How We Handle Your Financial Information

Purpose

The purpose of this document is to clearly communicate to you how the Royal Agricultural Society of NSW (RAS), on behalf of the Australasian Animal Registry (AAR), collects, holds, uses and disposes of financial information provided in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). The RAS complies with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (“Privacy Act”).

Process

  1. Fee Structure: The AAR imposes varying fees on the total GST inclusive sales value of its products, depending on the specific transaction requested. This fee covers transaction costs and the ongoing maintenance of the database.
  2. Handling of Credit Card Information: Applications containing customer credit card information (credit card number, expiry date, and CVC number) are securely held, regardless of whether they are received via mail, fax, phone or email.
  3. Data Deletion: After processing the credit card details, all evidence of the credit card information is deleted for online applications or disposed of securely for physical applications.
  4. Data Sharing and Deletion: Credit card data collected for AAR applications is not shared with any third party and must be deleted as soon as practicable after the transaction has been finalised.

For physical applications made to the AAR containing customer credit card information, the following security measures are in place to ensure compliance with the Payment Card Industry Data Security Standard (PCI-DSS):

  1. Secure Storage: Physical applications containing credit card information are securely held in a safe prior to processing. This ensures that the information is protected from unauthorised third-party access.
  2. Restricted Access: Access to the stored credit card information is restricted to authorised personnel only. This minimises the risk of unauthorised access and potential data breaches.
  3. Data Deletion: Once the credit card details have been processed, all evidence of the credit card information is securely disposed of. This includes shredding physical documents to ensure that the information cannot be reconstructed.
  4. Compliance with PCI-DSS: The organisation adheres to the guidelines set by the PCI Security Standards Council, which include preventative measures to restrict physical access to cardholder data and the requirement to destroy the data once it is no longer needed.

The measures outlined within this document assist with ensuring all customer credit card information which is provided to the RAS on behalf of the AAR, is handled securely and in compliance with industry standards.

This document ensures that customer financial information is handled securely and in compliance with Australian privacy regulations.

Please refer to our Privacy Policy for further information on how your information is being stored and handled, which can be found at https://www.rasnsw.com.au/privacy-policy/.