Privacy & Security Policy
Security & Privacy Policy
This Application collects some Personal Data from its Users. PERSONAL DATA collected for the following purposes and using the following services:Analytics: Google Analytics, Analytics collected directly, Facebook Ads conversion tracking (Facebook pixel) and Google Ads conversion tracking Personal Data: Cookies; Usage DataContacting the UserMailing List or Newsletter | Personal Data: country; email address; first name; last name; phone numberContent commentingFacebook Comments | Personal Data: Cookies; Usage DataInteraction with external social networks and platformsFacebook Like button and social widgets and Google+ +1 button and social widgets | Personal Data: Cookies; Usage DataRemarketing and behavioural targetingAdRoll, Google Ads Remarketing and Facebook Remarketing | Personal Data: Cookies; Usage
CREDIT CARD POLICY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is transmitted using Transport Layer Security technology (TLS). All data is encrypted and stored using industry standard AES encryption. All our system are fully compliant with PCI-DSS requirements.James Blond Rentals currently accepts VISA and MasterCard and has negotiated contracts for processing payment card transactions
REFUNDS
When a good or service is purchased using a payment card and a refund is necessary, the refund must be credited back to the account that was originally charged. Refunds in excess of the original sale amount or cash refunds are prohibited.
MAINTAINING SECURITY
Departments and administrative areas accepting payment cards on behalf of James Blond Renntals are subject to the Payment Card Industry Data Security Standards (PCI DSS).James Blond Rentals prohibits the transmission of cardholder data or sensitive authentication data via email or unsealed envelopes through campus mail as these are not secure.James Blond Rentals restricts access to cardholder data to those with a business “need to know.”For electronic media, cardholder data shall not be stored on servers, local hard drives, or external (removable) media including floppy discs, CDs or thumb (flash) drives unless encrypted and otherwise in full compliance with PCI DSS.For paper media, cardholder data shall not be stored unless approved for legitimate business purposes.
Departments and administrative areas accepting payment cards on behalf of James Blond Renntals are subject to the Payment Card Industry Data Security Standards (PCI DSS).James Blond Rentals prohibits the transmission of cardholder data or sensitive authentication data via email or unsealed envelopes through campus mail as these are not secure.James Blond Rentals restricts access to cardholder data to those with a business “need to know.”For electronic media, cardholder data shall not be stored on servers, local hard drives, or external (removable) media including floppy discs, CDs or thumb (flash) drives unless encrypted and otherwise in full compliance with PCI DSS.For paper media, cardholder data shall not be stored unless approved for legitimate business purposes.
RESPONSIBILITIES
Merchant Department Responsible Persons (MDRPs) are responsible for:Executing on behalf of the relevant Merchant Department, Payment Card Account Acquisition or Change Procedures.Ensuring that all employees (including the MDRP), contractors and agents with access to payment card data within the relative Merchant Department acknowledge on an annual basis and in writing that they have read and understood this Policy.Ensuring that all payment card data collected by the relevant Merchant Department in the course of performing business, regardless of whether the data is stored physically or electronically is secured. Data is considered to be secured only if all of the following criteria are met:Only those with a “need-to-know” are granted access to payment card and electronic payment data;
Merchant Department Responsible Persons (MDRPs) are responsible for:Executing on behalf of the relevant Merchant Department, Payment Card Account Acquisition or Change Procedures.Ensuring that all employees (including the MDRP), contractors and agents with access to payment card data within the relative Merchant Department acknowledge on an annual basis and in writing that they have read and understood this Policy.Ensuring that all payment card data collected by the relevant Merchant Department in the course of performing business, regardless of whether the data is stored physically or electronically is secured. Data is considered to be secured only if all of the following criteria are met:Only those with a “need-to-know” are granted access to payment card and electronic payment data;
Email should not be used to transmit credit card or personal payment information. If it should be necessary to transmit credit card information via email only the last four digits of the credit card number can be displayed;Credit card or personal information is never downloaded onto any portable devices or media such as USB flash drives, compact disks, laptop computers or personal digital assistants;Fax transmissions (both sending and receiving) of credit card and electronic payment information occurs using only fax machines which are attended by those individuals who must have contact with payment card data to do their jobs;The processing and storage of personally identifiable credit card or payment information on computers and servers is prohibited;Only secure communication protocols and/or encrypted connections to the authorized vendor are used during the processing of eCommerce transactions;The three or four digit validation code printed on the payment card is never stored in any form;The full contents of any track data from the magnetic stripe are never stored in any form;The personal identification number (PIN) or encrypted PIN block are never stored in any form;The primary account number (PAN) is rendered unreadable anywhere it is stored;All but the last four digits of any credit card account number are masked when it is necessary to display credit card data;All media containing payment card or personal payment data is retained no longer than a maximum of six (6) months and then destroyed or rendered unreadable.The Director, Information Security Management and Compliance shall maintain currency with the requirements of the PCI DSS and related requirements to ensure that this policy remains current and shall coordinate and lead any response to a security breach involving cardholder data.The Manager and Accounts Department shall:Provide training to ensure that merchants are trained in accepting and processing payment cards in compliance with this policy;Work with external vendors and coordinate payment card policies, standards, and procedures;Serve as liaison between Financial Management Services, Information Technology Services, and the merchant for Payment Card account acquisition or change procedures;and Review and modify the Application for Payment Card Account Acquisition or Change as necessary.Internal Auditing Services shall:Periodically review merchant compliance with this policy and the Payment Card Industry (PCI) Data Security Standards (DSS);Identify unapproved payment applications or external vendors that collect payment card data on behalf of James Blond Rentals and notify the Company.
WIRELESS TECHNOLOGY
James Blond Rentals discourages the use of wireless technology to process or transmit cardholder data. Requests for Payment Card Account Acquisition or Change that include the use of wireless technology will be reviewed on a case by case basis and shall carefully consider the need for the technology against the risk of a non-secure payment environment.If the use of wireless technology is approved, the storage of cardholder data on local hard drives, floppy disks or other external media is prohibited. It is also prohibited to use cut-and-paste and print functions during remote access. Activation of modems for vendors will be permitted only when no other alternative is available and will be immediately deactivated after use.
James Blond Rentals discourages the use of wireless technology to process or transmit cardholder data. Requests for Payment Card Account Acquisition or Change that include the use of wireless technology will be reviewed on a case by case basis and shall carefully consider the need for the technology against the risk of a non-secure payment environment.If the use of wireless technology is approved, the storage of cardholder data on local hard drives, floppy disks or other external media is prohibited. It is also prohibited to use cut-and-paste and print functions during remote access. Activation of modems for vendors will be permitted only when no other alternative is available and will be immediately deactivated after use.
TRAINING
Employees who are expected to be given access to cardholder data shall be required to complete upon hire, and at least annually thereafter, security awareness training focused on cardholder data security. Employees shall be required to acknowledge at least annually that they have received training, understand cardholder security requirements, and agree to comply with these requirements.
Employees who are expected to be given access to cardholder data shall be required to complete upon hire, and at least annually thereafter, security awareness training focused on cardholder data security. Employees shall be required to acknowledge at least annually that they have received training, understand cardholder security requirements, and agree to comply with these requirements.
Contact informationOwner and Data ControllerJames Blond Rentals, 4004 Great North Road Kelston 0602, Auckland Owner contact email: info@jamesblond.co.nz