Home
Contact Us
Privacy
Bookmark Site

Privacy

Cardlink Services Limited ("Cardlink") takes privacy and data protection issues seriously. We have designed this Privacy Statement to explain how we handle personally identifiable information collected from Merchants who register for Services and submit information to Cardlink through the Internet.

  Scope of this Privacy Statement

This Privacy Statement covers treatment by Cardlink of personally identifiable information collected from Merchants (hereafter “Merchant” or “you”) who use the Cardlink payment gateway services, as well as consumer information that we acquire in the course of our business. This Statement also covers the treatment of personally identifiable information that Cardlink business partners may share with Cardlink.

This Statement does not apply to the practices of companies that Cardlink does not own or control or to people that Cardlink does not employ or manage. This Statement is specific to Cardlink and does not apply to other web sites or Internet services that are part of the Financial Institutions.

  Information Collection and Use

Cardlink collects personally identifiable information when you register for a Cardlink Service and when you access certain Cardlink products and services. Cardlink may also receive personally identifiable information from its re sellers and other business partners.

When a Merchant registers with Cardlink we ask for contact information (such as name, street address and email address), as well as Merchant number and remittance information to deposit value to Merchant accounts such as bank account numbers.

In the course of processing an authorisation, we typically receive from the Merchant or Financial Institution information related to the transaction such as purchase amount, expiry date and card numbers. Some Merchants provide us with details of individuals presenting cards and the name appearing on a card, such as when the Merchant suspects that a card may be stolen or if a Financial Institution has requested specific information or action. We do not acquire any information from or about consumers when they visit the Visitors (or non-secure) area of the Cardlink website.

  Information Sharing and Disclosure

Protecting personally identifiable information about Merchants and consumers is an important part of our business. We share and disclose such information only as described below.

Personally identifiable consumer information is shared with third parties (such as Financial Institutions and credit card processors) to the extent necessary for Cardlink to deliver payment-processing services.

We also may release personally identifiable information when we believe release is appropriate to comply with the law, enforce or apply our Merchant Agreement and other agreements or protect the rights, property or safety of Cardlink, our users or others. This includes exchanging information with other companies and organisations for fraud protection and risk reduction.

  Information Security

As Merchants staff need to register on the Cardlink Customer Service Website (“CSW”) before they can be allocated a USER ID and password to access the secure site, Cardlink does collect personal information from those staff. Those details collected are used for allocating a USERID and for contact information. Cardlink does not disclose or share these personal details.

  Security and 128-bit SSL Encryption Support

Many Internet sites are set up to prevent unauthorised people from seeing the information that is sent to or from those sites. These are called “secure” sites. A secure web site provides secure communication and has a valid security certificate. Secure communication means that information you provide is encrypted so that it can’t be read or intercepted by other people. When you visit a secure web site, it automatically sends you its certificate. A certificate is a statement guaranteeing the identity and the security of a web site. This ensures that no other site can assume the identity of the original site.

The 128-bit Secure Socket Layer (SSL) encryption between your browser and the CSW has been implemented as a security precaution. This is the strongest possible encryption available and is a standard level of encryption used in the finance industry to protect sensitive information being transmitted across the Internet.

Information security is critical to our business. As such, Cardlink has implemented security from 3 perspectives:
- Firewall systems to protect our systems and networks. The firewall systems provide a protective barrier between the Cardlink computer system and the Internet.
- 128-bit SSL encryption between your browser and our web server.
- Providing a USERID and password to merchants that use our internet system which grants access to the Services for which they are registered.

To provide further protection we have also taken the following measures:
- Every 30 days the system will prompt Users to change their password at login and will allow a maximum of 3 further grace logins to change. If they do not change their password within the 3 grace logins, their USERID will be made inactive
- If our system does not detect any action from a User within a time limit of 20 minutes, they will be automatically logged out
- Users have a maximum of 3 attempts to login before their USERID is made inactive.

  Cookies

“Cookies” are information files that are placed on your computer by our web server that allows our server to interact with you.

Cardlink sends only a temporary cookie that allocates a unique identification number. A different identification number is sent each time you log into our web site. This cookie does not allow us to collect personally identifiable information about you, although we do identify your browser type.

Cookies need to be accepted by you if you intend to use the facilities in our secure site. Cookies allow the Cardlink web site to maintain a “trusted connection” with your browser, as the unique identification number is only applicable to you.

Once you have logged out of our web site or closed your browser the cookie will be deleted.

  Access to Personal Information

You can request us to provide you with a copy of the personal information we hold about you. We generally will provide you with these details, but a fee may apply to such access. If we deny your request for access, we will let you know why.

All requests should be made to:

The Privacy Officer
Cardlink Services Limited
PO Box 3545
Rhodes NSW 2138

Telephone: (02) 9646-9222

Email: privacy@bpay.com.au

  Changes to this Privacy Statement

Cardlink reserves the right to modify or amend this Privacy Statement at any time and for any reason. We will publish those changes on our Website.

This Privacy Statement was last amended on 14th January 2002.

If you have additional questions about this Statement,
please contact us at privacy@bpay.com.au
© Cardlink Services Limited (Cardlink) 2010 ABN 60 003 311 644.
The BPAY logo is a registered trade mark of BPAY Pty Limited (BPAY) ABN: 69 079 137 518. BPAY is a wholly owned subsidiary of Cardlink.		 Privacy | BPAY website