We endeavour to take all reasonable steps to keep Personal Information secure, as follows:
- electronic access to Personal Information of Customers is controlled via username and strong password with a minimum of 44 bits of entropy;
- Personal Information collected online or transferred over the internet is done with a minimum of 256 bit encryption;
- where it is possible and reasonable to do so, data is stored electronically with electronic access controls;
- where it is possible and reasonable to do so, data is stored encrypted at rest;
- if Personal Information is provided to us on paper or on removable media unencrypted and we are required to keep it in its current form, it is kept in a secure location where unauthorised individuals are prevented from accessing it;
- uBind will not store full credit card details directly and where credit card details are taken they are processed and stored by a PCI-DSS compliant entity;
- where uBind has Personal Information stored on removable and mobile devices it will be encrypted with a minimum of 256 bit encryption;
- Personal Information stored on our infrastructure is protected by Firewalls and Intrusion Detection Systems.
Notwithstanding the above, We are not responsible for any third-party access to Personal
Information as a result of:
- interception while it is in transit over the internet;
- an unpatched vulnerability, a zero-day vulnerability, or an attack within 48 hours of a vendor releasing a patch or update;
- spyware or viruses on the device (such as a computer or phone) from which Customers access the Client Site or Client App; nor
- as a result of a Client or Customer’s failure to adequately protect their user name or password.
We are also not responsible for any losses, expenses, damages and costs, including legal fees, resulting from such third-party access.