- Thursday, 23 Apr 2020 7:00 PM - Saturday, 25 Apr 2020 5:30 PM AEST
Data Security Policy
Our payments are managed through payment gateways provided by eWay (http://www.eway.com.au/) .
The following extract has been taken from eWay's PCI DDS complience guide (http://www.eway.com.au/corporate-business/pci-dss-compliant-payment-provider.aspx)
PCI DSS (Payment Card Industry Data Security Standard) - a set of standards created by card issuers such as Visa and MasterCard to ensure the security of credit card details online.
Visa has distinguished eWAY as a Registered PCI DSS compliant service provider. This registry serves as a benchmark of providers that are secure and trusted by Visa. For the complete listing and more information on this registry you may visit the Visa Registry. Note eWAY is listed under its registered name, Web Active Corporation Pty Ltd.
As an online credit card processor, eWAY is subject to standards imposed on the industry by major card issuers such as Visa and MasterCard. The Payment Card Industry (PCI) Data Security Standard (DSS) is a set of guidelines developed to help organisations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments.
The PCI DSS, a set of comprehensive requirements for enhancing payment data security, was developed by the founding payment brands of the Payment Card Industry Security Standards Council, including American Express, JCB, MasterCard and Visa, to encourage the broad adoption of consistent data security measures around the world.
The PCI DSS is a security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to assist organisations proactively protect their customer's information.
The core of the PCI DSS is a set of principles and accompanying requirements, around which the specific elements of the DSS are organised:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need-to-know
Requirement 8: Assign a unique ID to each person with computer access
Requirement 9: Restrict physical access to cardholder data
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security
Service Providers such as eWAY must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company each year. eWAY’s PCI DSS Audit is conducted by a third party, Securus Global, a certified QSA and QPASC under the Payment Card Industry Data Security Standard Program.
What information are you collecting and how are you collecting it?
Every computer connected to the Internet is given a domain name and a set of numbers that serve as that computer's "Internet Protocol" IP address. When a visitor requests a page from any web site within the Inspire Church Network, our web servers automatically recognise that visitor's domain name and IP address. The domain name and IP address reveal nothing personal about you other than the IP address from which you have accessed our site. We use this information to examine our traffic in aggregate, but do not collect and evaluate this information for individuals. Our web servers do not record e-mail addresses of the visitors.
What are Cookies?
You can choose whether to accept cookies by changing the settings of your browser. You can reset your browser to refuse all cookies, or allow your browser to show you when a cookie is being sent. If you choose not to accept these cookies, your experience at our site and other web sites may be diminished and some features may not work as intended.
What other information do you request?
We may also request your e-mail address or mailing address for the purposes of conducting a survey or to provide additional services (for example, subscriptions to e-mail newsletters, announcement lists or information about seminars). Whenever we request the identity of a visitor, we will clearly indicate the purpose of the inquiry before the information is requested. We maintain a strict "No-Spam" policy that means that we do not intend to sell, rent, or otherwise give your e-mail address to a third-party, without your consent.
In addition, Inspire Church will not send you email that you have not agreed to receive. We may from time to time send e-mail announcing new Inspire Church products and services.
When you enter a contest or other promotion, we may ask for your name, address, and e-mail address so we can administer the contest and notify winners.
What information do you collect when I purchase something?
If you are purchasing something from a Inspire Church media property, we need to know your name, e-mail address, mailing address, credit card number, and expiration date. This allows us to process and fulfil your order and to notify you of your order status. This information may also be used by us to notify you of related product and services, but will not be shared or sold to third parties for any purpose.
Certain Inspire Church media properties use a shopping cart feature that safeguards this information by using industry standard SSL (Secure Socket Layer) encrypted servers. SSL codes the information transferred between you and the server, rendering it unreadable to anyone trying to intercept the information. Other Inspire Church media properties do not use SSL and thereby do not offer a secure coded way to transfer information.
Will you disclose the information you collect to outside third parties?
Inspire Church will disclose personal information when required by law or in the good-faith belief that such action is necessary to:
* Conform to the edicts of the law or comply with a legal process served on Inspire Church Ltd,
* Protect and defend the rights or property of the Inspire Church network of sites,
* Identify persons who may be violating the law, the legal notice, or the rights of third parties,
* Cooperate with the investigations of purported unlawful activities.
Inspire Church uses reasonable precautions to keep the information disclosed to us secure. Inspire Church reserves the right to transfer information in connection with the sale of all or part of Inspire Church capital stock or assets. Furthermore, we are not responsible for any breach of security or for any actions of any third parties which receive the information. Inspire Church also links to a wide variety of other sites and contains advertisements of third parties. We are not responsible for their privacy policies or how they treat information about their users. See below.
What else should I know about my privacy online?
Please keep in mind that whenever you voluntarily disclose personal information online - for example through e-mail, discussion lists, or elsewhere - that information can be collected and used by others. In short, if you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return.
Ultimately, you are solely responsible for maintaining the secrecy of your personal information. Please be careful and responsible whenever you're online.