Personal Data collected for the following purposes and using the following services:
Analytics
Google Analytics, Google Analytics with anonymized IP and Google Ads conversion tracking
Personal Data: Cookies; Usage Data
Contacting the User
Contact form
Personal Data: address; city; company name; country; date of birth; email address; first name; gender; last name; phone number; profession; various types of Data; ZIP/Postal code
Handling payments
PayPal Payments Hub
Personal Data: various types of Data as specified in the privacy policy of the service
PayPal Carrier Payments
Personal Data: phone number; various types of Data as specified in the privacy policy of the service
Interaction with external social networks and platforms
Facebook Like button and social widgets, Google+ +1 button and social widgets, Twitter Tweet button and social widgets and PayPal button and widgets
Personal Data: Cookies; Usage Data
Remarketing and behavioral targeting
AdRoll
Personal Data: Cookies; Usage Data
Tag Management
Google Tag Manager
Personal Data: Usage Data
Further information about Personal Data
Credit Card Policy
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is transmitted using Transport Layer Security technology (TLS). All data is encrypted and stored using industry standard AES encryption. All our system are fully compliant with PCI-DSS requirements.
Hall Electrical Ltd currently accepts VISA and MasterCard and has negotiated contracts for processing payment card transactions
REFUNDS
When a good or service is purchased using a payment card and a refund is necessary, the refund must be credited back to the account that was originally charged. Refunds in excess of the original sale amount or cash refunds are prohibited.
MAINTAINING SECURITY
Departments and administrative areas accepting payment cards on behalf of Hall Electrical Ltd are subject to the Payment Card Industry Data Security Standards (PCI DSS).
Hall Electrical Ltd prohibits the transmission of cardholder data or sensitive authentication data via email or unsealed envelopes through campus mail as these are not secure.
Hall Electrical Ltd restricts access to cardholder data to those with a business “need to know.”
For electronic media, cardholder data shall not be stored on servers, local hard drives, or external (removable) media including floppy discs, CDs or thumb (flash) drives unless encrypted and otherwise in full compliance with PCI DSS.
For paper media, cardholder data shall not be stored unless approved for legitimate business purposes.
RESPONSIBILITIES
Merchant Department Responsible Persons (MDRPs) are responsible for:
Executing on behalf of the relevant Merchant Department, Payment Card Account Acquisition or Change Procedures.
Ensuring that all employees (including the MDRP), contractors and agents with access to payment card data within the relative Merchant Department acknowledge on an annual basis and in writing that they have read and understood this Policy.
Ensuring that all payment card data collected by the relevant Merchant Department in the course of performing business, regardless of whether the data is stored physically or electronically is secured. Data is considered to be secured only if all of the following criteria are met:
Only those with a “need-to-know” are granted access to payment card and electronic payment data;
Email should not be used to transmit credit card or personal payment information. If it should be necessary to transmit credit card information via email only the last four digits of the credit card number can be displayed;
Credit card or personal information is never downloaded onto any portable devices or media such as USB flash drives, compact disks, laptop computers or personal digital assistants;
Fax transmissions (both sending and receiving) of credit card and electronic payment information occurs using only fax machines which are attended by those individuals who must have contact with payment card data to do their jobs;
The processing and storage of personally identifiable credit card or payment information on computers and servers is prohibited;
Only secure communication protocols and/or encrypted connections to the authorized vendor are used during the processing of eCommerce transactions;
The three or four digit validation code printed on the payment card is never stored in any form;
The full contents of any track data from the magnetic stripe are never stored in any form;
The personal identification number (PIN) or encrypted PIN block are never stored in any form;
The primary account number (PAN) is rendered unreadable anywhere it is stored;
All but the last four digits of any credit card account number are masked when it is necessary to display credit card data;
All media containing payment card or personal payment data is retained no longer than a maximum of six (6) months and then destroyed or rendered unreadable.
The Director, Information Security Management and Compliance shall maintain currency with the requirements of the PCI DSS and related requirements to ensure that this policy remains current and shall coordinate and lead any response to a security breach involving cardholder data.
The Manager and Accounts Department shall:
Provide training to ensure that merchants are trained in accepting and processing payment cards in compliance with this policy;
Work with external vendors and coordinate payment card policies, standards, and procedures;
Serve as liaison between Financial Management Services, Information Technology Services, and the merchant for Payment Card account acquisition or change procedures;
and
Review and modify the Application for Payment Card Account Acquisition or Change as necessary.
Internal Auditing Services shall:
Periodically review merchant compliance with this policy and the Payment Card Industry (PCI) Data Security Standards (DSS);
Identify unapproved payment applications or external vendors that collect payment card data on behalf of Metrotest Ltd and notify the Company.
WIRELESS TECHNOLOGY
Metrotest Ltd discourages the use of wireless technology to process or transmit cardholder data. Requests for Payment Card Account Acquisition or Change that include the use of wireless technology will be reviewed on a case by case basis and shall carefully consider the need for the technology against the risk of a non-secure payment environment.
If the use of wireless technology is approved, the storage of cardholder data on local hard drives, floppy disks or other external media is prohibited. It is also prohibited to use cut-and-paste and print functions during remote access. Activation of modems for vendors will be permitted only when no other alternative is available and will be immediately deactivated after use.
TRAINING
Employees who are expected to be given access to cardholder data shall be required to complete upon hire, and at least annually thereafter, security awareness training focused on cardholder data security. Employees shall be required to acknowledge at least annually that they have received training, understand cardholder security requirements, and agree to comply with these requirements.
Selling goods and services online
The Personal Data collected are used to provide the User with services or to sell goods, including payment and possible delivery.
The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment envisaged. The kind of Data collected by this Application depends on the payment system used.