Security and Privacy Policy

 

Security and Privacy

 

Our store is certified Level 1 PCI DSS compliant, keeping your payment info and business data safe.

Our PCI compliance covers all six category standards:
  • Maintain a safe network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

Our eCommerce platform partner has invested significant time and money to achieve this Level 1 PCI compliance. Their annual on-site assessments validating compliance and continuous risk management ensure our shopping cart and ecommerce hosting remain secure.

 

What is PCI?

The Payment Card Industry Data Security Standard (PCI DSS) is a security standard for organizations that handle credit and debit card information. The standard was created to increase controls around payment data to reduce fraud.

MediaDevil.com requires your credit/debit card details as well as address information to ensure all your orders are processed and delivered efficiently.

All transactions take place away from our website via a secure server link (SSL) utilising the latest HTTPS encryption technology (thawte approved). None of your credit/debit card details are entered on our website, and as a result we do not hold any details of your credit/debit cards on our database.


Company Reputation

We completely appreciate the concerns of our customers about online fraud.

  • You can view our full company details here.
  • To learn about the history and achievements of our company, click here.
  • We are certified members of the IMRG's prestigious ISIS ('Internet Shopping is Safe') and IDIS ('Internet Delivery is Safe') fraud-prevention schemes.
  • We are certified members of the UK's FSB (Federation of Small Businesses), the largest business trade union in the UK.


Privacy

MediaDevil is committed to protecting your privacy. We only collect information about you to process your order, we do not use these details to send you unsolicited information. We will never pass your personal or order details to any other company, other than to fulfil the delivery of your order.

When you make a purchase from MediaDevil.com you will be asked to provide your name, email address, billing address, delivery address, phone number and payment details. Details of all your order transactions will be collected and stored.

The information we hold about you needs to be accurate and up to date. You can check and amend the information we hold about you. The personal information that we hold about you is held in accordance with our internal security policies.

We may also monitor who accesses our website, for example we may automatically collect access information about you, such as the type of internet browser you use, the website from which you have come to our website and your IP address (the unique address which identifies your computer on the internet) which is automatically recognised by our web server such information enables us to assess our users, to build a profile. We also use cookies on various pages on our website. Cookies are small text files that are saved on your computer. This information does not directly identify you and for more information please also read or section entitled cookies.

We may, with consent, use your customer email address for marketing purposes. Your email will never be disclosed to any third-parties. You may revoke this consent by clicking the 'unsubscribe' link on any marketing email, or alternatively cancel from your account.


Cookies

We may also obtain information about your online movements and use of the internet. We do this by placing a ‘cookie’, which is a small file, on your computer’s hard disk. Cookies are used for several reasons, for example to recognise you whenever you visit this website ensuring you do not have to enter all your details and thereby speeding up the process so you do not have to log on each time. It will also enable us to store your personal preferences, build a profile about you and target our marketing and advertising campaigns. We cannot provide a full service to you if you disable the cookie function on your web browser so we advise you to maintain the same. For further information about cookies and how to disable them please go to: aboutcookies.org


GDPR

Our privacy policy sets out what personal buyer information we receive from selling on the Shopify website platform and external marketplaces such as Amazon.co.uk and eBay.co.uk (herein referred to as 'selling online'), how we use it and under what circumstances, if any, we will share it with other parties. We abide by and are compliant with the Data Protection Act 1998 (herein referred to as “The DPA”) and the General Data Protection Regulation (herein referred to as “The GDPR”) which comes into effect on 25th May 2018. We are committed to keeping buyers’ personal information secure and confidential.

Lawful Basis for Processing Personal Data
For the purposes of The GDPR, we are the Data Processor when selling online and process all personal data lawfully, fairly and in a transparent manner. Under Article 6 of The GDPR, the lawful basis on which we process personal data received from 'selling online' is that of “Contract” - whereby processing is necessary in order to fulfil buyer orders and enquiries. We retain information provided by 'selling online', such as transaction information for internal financial accounting purposes. It is a legal requirement to retain this information for a period of 7 years.

Data We Receive: Personally Identifiable Information
We receive personally identifiable information from 'selling online' only when it is voluntarily submitted by buyers when placing an on-line order. The data we receive includes: name, billing address, delivery name, delivery address, e-mail address (in encrypted format), telephone number, date of order, items ordered, value of items ordered, chosen method of delivery. We do not sell or rent personally identifiable information to any third party for any purpose.

How we use buyers’ personal information
We may use any personal buyer information provided by 'selling online' to:

- Process and dispatch buyers’ orders
- Carry out regulatory checks to meet our legal obligations
- Prevent and detect crime
- Develop and improve our products
- Undertake anonymised statistical analysis (we won’t be able to identify individuals from this data).

We treat all information we hold about buyers as private and confidential. We will not reveal any personal details or details concerning buyers’ orders to anyone not connected with us, unless:


- A buyer asks us to reveal the information, or we have a buyer’s permission to do so
- We are required or permitted to do so by law
- It is required by law enforcement, fraud prevention or credit reference agencies
- We may share buyer personal information with our suppliers, service providers and other contractors only to fulfil orders buyers place with us.

Data Subject Access Requests
Under the GDPR, buyers are entitled to obtain from us (the Data Processor for the purposes of the GDPR when 'selling online'), a copy of the data held concerning them and to have any inaccuracies in the data rectified. We are obliged to provide this data to within 1 calendar month of the request and free of charge. However we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.