www.TALLER.com.au (TALLER) utilises PayPal for all their credit and debit card payments over the internet and phone. They are committed to protecting your privacy when using their gateway, PayPal Express Checkout. TALLER and PayPal recognise their responsibilities to keep confidential at all times any information which they acquire in connection with such transactions. TALLER and PayPal protect every buyer's personal information, and meet the Payment Card Industry Data Security Standards.
Collection of Information:
To enable TALLER and PayPal to provide secure payment facilities, they will typically require information which may include the cardholder's name, credit card number, expiry date and billing address.
Use and Disclosure of Information:
TALLER and PayPal use the information to obtain authorisation of the transaction from the issuing bank of the credit or debit card to process the payment. Some details from the transaction, such as name, email and delivery address, may be made available to TALLER through PayPal. This allows TALLER to track transactions and process refunds. Regarding phone orders, credit card details are never stored; they are immediately destroyed.
TALLER and PayPal are committed to data security. PayPal uses a variety of technologies and procedures to help protect personal information from unauthorised access, use or disclosure. For example, PayPal stores the data in computer servers with limited access that are located in controlled facilities secured by the latest in surveillance and security technology. When PayPal transmits sensitive information, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol. Credit card details stored onsite are encrypted using 168bit 3DES encryption. PayPal is a level 1 certified PCI-DSS compliant provider:
"PCI-DSS, the Payment Card Industry Data Security Standard is a set of security requirements relating to the protection of card holder data. The standard is governed by the PCI Security Standards Council, an organisation put together by most of the major card schemes VISA, MasterCard, American Express, JCB and Discover. It's relevant for any entity that stores or transmits sensitive card holder data, that being generally things like the PAN (card number), Card security code, track data, PIN block. The current version of the standard is Version 1.2. Preceding PCI-DSS the card schemes had their own standards, the VISA Account Information Security (AIS) standard formed the basis to most of the PCI-DSS requirements."