PCCABLES.COM INC -ONLINE PRIVACY STATEMENT
Revised 01/02/2024
PCCABLES.COM INC Data Collection
Data is collected, processed, stored, used, shared and disposed according to the following security requirements.2. Additional Security Requirements Specific to Personally Identifiable Information
The following additional Security Requirements must be met for Personally Identifiable Information ("PII"). PII is granted to Developers for select tax and merchant fulfilled shipping purposes, on a must-have basis. If an PCCABLES Services API contains PII, or PII is combined with non-PII, then the entire data store must comply with the following requirements:
2.1 Data Retention. Developers will retain PII for no longer than 30 days after order delivery and only for the purpose of, and as long as is necessary to (i) fulfill orders, (ii) calculate and remit taxes, (iii) produce tax invoices, or (iv) meet legal requirements, including tax or regulatory requirements. If a Developer is required by law to retain archival copies of PII for tax or other regulatory purposes, PII must be stored as a "cold" or offline encrypted backup (e.g., not available for immediate or interactive use).
2.2 Data Governance. Developers must create, document, and abide by a privacy and data handling policy for their Applications or services, which govern the appropriate conduct and technical controls to be applied in managing and protecting information assets. A record of data processing activities such as specific data fields and how they are collected, processed, stored, used, shared, and disposed for all PII should be maintained to establish accountability and compliance with regulations. Developers must establish a process to detect and comply with privacy and security laws and regulatory requirements applicable to their business and retain documented evidence of their compliance. Developers must establish and abide by their privacy policy for customer consent and data rights to access, rectify, erase, or stop sharing/processing their information where applicable or required by data privacy regulation.
2.3 Asset Management. Developers must keep inventory of software and physical assets (e.g. computers, mobile devices) with access to PII, and update quarterly. Physical assets that store, process, or otherwise handle PII must abide by all of the requirements set forth in this policy. Developers must not store PII in removable media, personal devices, or unsecured public cloud applications (e.g., public links made available through Google Drive) unless it is encrypted using at least AES-128 or RSA-2048 bit keys or higher. Developers must securely dispose of any printed documents containing PII.
2.4 Encryption at Rest. Developers must encrypt all PII at rest using at least AES-128 or RSA with 2048-bit key size or higher. The cryptographic materials (e.g., encryption/decryption keys) and cryptographic capabilities (e.g. daemons implementing virtual Trusted Platform Modules and providing encryption/decryption APIs) used for encryption of PII at rest must be only accessible to the Developer's processes and services.
2.5 Secure Coding Practices. Developers must not hardcode sensitive credentials in their code, including encryption keys, secret access keys, or passwords. Sensitive credentials must not be exposed in public code repositories. Developers must maintain separate test and production environments.
2.6 Logging and Monitoring. Developers must gather logs to detect security-related events to their Applications and systems including success or failure of the event, date and time, access attempts, data changes, and system errors. Developers must implement this logging mechanism on all channels (e.g., service APIs, storage-layer APIs, administrative dashboards) providing access to Information. All logs must have access controls to prevent any unauthorized access and tampering throughout their lifecycle. Logs must not contain PII unless the PII is necessary to meet legal requirements, including tax or regulatory requirements. Logs must be retained for at least 90 days for reference in the case of a Security Incident. Developers must build mechanisms to monitor the logs and all system activities to trigger investigative alarms on suspicious actions (e.g., multiple unauthorized calls, unexpected request rate and data retrieval volume, and access to canary data records). Developers must implement monitoring alarms to detect if Information is extracted from its protected boundaries. Developers should perform investigation when monitoring alarms are triggered, and this should be documented in the Developer's Incident Response Plan.
2.7 Vulnerability Management. Developers must create and maintain a plan and/or runbook to detect and remediate vulnerabilities. Developers must protect physical hardware containing PII from technical vulnerabilities by performing vulnerability scans and remediating appropriately. Developers must conduct vulnerability scanning or penetration tests at least every 180 days and scan code for vulnerabilities prior to each release. Furthermore, Developers must control changes to the storage hardware by testing, verifying changes, approving changes, and restricting access to who may perform those actions.
End of PCCABLES.COM INC Data Collection Section
We request private information so that we can fill any needs that a customer might request.
Usually the information requested is for Ordering information:
For example, we request information from you when you:
* Sign up for PC Connections Club at PCCABLES.COM
* Place an order
* Provide online survey information
* Participate in a sweepstakes or other promotional offer
* Request e-mail information of a product be sent to a customer
* Subscribe to our a mailing list
In each of the instances above, we may ask for your name, e-mail address, phone number, address, type of business, customer preference information, customer number and order ID number, as well as other similar personal information that is needed to complete your order.
If you feel that we are out of line with our request please feel free not to include the information on your order. PCCables.com only uses your personal information for specific purposes
The information you provide will be kept confidential and used to support your customer relationship. You can opt-out of receiving further marketing info from PCCables.com at any time
We will send you information about our various products and services, or other products and services we feel may be of interest to you. PCCables.com Inc will NOT disclose your personal information to any outside organization for its use in marketing
Information regarding you (such as name, address and phone number) or your order and the products you purchase will not be given or sold to any outside organization for its use in marketing or solicitation.
PCCables.com Inc wants to help you keep your personal information accurate
You can request all information that PCCables.com Inc has collected about you via the Internet at privacy@pccables.com.
You can request all information that PCCables.com Inc has collected about you be removed from our System at privacy@pccables.com.
Internet Commerce
The online store at pccables.com is designed to give you the most security possible using up to 1024 bit SSL for options concerning the privacy of your credit card information, name, address, e-mail and any other information you provide us.
Final Note on Privacy
Third party Internet sites and services accessible through pccables.com have their own privacy and data collection practices.PcCables.com Inc. has no responsibility or liability for these independent policies or actions.
You are solely responsible for maintaining the secrecy of your passwords or any account information.
Please be careful and responsible whenever you're online.
If you post personal information online that is accessible to the public, you may receive unsolicited messages from other parties in return.
While we strive to protect your personal information, PC Cables cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk.