What information do we collect?
We collect information from you when you place an order or subscribe to our newsletter.
When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number or credit card information.
What do we use your information for?
Any of the information we collect from you may be used in one of the following ways:
- To improve customer service
(your information helps us to more effectively respond to your customer service requests and support needs)
- To process transactions
Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
- To administer a contest, promotion, survey or other site feature
- To send periodic emails
The email address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news, updates, related product or service information, etc.
How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.
We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to?keep the information confidential.
After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.
Do we disclose any information to outside parties?
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
California Online Privacy Protection Act Compliance
Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.
Childrens Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
202 South Elgin Street
Tulsa, OK 74120
The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC and the Japan Credit Bureau (JCB). VISA and Mastercard now require all merchants to adhere to the PCI security standard. Our compliance with PCI standards is certified by a certified PCI compliance services provider.
In order to maintain PCI Compliance certification, all publicly accessible internet devices and any associated domain(s) hosted on them must have been audited within the past 3 months, and all vulnerabilities categorized as Urgent, Critical, or High severity (Level 3 or greater) must have been corrected within 72 hours of their discovery.
Our sites are tested with industry-standard PCI Compliance remote vulnerability testing, and are tested at least every 90 days to pass all external vulnerability audit recommendations of the Department of Homeland Security's National Infrastructure Protection Center (NIPC), the SANS/FBI Top 20 Internet Security Vulnerabilities list, as well as the vulnerability audit requirements of Visa's CISP and AIS, MasterCard's SDP, American Express' DSS and Discover Card's DISC security standards.
SSL Data Encryption
McNellie's Group uses Secure Socket Layer (SSL) technology for mutual authentication, data encryption and data integrity. SSL is the industry standard security protocol to encode sensitive information, such as your credit card number. SSL creates a shared digital key, which only lets the sender and the receiver of the transmission scramble or unscramble information.
Local Data and Physical Redundancy
McNellie's Group customer data is backed up locally to two different redundant backup servers nightly. We maintain redundant web and database servers, fully configured with all software and data, so the in the unlikely event of a failure of any of the main servers, the back up servers will be available, pre-loaded with the most recent production data and software.
Data Security Compliance Statement
McNellie's Group products and services meet the physical and technical standards, and provide all necessary controls for our customers to maintain their administrative security compliance standards. Specifically, McNellie's Group agrees to: Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected financial information that it creates, receives, maintains, or transmits on behalf of our customers. In summary, McNellie's Group has implemented reasonable and appropriate safeguards to protect our customers financial and business information. Furthermore, McNellie's Group agrees to report to our customers any security incident of which it becomes aware, and will authorize the termination of any customer contract in the case of any material breach of this compliance statement.