security, risk management, legal and regulatory compliance, and business continuity. It fulfills our obligations to employees, business partners, and the broader community.

Business Enabler: Information security serves as a business enabler, allowing us to confidently pursue and maintain relationships, markets, and opportunities that might otherwise seem too risky. By minimizing losses from security breaches, it supports our financial well-being and enhances our corporate image as a trustworthy, open, honest, and ethical organization.

Sensitive Data Protection: We prioritize the protection of sensitive data as defined by GDPR Article 9 and Article 10. Registration of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data for unique identification, health data, and data concerning sex life or sexual orientation is strictly prohibited. Exceptions only apply to preapproved registration of trade-union and required health information of employees when necessary.

GDPR compliance
At our organization, we are committed to upholding the key principles of the GDPR when processing personal data to fulfill our obligations to both our customers and the data subjects. We take full responsibility for implementing and maintaining this policy to ensure compliance with the GDPR. Our approach to processing personal data ensures appropriate security and confidentiality. We protect against unauthorized access, unlawful use, accidental loss, destruction, or damage of personal data and the processing equipment, employing suitable technical and organizational measures.
Data rights
Our employees and data processors with access to personal data are bound by strict confidentiality obligations. We always aim to accommodate data subject requests, even if not legally mandated, to uphold their rights. We process personal data lawfully and fairly, ensuring transparency in all communications related to the processing of our customers' personal data. We use clear and plain language to make information easily accessible and understandable.
Personal data
Personal data is collected for specific, explicit, and legitimate purposes, and we do not use it in ways incompatible with these purposes. The reasons for processing personal data are explicit and determined at the time of collection. We process personal data only to the extent necessary for the intended purposes, ensuring adequacy and relevance. The storage period for personal data is kept to a strict minimum. Personal data is not retained beyond the legally permissible and required period. We store personal data only as long as necessary for the processing purposes.
Previous slide
Next slide

Your global partner for online remarketing and business intelligence. Leader in online remarketing and automotive solutions for professional fleet and used car management.

The online auction platform for European and international vehicle dealers with a wide range of auction formats and more than 70,000 active buyers worldwide

 

Vehicle auctions
Digital vehicle registration
Related services

 

www.autorola.com

Customized solutions for companies covering specific requirements in the OEM, banking and leasing segments around the world

 

Lead Time Management
Fleet Workflow Systems
Fleet Services

 

www.autorolasolutions.com

The next generation of business intelligence and market insights software for used vehicle inventory management

 

Improve market transparency
Analysis, management and risk optimization
Monitoring and performance optimization of dealer network

 

www.indicata.com

© – Autorola Solutions

Choose a different country to view content for your location.

Choose country