Privacy and Data handling policies / Information Collection and Use
Compeve.com is the sole owner of information collected on this site. We will not rent, trade, loan, or sell your personal information, or any other information which may identify you, to any outside parties. We collect information from our customers to process orders and enhance your shopping experience. Information collected includes your name, email address, shipping address, phone number, and financial information such as credit card number, expiration date, etc.
The financial information that we collect from you is used for billing purposes and to fulfill your order. To properly process your credit card information, we may share your personal and financial information with a reputable third-party banking institution for authorization and approval. This process is under an enhanced security system protection.
We use Internet Protocol (IP) address to gather broad demographic information, as well as identify customer traffic patterns and site usage. This information may help us refine the design and layout of the store. We do not share this information with any third parties.
To keep your personal information private, prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
We only share your personal information with third parties working on our behalf to complete your order, such as UPS, FedEx, USPS and DHL.
This policy applies to:
All Compeve Corporation staff
All brokers, contractors, resellers working on behalf of Compeve Corporation
It applies to all data that the company holds relating to identifiable individuals. This can include:
any other personal information
Everyone who works for or with Compeve Corporation is responsible that all data collected is stored and handled appropriately.
People that have key areas of responsibility:
The CEO is ultimately responsible for ensuring that Compeve Corporation meets its legal obligations.
The system administrator is responsible for:
Keeping the CEO updated about data protection responsibilities, risks and issues.
Reviewing all data protection procedures and related policies
Arranging data protection training for the people covered by this policy.
Handling data protection questions from staff and anyone else covered by this policy.
Assigning level of access in accordance with least user access principles.
The IT developer is responsible for:
Ensuring all systems, services and equipment used for storing data meet security standards.
Performing regular checks and scans to ensure security hardware and software is functioning properly.The security is responsible for monitoring all entrances to the building as well as inside surveillance system.
General staff guidelines
Each employee only has access to the part of the system required to perform their daily tasks.
Data must not be shared informally. When access to extra information is required, employees must request it from their managers.
Compeve Corporation will provide training to all employees to help them understand their responsibilities when handling data.
Employees should keep all data secure by taking precautions and following the guidelines described here.
All passwords must contain at least 8 characters, a mixture of upper and lower cases, a mixture of numbers and letters and at least one special symbol.
No passwords may be shared with anybody.
Personal data should not be disclosed to unauthorized people, either within the company or outside.
No hard copies of any documents are to be stored. If data is ever printed, all copies are to be shredded.
When data is stored electronically it must be protected from unauthorized access, accidental deletion and malicious hacking attempts:
Data should be protected by strong passwords that are changed regularly and never shared between employees.
When data is stored in "cold storage", it should be kept locked away securely when not being used.
Data should only be stored on designated drives and servers, and should only be uploaded to an approved location.
Servers containing personal data should be located in a secure location, away from general office space.
Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.
All servers and computers containing data should be protected by approved security software and a firewall.
All computers should be locked when leave unattended.
Personal data should not be shared informally. It should never be sent by email.
Data must be encrypted before being transferred electronically.
Personal data should never be transferred outside of the company.
Employees may not have access to personal data on their own computers.
Disclosing data for other reasons
Data may not be inappropriately disclosed in any situation.
Some data used by Compeve Corporation is a property of third-party business.
In a case of a law enforcement agency request to disclose any personal information th following steps shall be taken:
Compeve Corporation will ensure the request is legitimate, seeking assistance from the company’s legal advisers where necessary.
The company owning the data shall be notified.
Decision to release the data shall be made in conjunction with the company owning the data