Our Security Policy

Security capabilities and policy for transmission of payment card details

Security Policy

All card transactions are processed through Windwave. 

Windcave is a one-stop provider of ecommerce, retail and unattended payment solutions for customers around the world. Certified with all major acquirers and card schemes, they provide PCI-compliant payment solutions, ensuring your payments are safe, seamless, and secure.

 

How Windcave Collects Information

To enable Windcave to acquire information which may include a cardholder's name, credit card number (with the expiry date) and billing address. That information is collected when a card and its information is provided to a Windcave payment solution.

 

How Windcave Uses and Discloses Information

Windcave uses the information it collects to obtain authorization for Transactions from the payment card’s issuing bank (the bank that issued your credit or debit card) and from Windcave's own or the Merchant's bank (the “acquirer” or “Acquiring Bank”). Some details from the Transaction (such as name, email and delivery address) may be made available to the Merchant or Acquiring Bank through Payline - Windcave’s web-based transactions management system. Payline allows Merchants to track Transactions and process refunds. Payment card numbers are encrypted and stored by Windcave securely, and are not provided to the Merchant. Please note that your personal data may be shared with legal authorities if required by law. In addition, and separate from its performance of the services set forth in this Privacy Policy, Windcave may aggregate and disclose the aggregated data that is not personally identifiable to its partners or third parties. This aggregated, non-identifiable data may be used for statistical analysis or similar purposes.

 

Data Security

Windcave is committed to data security. Windcave uses a variety of technologies and procedures to help protect personal information from unauthorized access, use or disclosure. Windcave stores the data in computer servers with limited access that are located in controlled facilities secured by advanced surveillance and security technology. When Windcave transmits sensitive information (such as a payment card number), Windcave protects it through the use of encryption, such as the Secure Socket Layer (“SSL”) protocol. Credit card details stored onsite are encrypted using 168bit 3DES encryption. Windcave is a level 1 certified PCI-DSS compliant provider.

 

Storage of Information

Windcave may transfer your information to countries outside of your country of residence, and those countries may have information protection rules that are different from those of your country of residence. Generally, Windcave stores and processes information in countries where we operate offices, such as New Zealand, Australia, the United States, and the United Kingdom. Windcave takes measures to ensure that information transfers comply with applicable data protection laws and that your information remains protected to the standards described in this Privacy Policy.

 

Your Rights With Respect to Your Personal Data

You, as the customer of a Merchant using Windcave, have certain rights with respect to your personal data.

 

You have the right to revoke your agreement to the collection, processing, and use of your personal data at any time. You have the right to request access and know what information is held about you. You have the right to verify, update, or correct your information, and to have obsolete information removed. You have the right to erasure, or otherwise to have your personal data deleted or removed upon written request to Windcave.

 

How long will we retain your information?

We will not retain your Personal Information for longer than permitted by applicable law and regulation, and in no event longer than 7 years. If you have questions about our data retention policy, or about the deletion of your data, please contact us at compliance@windcave.com.

 

Updating this Policy

Able reserves the right to change this Privacy Policy at all times. It is your responsibility to periodically verify the applicable privacy statement and to comply with its most recent version. This Privacy Policy statement was last modified in April 2020.