Our privacy and security policy is based on a single principle and that is: Respect for your privacy.
This policy sets out:
We are committed to ensuring that all information is secured in order to prevent any unauthorised access or disclosure; we have put in place many physical, electronic and managerial procedures to safeguard and secure the information we collect online. This policy describes just some of the safeguards we employ.
It is our policy to collect as little personal information as is possible to complete our business function.
It is our policy not to share your personal information with anyone outside of CormacTagging or the DAFM (see Auditing).
At all times we aim to put you in control of what information we hold about you (if any); most of which you can change or delete at any time from this website.
We require the following information:
The above information is used to create an exclusive online account and to allow you to set your initial ICBF preference.
With the exception of your Email Address, you can change this information via the MyAccount page.
We require the following information, and only if applicable to a specific order item:
Your herd number is used to obtain the registered delivery address from the DAFM AIM system for specific products that are regulated by the DAFM. When you require replacement tags, these tag number are sent to the DAFM AIM system to ensure they are correct and to keep the AIM system updated.
The above information is used to generate invoices (or proforma invoices depending on payment methods), delivery notes, packaging labels or to contact you in relation to the specific order you have placed.
We also use this information to notify you about the status and progress of your order via email or SMS depending on your personal preferences which can be changed any time from: Notifications.
We never store your credit card details.
When you input any payment information even when it is not credit card details;
We encrypt and digitally sign this information using a server encryption key combined with some of your login credentials. We then send that encrypted and digitally signed packet back to you to store in your local HTML 5 storage (also known as localStorage).
When you wish to make a payment, we request that encrypted and digitally signed packet from your browser, which we then decrypt; the resulting information (if valid) is used to automatically fill in the payment form for you;
When you initiate a credit card payment, we send your card details directly (via HTTPS) to the card payment provider.
Some of the security advantages of our approach are: Should someone gain unauthorized access to your account in our system (e.g. they guess your password), there are no credit card details available to steal because we do not store them.
If you change your password, the packet stored on your computer can never be decrypted by us or you and becomes useless and will be deleted when an attempt to use it is made.
Should someone steal the encrypted packet from your computer, it cannot be decrypted.
Should we change our server keys, every users credit card details will become remotely inaccessible and thus protected forever.
Because we do not store payment information, it is not possible for us to charge your credit card without your permission.
Staff and Employees never see your details unless you tell them over the phone (which is a valid payment option available to you).
You can view your local storage and its contents from: Your Local Storage, from this page you can also delete items stored in your local storage and even disable our use of it altogether.
CormacTagging is PCI compliant.
We use the same method and technology to store your address information as described above, and as such that information is afforded the same level of protection as your payment information.
For general, analytical, operational, security, fraud detection & prevention and performance purposes we may record or monitor any and all traffic to and from our website, servers or networks which may or may not include any or all of the following information:
It is not our intention at this time to hold or move data outside the EU, we reserve the right to move (without notice) data anywhere in the world if we feel we can better protect that data in a different location.
We may update this policy (as indicated by the version number at the top of the page) with or without notice.