Privacy Policy
Introduction
Protecting your privacy and the confidentiality of your personal information – over the Internet, on the telephone– has always been fundamental to the online businesses and it's highly important to us. Your Personal data security is in compliance with PCI DSS.
What Is PCI Compliance?
Payment card industry (PCI) compliance is mandated by credit card companies to help ensure the security of credit card transactions in the payments industry. Payment card industry compliance refers to the technical and operational standards that businesses follow to secure and protect credit card data provided by cardholders and transmitted through card processing transactions. PCI standards for compliance are developed and managed by the PCI Security Standards Council.
Key Takeaways
-
Companies that follow and achieve the Payment Card Industry Data Security Standards (PCI DSS) are considered to be PCI compliant.
-
The PCI Security Standards Council is responsible for developing the PCI DSS.
-
PCI DSS has six major objectives, 12 key requirements, 78 base requirements, and over 400 test procedures.
Understanding PCI Compliance
The Federal Trade Commission (FTC) has responsibility for the oversight of credit card processing as it falls under the need for consumer protections and oversight. While there is not necessarily a regulatory mandate for PCI compliance, it is regarded as mandatory through court precedent.
In general, PCI compliance is a core component of any credit card companies security protocol. It is generally mandated by credit card companies and discussed in credit card network agreements.
The PCI Standards Council is responsible for the development of the standards for PCI compliance. These standards apply for merchant processing and have also been expanded to outline requirements for encrypted internet transactions. Other key entities that are also associated with standard-setting in the credit card industry include The Card Association Network and the National Automated Clearing House (NACHA).
PCI Standards
PCI compliance standards require merchants and other businesses to handle credit card information in a secure manner that helps reduce the likelihood that cardholders would have sensitive financial account information stolen. If merchants do not handle credit card information according to PCI Standards, the card information could be hacked and used for a multitude of fraudulent actions. Additionally, sensitive information about the cardholder could be used in identity fraud.
Being PCI compliant means consistently adhering to a set of guidelines set forth by the PCI Standards Council. PCI compliance is governed by the PCI Standards Council, an organization formed in 2006 for the purpose of managing the security of credit cards. The requirements developed by the Council are known as the Payment Card Industry Data Security Standards (PCI DSS). PCI DSS has six major objectives, 12 key requirements, 78 base requirements, and over 400 test procedures. The guidelines are are also considered security best practices. Its six major requirements include the following:
-
Build and Maintain a Secure Network and Systems
-
Protect Cardholder Data
-
Maintain a Vulnerability Management Program
-
Implement Strong Access Control Measures
-
Regularly Monitor and Test Networks
-
Maintain an Information Security Policy
The most recent version of PCI DSS was released in May 2018 and is referred to as version 3.2.1. Overall, the six objectives and 12 requirements outline a series of steps that credit card processors must continually follow. Companies are first asked to assess their networks and systems which involves information technology infrastructure, business processes, and credit card handling procedures.
Constant maintenance and assessment of any gaps in security are also very important for avoiding the theft of sensitive cardholder information, such as social security and driver’s license numbers, whenever possible. Companies are required to provide compliance reports on a regular basis as part of their card processing agreements. Monitoring, assessments, and audits of Payment Card Industry Data Security Standards are all an important part of a company’s security department.
All companies that process credit card information are required to maintain PCI compliance as directed by their card processing agreements. PCI compliance is the industry standard and business without it can result in substantial fines for agreement violations and negligence. Without PCI compliance companies are also highly vulnerable to theft, fraud, and data breaches.
Application
This policy applies to the personal information of Board Members, guests, partners and website visitors and internet users.
Privacy Statement
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use a Safe Zoom Version to run the session and communicate with you. We also collect personally identifiable information (including name, email, and our communications) to get in touch with you; payment details (including credit card information- CPI DSS compliant), comments, feedback, product reviews, recommendations, and personal profile.
Why do you collect information?
We collect such Personal Information for the following purposes:
-
To provide and operate the Services;
-
To provide our Users with ongoing customer assistance and technical support;
-
To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;
-
To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services;
-
To comply with any applicable laws and regulations.
Safeguarding Personal Information
The Board respects the privacy of our Members, partners, website visitors and Internet users and will protect that privacy as vigorously as possible. We store personal information in electronic and physical files that are secure. Our security measures include secure on-site storage, restricted access to records and data processing equipment, password protocols and encryption and security software when you order a product or service online.
Access/Correction of Personal Information and Inquiries
With limited exceptions, the Board will, on written request to our privacy officer, provide you with access to your Personal Information and amend or correct any errors in your Personal Information. Requests for access or correction, inquiries or any concerns about our management of your Personal Information should be in writing and include: your name, contact details, membership number and the nature of your request. We may require proof of your identity to ensure that we do not inadvertently disclose your Personal Information to someone else without your consent.
How do we communicate with our site visitors?
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes, we may contact you via email or chat.
Privacy policy updates
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.