|
We
value your rights to privacy and the security of your information, respecting
the sensitivity of your credit card details and your expectations that
information be secure and protected. We understand the harm that may result in a
breach of security and are mindful of how information is stored, processed and
transmitted. We have processes in place designed for the effective collection,
storage, security and destruction of credit card information.
-
We store and
destroy credit card details so as to protect them from misuse and loss, as well
as from unauthorised access, modifications or disclosure.
-
The
following processes are in place primarily to effectively manage manual handling
of a transaction or query.
Application and Operation
All
WillHelp staff, contractors and any third party (hereinafter “personnel”)
dealing with WillHelp customer finance from 1 November 2010.
Collection
We have
online facilities that maximise the privacy of your information. Credit card details are encrypted within web pages, databases and other
supporting programs.
Documented
credit card information will be kept in secure locations until entered into our
encrypted systems and verified. That information will then be destroyed in a secure manner.
Storage and access
When
credit card details are kept, they are stored in a secure and protected manner
such as encrypted systems or locked filing cabinets with appropriate security
measures. When information is
transferred it is done so in a secure manner, and where possible, we remove
credit card details from our networked computers.
EFPTOS
machines and other devices used to collect credit card details are stored
securely, particularly when they are not in use.
Only
appropriate and authorised personnel will have access to credit card details,
appropriate to their level of authority.
Credit
Card details are required to be stored for 90 days for charge back purposes and
may be stored in hard copy if occasion demands. After 90 days, credit card
details may be archived at a secure location and stored for only as long as
deemed appropriate by regulatory bodies.
Destruction
Credit
card details will be destroyed in a secure manner when they are no longer
needed. Examples of destruction in a secure manner include shredding, pulping or
disintegration of paper files, fire, encryption or scrubbing of credit card
number or contracting an authorised disposal company for secure disposal.
Credit
card details will be destroyed in a secure manner when they are no longer
needed; paper files may be shredded, pulped or disintegrated, electronic data
may be scrubbed and modified (e.g. data overwritten except for the last four
digits of a card number for identification purposes).
Hard drives that have contained credit card information will be
physically destroyed before the computer containing it is recycled to another
function.
Authorised
disposal companies may be contracted for secure disposal.
Security strategies that we expect you to follow
- Do not send
credit card details in an email; we do accept the risk of handling such
information as emailing is not a secure practice and may be intercepted at many
points.
-
Do not discuss your credit card information where others may overhear; this information is strictly private between your and the person collecting your information.
Security strategies that we follow
Policies
and procedures are in place covering security, risk and records management;
including document storage and security, access to Willhelp computer systems and
web site security. These systems
are subject to quality control and are reviewed regularly to ensure compliance
and for continuous improvement.
Our
personnel are bound by confidentiality agreements and are subject to strict
screening and ongoing monitoring to ensure that financial, privacy and security
policies and procedures are followed on the use of information.
Areas
where private and secure data are kept are subject to
controlled access.
|
