Security and Privacy
As a responsible organisation, we comply with the Data Protection Act 1998 ('Act'). We are registered under the Act with registration number 210031
Collecting Personal Information
We do not collect any personal information about you on our Website unless you choose to provide it to us voluntarily. If you register and confirm an order with us, we hold certain information to be able to process your order. Personal information is unique to you and will include your name, delivery address, credit/debit card number and expiration date, billing address, e-mail address, telephone number, etc. We also hold details of your transactions with us to ensure that we can answer any query you have with us.
Sometimes we will supply your name, address and contact details to a partner company to deliver the product you have ordered. Your information will not be used for any other purpose than confirming and delivering your order.
Any information we collect is stored and processed in the UK. Your personal information is not sold to or shared with third parties or used in any other way (other than described in this policy or as required by law) unless you agree.
You have the right to ask us not to contact you for marketing purposes. If do not wish to receive marketing information from us you have the option of ‘opting out’. We will not send you any marketing messages unless you have provided consent.
We want our website to be as user friendly as possible. To help us understand how well the website is working, and how we can improve it, we use third-party analytics tools such as Google Analytics.
Analytics tools help us collect information about how people in general use our websites. For instance, it helps us monitor how many people visit each page, how long people stay on each page, which search engines people use to find our website and which links are clicked on.
I CAN uses Sage Pay as our payment gateway for card processing and they are a fully approved Level 1 payment services provider, which is the highest level of PCI compliance
All transaction information passed between I CAN and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to our servers from Sage Pay are signed using MD5 hashing to prevent tampering. Nothing we pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Encryption and Data Storage
Once on their systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data they hold is extremely secure and they are regularly audited by the banks and banking authorities to ensure it remains so.
Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.
Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. They are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.