Security of Data & Information
The privacy and security of your personal information is very important to Bigfoot Snowshoes. For on-line orders, we use the on-line company, Shopify to gather and process your personal information ( eg name, address, phone number, email address), the order information and the credit card information. Thus, we want to make sure you understand how your information is handled by both Bigfoot Snowshoes and Shopify.
1. What information do we collect and why?
- We collect our merchants’ customers’ name, email, shipping and billing address, payment details, company name, phone number, IP address and device data.
- We need this information to provide merchants with our Services, including supporting and processing orders, authentication, and processing payments. We also use this information to improve our Services.
2. When do we collect this information?
- Information is collected when a merchant’s customer uses or accesses our Services, such as when a customer visits a merchant’s site, places an order or signs up for an account on a merchant’s site.
3. We use this information to service your account, enhance our Services, and answer any questions you may have.
4. What we don’t do with your Personal Information
We do not and will never share, disclose, sell, rent, or otherwise provide Personal Information to other companies for the marketing of their own products or services.
We do not use the Personal Information we collect from you or your customers to contact or market to your customers or directly compete with you. However, Shopify may contact or market to your customers if we obtain their information from another source, such as from the customers themselves.
5. How do we keep your Personal Information secure?
We follow industry standards on information security management to safeguard sensitive information, such as financial information, intellectual property, employee details and any other Personal Information entrusted to us. Our information security systems apply to people, processes and information technology systems on a risk management basis.
We perform annual audits to ensure our handling of your credit card information aligns with industry guidelines. We are certified as a PCI DSS Level 1 compliant service provider, which is the highest level of compliance available, and our platform is audited annually by a third-party qualified security assessor.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Information.
Information regarding Shopify’s PCI DSS (Payment Card Industry Data Security Standard) Compliance
What is PCI DSS Compliance?
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle credit card and debit card information. Defined by the Payment Card Industry Security Standards Council, the standard was created to increase controls around credit card data to reduce credit card fraud via its exposure.
If you want to sell online and accept payments from Visa, Mastercard, American Express or Discover credit cards, your software and hosting needs to be PCI compliant.
Shopify Meets All 6 Categories of PCI Standards
This compliance extends to all online stores powered by Shopify
1. Maintain a secure connection
2. Maintain a vulnerability management program
3. Regularly monitor and test networks
4. Protect cardholder data
5. Implement strong access control measures
6. Maintain an information security policy
Is Shopify PCI Compliant?
Yes, Shopify is certified Level 1 PCI DSS compliant. This compliance extends to all online stores powered by Shopify.
We are very serious about securely hosting your online store and have invested significant time and money to certify our solution is PCI compliant. From annual on-site assessments validating compliance to continuous risk management, we work really hard to ensure our shopping cart software and ecommerce hosting is secure.
For additional information on PCI Compliance, visit the PCI Compliance Guide website.