Privacy Policy of www.jamesblondltd.co.nz

This Application collects some Personal Data from its Users.

Personal Data collected for the following purposes and using the following services:

    • Analytics

      • Google Analytics

        Personal Data: Cookies and Usage data

      • Analytics collected directly, Facebook Ads conversion tracking and Google AdWords conversion tracking

        Personal Data: Cookies and Usage Data

    • Contacting the User

      • Mailing List or Newsletter

        Personal Data: country, email address, first name, last name and phone number

    • Content commenting

      • Facebook Comments

        Personal Data: Cookies and Usage data

    • Interaction with external social networks and platforms

      • Facebook Like button and social widgets and Google+ +1 button and social widgets

        Personal Data: Cookies and Usage data

    • Remarketing and behavioral targeting

      • AdRoll

        Personal Data: Cookies and Usage data

      • AdWords Remarketing and Facebook Remarketing

        Personal Data: Cookies and Usage Data

Further information about Personal Data

    • Credit Card Policy

      Credit Card Policy

      To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is transmitted using Transport Layer Security technology (TLS). All data is encrypted and stored using industry standard AES encryption. All our system are fully compliant with PCI-DSS requirements.


      James Blond 2017 Ltd currently accepts VISA and MasterCard and has negotiated contracts for processing payment card transactions

      REFUNDS
      When a good or service is purchased using a payment card and a refund is necessary, the refund must be credited back to the account that was originally charged. Refunds in excess of the original sale amount or cash refunds are prohibited.

      MAINTAINING SECURITY
      Departments and administrative areas accepting payment cards on behalf of James Blond 2017 Ltd are subject to the Payment Card Industry Data Security Standards (PCI DSS).
      James Blond 2017 Ltd prohibits the transmission of cardholder data or sensitive authentication data via email or unsealed envelopes through campus mail as these are not secure.
      James Blond 2017 Ltd restricts access to cardholder data to those with a business “need to know.”
      For electronic media, cardholder data shall not be stored on servers, local hard drives, or external (removable) media including floppy discs, CDs or thumb (flash) drives unless encrypted and otherwise in full compliance with PCI DSS.
      For paper media, cardholder data shall not be stored unless approved for legitimate business purposes.

      RESPONSIBILITIES
      Merchant Department Responsible Persons (MDRPs) are responsible for:
      Executing on behalf of the relevant Merchant Department, Payment Card Account Acquisition or Change Procedures.
      Ensuring that all employees (including the MDRP), contractors and agents with access to payment card data within the relative Merchant Department acknowledge on an annual basis and in writing that they have read and understood this Policy.
      Ensuring that all payment card data collected by the relevant Merchant Department in the course of performing business, regardless of whether the data is stored physically or electronically is secured. Data is considered to be secured only if all of the following criteria are met:
      Only those with a "need-to-know" are granted access to payment card and electronic payment data;
      Email should not be used to transmit credit card or personal payment information. If it should be necessary to transmit credit card information via email only the last four digits of the credit card number can be displayed;
      Credit card or personal information is never downloaded onto any portable devices or media such as USB flash drives, compact disks, laptop computers or personal digital assistants;
      Fax transmissions (both sending and receiving) of credit card and electronic payment information occurs using only fax machines which are attended by those individuals who must have contact with payment card data to do their jobs;
      The processing and storage of personally identifiable credit card or payment information on computers and servers is prohibited;
      Only secure communication protocols and/or encrypted connections to the authorized vendor are used during the processing of eCommerce transactions;
      The three or four digit validation code printed on the payment card is never stored in any form;
      The full contents of any track data from the magnetic stripe are never stored in any form;
      The personal identification number (PIN) or encrypted PIN block are never stored in any form;
      The primary account number (PAN) is rendered unreadable anywhere it is stored;
      All but the last four digits of any credit card account number are masked when it is necessary to display credit card data;
      All media containing payment card or personal payment data is retained no longer than a maximum of six (6) months and then destroyed or rendered unreadable.
      The Director, Information Security Management and Compliance shall maintain currency with the requirements of the PCI DSS and related requirements to ensure that this policy remains current and shall coordinate and lead any response to a security breach involving cardholder data.
      The Manager and Accounts Department shall:
      Provide training to ensure that merchants are trained in accepting and processing payment cards in compliance with this policy;
      Work with external vendors and coordinate payment card policies, standards, and procedures;
      Serve as liaison between Financial Management Services, Information Technology Services, and the merchant for Payment Card account acquisition or change procedures;
      and
      Review and modify the Application for Payment Card Account Acquisition or Change as necessary.

      Internal Auditing Services shall:
      Periodically review merchant compliance with this policy and the Payment Card Industry (PCI) Data Security Standards (DSS);
      Identify unapproved payment applications or external vendors that collect payment card data on behalf of James Blond 2017 Ltd and notify the Company.

      WIRELESS TECHNOLOGY
      James Blond 2017 Ltd discourages the use of wireless technology to process or transmit cardholder data. Requests for Payment Card Account Acquisition or Change that include the use of wireless technology will be reviewed on a case by case basis and shall carefully consider the need for the technology against the risk of a non-secure payment environment.
      If the use of wireless technology is approved, the storage of cardholder data on local hard drives, floppy disks or other external media is prohibited. It is also prohibited to use cut-and-paste and print functions during remote access. Activation of modems for vendors will be permitted only when no other alternative is available and will be immediately deactivated after use.

      TRAINING
      Employees who are expected to be given access to cardholder data shall be required to complete upon hire, and at least annually thereafter, security awareness training focused on cardholder data security. Employees shall be required to acknowledge at least annually that they have received training, understand cardholder security requirements, and agree to comply with these requirements.

Contact information

    • Data owner

      James Blond 2017 Ltd, 4004 Great North Road Kelston 0602, Auckland

      Owner contact email: info@jamesblond.co.nz