Policy Statement
Courses Direct values the privacy of credit card information and is committed to protecting the credit card details it holds and uses.
This policy outlines how Courses Direct intends to collect, store and destroy credit card details.
Principles
The policy is based on the following principles:
Broad Overview
Courses Direct may consider the following matters when adopting reasonable steps to protect the credit card information it holds:
Application
All Courses Direct staff.
Operative Date
Operative from 21 September 2009
1.0 Application of Policy
This policy is designed to deal with situations where a person provides details of their credit card to Courses Direct. The policy is also designed to ensure that Courses Direct will store and destroy credit card details in a manner which protects the credit card details from:
2.0 Collection of Credit Card Details
Courses Direct is committed to ensuring that credit card details are collected in a secure manner. Courses Direct will take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure during collection by adopting the following practices:
3.0 Storage of Credit Card Details
3.1 Courses Direct is committed to ensuring that credit card details are held securely. Courses Direct will take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure by adopting the following practices:
3.2 Credit card details may be stored in hard copy documents. If credit card details are stored as electronic data appropriate security measures must be utilised in accordance with the compay's IT Security Policy and IT Security Framework. Some of the ways Courses Direct seeks to protect credit card details include the following:
3.3 Credit Card details are required to be stored onsite or in an easily accessible location for 12 months for charge back purposes. After 12 months, credit card details may be moved offsite providing the credit card details are stored in a secure location.
3.4 Credit card details must be stored for the length of time prescribed by the Records Disposal Authority.
4.0 Destruction of Credit Card Details
Credit card details will be destroyed in a secure manner when they are no longer needed by Courses Direct. Examples of destruction in a secure manner include shredding, pulping or disintegration of paper files, fire , encryption or scrubbing of credit card number or contracting an authorised disposal company for secure disposal.
5.0 For Further Information
For further information about this policy please contact us.