INFORMATION SECURITY POLICY

Last updated: 2-20-2015

Overview

This policy is intended to relay the importance of security and protecting cardholder data.

Purpose

  • To establish the Blue Dock Media’s policy for the secure handling of sensitive card holder data including but not limited to magnetic strip data, Cardholder name, Primary Account Numbers (PAN’s), expiration date, and service code
  • To establish the policies and procedures to manage the relationship(s) with Service Providers.

Scope

This policy applies to all employees and systems of Blue Dock Media


Policies to Restrict Physical Access to Cardholder Data

The importance of protecting cardholder data is paramount. Allowing data theft or destruction, inadvertently sharing confidential information, infecting system networks with viruses, misuse of company resources, allowing the theft of company property, and allowing the compromise of private or confidential company or client information are all very real examples of what might result from a security compromise.

  1. All paper that contains cardholder data is to be identified and physically secured in a locked drawer. No electronic cardholder data will ever be stored.
  2. Strict control is to be maintained over the internal or external distribution of any kind of media that contains cardholder data
    - Media is classified and clearly marked as confidential
    - Media is sent by secured courier or other delivery method that can be accurately tracked
  3. Management approval is to be obtained prior to moving any and all media containing cardholder data from a secured area.
  4. Strict control must be maintained over the storage and accessibility of media that contains cardholder data. Only senior management, or their designators, will have access to media containing cardholder data.
  5. Media containing cardholder data is to be destroyed when it is no longer needed for business or legal reasons.
    - Paper materials are to be shredded, incinerated, or pulped so that cardholder data cannot be reconstructed.
    - The general rule is that media containing cardholder date will be destroyed when over 180 days old. Exceptions to the rule must be approved by senior management.


Policies that Address Information Security for Contractors and Service Providers

  1. A list of Service Providers must be maintained. This list will be updated and reviewed by senior management when necessary but at least every 180 days.
  2. A written Agreement that includes an acknowledgement that the service providers are responsible for the security of cardholder data the service provider possess is required from each service provider.
  3. Due diligence is to be performed prior to the engagement of Service Providers. Procedures performed will include when possible:
    - A visit to the Service Providers physical offices to discuss security practices and procedure with their management and staff.
    - A written statement acknowledging their responsibilities to securely process, handle and transmit cardholder data.
    - Written proof that the Service Provider is PCI compliant.
    - Request reliable industry references.
  4. A program is to be maintained to monitor Service Providers’ PCI DSS compliance status. On an annual basis a request for a new compliance certificate will be requested.

 
top >>

ACCEPTABLE USE POLICY

Last updated: 1-1-2013

You are independently responsible for complying with all applicable laws in all of your actions related to your use of Blue Dock Media services, regardless of the purpose of the use. In addition, you must adhere to the terms of this Acceptable Use Policy (AUP).


Prohibited Activities

You may not use any Blue Dock Media services for activities that:

  1. violate any law, statute, ordinance or regulation.
  2. relate to transactions involving (a) narcotics, steroids, certain controlled substances or other products that present a risk to consumer safety, (b) drug paraphernalia, (c) items that encourage, promote, facilitate or instruct others to engage in illegal activity, (d) stolen goods including digital and virtual goods (e) items that promote hate, violence, racial intolerance, or the financial exploitation of a crime, (f) items that are considered obscene, (g) items that infringe or violate any copyright, trademark, right of publicity or privacy or any other proprietary right under the laws of any jurisdiction, (h) certain sexually oriented materials or services, (i) ammunition, firearms, or certain firearm parts or accessories, or (j) ,certain weapons or knives regulated under applicable law.
  3. relate to transactions that (a) show the personal information of third parties in violation of applicable law, (b) support pyramid or ponzi schemes, matrix programs, other "get rich quick" schemes or certain multi-level marketing programs, (c) are associated with purchases of annuities or lottery contracts, lay-away systems, off-shore banking or transactions to finance or refinance debts funded by a credit card, (d) are for the sale of certain items before the seller has control or possession of the item, (e) are by payment processors to collect payments on behalf of merchants, (f), are associated with the sale of traveler's checks or money orders, (h) involve currency exchanges or check cashing businesses, or (i) involve certain credit repair, debt settlement services, credit transactions or insurance activities.
  4. involve the sales of products or services identified by government agencies to have a high likelihood of being fraudulent.
  5. violate applicable laws or industry regulations regarding the sale of (a) tobacco products, or (b) prescription drugs and devices.
  6. involve gambling, gaming and/or any other activity with an entry fee and a prize, including, but not limited to casino games, sports betting, horse or greyhound racing, lottery tickets, other ventures that facilitate gambling, games of skill (whether or not it is legally defined as a lottery) and sweepstakes unless the operator has obtained prior approval from Blue Dock Media and the operator and customers are located exclusively in jurisdictions where such activities are permitted by law.


Activities Requiring Approval

  1. Airlines and scheduled or non-scheduled charters/jets/air taxi operators; collecting donations as a charity or non-profit organization; dealing in jewels, precious metals and stones; acting as a money transmitter or selling stored value cards; selling stocks, bonds, securities, options, futures (forex) or an investment interest in any entity or property; or providing escrow services.
  2. Offering online dating services; providing file sharing services or access to newsgroups; or selling alcoholic beverages.

Please send contact information, business website URL and brief business summary to Blue Dock Media's AUP Compliance Department at for approval.


    Violations of this Acceptable Use Policy

    We encourage you to report violations of this AUP to Blue Dock Media immediately. If you have a question about whether a type of transaction may violate this AUP or would like to report a violation to this AUP, please email Blue Dock Media's AUP Compliance Department at .


    Modifications to this Acceptable Use Policy

    We reserve the right to modify, change or update this AUP at any time without notice.

       
      top >>

      PAYMENTS POLICY

      Last updated: 5-28-2019


      MONTHLY PAYMENTS

      All monthly payments are due on the 1st or the 15th of each month based on when your site goes live. We automatically bill you via checking account (Automated Check/ACH Draft) or credit card.


      MISSED PAYMENTS

      We understand that sometimes things happen out of our control. We accommodate this by allowing 1 declined automatic payment per calendar year without penalty. After 1 declined payment, each additional declined payment incurs a $10 processing fee.

      If you have extenuating circumstances, we will review each declined payment and determine, on a case-by-case basis, if further processing fees can be waived.


      INITIAL DEVELOPMENT FEES

      Due to the nature of our services, we do not provide refunds after the work has been initiated for website and mobile app development. Generally, you have 3-5 business days before this happens in which case, we would gladly return your initial payment in full, minus any funds that were already used; ie: Domain Name Purchase.


      SUSPENSION OF SERVICES

      You have a 30-day period before your services are suspended. If your payment is not received within 30 days from the date of your declined automatic payment, your services will be suspended until payment is made.

       
      top >>

      PRIVACY POLICY

      Last updated: 3-14-2017

      This privacy policy has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

      What personal information do we collect from the people that visit our blog, website or app?

      When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, phone number or other details to help you with your experience.

      When do we collect information?

      We collect information from you when you fill out a form or enter information on our site.

      How do we use your information?

      We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

      • To allow us to better service you in responding to your customer service requests.

      How do we protect your information?

      Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.

      We use regular Malware Scanning.

      Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.

      We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.

      All transactions are processed through a gateway provider and are not stored or processed on our servers.

      Do we use 'cookies'?

      We do not use cookies for tracking purposes.

      You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.

      If you turn cookies off, Some of the features that make your site experience more efficient may not function properly.that make your site experience more efficient and may not function properly.

      Third-party disclosure

      We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information.

      Third-party links

      We do not include or offer third-party products or services on our website.

      Google

      Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users. https://support.google.com/adwordspolicy/answer/1316548?hl=en

      We have not enabled Google AdSense on our site but we may do so in the future.

      California Online Privacy Protection Act

      CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at: http://consumercal.org/california-online-privacy-protection-act-caloppa/#sthash.0FdRbT51.dpuf

      According to CalOPPA, we agree to the following:

      Users can visit our site anonymously.

      Once this privacy policy is created, we will add a link to it in our main menu under 'About Us' and is accessible from any and all pages on this site.

      Our Privacy Policy link includes the word 'terms' and can easily be found on the page specified above.

      You will be notified of any Privacy Policy changes:

      • On our Privacy Policy Page

      Can change your personal information:

      • By logging in to your account

      How does our site handle Do Not Track signals?

      We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

      Does our site allow third-party behavioral tracking?

      It's also important to note that we do not allow third-party behavioral tracking

      COPPA (Children Online Privacy Protection Act)

      When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

      We do not specifically market to children under the age of 13 years old.

      Fair Information Practices

      The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

      In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

      We will notify the users via in-site notification

      • Within 7 business days

      We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

      CAN SPAM Act

      The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.

      We collect your email address in order to:

      • Send information, respond to inquiries, and/or other requests or questions

      To be in accordance with CANSPAM, we agree to the following:

      • Not use false or misleading subjects or email addresses.
      • Identify the message as an advertisement in some reasonable way.
      • Include the physical address of our business or site headquarters.
      • Monitor third-party email marketing services for compliance, if one is used.
      • Honor opt-out/unsubscribe requests quickly.
      • Allow users to unsubscribe by using the link at the bottom of each email.

      If at any time you would like to unsubscribe from receiving future emails, you can email us at

      • Follow the instructions at the bottom of each email and we will promptly remove you from ALL correspondence.

       
      top >>

      ACCESSIBILITY STATEMENT

      Last updated: 3-4-2020

      General

      Blue Dock Media strives to ensure that its services are accessible to people with disabilities. We have invested a significant amount of resources to help ensure that all of our client websites are made easier to use and more accessible for people with disabilities, with the strong belief that every person has the right to live with dignity, equality, comfort and independence.

      Accessibility on Blue Dock Media Websites

      We make available the UserWay Website Accessibility Widget that is powered by a dedicated accessibility server. The software allows us to improve our compliance with the Web Content Accessibility Guidelines (WCAG 2.1).

      Enabling the Accessibility Menu

      The accessibility menu can be enabled by clicking the accessibility menu icon that appears on the corner of the page. After triggering the accessibility menu, please wait a moment for the accessibility menu to load in its entirety.

      Disclaimer

      We continue our efforts to constantly improve the accessibility of our family of websites and services in the belief that it is our collective moral obligation to allow seamless, accessible and unhindered use also for those of us with disabilities.

      Despite our efforts to make all pages and content on all of our websites fully accessible, some content may not have yet been fully adapted to the strictest accessibility standards. This may be a result of not having found or identified the most appropriate technological solution.

      Here For You

      If you are experiencing difficulty with any content on a Blue Dock Media website or require assistance with any part of any of our sites, please contact us during normal business hours as detailed below and we will be happy to assist in any way we can.

       
      top >>

      CONTACT US

      If you have any questions regarding any of these terms of service, wish to report an accessibility issue or need assistance with any of our websites, please contact us using the information below so we may help you.

      Use Our Contact Page

      Shawn Wornica / Owner
      Phone: 716-438-2157

      Blue Dock Media
      120 Ferrell Ln
      Buena Vista, TN 38318

      Office Hours
      Monday - Friday | 8:00 AM to 5:00 PM (CST)