Collection, Storage and Destruction of Credit Card Details Policy

Policy Statement

Study Smart Online values the privacy of credit card information and is committed to protecting the credit card details it holds and uses.

This policy outlines how Study Smart Online intends to collect, store and destroy credit card details.

Principles

The policy is based on the following principles:

  • Study Smart Online must take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure.
  • It is a necessary condition for Study Smart Online to provide credit card facilities to individuals for the payment of services and goods provided by Study Smart Online.

Broad Overview

Study Smart Online may consider the following matters when adopting reasonable steps to protect the credit card information it holds:

  • The sensitivity of credit card details and an individual's expectations that this information will be protected from misuse and loss and from unauthorised access, modifications and disclosure;
  • The harm likely to result if there is a breach of security; and
  • The form in which the information is stored (e.g. on paper or electronically) processed and transmitted.

Application

All Study Smart Online staff.

Operative Date

Operative from 21 September 2009

1.0 Application of Policy

This policy is designed to deal with situations where a person provides details of their credit card to Study Smart Online . The policy is also designed to ensure that Study Smart Online will store and destroy credit card details in a manner which protects the credit card details from:

  • misuse;
  • loss;
  • unauthorised access;
  • unauthorised modification; and
  • unauthorised disclosure.

2.0 Collection of Credit Card Details

Study Smart Online is committed to ensuring that credit card details are collected in a secure manner. Study Smart Online  will take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure during collection by adopting the following practices:

  • preventing individuals from providing credit card details in an email;
  • ensuring that where credit card details are collected on-line, encryption in accordance with the company's IT Security Policy and IT Security Framework is included within the on-line web page, databases and other supporting programs;
  • only collecting credit card details in an appropriate environment, for example not requesting credit card details verbally in a public waiting room; and
  • ensuring that when credit card details are collected via facsimile, the facsimile is placed in a secure location.

3.0 Storage of Credit Card Details

3.1 Study Smart Online  is committed to ensuring that credit card details are held securely. Study Smart Online will take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modifications and disclosure by adopting the following practices:

  • ensuring that credit card details are stored in a secure and protected manner such as locked filing cabinets;
  • where possible, removing any credit card details from Study Smart Online  networked computers;
  • ensuring that EFPTOS machines and other devices used to collect credit card details are stored securely, particularly when they are not in use (e.g. overnight);
  • ensuring that appropriate staff only have access to credit card details; and
  • ensuring information is transferred securely (for example, not transmitting credit card details via e-mail).

3.2 Credit card details may be stored in hard copy documents. If credit card details are stored as electronic data appropriate security measures must be utilised in accordance with the compay's IT Security Policy and IT Security Framework. Some of the ways Study Smart Online seeks to protect credit card details include the following:

  • confidentiality requirements on the use of information by Study Smart Online  employees;
  • policies on document storage and security;
  • security measures for access to the Study Smart Online  computer systems;
  • controlling access to the Study Smart Online  premises;
  • web site protection measures.

3.3 Credit Card details are required to be stored onsite or in an easily accessible location for 12 months for charge back purposes. After 12 months, credit card details may be moved offsite providing the credit card details are stored in a secure location.

3.4 Credit card details must be stored for the length of time prescribed by the Records Disposal Authority.

4.0 Destruction of Credit Card Details

Credit card details will be destroyed in a secure manner when they are no longer needed by Study Smart Online . Examples of destruction in a secure manner include shredding, pulping or disintegration of paper files, fire , encryption or scrubbing of credit card number or contracting an authorised disposal company for secure disposal.

5.0 For Further Information

For further information about this policy please contact us.