Privacy & PCI DSS Compliances
Last Revised: Dec 14, 2016
CommFront respects and cares for your rights of privacy. This policy explains how we handle the contact information you give us.
Information Collection and Use
CommFront is available for use by anyone, regardless of his/her willingness to disclose his/her contact information. We collect your contact information (name, address, telephone number, and email address) through the following ways:
1. When you order our products through us or our payment gateways, we will gather your name, address, telephone number, and email address to deliver the software license or hardware products to you.
2. When you submit your feedback or ask questions through phone calls, emails, online feedback form, or live chat program, we may ask you to offer contact information so we may respond to your needs.
3. When you participate any company events organized by us, we may gather your name, address, telephone number, email address or other contact information, as well as personal information such as photos, age, height, and weight, etc.
We use the information you provide about yourself only to complete your orders, to answer your questions or for you to participate the company events; in some rare cases, we might use your email address for important updates. We do not share this information with outside parties except to the extent necessary to complete that order. We use the information you provide about someone else when placing an order only to ship the product and confirm delivery. We do not share this information with outside parties except to the extent necessary to complete that order.
PCI DSS Compliances
CommFront online store has been upgraded to certified Level 1 PCI DSS compliant since March 7, 2016. In addition, the entire CommFront website is secured by the latest TLS (Transport Layer Security) encryption.
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, CommFront has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online and offline.
TLS is the latest standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between our web server and your browsers remain secure, private, and integral.
What is PCI DSS Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit card and debit card information. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around credit card data to reduce credit card fraud via its exposure.
PCI DSS compliance has become a norm in the online shopping industry and If any vendor wants to sell online and accept payments from Visa, MasterCard, American Express or Discover credit cards, the software and hosting needs to be PCI compliant as otherwise, customers are taking risks of leaking their credit card information to 3rd parties.