To request a copy of BidPal’s PCI Attestation of Compliance please visit: http://www.bidpal.com/pci-attestation-of-compliance/
BidPal follows international PCI (payment card industry) standards for data security. All BidPal applications, network components, critical servers, and wireless access points are consistent with industry-accepted hardening standards. BidPal uses 2048 bit RSA encryption when storing sensitive card information. All pages that capture sensitive card data on-site use secure HTTP over SSL (128 bit encryption). In addition, the BidPal handhelds connect to our private wireless network with WPA2 security, which encrypts all the packets that are sent via the air.
BidPal’s payment processor is iATS Payments (http://www.iatspayments.com). During the card authorization process, a 16 character token is generated by iATS and passed back to BidPal. BidPal stores the token in place of the Primary Account Number (PAN), while iATS stores the PAN.
iATS has been certified as a Level 1 Service Provider of Payment Card Industry (PCI) Data Security Standards (DSS), which is the highest possible level. For verification of iATS Payments’ Report on Compliance (ROC) please see Visa’s Global Registry of PCI Validated Service Providers: http://www.visa.com/splisting/searchGrsp.do. Service providers on this list were validated as PCI DSS compliant by a QSA and are required to re-validate their compliance on an annual basis.
While we employ commercially reasonable standards and exercise great care in collecting and protecting your information, no safeguards or processes can be guaranteed to be 100% secure. We cannot ensure or warrant the security of any of such information, and you provide such information at your own risk.
What Information We Collect
Personal Information. When you visit and navigate the WebSite, we will not collect identifying information, like name, address, email address, or telephone number (collectively, “Personal Information”), about you unless you provide us that information voluntarily. Individuals who register for any services or features on the WebSite will be required to provide to us Personal Information, like email address, first name, and last name, in addition to selecting a username and password. During the registration process, you may, at your discretion, provide additional Personal Information to us, like telephone number, address, city, state, zip code, and country.
Financial Information. If you register for any service under which BidPal will process payments made by you, then we may require certain financial information, like the name on a credit card, the credit card number, and the credit card expiration date (collectively, “Financial Information).
User-Generated Content. Forums, live chat, bulletin boards, and other features of the WebSite may allow you to submit user-generated content (collectively, the “User Forums”). User-generated content submitted by you through the User Forums may be stored in our systems.
Cookies. BidPal may collect information through the use of common locally stored tracking objects such as cookies. Cookies are small strings of text placed onto your computer by a website to improve your visit to the website by tracking which parts of the website you visit most often. No Personal Information is stored in a cookie. You have the option to delete or decline cookies by changing your browser’s settings.
Server Logging. Our server logs may store information you provide to us through your web browser when you visit the WebSite, like your IP address, web browser type, referring URL, and other HTTP Header information. We use this information to troubleshoot issues with the WebSite and in an aggregated form for statistics purposes. We also may, from time to time, attempt to personally identify individuals using this information who may be maliciously using the Website, threatening our users, or violating state or federal laws.
How We Use Information
Improving Your Experience. We use non-identifiable, aggregated information to improve the products and services we offer, to conduct market research, to generate profiles and reports, and to improve your overall experience of the WebSite. We also may share this anonymous, aggregated information with partners, advertisers or other third parties.
Purchases. When you make purchases or otherwise pay for services on the WebSite, we will share your Personal Information and Financial Information with our third-party payment processors. We will only share the information necessary to complete the transaction.
“Contact Us” or Troubleshooting. Information provided by you as part of a request that we follow up or contact you as part of the “Contact Us” feature on the WebSite will be used by us to contact you and discuss your concerns or interest in our products and services. We may use your information to provide customer support or troubleshooting in the connection with your use of such products and services.
Combination. We may, on occasion, combine information we collect through the WebSite with information that we collect from other sources.
Information Sharing. We may disclose your information to our affiliates, as well as third party partners as follows below:
a) Service Providers. Your Personal Information may be shared with third party service providers that assist BidPal in fulfilling orders from customers, delivering packages, sending mail, providing search results and links, or similar customer services.
b) Law Enforcement. Your Personal Information and Financial Information may be shared with law enforcement officials if it relates to a criminal investigation or alleged illegal activity.
c) Necessary or for Safety Reasons. We may disclose your Personal Information or Financial Information if required or permitted to do so by law, for fraud protection and credit risk reduction purposes, or in the good-faith belief that such action is necessary to protect and defend the rights or property of BidPal or the users of the WebSite, to act under urgent circumstances to protect the safety of BidPal or its employees or a member of the public, or to comply with a judicial proceeding, court order, or legal process.
BidPal does not participate in bulk email solicitations that you have not consented to receiving. We do not sell or disclose client lists or email address lists to unrelated third parties. If you no longer wish to receive email communications from BidPal, you may email us at email@example.com or click on the “unsubscribe” link at the bottom of any email sent to you by BidPal.
Chats and Discussion Boards
Please be aware that User Forums are open to the public so others using these areas on the WebSite can read information you submit. Any information you submit when participating in the User Forums may be publicly available.
We do not knowingly collect Personal Information from persons under the age of 13. If we learn that we have inadvertently collected Personal Information from a child under 13 years of age, we will promptly take all reasonable measures to delete that information from our systems. Our web site is designed for adults and is not intentionally targeted to children under the age of 13. Children under the age of 13 should not use our web site without obtaining prior parental consent.
Collection of Information by Third-Party Websites
If you would like to access, update or modify your Personal Information, or to have us delete your Personal Information, you may do so by contacting us by email at firstname.lastname@example.org or clicking the “My Account” link at the top of each auction page. We will process any request to access, update, modify, or delete information within thirty (30) days. Opting-out, unsubscribing, modify, updating, or requesting to delete your Personal Information will not delete any information that may reside on backup or disaster-recovery files.