Protecting your privacy
THE BOTTOM LINE
At Boo9, our ethos is to be fair and transparent in everything we do in serving our customers. Frankly, we didn't need legislation to force us into protecting customers' data: we always have respected our customers' privacy. As a result, we never, ever share your information with third parties other than our highly-secure credit card processing partner (Stripe).
1. INTRODUCTION TO THE LEGAL STUFF
In this section “us” or “we” or “our” means or refers to Boo9 Limited.
1.1. We are committed to protecting and respecting the privacy of all visitors and users (the “website”).
1.4. For the purpose of the EU General Data Protection Regulation (GDPR), the Data Controller is
2. WHAT PERSONAL INFORMATION DO WE COLLECT?
2.1. We define “personal information” as information that is unique to you and might include your name, delivery address, credit/debit card number and expiration date, billing address, e-mail address, telephone number.
2.2. Personal information is only requested If you decide to place an order with us. That personal information request occurs after you click “Checkout”. You are then transferred to a trusted third party payment processing service (Stripe) to process your payment to us and we do not store your credit/debit card information.
2.3. Our payment processing service (Stripe) provides us only with your name and contact details so we can execute your order. That data is kept on our encrypted server until your order is shipped.
3. INFORMATION COLLECTED FROM CHILDREN
The website is a general audience website, and we do not knowingly collect information about children or sell products to children. Consistent with the Children’s Online Privacy Protection Act, we will not knowingly collect any information from children under the age of 13. If you are under the age of 13, you are not permitted to submit information to the website.
The cookies are then used to help the user navigate the site, place orders without entering their contact details etc. All very helpful but they are yet another form of collecting information about you.
5. DETAILED INFORMATION ON HOW OUR SITE SECURITY
WORKS TO PROTECT YOUR PRIVACY.
On-line shopping means that you have to provide potentially vulnerable financial information to complete your purchase. Your first level of protection is that our web site does not store or even access your credit or debit card account number and security code. All we see is your email address, whether or not you have completed the relevant bank’s verification process, whether or not funds have been transferred by the relevant bank to our bank and, of course, what products you have ordered and what are your invoice and shipping addresses.
When you reach the Checkout stage of your transaction on our site, the process is taken over by a highly secure payment processing system in the USA where your data is protected both electronically and physically. At this point, your computer or device is communicating directly with the payment processor (we use a company called Stripe for this). Stripe has an excellent reputation and is known for its reliability and responsiveness to companies like ours when we incorporate electronic funds transfer in our e-commerce sites.
In the communication, via the web, between your device and the payment processor, your information is automatically encrypted with an encryption key length of 128-bits (the highest level commercially available).
Before the transaction begins, Stripe’s server checks that you're using, on your device, an approved browser – one that uses SSL 3.0 or higher. Such browsers include current versions of Safari, Chrome, Firefox, Mozilla and Internet Explorer.
Stripe’s servers and those of the bank involved sit behind electronic firewalls and are not directly connected to the web.
Stripe then communicates with the relevant bank so that the transaction can be completed and verified.
Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level. This is the most stringent level of certification available in the payments industry.
PCI is a standard maintained by a security standards council founded by banks including: American Express, MasterCard, and Visa. Members of the council have agreed to incorporate the PCI Data Security Standard (PCI DSS) as part of the technical requirements for each of their data security compliance programs. The involvement of the world’s leading banks in PCI – and their liaison with law enforcement agencies – means fraud-related information is shared on a global scale. As a PCI audited payment processor, Stripe has access to and utilizes the constantly evolving state-of-the-art in fraud protection technology. Everything is aimed at stopping fraudulent transactions before they happen – and of course making sure your card transaction proceeds as rapidly and conveniently as possible.
If something does happen, of course, you are protected, subject to the terms and conditions of your credit / debit card provider.
Stripe carries out analytics and collects identifying information about the devices that connect to its services. It also checks that the postcode you provide matches that held by your card-issuing bank. A mismatch of postcode is the most common cause of on-line transactions being blocked at checkout. This is part of the fraud-protection system that protects both seller and buyer.