The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.
All transactions are transmitted securely with 'Ecwid' and 'Stripe'. See below
Ecwid does not actually handle your customers’ credit card information. In fact, we don’t collect, store, or process such data in any way. Rather, Ecwid supports a number of popular payment gateways that processes your customers payment information. These payment processors can be divided into two groups based on the way they interact with Ecwid.
Payments on the payment processor’s secure page
When a customer places an order, Ecwid sends the order information to the payment processor and securely redirects the customer to the payment gateway’s web page where they enter their credit card information. When payment is complete, the payment processor sends a reply (callback) confirming payment to Ecwid.
Payments completed without leaving the store page
Some payment processors (Stripe, Square, etc.) are integrated with Ecwid differently. With these payment processors, customers are not redirected. Instead, they see a payment form right on the store’s checkout page.
In this case Ecwid works within a customer’s browser. This way, when a customer enters their credit card information, the data is not transferred to the server where your website or store is located. Ecwid connects directly to the payment gateway via a highly secure channel and sends a request with the order information. This information is not transferred to Ecwid servers, does not pass through, and is not stored by us. The payment gateway performs all operations with this data and returns a callback confirming payment to Ecwid.
This solution was verified and approved by Qualified Security Assessor (QSA).
PCI DSS stands for Payment Card Industry Data Security Standard, and Ecwid is a PCI DSS validated Level 1 Service Provider. This is the highest international standard for secure data exchanges for online stores and payment systems.
See Ecwid’s Attestation of Compliance with PCI DSS for Level 1 Service Providers.
All data in your Ecwid store — products, customers, general information — is stored with Ecwid. We regularly scan Ecwid for breeches and protect this information with software updates and backups of your stores’ information. We store our data on Amazon Web Services — the most reliable and secure hosting solution.
Security is one of the biggest considerations in everything we do. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security at Stripe.
Stripe forces HTTPS for all services using TLS (SSL), including our public website and the Dashboard.
We regularly audit the details of our implementation: the certificates we serve, the certificate authorities we use, and the ciphers we support. We use HSTS to ensure browsers interact with Stripe only over HTTPS. Stripe is also on the HSTS preloaded lists for both Google Chrome and Mozilla Firefox.
All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in separate hosting infrastructure, and doesn’t share any credentials with Stripe’s primary services (API, website, etc.).
• Internet Explorer: - http://windows.microsoft.com/en-GB/windows7/Block-enable-or-allow-cookies
• Google Chrome: - https://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95647&p=cpn_cookies
• Mozilla Firefox: - http://support.mozilla.org/en-US/kb/Blocking%20cookies
• Apple Safari: - http://docs.info.apple.com/article.html?artnum=32467
We use 'Google Analytics' to determine where page visitors come from and monitor if there are any malicious attempts to hack into the site.
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 1998. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.
This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are NEVER passed on to any third parties.
Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites.)
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
If you are or decide to become a member the only information gathered is an email address. Email addresses are not stored on a database, only within the confines of this secure website.
© 2023Thundridge Community Orchard All rights reserved Built on Concrete Log in