Contents. Internal Standards ... Ethics and Business Standards. Privacy Policy ... Product Security ... WebMaestro Security ...



Similar documents
How We Use Your Personal Information On An Afinion International Ab And Afion International And Afinion Afion Afion

WEBSITE PRIVACY POLICY. Last modified 10/20/11

This Privacy Policy has been prepared by DEBTSUPPORTCENTRE (the Company, we or us)

Privacy Policy and Notice of Information Practices

Synapse Privacy Policy

Security Information & Policies

Profound Outdoors Privacy Policy

Maximum Global Business Online Privacy Statement

Privacy Policy/Your California Privacy Rights Last Updated: May 28, 2015 Introduction

IDT Financial Services Limited. Prime Card Privacy Policy

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:

Privacy Policy. Introduction. Scope of Privacy Policy. 1. Definitions

Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.

Bodywhys Privacy Policy

ChangeIt Privacy Policy - Canada

Privacy Statement. Privacy Practices and Feedback

How To Protect Visa Account Information

McZeely Coterie, LLC Privacy Notice. Effective Date of this Privacy Notice: February 11, 2015.

FOUR BLOCK FOUNDATION, INC. PRIVACY POLICY November 6, 2015

Privacy Policy. We have provided answers to the following important questions on our information practices:

Our collection of information

EXHIBIT 2. CityBridge Privacy Policy. Effective November 4, 2014

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:

stacktools.io Services Device Account and Profile Information

Tableau Online Security in the Cloud

PRIVACY POLICY. Last Revised: June 23, About this Privacy Policy.

RezScore SM Privacy Policy

Website Privacy Policy

Privacy Policy for Data Collected by Blue State Digital

Accepting Payment Cards and ecommerce Payments

Privacy Policy MacID. Document last updated Sunday, 28 December 2014 Property of Kane Cheshire

ONLINE PRIVACY POLICY

SECTION: SUBJECT: PCI-DSS General Guidelines and Procedures

MYACCLAIM PRIVACY POLICY

SchoolFront.com Privacy & Security

TargetingMantra Privacy Policy

Privacy Policy. 1. Principle

1. What information do we collect?

Website Privacy Policy Statement York Rd Lutherville, MD We may be reached via at

Nexed s Privacy Policy tells you what information we use, collect or disclose to third parties about our users.

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

Website Privacy Policy Statement

Security & Infra-Structure Overview

PRIVACY POLICY. I. Introduction. II. Information We Collect

DESTINATION MELBOURNE PRIVACY POLICY

EUROPA-PARK is bindingly committed to its online data protection policy

RDM on Demand Privacy Policy

PRIVACY POLICY The type of web browser and operating system you have used:

Print4 Solutions fully comply with all HIPAA regulations

IT Requirements for the Eyelation Kiosks

Mobilebits Inc. Privacy Policy

Vyve Broadband Website Privacy Policy. What Information About Me Is Collected and Stored?

Quorum Privacy Policy

Privacy Policy. This privacy policy describes how RiskJockey will use the information collected when you visit the RiskJockey website.

PRIVACY POLICY. Last updated February 2, 2009 INTRODUCTION

INTRODUCTION We respect your privacy and are committed to protecting it through our compliance with this privacy policy.

If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us.

What Personally Identifiable Information does EducationDynamics collect?

Copyright 2012, General Dynamics Information Technology. All Rights Reserved.

Privacy Policy Draft

Security Solutions for HIPAA Compliance Issues 1

ACA is committed to protecting your privacy. ACA ( we, us or our ) safeguards your personal information to maintain member trust.

1. INFORMATION WE MAY COLLECT FROM YOU 1.1 We may collect and process the following data about you:

PLEASE READ THESE TERMS AND CONDITIONS OF USE CAREFULLY. THESE TERMS AND CONDITIONS MAY HAVE CHANGED SINCE USER S LAST VISIT TO THIS SITE.

DentalTek Privacy Statement

H&R Block Digital Tax Preparation, Online, and Mobile Application Privacy Practices and Principles

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

Code of Conduct PLANSEE HPM Group

Realize Greater Profits As An Authorized Reseller Of Network Solutions nsprotect Secure SSL Certificates

2. What personal information do we collect and hold?

WHAT INFORMATION IS COLLECTED AT MOTOROLA.COM.VN AND/OR MOTOROLA.VN AND HOW IS IT PROCESSED AND USED?

Paladin Computers Privacy Policy Last Updated on April 26, 2006

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.

PRIVACY AND SECURITY POLICY

Europcar.co.uk collects personal data that you voluntarily provide. This information is collected when you:

BUSINESS CHICKS, INC. Privacy Policy

MIS Privacy Statement. Our Privacy Commitments

Overview This Policy discloses the online data collection and usage policies and practices for this Site only, including an explanation of:

Swedbank Payment Portal Implementation Overview

TITLE: SCCD ELECTRONIC INFORMATION RESOURCES

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

SOLITEC products or services for which a separate privacy policy is provided.

Web Sites Covered This policy covers NASBA.org and all other NASBA affiliated sites that link to this policy.

Dartmouth College Merchant Credit Card Policy for Processors

Plus500UK Limited. Statement on Privacy and Cookie Policy

How to complete the Secure Internet Site Declaration (SISD) form

provided by you upon registration at one of our websites or for one of our games;

PRIVACY POLICY. The Policy is incorporated into Terms of Use and is subject to the terms laid down therein.

La Cañada Unified School District Personnel Use of Technology Regulations (AR ) Also known as the Staff Technology and Internet Use Policy

CREDIT CARD MERCHANT PROCEDURES MANUAL. Effective Date: 5/25/2011

PRIVACY POLICY USER INFORMATION. Information you provide to us

DalPay Internet Billing. Technical Integration Overview

File: IJNDC-1 WEBSITE PRIVACY POLICY

1. TYPES OF INFORMATION WE COLLECT.

INFORMATION WE MAY COLLECT FROM YOU

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

Service Line Warranties of Canada PRIVACY STATEMENT

Estée Lauder Companies Global Jobs Website Privacy Policy

CSU, Chico Credit Card PCI-DSS Risk Assessment

Internet Explorer Services - What Makes Them Different?

Transcription:

Ethics and Security MaestroSoft, Inc. 1750 112th Avenue NE, Suite A200, Bellevue, WA 98004 425.688.0809 / 800.438.6498 Fax: 425.688.0999 www.maestrosoft.com

Contents Internal Standards Ethics and Business Standards 3 Privacy Policy 4 Product Security WebMaestro Security 5 AuctionMaestro Pro Security 7 IATS and PCI Compliance 8 2

Ethics and Business Standards As a company, we become a member of society in the cities and towns in which we conduct business, and we have a responsibility to respect that with every decision we make. A VISION FOR A BETTER WORLD Maestro is a company that empowers all employees with the rights and responsibilities of making decisions that affect our business. Our decisions shape our reputation within our industry and define us as a socially responsible company. COMMITMENT TO OUR CLIENTS Our clients are at the core of all that we do. Without our clients, we have no one to support, no one to innovate new products for, and no one to support our business. Our clients have chosen us over our competitors, and we must respect that at all times. Maestro employees must never forget the corporate vision set forth by our co-founder Michael Bader - that every client is special and valuable, and we must treat our clients like the respected charities, schools, foundations, and 501(c)(3) organizations that they are. This corporate vision affects the level of service we provide and the products we offer. Our conduct with our clients must remain a top priority. Listening to our clients and providing them the best level of service is what defines us as a company. Our conduct over phone and email will remain courteous and objective at all times, and in-person conduct will remain top notch with a clean and welcoming office space to make our clients feel at home. As a company, we become a member of society in the cities and towns in which we conduct business, and we have a responsibility to respect that with every decision we make. Our choices play a direct role in ensuring our presence in those societies remains positive, fair, and true to our corporate vision. Our products will continue to be reliable and innovative. The Feedback Portal on our company website has been put in place to capture client feedback about all parts of our business, and we will welcome comments through the portal, as well as phone, email, and in person. COMMITMENT TO RESPECT At Maestro we treat each other with total respect and dignity. Our office environment directly impacts our personal willingness to follow the standards of client conduct. We pride ourselves with being an Equal Opportunity Employer, and will not discriminate based on race, color, national origin, religion, sex, age, sexual orientation, disability, or genetic information. Without a workplace free of discrimination, harassment, and bullying - we ll never be able to meet the corporate culture standards of respect and dignity that matter most. COMMITMENT TO HONEST BUSINESS Maestro is committed to full compliance with the laws and regulations that apply to our business practices in all countries, states, and cities in which we do business. We compete only on the merits of our products and services. Our advertising and sales literature will never disparage our competitors. We will never say something about our products or services if we can not substantiate it. COMMITMENT TO IMPROVING OUR ETHICS AND BUSINESS PRACTICES Each year, following an ethics audit, we will make improvements to our ethics and business practices. We will strive to make Maestro a better company each year, and never lose sight of our clients best interests, our ambition to innovate, and our corporate vision. 3

Privacy Policy Our Website s Privacy Policy The MaestroSoft web site does not collect sensitive personal information. If you send us an e-mail with a question or comment, we will write back to you using your e-mail address. We may keep your question or comment and your e-mail address on file, but we will not disclose your e-mail address, or any personal specifics regarding your question or comment to any third party without your consent. In order to serve the community, we may include your question on a Frequently-Asked-Questions page, but should we do so we will make sure that your question will not in any way identify you. We will send newsletters and other communications to you via e-mail only if you have NOT asked to be excluded from such mailings. We will not sell or share any information that we collect from you. We restrict access to your personal information to company personnel only (and then, on a need-to-know basis) and have procedural safeguards in place to ensure that. We will share your information with a third party only as required to deliver products and services to you that you have requested from us. All photos and testimonials are posted to the MaestroSoft web site after we have received explicit written permission to do so. This website uses Google Analytics, a web analytics service provided by Google, Inc. ( Google ). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for MaestroSoft, Inc. and providing other services relating to website activity and internet usage. Maestro does not share any of this information with outside or third party companies. We may become an affiliate of one or more businesses. Should you follow a link from the MaestroSoft web site to an affiliate website, then you will be communicating directly with that affiliate and not with us, and you will be subject to that affiliate's privacy policy. 4

WebMaestro Security MaestroWeb uses the strongest available encryption (128-bit) for all password protected areas and role-based authentication. Our database, image and web servers are physically secured in a state-of-the-art data center in downtown Seattle, where they are monitored 24/7 and a backup power supply is available. All our servers are patched with the appropriate service packs and critical updates immediately when they are available. Further, our server configurations follow security best practices and prohibit access through non-essential ports. In addition to physically securing the SQL Server Database, all the database queries that MaestroWeb uses are precompiled in stored procedures. This means that the MaestroWeb application itself doesn t even have direct access to the SQL Server tables, but can only update the database by using these predefined queries. Roles-Based Authentication Further, MaestroWeb uses the.net framework and requires sign in authentication before users have access to the password protected areas of your site. MaestroWeb has extended this.net security with a role-based authentication system, which allows your site administrator to assign different levels of access among your administrative team. By default, everyone in your database is granted the User role and can access the public password-protected areas of your MaestroWeb site once they ve created or been assigned a password. Only people who are assigned one or more of the administrative roles ( Reports, Items, Registration, People or Administrator ) will have access to the administrative tools page on your MaestroWeb site. They ll then only be able to use specific administrative tools if they have been assigned the corresponding role. For example, a volunteer who has only been assigned the Reports role will only be able to view administrative reports, but not update items, people or event information. Secure Transmitting You ll notice that when you sign in and subsequently access all password protected areas of your MaestroWeb site, the URL in the address bar is https://secure. maestroweb.com/... and there is a padlock in your browser which links to our SSL Secured (128-bit) certificate. Our use of 128-bit encryption for all password-protected areas assures that all the information in your database is kept completely confidential during transmission between your browser and the MaestroWeb server. 5

Secure Payment Tools We offer online payment processing so that visitors to your MaestroWeb website can register for the auction dinner, make cash contributions, purchase merchandise, and/ or pay for item purchases. Each of our clients establishes an account with our payment processing partner: The payments are entered securely using MaestroWeb, so that the transaction can be immediately reflected in the client s event database. We securely transmit the credit card information to the payment gateway for processing and then only store the last four digits of the credit card number and authorization information in our database for reference. Learn about IATS at: http://www.iatspayments.com PCI Compliance As indicated above, MaestroWeb also doesn t actually process or store credit cards. 6

AuctionMaestro Pro Security Credit Card Collection Site During the event, credit card information is collected by the qcheck Registration Utility. This utility was built by IATS (our PCI compliant Credit Card Processor). Once the credit card information is collected it is stored in an encrypted format. This information may be stored in any or all of the following 3 locations: The AMPro Server This is the back room computer that is hosting the AMPro databases. The encrypted credit card information may be backed up to this computer. qcheck Registration Station This is a standalone laptop that is setup at the registration area. A client may setup any number of qcheck Registration Stations. The qcheck Registration Utility is setup and removed by the qcheck Station Manager. qcheck USB Drive A USB flash drive is used transfer data from the AMPro Server to the qcheck Registration Stations. This includes transferring the encrypted credit card data from the qcheck Registration Station back to the AMPro server. The IATS Server After the event is over, it is necessary to upload the client s credit card information to the IATS server. This is done using an encrypted connection created by the IATSLink.dll (provided by IATS.) IATS is PCI Compliant, certified by TrustWave. You can verify this status by visiting http://www.iatspayments.com/english/pci_compliance.html Once the data has been successfully uploaded to the IATS server all copies of the encrypted credit card data can be deleted. PCI Compliance AuctionMaestro Pro also does not actually store credit cards, and therefore does not need to be PCI Compliant itself. All information is stored by the IATS Registration Utility. 7

iats and PCI Compliance Some words about our processing partner IATS Payments provides payment processing products and services to over 9,000 clients around the world and specializes in services for nonprofit organizations. IATS draws on over 30 years of transaction processing experience to provide secure, simple and costeffective services for all major credit cards and direct debit (ACH). A First American Payment Systems Company, IATS is based in Vancouver, Canada. IATS Payments was established in 1996 and is focused exclusively on providing payment processing services to the nonprofit community. Their clients are located in the United States, Canada, the United Kingdom and throughout Europe. IATS is proud to have been issued a VeriSign certificate, which verifies that their site is SSL-secured at the very demanding 128-bit level of encryption. VeriSign issues three levels of certificate 40, 56 and 128-bit with the latter being the most secure level available anywhere in the world. The number of bits describes the length of the key used to secure the encrypted information. While the difference between 40 and 128 bits of encryption may not sound impressive, it is very significant. 128 bit keys are approximately 309 septillion times (309,485,000,000,000,000,000,000,000) larger than 40-bit keys. This high level of encryption makes breaking into an SSL session extremely difficult. If you happened to have a million computers testing a million possible keys every second, it would still take over 10 million years to test every combination and permutation available and that is only for 40- bit encryption; 128-bit SSL sessions are much more difficult to break. They do not, however, release information regarding the measures they use to keep their system secure to ensure this information can not be abused. IATS considers all personal information as confidential and they do not disclose personal information to any third parties. All employees of IATS with access to personal information are required as a condition of employment to respect the confidentiality of personal information. Also, IATS completes an annual audit process from a third party to verify they abide by the rules and regulations of the payment card industry standards. This is to ensure they can provide our mutual clients with the highest levels of security and fraud prevention. They are a Level 1 PCI Compliant company and this can be verified on the Visa website by using the following link. This will give you access to a listing of all the companies and merchant service providers who are PCI compliant. http://usa.visa.com/merchants/risk_management/cisp.html?ep=v_sym_cisp 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information