Does your auto dealership need a privacy policy? You’re in the right place!
If you operate a car dealership business, you collect and use vast amounts of personal information, from basic personal details to financial data, and vehicle usage information.
Therefore, you need a clear and comprehensive privacy policy that complies with applicable privacy laws such as California’s CCPA, Virginia’s CDPA, and the EU GDPR.
You may also be required to provide certain privacy disclosures to individuals under the Gramm Leach Bliley Act (GLBA) if you finance or lease vehicles.
Below, you’ll learn all about how to make a privacy policy for auto dealerships, including what goes into it, the laws that might impact it, where to publish it, and more.
- How Do You Create a Privacy Policy for Auto Dealerships?
- Does My Auto Dealership Need a Privacy Policy?
- What Laws Impact Auto Dealership’s Privacy Policies?
- What Information Should I Include in My Auto Dealership’s Privacy Policy?
- Examples of a Good Auto Dealership Privacy Policy
- Where Should You Display Your Auto Dealership's Privacy Policy?
- How Termly Helps Auto Dealerships Easily Make Privacy Policies
How Do You Create a Privacy Policy for Auto Dealerships?
There are several ways to make a privacy policy for your auto dealership, so let’s go over a few different options together.
You Can Use a Privacy Policy Generator
The easiest way to make a privacy policy for auto dealerships is to use a privacy policy generator, like Termly’s.
Backed by our legal team and data privacy experts, it asks simple questions about your auto dealership and uses those answers to make your custom policy.
Once completed, you can easily embed it directly onto your site.
We also pride ourselves on transparency and trust and are fully committed to protecting the privacy of our users.
You Can Use a Privacy Policy Template
You can also use a privacy policy template to make one of these legal documents for your auto dealership. These are usually free to use but that’s because they take more time and effort on your part.
You’ll have to fill in the blank sections with information about your auto dealership. You can also remove any clauses that aren’t applicable.
Spend extra time rereading and editing the final document to ensure adequate legal compliance.
You Can Write It Yourself
You can also write your own privacy policy, but this is really only recommended if you have a lot of legal and technical knowledge.
For most auto dealerships, especially those leasing vehicles, privacy policies and other disclosures must meet specific legal obligations outlined by laws like the Gramm Leach Bliley Act (GLBA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), or other state-level data privacy laws that may be applicable.
This means writing your own policies can put you at a legal risk.
If you fail to create a legally compliant privacy policy, and an investigation occurs, your auto dealership could be held accountable by relevant supervisory authorities.
How NOT To Make a Privacy Policy for Auto Dealerships
Now that you’ve seen a few valid ways to create a privacy policy for auto dealerships, here’s what you should not do:
- Don’t copy another auto dealership’s privacy policy: This is considered a form of plagiarism. Not to mention another auto dealership policy won’t accurately apply to your data collection activities, which puts you at a legal risk.
- Don’t publish a dishonest or incomplete policy: Privacy laws require your policies to be transparent and honest, and often it’s unlawful to collect and use data beyond the purposes stated in your privacy disclosure.
- Don’t pay for clauses or information that’s typically free: There are a lot of free resources out there to help jumpy start the process of making a privacy policy, so look out for places that try to charge for things that are free elsewhere, like certain information or half-completed templates.
- Don’t rely on AI or LLMs to fully generate your policy for you: Your privacy policy is a legal document and AI/LLMs have no way of actually knowing all of the nuances and details about your data processing activities, unless you spend hours of your time manually writing it all down in a prompt. You’ll still have to review the policy and fact-check it thoroughly, or have a lawyer look it over to ensure it’s compliant.
Does My Auto Dealership Need a Privacy Policy?
Yes, most auto dealerships need to have a privacy policy posted somewhere on their website.
A privacy policy for auto dealerships is a legal document that explains how you collect, use, and process customer data both digitally and in person during the process of purchasing or leasing a vehicle.
You might need to present one to customers who physically show up to your dealership and test drive cars, depending on if and how you’re using data collected about them when they’re physically present.
For example, you might fall under data privacy laws or financial protection laws, both of which can require privacy disclosures or notices to be presented to consumers.
A privacy policy helps you more easily meet these requirements.
What Laws Impact Auto Dealership’s Privacy Policies?
Several laws can impact privacy policies for auto dealerships, including:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Colorado Privacy Act (CPA)
- Gramm Leach Bliley Act (GLBA)
- Telephone Consumer Protection Act (TCPA)
- FTC Disposal Rule
- FTC Red Flags Rule
- Driver’s Privacy Protection Act (DPPA)
- Virginia Consumer Data Privacy Act (VCDPA)
- Other U.S. state-level privacy laws
It’s your responsibility to know which laws apply to your auto dealership and to follow all requirements accordingly.
What Information Should I Include in My Auto Dealership’s Privacy Policy?
Next, let’s go over some common clauses you should consider including in a privacy policy for auto dealerships.
What Data You Collect
Explain what data your car dealership collects through online forms on your website, during in-person conversations, and from third parties in your privacy policy.
For instance, you may collect full name, home address, government ID number, and phone number via the online registration forms on your website.
Furthermore, you may be collecting personal data such as credit score, and credit history from third-party credit bureaus.
Your privacy policy must list out this information clearly and in a format that’s easy to read, like a table or a simply bullet list.
Why You Collect the Data
Various laws require you to explain why you’re collecting the data from consumers.
Clearly list those reasons in your privacy policy for auto dealerships in a way that most consumers can easily understand.
These purposes may include:
- Provision of your services,
- Processing of payment data,
- Communication with your customers,
- Compliance with applicable laws, and
- Preventing fraud.
For example, you likely collect and use identification data to prevent fraud and to comply with the applicable financial laws such as Gramm Leach Bliley act.
Remember, auto dealerships also need to account for data that is collected from the consumers who are physically visiting your dealership, which can include:
- Biometric data,
- Data collected on paper forms,
- Financial data, and more.
Under laws like the GDPR, there are specific lawful bases you must follow in order to lawfully collect data.
How You Collect the Data
There should be a clause in your privacy policy for your auto dealership explaining how you collect the data from consumers.
I know I sound like a broken record, but for auto dealerships, these methods include, but are not limited to:
- Online forms on your website
- Data collected through phone calls
- Data collected during in-person conversations with customers
- Data collected from third parties such as credit-referencing agencies, credit bureaus, insurance companies, or data brokers
Third Party Data Sharing
A privacy policy for auto dealerships must disclose to consumers if you share their data with any third parties, which can include banks, Google analytics, and more.
Most laws, like several U.S. privacy laws, require you to list the categories of data you share with others and the categories of the third parties themselves.
Consumer Rights Over Their Data
There should be a clause in your privacy policy for auto dealerships that clearly explains what rights your consumers have over their data and how they can act on those rights.
If you have to follow multiple privacy laws, consider creating a separate section for each law, so users can easily find the relevant information that applied to them.
For instance, if California’s CCPA applies to your business, you need to provide your customers with the right to opt out of sale of their data and the sharing of their data for targeted advertising purposes.
In relation to the EU GDPR, you must provide customers with the right to data portability.
Therefore, it is advisable that you tailor your privacy policy to different applicable laws.
Children’s Data Clause
While your auto dealership most likely doesn’t target children or collect their data, it is advisable to include a clause in your privacy policy addressing what legal guardians can do if they believe you accidentally did collect details about their child.
This is because children can have free access to the internet and may lie or access your site, and a parent or guardian must lawfully be able to contact you and request that you delete it.
Cookie and Other Trackers
If your auto website uses internet cookies or other trackers, then you need to address the collection and processing of personal data through cookies and similar technologies in your privacy policy under certain laws such as the EU GDPR.
This is because cookies often collect personal data about website users, so they fall under the requirements outlined by privacy laws.
Along with having this clause in your privacy policy for auto dealerships, you should also have an updated cookie policy.
Auto Dealership Contact Information
Make sure there’s a clause in your privacy policy for auto dealerships that includes your company contact information.
This way consumers can reach you if they have any questions or if they want to follow through on their privacy rights.
Some privacy laws actually legally require you to provide this information, like the GDPR.
Examples of a Good Auto Dealership Privacy Policy
Next, let’s look at an example of a privacy policy for an auto dealership that’s good.
The one in the screenshot below comes from Toyota.
As you can see in the screenshot of their policy, Toyota includes a clear ‘last updated’ date at the top of their policy, a requirements under laws like the GDPR and CCPA.
The policy is written using easily readable language, no legalese or unnecessary jargon.
When making a privacy policy for your auto dealership, follow Toyota’s lead and make sure you’re using simply language, clear headers, and complete, transparent clauses.
Where Should You Display Your Auto Dealership’s Privacy Policy?
It is best practice to display your privacy policy for auto dealerships in multiple places across your website or sites.
A rule of thumb is to link to it wherever any data collection occurs.
Here is a list of the most common places you should consider displaying your privacy policy:
- Website footer
- Pop up banners
- Login or account creation pages
- Email newsletters sign up pages
- Wherever AI is used and collects personal data
- On any internet forms
- Posted on a wall in person at the dealership
- Printed and available to hand out at the dealership
How Termly Helps Auto Dealerships Easily Make Privacy Policies
Making a privacy policy for auto dealerships is easy with Termly’s Privacy Policy Generator.
It’s simple to use, accommodates 30 privacy laws globally, and our amazing customer support team is always at the read to help, especially if you have more than one website to manage and have questions about data privacy.
Sign up and see for yourself why we’re trusted by auto dealerships (and other businesses!) across the world.
More about the author
Written by Natasha Piirainen
Natasha Piirainen is a Content Specialist with a Bachelor’s Degree in English and Philosophy from Wheaton College and over 10 years of professional experience in research-driven content development.
More about the author
Reviewed by Ali Talip Pınarbaşı, CIPP/E, & LLM Data Privacy Law Consultant
