IT Requirements for the Eyelation Kiosks



Similar documents
Website Privacy Policy

Website Privacy Policy Statement York Rd Lutherville, MD We may be reached via at

Privacy Policy and Notice of Information Practices

ACA is committed to protecting your privacy. ACA ( we, us or our ) safeguards your personal information to maintain member trust.

Collection and Use of Information

Privacy Policy/Your California Privacy Rights Last Updated: May 28, 2015 Introduction

INTRODUCTION We respect your privacy and are committed to protecting it through our compliance with this privacy policy.

Privacy Policy. log in to the Services with social networking credentials;

Website Privacy Policy Statement

ailexpert MailExpert Security form

MYACCLAIM PRIVACY POLICY

Privacy Policy. If you have questions or complaints regarding our Privacy Policy or practices, please see Contact Us. Introduction

WEBSITE PRIVACY POLICY. Last modified 10/20/11

If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us.

TERMS OF USE & GENERAL PRIVACY POLICY

PRIVACY POLICY. I. Introduction. II. Information We Collect

PRIVACY POLICY. What Information Is Collected

CUSTOMER INFORMATION COMMZOOM, LLC PRIVACY POLICY. For additional and updated information, please visit our website at

AdvancedMD Online Privacy Statement

Privacy Policy Version 1.0, 1 st of May 2016

Maximum Global Business Online Privacy Statement

PRIVACY POLICY. Last updated February 2, 2009 INTRODUCTION

Page 1 of 15. VISC Third Party Guideline

Privacy Policy MacID. Document last updated Sunday, 28 December 2014 Property of Kane Cheshire

IBM Security QRadar Vulnerability Manager Version User Guide

Security & Infra-Structure Overview

Thank you for visiting this website, which is owned by Essendant Co.

What are cookies and how does Glendale Career College use them?

RezScore SM Privacy Policy

Privacy Policy. Effective Date: November 20, 2014

REQUEST FOR PROPOSAL: A NEW AUDITING SOLUTION FOR WINDOWS FILE AND DATABASE SERVERS

Accepting Payment Cards and ecommerce Payments

McZeely Coterie, LLC Privacy Notice. Effective Date of this Privacy Notice: February 11, 2015.

1. TYPES OF INFORMATION WE COLLECT.

PRIVACY POLICY (Update 1) FOR ONLINE GIVING FOR THE UNITED METHODIST CHURCH

Privacy Policy - LuxTNT.com

We may collect the following types of information during your visit on our Site:

ETHICAL ELECTRIC PRIVACY POLICY. Last Revised: December 15, 2015

Green Pharm is committed to your privacy. We disclose our information practices below and we agree to notify you of:

DESTINATION MELBOURNE PRIVACY POLICY

Introduction PriorFX LTD Right to Privacy Information

Privacy Policy. Peeptrade LLC ( Company or We ) respect your privacy and are committed to protecting it through our compliance with this policy.

Privacy Policy & Terms of Use Effective: 12/13/2011. Terms and Conditions. Changes in this Privacy Policy. Internet Privacy & Security

8 Securities Limited ( 8Sec ) reserves the right to update and change the TOS from time to time without notice or acceptance by you.

M&T BANK CANADIAN PRIVACY POLICY

Welcome to Highlands State Bank Internet Banking Center. Important Information for New Users. System Security and Browser Information

Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.

INDEX PRIVACY POLICY...2

CHIS, Inc. Privacy General Guidelines

Rise Broadband Networks, Inc. Privacy Policy and Customer California Privacy Rights. Effective date: January, 2016

Mobilebits Inc. Privacy Policy

Paladin Computers Privacy Policy Last Updated on April 26, 2006

Online Lead Generation: Data Security Best Practices

Security Information & Policies

Measurabl, Inc. Attn: Measurabl Support 1014 W Washington St, San Diego CA,

WASHINGTON STATE UNIVERSITY MERCHANT ACCOUNT AGREEMENT FOR UNIVERSITY DEPARTMENTS

Please read this Policy carefully. Your continued use of our sites means that you understand and consent to the terms of this Policy.

Xerox Mobile Print Cloud

Vyve Broadband Website Privacy Policy. What Information About Me Is Collected and Stored?

UW Platteville Credit Card Handling Policy

Payment Cardholder Data Handling Procedures (required to accept any credit card payments)

Georgia Institute of Technology Data Protection Safeguards Version: 2.0

Your use of this site is subject to the following privacy policy statement and the web site terms of service.

POLICY & PROCEDURE DOCUMENT NUMBER: DIVISION: Finance & Administration. TITLE: Policy & Procedures for Credit Card Merchants

ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

ZIMPERIUM, INC. END USER LICENSE TERMS

IDT Financial Services Limited. Prime Card Privacy Policy

3Degrees Group, Inc. Privacy Policy

HIPAA Audit Risk Assessment - Risk Factors

Replicated Website & Back-Office Privacy Policy

Password Management. Password Management Guide HMS 9700

Transcription:

Internet access & power at the kiosk site IT Requirements for the Eyelation Kiosks We prefer a wired network port and standard 120v power outlet at the physical kiosk location for the best speed and reliability. Only web access is required; we do not need access to your company's network. Specifically, we require web access on ports 80/443 to https://www.eyelation.com, https://www.sagepayments.net, and https://www.logmein.com If your company uses a proxy server, please provide us with the information or have someone from your IT team available on install day to assist in connecting the kiosk. If your company will require the computer to be joined to your domain for Internet access, please let us know in advance and have someone available with the appropriate credentials on the day of installation. Software Please confirm your network administrators are fine with the following software running on our kiosk machine: Google Chrome in kiosk mode (as a shell replacement for explorer.exe) Java Adobe Flash Microsoft Security Essentials Remote Access We perform monthly updates remotely using LogMeIn. If your company does not wish us to have remote access, we will request that somebody from your IT team be responsible for assisting us with any kiosk issues. Network Firewall Setup Specific IP addresses to which the kiosk needs access are as follows: eyelation.com 65.98.97.74 sagepayments.net 206.16.232.74 LogMeIn.com 74.201.74.1-74.201.75.254 216.52.233.1-216.52.233.254 69.25.20.1-69.25.21.254 64.94.18.1-64.94.18.254 77.242.192.1-77.242.193.254 212.118.234.0-212.118.234.254 64.74.103.0-64.74.103.254 64.94.46.0-64.94.47.254

Kiosk Details Footprint: 4 x4 ; Height: approx. 6 Components: PC (hidden inside unit), touchscreen monitor, webcam, scanner, magnetic card swipe Screenshots A video demo of the kiosk in action can be found at www.eyelation.com.

Information Security Practices Encrypted Data Transmission Eyelation maintains a 128 bit security certificate with Comodo. All data transmitted between the kiosks and our server is encrypted, as well as any data transmitted when logged into the administrative back end. PCI Compliance Eyelation is fully PCI compliant. Our servers are scanned monthly for vulnerabilities and must pass that testing to maintain compliance. Credit Card Data Eyelation does not store credit card data in any of its systems. All credit card information is encrypted at the swipe before it ever passes through our system. That encrypted string is sent to the card processor, which returns a code letting us know if the card was approved. The card processor maintains records of each transaction that can be used to issue credits if necessary without Eyelation staff seeing the number. Database Encryption The Eyelation database is stored encrypted, and sensitive data fields are encrypted within the database. HIPAA Compliance Eyelation is compliant with the HIPAA regulations. Data Retention and Backup Eyelation stores all data on its own physical hardware maintained by DedicatedNOW in Clifton, NJ. DedicatedNOW manages this hardware for Eyelation, including server and network support. Data is backed up weekly (in full) and daily (in increments). Offsite backups are stored with an EC2 instance on Amazon Web Services. Eyelation follows the HIPAA minimum data retention period of six years for customer data, which includes employee photographs and prescription information. When a customer uploads updated prescription information, we retain the previous data retained and make it available only to administrators who may need to reference it. User profiles (and related data) are soft-deleted in the database. Profiles (and related data) that have been soft-deleted for a period of six years or greater are then hard-deleted. Controlled Access to Sensitive Information Employee prescription information is only used for the fabrication of glasses and never shared with any other party. Authorized distributors and customer administrators can view orders via Eyelation s administrative backend system, but are limited to the minimum information that is necessary for billing, verification, and administrative reporting purposes.

Eyelation collects and stores a minimum amount of personal information from employees: The employee s name, and at least one additional piece of non-sensitive identifying information - such as a phone number, home address, email address, and/or badge number as the company and employee allow. Eyelation does not ever share data with 3rd parties except as provided for above. Users must read and acknowledge acceptance of our privacy policy the first time they log on to any of our kiosks. Eyelation s full privacy policy begins on the following page.

Eyelation Privacy Policy Notice of Information Practices and Privacy Statement for Eyelation 18501 Maple Creek Drive Suite 400 Tinley Park, IL 60477 888.308.4703 How We Collect Information About You: Eyelation collects data through a variety of means including but not necessarily limited to company- provided employee lists and information, letters, phone calls, emails, voice mails, and from the submission of a self- registry process that is either required by law, or necessary to process orders or other requests for assistance through our organization. What We Do Not Do With Your Information: Information about your financial situation and medical conditions and care that you provide to us in writing, via the ordering process, via email, on the phone (including information left on voice mails), contained in or attached to applications, or directly or indirectly given to us, is held in strictest confidence. We do not give out, exchange, barter, rent, sell, lend, or disseminate any information about applicants or clients who apply for or actually receive our services that is considered patient confidential, is restricted by law. How We Do Use Your Information: Information is only used as is reasonably necessary to process your order or to provide or obtain information which may require communication between Eyelation and eye care providers, medical product or service providers, and other providers necessary to: verify your medical information is accurate; determine the type of lenses or accessories you need. Any of the information we collect may be used in the following ways: To personalize your experience your information helps us to better respond to your individual needs. To improve our system we continually strive to improve our program offerings based on the information and feedback we receive from you. To improve and provide customer service your information helps us to more effectively respond to your customer service requests and support needs. To process transactions - your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivery the purchased product or service requested by the customer.

To send periodic emails - the email address you provide or provided by your company for order processing may be used to send you information and updates pertaining to your order or renewed eligibility, in addition to receiving occasional company news, updates, related product or service information, etc. To administer a contest, promotion, survey or other site feature If you apply or attempt to apply to receive assistance through us and provide information with the intent or purpose of fraud or that results in either an actual crime of fraud for any reason including willful or un- willful acts of negligence whether intended or not, or in any way demonstrates or indicates attempted fraud, your non- medical information can be given to legal authorities including police, investigators, courts, and/or attorneys or other legal professionals, as well as any other information as permitted by law. Information We Do Not Collect: We do not use cookies on our website to collect date from our site visitors. Limited Right to Use Non-Identifying Personal Information From Biographies, Letters, Notes, and Other Sources: Any pictures, stories, letters, biographies, correspondence, or thank you notes sent to us become the exclusive property of Eyelation. We reserve the right to use non- identifying information about our clients (those who receive services or goods from or through us) for fundraising and promotional purposes that are directly related to our mission. Clients will not be compensated for use of this information and no identifying information (photos, addresses, phone numbers, contact information, last names or uniquely identifiable names) will be used without client s express advance permission. You may specifically request that NO information be used whatsoever for promotional purposes, but you must identify any requested restrictions in writing. We respect your right to privacy and assure you no identifying information or photos that you send to us will ever be publicly used without your direct or indirect consent. Required Disclosure: We may disclose your personal information if required to do so by law or in the good- faith belief that such action is necessary to: (a) conform to any required legal requirements or comply with legal process served upon Eyelation, or (b) protect and defend the rights or property of Eyelation. No Guarantee: Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. Accordingly, and despite our efforts, Eyelation cannot guarantee or warrant the security of any information you transmit to us.

No Reproduction: No reproduction, distribution, republication or transmission of the material contained herein is permitted and is expressly prohibited unless the prior written consent of Eyelation is obtained. Your Consent: By placing an order through our kiosk and/or website, you consent to our privacy policy. Changes to our Privacy Policy: If we decide to change our privacy policy, we will post those changes on our kiosk page. This policy was last modified on 7/13/2012

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information