Privacy
We recognise the importance of protecting the privacy of information collected about visitors to our sites, in particular information that is capable of identifying an individual ("personal information"). This Internet Privacy Policy governs the manner in which your personal information, obtained through the web site, will be dealt with. This Privacy Policy should be reviewed periodically so that you are updated on any changes.
Your Personal Information
Personal information about visitors to our sites is collected only when knowingly and voluntarily submitted. For example, we may need to collect such information to provide you with further services or to answer or forward any requests or enquiries. It is our intention that this policy will protect your personal information from being dealt with in any way that is inconsistent with applicable privacy laws in Australia.
How We Collect Personal Information
In the course of providing our services, we collect personal information in a variety of ways. For example, information is collected when you:
- ask to be placed on one of our mailing lists,
- apply for a job with us,
- make an enquiry about our services,
- visit our web site, or
- become a client or debtor of the company.
How we use the information we collect
Personal information that visitors submit to our sites is used only for the purpose for which it is submitted unless we disclose other uses in this Internet Privacy Policy or at the time of collection. Copies of correspondence sent from the web site, that may contain personal information, are stored as archives for record-keeping and back-up purposes only. You should be aware that we may use your email address to contact you in the future. We will not sell or pass on your details to third parties.
Use of the information for a secondary purpose
We may sometimes use the personal information we collect for a secondary purpose, that is, for use in a way different from the original reason for collection. We will only do this in the following circumstances:
- where you have consented,
- where the secondary purpose is directly related to the primary purpose, and you would reasonably expect us to use or disclose the information in
- such a way, or
- where we are permitted or required by law, or
- it is in the interests of public safety to do so.
Correcting information
You can also request that information about you be corrected or deleted. This is part of our commitment to take all reasonable steps to ensure that the information we hold about you is accurate, complete and up-to-date.
Disclosure
You should be aware that we may use your email address to contact you in the future. We will not sell or pass on your details to third parties.
Security
We strive to ensure the security, integrity and privacy of personal information submitted to our site. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure.
However, we will endeavour to take all reasonable steps to protect the personal information you may transmit to us or from our online products and services. Once we do receive your transmission, we will also make our best efforts to ensure its security on our systems.
In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us. However, we will not be held responsible for events arising from unauthorised access to your personal information.
Credit Card Security Policy
Collection, Storage and Destruction of Credit Card Details Policy
Policy Statement
Compass Pools values the privacy of credit card information and is committed to protecting the credit card details it holds and uses.
This policy outlines how Compass Pools intends to collect, store and destroy credit card details.
Principles
The policy is based on the following principles:
- Compass Pools must take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure.
- It is a necessary condition for Compass Pools to provide credit card facilities to individuals for the payment of services and goods provided by Compass Pools .
Broad Overview
Compass Pools may consider the following matters when adopting reasonable steps to protect the credit card information it holds:
- The sensitivity of credit card details and an individual's expectations that this information will be protected from misuse and loss and from unauthorised access, modifications and disclosure;
- The harm likely to result if there is a breach of security; and
- The form in which the information is stored (e.g. on paper or electronically) processed and transmitted.
Application
All Compass Pools staff.
Operative Date
Operative from 9 August 2010
1.0 Application of Policy
This policy is designed to deal with situations where a person provides details of their credit card to Compass Pools. The policy is also designed to ensure that Compass Pools will store and destroy credit card details in a manner which protects the credit card details from:
- misuse;
- loss;
- unauthorised access;
- unauthorised modification; and
- unauthorised disclosure.
2.0 Collection of Credit Card Details
Compass Pools is committed to ensuring that credit card details are collected in a secure manner. Compass Pools will take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure during collection by adopting the following practices:
- preventing individuals from providing credit card details in an email;
- ensuring that where credit card details are collected on-line, the link between the client our web server and the payment gateway (eWay) are encrypted with 128bit SSL or higher;
- only collecting credit card details in an appropriate environment, for example not requesting credit card details verbally in a public waiting room; and
- ensuring that when credit card details are collected via facsimile, the facsimile is placed in a secure location.
3.0 Storage of Credit Card Details
3.1Compass Pools is committed to ensuring that credit card details are held securely. Compass Pools will take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure by adopting the following practices:
- ensuring that credit card details are stored in a secure and protected manner such as locked filing cabinets;
- where possible, removing any credit card details from Compass Pools networked computers;
- ensuring that appropriate staff only have access to credit card details; and
- ensuring information is transferred securely (for example, not transmitting credit card details via e-mail).
- ensure that our computers are protected where necessary with security/antivirus/firewall software.
- confidentiality requirements on the use of information by Compass Pools employees;
- policies on document storage and security;
- security measures for access to the Compass Pools computer systems;
- controlling access to the Compass Pools premises;
- web site protection measures.
3.3 Credit Card details may be required to be stored onsite or in an easily accessible location for 12 months for charge back purposes. After 12 months, credit card details may be moved offsite providing the credit card details are stored in a secure location.
3.4 Credit card details must be stored for the length of time prescribed by the Records Disposal Authority.
4.0 Destruction of Credit Card DetailsCredit card details will be destroyed in a secure manner when they are no longer needed by Compass Pools. Examples of destruction in a secure manner include shredding, pulping or disintegration of paper files, fire , encryption or scrubbing of credit card number or contracting an authorised disposal company for secure disposal.
5.0 For Further Information
For further information about this policy please contact us.
