Terms & Conditions of Sales

Guide on the security capabilities and policies Nexum Consulting Ltd has implemented for www.nordicpouch.co.nz.

1. Use of SSL/TLS Encryption

• SSL Certificates: Secure Sockets Layer (SSL) provides encryption for data transferred between a customer’s browser and your server. Our website has a valid SSL certificate, denoting a secure connection (HTTPS).
• TLS Protocol: Transport Layer Security (TLS) is the successor to SSL and offers improved security. Our website uses the latest version of TLS to protect card data during transmission.

2. PCI DSS Compliance

PCI DSS Standards: The Payment Card Industry Data Security Standard (PCI DSS) provides guidelines to protect cardholder data. Our website complies with these standards, which encompass building and maintaining a secure network, protecting cardholder data, and implementing strong access control measures.

3. Data Encryption

• End-to-End Encryption: We encrypt payment card data from the moment it’s entered by the user to ensure it remains unreadable during transmission.
• Tokenization: Instead of storing card data, we replace it with a token that can be used within your systems without exposing the actual card numbers.

4. Secure Payment Gateway Integration

• Verified Gateways: We use trusted payment gateways that offer secure API integrations to handle payment processing, which minimizes the handling of card data on your systems.
• 3D Secure Authentication: We implement protocols like 3D Secure to provide an additional layer of verification, reducing fraud and chargebacks.

5. About Our Online Payment Facilities

Our online payment options are facilitated by third-party provider XERO. These services enable you to pay for an Order using a debit card, credit card, or any other payment method that we may specify as acceptable from time to time.

Please note that your use of their payment facilities is governed by separate terms and conditions established by XERO.

6. Regular Security Audits and Updates

• Security Audits: We aim to conduct regular audits and vulnerability assessments to identify and address potential security issues.
• Software Updates: We ensure that all systems and software are updated with the latest security patches.

7. Access Control and Monitoring

• Role-Based Access Control (RBAC): We limit access to payment processing systems and data to only those employees who need it to perform their job.
• Monitoring and Logging: We implement logging to track access and modifications to cardholder data, setting up alerts for suspicious activities.

8. Data Breach Response Plan

Incident Response: We have a plan in place for responding to data breaches, including notifying affected customers and authorities as needed.

9. User Education and Best Practices

• User Training: We ensure that employees handling payment information are trained in security protocols and best practices.
• Customer Alerts: We inform customers about the practices you follow to secure their data and provide guidance on how they can protect themselves online.