Data Confidentiality and Security, Payment Security and Privacy

Introduction

In offering our service there are several types of data which we receive from you and send back to you. The data can be split in to two main categories:

Commercial Data - This includes your company details and payment information, and our quotation to you.

Part or Model Data - This includes the files you send to us, to enable a quotation to be prepared and providing you accept the quotation the converted files we send back to you.

In order to provide the protections you require, there are two aspects to these issues:

  • Application and Encryption protections - Physical actions

  • Our Contractual Obligations to you and security policies

The security, privacy and confidentiality of the data relies upon the Physical actions we take to secure the data, and our Contractual Obligations to you. These are covered in detail below.

Physical Actions

We have taken a number of steps to address the protection of your data, including a Firewall, Secure Server and data Encryption.

Firewall

Our Firewall is based on "Stateful Multi-Layer Inspection technology", which provides superior network and application-level security.

Installed on our gateway server, the Firewall Inspection module is a security router for all traffic passing between our servers and the Internet. All inbound data packets are inspected, verifying compliance with our security policy. Packets that our security policy does not permit are immediately logged and rejected.

Secure Web Server

Trust is vital to e-commerce. To confidently communicate and transact business on the Internet, enterprises and individuals must be able to identify who they are dealing with, and assure themselves that information exchanged online is safe from interception and alteration.

To establish the trust needed, we have installed a Secure Server based on Secure Socket Layer (SSL) technology, that protects every transaction and communication made with cadverter.com.

Digital certificates allow the Secure Server to encrypt transactions and also allow sites to instantly identify themselves to their visitors. We have purchased our digital certificate from the most trusted and recognised Certification Authority on the internet - Verisign, providing you with the authentication and privacy you require to trust transactions and communications with our website.

Data Encryption

In order to ensure that the part files you send to us are secure, and that the converted data we send back is secure, we can provide you with software which encrypts your data files, before you send them to us, and which we use to encrypt the converted data before we send it back to you. You do not have to use this encryption but it is available at no charge as part of the service.

The objective is to give you as much security as is possible within a web based environment.

You have the choice of only having encrypted data transferred across the web. We don't want to have to communicate passwords across the web as this provides a potential hole in security. We don't want to force you to use a constant password over time, so we provide dynamic password generation.

We allow you to download encryption and decryption programs for your specific machine. These are precompiled to prevent anyone gaining access to the algorithms. You are able to choose your own encryption key for the transaction. Your chosen key will be augmented by a randomly generated key to prevent reverse engineering of the encryption algorithms. The encryption key is hidden.

Once we have converted the data it is encoded using a similar process and using your selected password before being returned. You can then decrypt the returned data using your original password. As a result when the data is in transit over the Internet, even if it were intercepted it would not be meaningful or useable by a third party.

Click Here to access the encryption software.

Contractual Obligations

Data Confidentiality and Non Disclosure Agreement.

We fully recognise the need to keep your data confidential, below is our commitment to you.

This Agreement is made between Theorem (the owners and operators of cadverter.com) and you the user of the cadverter.com service (hereafter referred to as User)

Theorem and the User have agreed to collaborate in regard to the provision of bureau services and the parties wish to exchange information of a proprietary and confidential nature for the purpose of such collaboration.

The parties hereto agree as follows:-

  1. The following term will have the following meaning:- "Confidential Information" shall mean information and ideas of any kind owned by either of the parties relating to their business or products or to the subject matter of any collaboration between parties which is confidential, subject to the provisions of Clause 7 below.

  2. Each party shall hold in confidence the Confidential Information owned and disclosed to it by the other party.

  3. Each party undertakes to restrict its use of the Confidential Information of the other to work performed in the provision of the bureau services to ensure that dissemination of such Confidential Information within its own organisation is on a strict "need to know" basis.

  4. Each party shall ensure that any of its employees to whom Confidential Information of the other is disclosed shall, prior to such disclosure, enter into a confidentiality agreement with their employer which provides for such employee to undertake to keep confidential all Confidential Information so disclosed and the terms of such undertaking shall contain obligations similar to those contained in this Agreement and shall be no less onerous.

  5. Each party undertakes to protect from public disclosure all Confidential Information of the other party in its possession. Such Confidential Information shall be kept secure and shall not be disclosed to any third party without the written consent of the other party. Disclosure to a third party shall only be made if such third party accepts similar obligations of confidence to those contained in this Agreement or, where such a third party is a government or government agency it agrees to treat such information as confidential and proprietary information.

  6. Each party shall ensure that neither it nor its employees or agents shall:-

    1. Make any announcements or issue any circulars in connection with the subject matter to this Agreement or any other agreements between the parties without the prior approval in writing of the other party.
    2. Use the Confidential Information of the other except for the performance of any collaboration or agreements between the parties in accordance with their terms and conditions.
    3. Make copies of any documents or material received from the other save as is strictly necessary for the performance of collaboration or agreements between the parties.
  7. The above obligations of confidence will not apply to any information:-

    1. that is freely available to the public without breach of confidence by one of the parties.

    2. that has been lawfully received from a third party not being under any obligation of confidence.

    3. that can be shown to have been developed by a party or its employees or a third party to whom no disclosure of Confidential Information had been made.

    4. that was known to the party receiving the Confidential Information of the other prior to disclosure by the other party.

  8. The obligations hereto relating to the confidentiality and use of the Confidential Information shall survive the termination of this Agreement.

  9. In the event of this Agreement being terminated each of the parties undertakes to destroy or return to the other all copies of the Confidential Information of the other and all related documents in its possession.

  10. Neither party shall assign or transfer any of its rights or obligations hereunder without the prior written consent of the other party.

  11. Nothing in this Agreement shall be deemed to grant a licence directly or by implication under any registered design, patent, copyright, trade secret or patent application.

  12. This Agreement will be governed by and interpreted in accordance with the laws of England and the parties irrevocably submit to the jurisdiction of the Courts of England.

Payment Security

If you choose to pay by Credit or Debit card rather than providing a purchase order and being billed, then your credit card details are processed by a secure server which itself is protected by data encryption and firewall software so that you card data is protected.

Theorem Privacy Policy

We are committed to protecting your privacy. We use information we collect about you to process orders and to provide a more personalised conversion service. We also use it to tell you about changes in our services or about special offers we think you'll find valuable. We do not sell, trade or rent your personal information to others.

Under the UK Data Protection Act 1984, we follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access. Our security procedures mean that we may occasionally request proof of identity before we are able to disclose sensitive information to you.

 

© Copyright 2006 - Theorem Solutions - All Rights Reserved.