Privacy Policy of www.metrotest.co.nz

This Application collects some Personal Data from its Users.

Personal Data collected for the following purposes and using the following services:

    • Analytics

      • Google Analytics, Google Analytics with anonymized IP and Google Ads conversion tracking

        Personal Data: Cookies and Usage Data

    • Contacting the User

      • Contact form

        Personal Data: address, city, company name, country, date of birth, email address, first name, gender, last name, phone number, profession, various types of Data and ZIP/Postal code

    • Handling payments

      • PayPal Payments Hub

        Personal Data: various types of Data as specified in the privacy policy of the service

      • PayPal Carrier Payments

        Personal Data: phone number and various types of Data as specified in the privacy policy of the service

    • Interaction with external social networks and platforms

      • Facebook Like button and social widgets, Google+ +1 button and social widgets, Twitter Tweet button and social widgets and PayPal button and widgets

        Personal Data: Cookies and Usage Data

    • Remarketing and behavioral targeting

      • AdRoll

        Personal Data: Cookies and Usage Data

    • Tag Management

      • Google Tag Manager

        Personal Data: Cookies and Usage Data

Further information about Personal Data

    • Credit Card Policy

      To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is transmitted using Transport Layer Security technology (TLS). All data is encrypted and stored using industry standard AES encryption. All our system are fully compliant with PCI-DSS requirements.


      Metrotest Ltd currently accepts VISA and MasterCard and has negotiated contracts for processing payment card transactions

      REFUNDS
      When a good or service is purchased using a payment card and a refund is necessary, the refund must be credited back to the account that was originally charged. Refunds in excess of the original sale amount or cash refunds are prohibited.

      MAINTAINING SECURITY
      Departments and administrative areas accepting payment cards on behalf of Metrotest Ltd are subject to the Payment Card Industry Data Security Standards (PCI DSS).
      Metrotest Ltd prohibits the transmission of cardholder data or sensitive authentication data via email or unsealed envelopes through campus mail as these are not secure.
      Metrotest Ltd restricts access to cardholder data to those with a business “need to know.”
      For electronic media, cardholder data shall not be stored on servers, local hard drives, or external (removable) media including floppy discs, CDs or thumb (flash) drives unless encrypted and otherwise in full compliance with PCI DSS.
      For paper media, cardholder data shall not be stored unless approved for legitimate business purposes.

      RESPONSIBILITIES
      Merchant Department Responsible Persons (MDRPs) are responsible for:
      Executing on behalf of the relevant Merchant Department, Payment Card Account Acquisition or Change Procedures.
      Ensuring that all employees (including the MDRP), contractors and agents with access to payment card data within the relative Merchant Department acknowledge on an annual basis and in writing that they have read and understood this Policy.
      Ensuring that all payment card data collected by the relevant Merchant Department in the course of performing business, regardless of whether the data is stored physically or electronically is secured. Data is considered to be secured only if all of the following criteria are met:
      Only those with a "need-to-know" are granted access to payment card and electronic payment data;
      Email should not be used to transmit credit card or personal payment information. If it should be necessary to transmit credit card information via email only the last four digits of the credit card number can be displayed;
      Credit card or personal information is never downloaded onto any portable devices or media such as USB flash drives, compact disks, laptop computers or personal digital assistants;
      Fax transmissions (both sending and receiving) of credit card and electronic payment information occurs using only fax machines which are attended by those individuals who must have contact with payment card data to do their jobs;
      The processing and storage of personally identifiable credit card or payment information on computers and servers is prohibited;
      Only secure communication protocols and/or encrypted connections to the authorized vendor are used during the processing of eCommerce transactions;
      The three or four digit validation code printed on the payment card is never stored in any form;
      The full contents of any track data from the magnetic stripe are never stored in any form;
      The personal identification number (PIN) or encrypted PIN block are never stored in any form;
      The primary account number (PAN) is rendered unreadable anywhere it is stored;
      All but the last four digits of any credit card account number are masked when it is necessary to display credit card data;
      All media containing payment card or personal payment data is retained no longer than a maximum of six (6) months and then destroyed or rendered unreadable.
      The Director, Information Security Management and Compliance shall maintain currency with the requirements of the PCI DSS and related requirements to ensure that this policy remains current and shall coordinate and lead any response to a security breach involving cardholder data.
      The Manager and Accounts Department shall:
      Provide training to ensure that merchants are trained in accepting and processing payment cards in compliance with this policy;
      Work with external vendors and coordinate payment card policies, standards, and procedures;
      Serve as liaison between Financial Management Services, Information Technology Services, and the merchant for Payment Card account acquisition or change procedures;
      and
      Review and modify the Application for Payment Card Account Acquisition or Change as necessary.

      Internal Auditing Services shall:
      Periodically review merchant compliance with this policy and the Payment Card Industry (PCI) Data Security Standards (DSS);
      Identify unapproved payment applications or external vendors that collect payment card data on behalf of Metrotest Ltd and notify the Company.

      WIRELESS TECHNOLOGY
      Metrotest Ltd discourages the use of wireless technology to process or transmit cardholder data. Requests for Payment Card Account Acquisition or Change that include the use of wireless technology will be reviewed on a case by case basis and shall carefully consider the need for the technology against the risk of a non-secure payment environment.
      If the use of wireless technology is approved, the storage of cardholder data on local hard drives, floppy disks or other external media is prohibited. It is also prohibited to use cut-and-paste and print functions during remote access. Activation of modems for vendors will be permitted only when no other alternative is available and will be immediately deactivated after use.

      TRAINING
      Employees who are expected to be given access to cardholder data shall be required to complete upon hire, and at least annually thereafter, security awareness training focused on cardholder data security. Employees shall be required to acknowledge at least annually that they have received training, understand cardholder security requirements, and agree to comply with these requirements.

    • Selling goods and services online

      The Personal Data collected are used to provide the User with services or to sell goods, including payment and possible delivery.
      The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment envisaged. The kind of Data collected by this Application depends on the payment system used.

Contact information

    • Owner and Data Controller

      Metrotest
      211 Middle Renwick Road
      Springslands, Marlborough
      New Zealand 7271

      Owner contact email: info@metrotest.co.nz