1/ What information do we hold and how do we obtain it?
Generally we receive information directly from you when you place an order with us to buy our goods. Such information includes your name, address, telephone number and credit card details. You may also provide your email address if you sign up to be notified from time to time about our future goods and services.
For our customers' protection, we always check a certain percentage of our orders at random to confirm the details of the order match those of the cardholder on file. For this reason, we may ask you for some additional information. This would be a copy of the front and back of the card used to make the purchase, or a copy of a photo ID such as a valid drivers license or passport. We will also require some proof of address along with the copy of the photo ID.
2/ For what purposes do we use your information?
We use your information for a number of purposes including: - to perform our contractual obligations to you and to ensure that goods are supplied to you as efficiently as possible - for other non-contractual reasons.
Supplying goods to you
3/ We may use your information:
- To identify and maintain records of your purchases with us
- To ensure that the goods and services we offer to you are appropriate for your needs
- To respond to any query you may raise with us about our goods
- To update our systems for providing you with an enhanced service
4/ Other purposes:
We will also use information about you for purposes upon which the provision of our goods and services are not necessarily dependent.
- Disclose information about you to third party agencies for credit checking purposes (which information may be shared with otherorganisations for the same purpose)
- Use information about you to inform you (by post email or telephone) about other services we offer or which are offered by other companies within our group or any of the other companies with which we work
- Use information about your account with us for our internal customer service monitoring and training purposes
5/ Transfers overseas
Please note that disclosures we may make may take place via electronic means and may involve the transfer of personal data relating to you to countries outside the European economic area, which countries do not have in place adequate rules relating to data protection and privacy of personal data.
6/ Sale of our business
You acknowledge that data you provide to us may be transferred to any person, firm or company to whom we sell the whole or a substantial part of our business or to whom we transfer any of our rights or obligations under a contract with you.
6/ Taking care of your data
We will endeavour to keep any information, which we hold, about you up to date and accurate. To help us to do this, please keep us informed if any of your details change. See further details listed below.
We will at all time Endeavour to protect your data against unauthorised use.
7/ Electronic control of access to data
Only authorised staff should have access to data or information processing facilities.
8/ The following controls have been put in place:
- We encrypt data maintained on our databases or files accessible via the Internet as this is a common cause of compromise.
- We vet all personel.
- We identity individual users of information processing facilities, assign a unique User identification and password sequence (USER ID) to each individual user of information
- processing systems.
- We hold each individual accountable for all activity performed under his or her USER ID.
- We require that each use of a USER ID be traceable to the individual who logs on.
- We do not use vendor-supplied system passwords and other security parameters, we change them.
- We have set procedures for suspending and revoking USER IDs.
- We update USER ID passwords monthly or as often as is deemed suitable.
- We Block the USER ID of anyone who leaves the business or department.
- We use the USER ID system to set up a clear audit trail to track access to data.
- We destroy all redundant and damaged media (hard discs, servers, floppy discs etc).
- Access to our terminals is restricted and all processing departments are secure.
- We operate a clean desk policy.
9/ Computer Viruses
The following controls have been put in place:
- We use anti-virus software developed by a reputable supplier.
- We update anti-virus software regularly.
- We use virus detection software to scan computers and media for known viruses.
- We use virus repair software with caution and only where virus characteristics are fully understood and the correct repair is certain.
- We have banned unauthorised software.
- We regularly review the software and data content of systems supporting critical business processes.
- We investigate the presence of unknown files or unauthorised amendments.
- We virus check all media coming from outside the business.
- We have a set procedure for reporting and recovering from virus attacks.
- We have a business continuity plans for virus attacks, including data and software back-up and recovery.
- We keep security patches for software up to date.
- We regularly test security systems and procedures.
- We have installed and maintain a network firewall.
- We encrypt data sent across networks.
The following controls have been put in place:
- We encrypt all data sent via E-mail.
- We ensure all e-mail is for business use only.
- We review and delete messages regularly.
- We securely archive any messages that need to be retained off the server.
- We discourage the use of executable code (˜exe" files) received via e-mail.
If this is essential, we make sure that virus detection and prevention measures are used.
- If alternate users work with the same computer, we make sure that the alternate user cannot exceed their authority.
- We require employees to report any e-mail abuse to the appropriate department or person.
- We preserve the confidentiality of any sensitive information that is accidentally revealed to us.
- We keep e-mail records including a record of deletions.
11/ We have implemented a stringent staff policy:
- e-mail reviews are a condition of use (e.g. the monitoring and review of all email messages, sent and received, can occur at any time without notice).
- As part of employment policy, we may discipline employees for using racial, religious, or sexual abuse, threatening, or discriminatory language via company e-mail
- e-mail users are personally responsible for the security of information in their messages.
12/ Telephone, Fax and Paper
Information that comes in by telephone, by fax or in the post is handled with care.
- We collect and file securely all documents that contain personal data, order information and or cardholder information, such as order forms, carbons, fax printouts and paper copies of telephoned orders.
- Documents are locked away securely after use.
- We make sure that staff handling telephone sales, ask callers only for appropriate cardholder information.
- We monitor all "customer facing" telephone calls, including sales calls.
- Paper transaction records are shredded.
13/ If Compromised
If we believe that cardholder information has been obtained by an unauthorised person or company, this fact must and will be reported to Streamline and the appropriate authorities as soon as possible together with details of all the account numbers involved and all the circumstances of the compromise.