Credit Card Security
Collection, Storage and Destruction of Credit Card Details Policy
Le Praz transfers values the privacy of credit card information and is committed to protecting the credit card details it holds and uses.
This policy outlines how Le Praz transfers intends to collect, store and destroy credit card details.
The policy is based on the following principles:
- Le Praz transfers must take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure.
- It is a necessary condition for Le Praz transfers to provide credit card facilities to individuals for the payment of services and goods provided by us.
Le Praz transfers may consider the following matters when adopting reasonable steps to protect the credit card information it holds:
- The sensitivity of credit card details and an individual’s expectations that this information will be protected from misuse and loss and from unauthorised access, modifications and disclosure;
- The harm likely to result if there is a breach of security; and
- The form in which the information is stored (e.g. on paper or electronically) processed and transmitted.
All Le Praz transfers staff.
Operative from 21 November 2012
1.0 Application of Policy
This policy is designed to deal with situations where a person provides details of their credit card to Le Praz transfers . The policy is also designed to ensure that Le Praz transfers will store and destroy credit card details in a manner which protects the credit card details from:
- unauthorised access;
- unauthorised modification; and
- unauthorised disclosure.
2.0 Collection of Credit Card Details
Le Praz transfers is committed to ensuring that credit card details are collected in a secure manner. Le Praz transfers will take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure during collection by adopting the following practices:
- preventing individuals from providing credit card details in an email;
- ensuring that where credit card details are collected on-line, encryption in accordance with the company’s IT Security Policy and IT Security Framework is included within the on-line web page, databases and other supporting programs;
- only collecting credit card details in an appropriate environment, for example not requesting credit card details verbally in a public waiting room; and
- ensuring that when credit card details are collected via facsimile, the facsimile is placed in a secure location.
3.0 Storage of Credit Card Details
3.1 Le Praz transfers is committed to ensuring that credit card details are held securely. Le Praz transfers will take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure by adopting the following practices:
- ensuring that credit card details are stored in a secure and protected manner such as locked filing cabinets;
- where possible, removing any credit card details from Le Praz transfers networked computers;
- ensuring that EFPTOS machines and other devices used to collect credit card details are stored securely, particularly when they are not in use (e.g. overnight);
- ensuring that appropriate staff only have access to credit card details; and
- ensuring information is transferred securely (for example, not transmitting credit card details via e-mail).
3.2 Credit card details may be stored in hard copy documents. If credit card details are stored as electronic data appropriate security measures must be utilised in accordance with the compay’s IT Security Policy and IT Security Framework. Some of the ways Le Praz transfers seeks to protect credit card details include the following:
- confidentiality requirements on the use of information by Le Praz transfers employees;
- policies on document storage and security;
- security measures for access to the Le Praz transfers computer systems;
- controlling access to the Le Praz transfers premises;
- web site protection measures.
3.3 Credit Card details are required to be stored onsite or in an easily accessible location for 12 months for charge back purposes. After 12 months, credit card details may be moved offsite providing the credit card details are stored in a secure location.
3.4 Credit card details must be stored for the length of time prescribed by the Records Disposal Authority.
4.0 Destruction of Credit Card Details
Credit card details will be destroyed in a secure manner when they are no longer needed by Le Praz transfers. Examples of destruction in a secure manner include shredding, pulping or disintegration of paper files, fire , encryption or scrubbing of credit card number or contracting an authorised disposal company for secure disposal.
5.0 For Further Information
For further information about this policy please contact firstname.lastname@example.org