Credit Card Policy Statement:
LEP Colour Printers (“LEP”) values the privacy of credit card information and is committed to protecting the credit card details it holds and uses.
This policy outlines how LEP intends to collect, store and destroy credit card details.
The policy is based on the following principles:
- LEP must take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modification and disclosure.
- It is a necessary condition for LEP to provide credit card facilities to its customers for the payment of services and goods provided by LEP.
LEP may consider the following matters when adopting reasonable steps to protect the credit card information it holds:
- The sensitivity of credit card details and an individual’s expectations that this information will be protected from misuse and loss and from unauthorised access, modification and disclosure;
- The harm likely to result if there is a breach of security; and
- The form in which the information is stored (e.g. on paper or electronically) processed and transmitted.
All LEP staff.
1. Application of Policy
This policy is designed to deal with situations where an individual or business provides details of their credit card to LEP. The policy is also designed to ensure that LEP will store and destroy credit card details in a manner which protects the credit card details from:
- unauthorised access;
- unauthorised modification; and
- unauthorised disclosure.
2. Collection of Credit Card Details
LEP is committed to ensuring that credit card details are collected in a secure manner. LEP will take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modification and disclosure during collection by adopting the following practices:
- preventing, where possible, individuals from providing credit card details in an email;
- ensuring that where credit card details are collected online, encryption in accordance with LEP’s Security Policy is included within the company’s internet web page, My LEP, databases and other supporting programs;
- only collecting credit card details in an appropriate environment, for example not requesting credit card details verbally in a public place; and
- ensuring that when credit card details are collected via facsimile, the facsimile is placed in a secure location.
3. Storage of Credit Card Details
3.1. LEP is committed to ensuring that credit card details are held securely. LEP will take reasonable steps to protect the credit card details it holds from misuse and loss and from unauthorised access, modification and disclosure by adopting the following practices:
- ensuring that credit card details are stored in a secure and protected manner such as locked filing cabinets;
- ensuring that EFPTOS machines and other devices used to collect credit card details are stored securely, particularly when they are not in use (eg overnight);
- ensuring that appropriate staff only have access to credit card details; and
- ensuring information is transferred securely (for example, not transmitting credit card details via e-mail).
3.2. Credit card details may be stored in hard copy documents. If credit card details are stored as electronic data appropriate security measures must be utilised in accordance with LEP’s Security Policy. Some of the ways LEP seeks to protect credit card details include the following:
- policies on document storage and security;
- security measures for access to LEP’s computer systems;
- controlling access to LEP’s premises;
- website protection measures.
3.3. For customers on a Trading Account, credit card details are stored on site as per the customer’s request for the purposes of settling monthly accounts.
3.4. Payments processed via credit card through the My LEP ordering system are not stored, they are passed to the bank for the purposes of processing the payment and then discarded.
3.5. Any Credit Card number stored on site must be stored for the length of time prescribed by the Records Disposal Authority.
4. Destruction of Credit Card Details
Credit card details will be destroyed in a secure manner when they are no longer needed by LEP. Examples of destruction in a secure manner include shredding, pulping or disintegration of paper files, fire, confidential disposal in accordance with any guidelines provided by government legislation, encryption or scrubbing of credit card number or contracting an authorised disposal company for secure disposal.
5. For Further Information
For further information about this policy please contact:
1/84 Sandalwood Lane
Forest Glen, 4556
Telephone: +61 7 5458 3800
Facsimile: +61 7 5458 3899
Or refer to LEP’s Security Policy.
6. Obligations of Staff
If a staff member collects credit card details on LEP Colour Printer’s behalf, the staff member must meet the relevant requirements of this policy in relation to the storage of credit card details.
7. Disciplinary Action for Breach of Policy
If a staff member breaches this policy, depending on the circumstances it may be regarded as misconduct or poor performance and this may result in action being taken in accordance with the provisions set out in the individual’s employment contract.
8. Change of Policy
LEP may change this policy from time to time without prior notice.
All staff should be aware of, read, understand and comply with the procedures set out in this policy.