We have created this data
security
statement in order to
demonstrate our firm and
continuing commitment to the
security and privacy of personal
information provided by
those visiting and
interacting with this web
site. We hold the privacy of
your personal information in
the highest regard. The
following discloses our
information gathering and
dissemination practices for
this website.
We recognise the importance
of protecting your data
and our policy is designed
to assist you in
understanding how we
collect, use and safeguard
the personal information you
provide to us. This policy
will be continuously
assessed against new
technologies, business
practices and our customers'
needs.
Elegance2003 Ltd
manages orders from
customers via a professional
shopping cart (Mals
E-commerce), any customer
purchasing products is
transferred securely to
Sagepay (a PCI compliant
company) for card
processing. No card
information (apart from the
card company name and the
last 4 digits are accessable
by Elegance2003 Ltd).
No customer data (name,
address etc) is held for
more than 24 hours on the
shopping cart. All the
customer data (name, address
etc) is downloaded and held
as duplicates on two cloud
password secure files.
Elegance2003
Ltd commits to
respecting the privacy of
all its customers and to
protecting any data about
customers from outside
parties. To this end
management are committed to
maintaining a secure
environment in which to
process customer personal
information and cardholder
information so that we can
meet these promises.
We ensure sensitive
cardholder data is managed
as followed:-
*
Handle Company and
cardholder information in a
manner that fits with their
sensitivity (see above);
*
Limit personal use of
Elegance2003 Ltd
information and
telecommunication systems;
*
Elegance2003 Ltd
reserves the right to
monitor, access, review,
audit, copy, store, or
delete any electronic
communications, equipment,
systems and network traffic
for any purpose;
*
Do not use e-mail, internet
and other Company resources
to engage in any action that
is offensive, threatening,
discriminatory, defamatory,
slanderous, pornographic,
obscene, harassing or
illegal;
*
Do not use e-mail, internet
and other Company resources
to market directly to our
customers. Access to our web
site is your choice.
*
Protect sensitive cardholder
information (see below);
*
Keep passwords and accounts
secure;
*
Information security
incidents must be managed,
without delay
All
sensitive cardholder data
stored and handled by
Elegance2003 Ltd
must
be securely protected
against unauthorised use at
all times. Any sensitive
data that is no longer
required by Elegance2003 Ltd
for business reasons will be
discarded in a secure and
irrecoverable manner.
It is
strictly prohibited to
store:
1.
The
contents of the payment card
magnetic stripe (track data)
on any media whatsoever.
2.
The CVV/CVC
(the 3 or 4 digit number on
the signature panel on the
reverse of the payment card)
on any media whatsoever.
3.
The PIN
or the encrypted PIN Block
under any circumstance
4.
The above
are all managed via Sagepay
which is a PCI compliant
company.
3.
Data flow, Data
Retention, Data Security
*
No personal data is
collected or held on our web
site. When ordering, the
item and volume, is
collected and passed to a
professional and secure
remote shopping cart.
*
The shopping cart (Mals
E-Commerce) collects the
name,
mailing and shipping
address, and the email
address. If you wish to
progress to purchase this
information is passed via a
secure communication (Transport
Layer Security 1.2 (TLS 1.2
)) to SagePay.
These customer details and
order are held in a database
in a secure environment on
the shopping cart. They are
automatically deleted after
8 weeks by the shopping
cart. For more security we
delete all the information
from the database within 24
hours.
*
SagePay will collect credit
card details and confirm
with the customers
bank/credit card company via
secure communication that
the information is valid.
SagePay has achieved the
highest level of compliance
under the Payment Card
Industry Data Security
Standard (PCI). They adhere
to the most stringent levels
of fraud screening, ensuring
that your customer details
remain secure throughout the
transaction process. This
data is held in encrypted
format.
*
On successful completion the
shopping cart is informed
securely and a confirmation
email of the purchase is
sent to the customer and
ourselves. We hold the
confirmation email for 6
months to facilitate
customer contact re the
order only. It is not used
for marketing purposes.
*
From the shopping cart
database we create the
customer invoice. This is
held on 2 password protected
cloud data files (redundancy
measures in case of
corruption) with access only
granted to ourselves and our
accountant (limited data
access). For UK tax purposes
the invoices are held for 6
years.
*
The only other files we hold
are for order and business
tracking purposes and are
held on a protected cloud
data file. The personal data
consists of order number,
customer name, amount of
purchase, type of product,
dates of order and shipment.
No email contact details are
held on this files.
Buy
with confidence - Quality Assured - Personal
Service |