Our Policies - Selwyn House School Parent and Caregiver Portal

Windcave Credit Card Data Policy

Credit Card data will be handled by online payment gateway provider- Windcave. Your credit card details will not be provided to Selwyn House School or any third party by Windcave.

Introduction

Direct Payment Solutions Limited or its licensors (hereinafter referred to as Windcave) are committed to protecting your privacy as an Internet user whenever you buy goods or services from a Merchant which uses Payment Express. The Merchant will generally be using Payment Express when the cardholder is using a credit or debit card over the Internet, Phone, Fax, Unattended or Integrated EFTPOS system. Windcave recognizes its responsibility to keep confidential at all times any information which Windcave acquires in connection with such a transaction, whether directly from the Cardholders or Merchant. Windcave protects personal information (at a minimum) to the Payment Card Industry Data Security Standards. Please note however; Windcave responsibility is limited to protection by Windcave of information which Windcave obtains. Windcave itself cannot, of course, control the use or disclosure by your supplier of any information which they obtain from you.

Collection of Information

To enable Windcave to provide secure payment facilities it will typically acquire information which may include the Cardholder’s name, credit card number (with the expiry date) and billing address.

Use and Disclosure of Information

Windcave uses the information to obtain authorisation of the transaction from the Issuing bank of the credit card and Windcave’s own or the Merchant’s bank and to process the payment. Some details from the transaction (such as name, email and delivery address) may be made available to the Merchant or Acquirer through Payline – Windcave web based transactions management system, which allows Merchants to track transactions and process refunds.

Security

Windcave is committed to data security. Windcave uses a variety of technologies and procedures to help protect personal information from unauthorised access, use or disclosure. For example, Windcave stores the data in computer servers with limited access that are located in controlled facilities secured by the latest in surveillance and security technology. When Windcave transmits sensitive information (such as a credit card numbers), Windcave protects it through the use of encryption, such as the Secure Socket Layer (SSL) protocol. Credit card details stored onsite are encrypted using 168bit 3DES encryption. Windcave is a level 1 certified PCI-DSS compliant provider:

PCI DSS

PCI DSS, the Payment Card Industry Data Security Standard is a set of security requirements relating to the protection of card holder data. The standard is governed by the PCI Security Standards Council, an organisation put together by most of the major card schemes VISA, MasterCard, American Express, JCB and Discover. It’s relevant for any entity that stores or transmits sensitive card holder data, that being generally things like the PAN (card number), Card security code, track data, PIN block. The current version of the standard is Version 1.2. Preceding PCI-DSS the card schemes had their own standards, the VISA Account Information Security (AIS) standard formed the basis to most of the PCI-DSS requirements.”

For more information on Windcave go to:

https://www.windcave.com/security-ecommerce

https://sec.windcave.com/pxmi3/privacy-policy