Our information security program
We have implemented an information security program consisting of physical controls (to limit the access to physical media and devices containing the information), technical controls (to limit on-line access to information), and administrative controls (to limit the people who have access to your information) to protect your information. The effectiveness of our security program is periodically audited allowing for improvements to be made.
Data retention and destruction
We retain your information for only as long as needed to provide you with requested services, to meet our governance responsibilities, to comply with legal requirements, for business operations, and to protect against fraud and theft and as required or permitted by law.
- Generally, GMAC retains the personal information that we have collected up to 10 years beyond delivery of the last product or service you have selected for security purposes;
- Palm vein pattern records are retained for 5 years or the period designated by local law;
- CCTV/video/audio is retained for 30 days (or legally required period) at the test center unless there is a security incident necessitating a longer retention period;
- Accommodation requests and related information is retained for 5 years; and
- Aggregated information from which an individual cannot be identified is retained for research and product development purposes for research and business operations.
Your role in protecting your information
As a user, you contribute to our security efforts by creating a user-id and password to access your information on our websites. Creating a strong, difficult to guess password enhances the security of your information. Also, please remember to avoid sharing your user-id and password with anyone. It is also recommended that you do not save your user-id and password on your computer or anyone else’s computer.