How we handle payments
We use Square (Square AU Pty. Ltd. – ABN 38 167 106 176, which holds Australian Financial Services Licence Number: 513929, globally: Squareup Pte. Ltd.) as our primary payment processor. Square is “a payment facilitator that allows you to accept Cards from customers for the payment for goods and services“. We use Square for handling payments and transactions occurring in-person, and online (such as via our website or from an invoice issued to you). Payments made through Square will be done through Square’s secure payment pages, from ‘Pay via Square’ buttons, or official Square apps, terminals / Point of Sale (POS) systems, and equipment.
We may also use PayPal (PayPal Australia Pty Limited – ABN 93 111 195 389, which holds Australian Financial Services Licence Number: 304962, globally: PayPal, Inc.) as an alternative payment processing platform for online and in-person payments. Payments made through PayPal will be done through PayPal’s secure payment pages, from ‘Pay via PayPal’ buttons, or official PayPal apps, terminals, and equipment.
You can view PayPal’s full range of Legal Agreements and Policies here
Note that Complete Digital Advantage is not responsible for the handling of payments or payment information on any of our clients’ websites. Our clients may add their own payment services and options. You should check how your payment information will be handled and what payment processing services are used before conducting a transaction on any website. As a general guide, websites using Square, Stripe, or PayPal are more trustworthy as these are well-known and commonly used payment processing platforms. Before making a payment, you should ensure you are visiting a secure payment page that starts with HTTPS://, has a padlock icon next to the URL in the address bar, and the URL is for a well-known payment processing platform (again, Square, PayPal, Stripe, etc). If you are unsure, you may wish to contact the website owner. We advise all our clients use widely-known payment processing platforms and use the appropriate methods to setup secure connections to payment processing services.
How we store and secure your information
Local storage – All information collected is securely stored and encrypted on a limited number of authorised devices protected by multi-level secure storage methods. Authorised users must enter several different security keys and passwords to access and decrypt business information. All drives, disks, and removal media must meet our strict internal secure record-keeping and encryption requirements in order to hold or move business information and data. We also use two-factor and multi-factor authentication on our devices and internally-used services.
Travel – Devices are secured with multi-level protection similar to the process listed above for local storage. Additionally for certain travel, we use Faraday Bags to protect business equipment (such as hard drives, phones, laptops, and other devices) from remote attacks, block all signals, secure data from remote access, and various other security risks. This same type of equipment protection is used by UK Police, Intelligence and Government Agencies, and the Military around the world. We take security seriously.
Reporting a security breach on your website
If your website is managed or hosted with us, you must immediately report any security breaches, suspected or attempted security breaches, or unauthorised logins or access made on your website. Contact firstname.lastname@example.org to report security breaches or unauthorised access to your website. We will investigate security issues and provide recommendations after our investigation. Note that you are responsible for ensuring you have a secure password for your website access and should keep it in a secure location. We do not recommend using the same password used anywhere else, and your password should not be something obvious like your name, date of birth, or children/pets’ names.
You can check if your current email or password has been involved in a previous data breach from other services and platforms around the world (such as email accounts, game profiles, social media accounts, etc) here:
Check an email: https://haveibeenpwned.com/
Check a password: https://haveibeenpwned.com/Passwords
Additionally, we advise you review and keep a list of people who have access to your site and the type of access they have. If you wish to add, remove, or change the type of access someone has to your website (and you are unsure how to do it yourself or do not have access, contact us at email@example.com). Note that website access requests will only be granted or implemented if the request comes from an authorised person (these people usually have signed our website agreement and have been listed down as persons to have access or be an authorised person for dealings with us).