18th February 2009
On the 17th February 2009 a security consultant advised us that the version of the shopping cart system that we were using in certain circumstance could be vulnerable to a security breach. We immediately shutdown our website and instigated our own evaluation of the situation. As a precaution we undertook the following measures:
- Completely reinstalled the latest version of the software
- Changed all database and administration passwords
- Deleted all user accounts, orders and order history. Even though your passwords are encrypted on our systems we felt this measure was appropriate in the circumstances. As a result of doing this all customers will now need to re-register and we apologise for the inconvenience.
- Made changes to our processes to heighten our security monitoring
When you register with CollectorCraft.co.uk you provide basic details such as email addresses, names, phone numbers, and some basic demographic data. We DO NOT store credit card details or undertake credit card processing on our website. The credit card processing is undertaken by Protx (a division of Sage UK Limited). At no time were your payment details stored on our website and neither will they be in the future. In the event you order by telephone credit card details are shredded as a matter of course.
We have acted to rectify the situation as fast as we can with our web developer working through the night and today. Although we have acted swiftly to rectify the situation we cannot be 100% certain that our system has never been illegally accessed in the past and we have reason to believe that this could have happened, though we cannot be certain.
In the light of this we would like to confirm that:
We send the following emails: Registration confirmation, order confirmation and occasional newsletters and notifications to those who have opted-in to our features. At no time will CollectorCraft.co.uk send an unsolicited email asking you to confirm your username and password or ask you to divulge your credit card details over email.
We value the trust that you put in us to deliver a reliable and secure shopping experience and we would like to assure you that we work hard to do so. Though we consider the risk minimal we felt it only right to inform you with this security update and treat you as we would like to be treated ourselves so that you may undertake any precautions you feel appropriate.
Chris and Tina
Tekneat Limited t/a CollectorCraft.co.uk
Privacy Statement
CollectorCraft.co.uk knows that you
care how information about you is used and shared, and we appreciate your trust
and wnat you to feel confident in our services and security as it relates to your
personal information. This notice describes our privacy policy. By visiting CollectorCraft.co.uk, you are accepting the practices described in this Privacy Notice.
What Personal Information About Customers Does CollectorCraft.co.uk Gather?
The information we learn
from customers helps us personalize and continually improve your shopping experience
at CollectorCraft.co.uk. Here are the types of information we gather.
- Information You Give
Us: We receive and store any information you enter on our Web site or
give us in any other way. You can choose not to provide certain information,
but then you might not be able to take advantage of many of our features.
We use the information that you provide for such purposes as responding to
your requests, fulfilling orders, customising future shopping for you, improving
our store features, and communication with you.
- Automatic Information:
We receive and store certain types of information whenever you interact with
our website. For example, like many web sites, we sometimes use "cookies,"
and we obtain certain types of information when your Web browser accesses
our website.
- E-mail Communications:
To help us make e-mails more productive to improve service and your shopping
experience, we sometimes send you newsletters of our services and products,
notifications of changes to our policies, and order confirmations. If you
do not want to receive e-mail from us, other than order notifications and
receipts, please adjust your "Subscription" preferences by logging
into your account.
What About Cookies?
Cookies are alphanumeric
identifier text files that we transfer to your computers hard drive through
your Web browser to enable our systems to recognize your browser and to provide
features such as storage of items in your Shopping Cart between visits.
Does CollectorCraft.co.uk Share the Information It Receives?
We respect your privacy and appreciate your business. At no time do we ever provide your account contact
or payment information to any third party vendor, associate or service provider
unless absolutely neccessary in order to complete your transaction and order.
How Secure Is Information About Me?
We work to protect the security
of your information during transmission by using Secure Sockets Layer (SSL)
software, which encrypts information you provide to us for purchasing of our
products or services. We reveal only the last five digits of your credit card
numbers when confirming an order. Of course, we transmit the entire credit card
number to the appropriate credit card company during order processing. It is
important for you to protect against unauthorized access to your password and
to your computer. Be sure to sign off when finished using a shared computer
by clicking the "log off" link located in the side menu.
Which Information Can I Access?
CollectorCraft.co.uk gives you access
to a broad range of information about your account and your interactions with
us for the limited purpose of viewing and, in certain cases, updating that information.
Conditions of Use, Notices, and Revisions
If you choose to visit CollectorCraft.co.uk, your visit and any dispute over privacy is subject to this Notice and
our Conditions of Use, including limitations on damages, arbitration of disputes,
and application of the law of the state of our local state. If you have any
concern about privacy of your personal information as used and collected within
our website, please send us a thorough description by clicking on the "Contact
Us" link on the side menu, and we will try to resolve it.
Our business changes constantly,
and our Privacy Notice and the Conditions of Use will change also. We may e-mail
periodic reminders of our notices and conditions, unless you have instructed
us not to, but you should check our Web site frequently to see recent changes.
Unless stated otherwise, our current Privacy Notice applies to all information
that we have about you and your account. We stand behind the promises we make,
however, and will never materially change our policies and practices to make
them less protective of customer information collected in the past without the
consent of affected customers.
Information You Give
Us
You provide most such information
when you search, buy, order, post reviews, or other methods of communication
via our website or email to CollectorCraft.co.uk. As a result of those actions, you might
supply us with such information as your name, address, and phone numbers, and
credit card information.
Automatic
Information
For security purposes CollectorCraft.co.uk sometimes collects and analyzes the Internet protocol (IP) address used
to connect your computer to the Internet, and to our website. This is done for
your protection for tracking purposes in the unfortunate event that someone
gains access to your personal or financial information and opens an account,
or makes purchases under your name.
Questions
Questions regarding our
Conditions of Use, Privacy Policy, or other policy related material can be
directed to our support staff by clicking on the "Contact Us" link
in the side menu. .
|
