Privacy and Security Policy
Protecting Your Rights
Respecting Your Privacy
Our privacy and security policy is based on a single principle and that is: Respect for your privacy.
This policy sets out:
- What information we collect
- Why we collect it
- How we process it.
- How we protect it
- Who has access to it
- For what purpose
We are committed to ensuring that all information is secured in order to prevent any unauthorised access or disclosure; we have put in place many physical, electronic and managerial procedures to safeguard and secure the information we collect online. This policy describes just some of the safeguards we employ.
It is our policy to collect as little personal information as is possible to complete our business function.
It is our policy not to share your personal information with anyone outside of CormacTagging or the DAFM (see Auditing).
At all times we aim to put you in control of what information we hold about you (if any); most of which you can change or delete at any time from this website.
When You Register
We require the following information:
- First and Last name
- Your Email Address
- A secure password
- Your ICBF contribution preferences
The above information is used to create an exclusive online account and to allow you to set your initial ICBF preference.
With the exception of your Email Address, you can change this information via the MyAccount page.
Your Marketing Preferences
- You should note that you are opted-in by default to the all preferences when you first join CormacTagging.
- You can change your preferences at any time from: Notifications
When You Order Goods or Services
We require the following information, and only if applicable to a specific order item:
- First and Last name or Business Name or both
- Herd Number(s)
- Replacement Tag Number(s)
- Delivery Address
- Invoice Address (if different from Delivery Address)
- Land line or Mobile phone number or both
- Expected Calving and Lambing dates
- The Goods or Services ordered (Products)
- Customisation details e.g. Custom Text printed on Tags or Colours
- Payment Information (see below)
Your herd number is used to obtain the registered delivery address from the DAFM AIM system for specific products that are regulated by the DAFM.
When you require replacement tags, these tag number are sent to the DAFM AIM system to ensure they are correct and to keep the AIM system updated.
How We Process Data
The above information is used to generate invoices (or proforma invoices depending on payment methods), delivery notes, packaging labels or to contact you in relation to the specific order you have placed.
We also use this information to notify you about the status and progress of your order via email or SMS depending on your personal preferences which can be changed any time from: Notifications
Your Payment Information
We never store your credit card details.
When you input any payment information even when it is not credit card details;
We encrypt and digitally sign this information using a server encryption key combined with some of your login credentials.
We then send that encrypted and digitally signed packet back to you to store in your local HTML 5 storage (also known as localStorage).
When you wish to make a payment, we request that encrypted and digitally signed packet from your browser, which we then decrypt; the resulting information (if valid) is used to automatically fill in the payment form for you;
When you initiate a credit card payment, we send your card details directly (via HTTPS) to the card payment provider.
Some of the security advantages of our approach are:
Should someone gain unauthorized access to your account in our system (e.g. they guess your password), there are no credit card details available to steal because we do not store them.
If you change your password, the packet stored on your computer can never be decrypted by us or you and becomes useless and will be deleted when an attempt to use it is made.
Should someone steal the encrypted packet from your computer, it cannot be decrypted.
Should we change our server keys, every users credit card details will become remotely inaccessible and thus protected forever.
Because we do not store payment information, it is not possible for us to charge your credit card without your permission.
Staff and Employees never see your details unless you tell them over the phone (which is a valid payment option available to you).
You can view your local storage and its contents from: Your Local Storage, from this page you can also delete items stored in your local storage and even disable our use of it altogether.
CormacTagging is PCI compliant.
Your Address Information
We use the same method and technology to store your address information as described above, and as such that information is afforded the same level of protection as your payment information.
Information We Store
- All information we store is visible under My Account
- You can view, change or delete all information except invoices for completed or cancelled (and refunded) orders.
- All address and contact information within our databases is encrypted at rest.
- We do not store invoices or PDF files containing contact information, instead these are generated “on-the-fly” from our encrypted database as required.
- Database records used to generate invoices are kept for 7 years for fiscal purposes, both yours and ours.
- All our database backups are encrypted at source; backups periodically are destroyed by deletion of their encrypted keys.
- CormacTagging is licensed by DAFM and as such can be audited at any time to ensure our records are correct and up to date.
- It is critical to the security of the AIM tractability system that tags are recorded and delivered to the correct herd owner at their registered address; it is for this reason that DAFM provide us with the exact delivery address and contact details for all DAFM regulated tags or replacement tags.
- When you purchase Cattle tags that are regulated by the DAFM you are required to agree to allow DAFM to share your herd data with the ICBF for use in the statutory BVD eradication scheme. You must agree to this for each applicable order as part of our terms and conditions irrespective of whether you have opted in or out of the ICBF contribution.
- Please note that CormacTagging only record the fact that you agree to this transfer of information between DAFM and ICBF.
- While DAFM have access to who specifically is opted-in or out and when for each specific order and specifically for auditing purposes only, it is our understanding from DAFM that an individuals choice will never be disclosed by DAFM to ICBF; however, summary information (e.g. totals opted-in/opted-out and trends, etc.) will be made available.
- CormacTagging provide ICBF the total numbers of tags supplied for any given period, which include the total numbers of ICBF orders/tags opted-in and opted-out and trends i.e. no personal information are disclosed.
- DAFM may independently verify our records at any time and in real-time.
- Because we allow orders to be cancelled (even after payment), we do not update our ICBF records until the goods have been dispatched as stated on the invoice.
For general, analytical, operational, security, fraud detection & prevention and performance purposes we may record or monitor any and all traffic to and from our website, servers or networks which may or may not include any or all of the following information:
- Domain name used to access this site
- IP addresses
- Date and time requests
- URLs of requests
- User Agent string transmitted with the request
- Referring websites
- Any other TCP, UDP, ICMP or other protocol information
Links To Other Websites
- As a matter of our security policy www.cormactagging.ie and cormactagging.ie do not provide any links to external websites or services.
- We do not use third party analytical services or tracking services.
- All content is served directly from our own servers including video content.
- We do not use any Adobe flash technology; this means if your browser does not support HTML5, you will not be able to view our videos.
- All content is served in a secure manner as described below.
Secure Socket Layer
- We use strong encryption (RSA 4096 bits (SHA256 with RSA), using the latest SSL technology for all traffic to/from our services.
- All CormacTagging website domains use Strict Transport Security and are enrolled in the Strict Transport Security preload list, which means when access this website using Chrome, Firefox, Opera, Safari, IE 11 and Edge, the browser will automatically switch HTTP to HTTPS, even if you have never accessed our website before.
- CormacTagging has been enrolled in the Strict Transport Security preload list since about April 2016.
- In addition, whenever we email you, we always attempt end-to-end Opportunistic Encryption. This of course only works if your email provider/server also supports this technology.
- Our rating on SSLLabs.com is A+
Movement of Data
It is not our intention at this time to hold or move data outside the EU, we reserve the right to move (without notice) data anywhere in the world if we feel we can better protect that data in a different location.
We may update this policy (as indicated by the version number at the top of the page) with or without notice.