At FareHarbor our mission is to help you manage and grow your business with best-in-class reservation and logistics tools. We value security and privacy as one of our most important responsibilities when it comes to achieving that mission. Each section below discusses our approach to meeting or exceeding compliance requirements with regards to your business’ data and security.
GDPR is the new data & privacy standard in the European Union (EU) governing the protection of EU residents. If you only collect data via FareHarbor, then you’re already in compliance. This includes, but is not limited to offering your users:
The right to be informed.
Data access, portability, rectification and erasure.
After booking, your customers can request their stored data to be provided and, if need be, deleted. If you submit a form through FareHarbor.com, you can similarly request that your stored data be provided and, if need be, deleted. Data requests can be made via our Data Request Form.
All data requests are reviewed by security and authenticated to ensure the request was submitted by EU citizens. Data is deleted within 30 days for authenticated requests. Once removed, notifications are sent to both the company and customer to confirm the data removal is complete. Deleted contact information, such as the customer’s name, email, and phone number, will appear as [Removed] inside of FareHarbor.
Certified International Data Transfers.
FareHarbor complies with international data protection requirements like the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework for any data captured in the European Economic Area.
Every business involved in processing, storing, or transmitting credit card data must adhere to the Payment Card Industry Data Security Standards. At FareHarbor, we take payment card security extremely seriously. FareHarbor has always been PCI compliant and that extends to all payments processed via our systems. In addition, no cardholder data is stored by FareHarbor. All payments collected through FareHarbor are processed by Stripe, a PCI Level 1-certified service provider backed by both Visa and American Express.
FareHarbor reports yearly on a PCI SAQ-D (the most stringent way to report PCI compliance). These requirements include, but are not limited to:
- Undergoing quarterly security scans by a PCI Approved Scanning Vendor and constantly monitoring for vulnerabilities.
- Adhering to rigorous industry standards regarding data encryption and storage. All data is encrypted in transit using TLS1.1 or greater.
- Equipping our systems with best-in-class security tools like intrusion detection and file integrity monitoring along with isolating our networks from the internet.
- Training our engineers and employees about all modern best practices regarding cybersecurity.
Your Business’s PCI Compliance
Every business that’s involved with the processing of credit cards must comply with the PCI DSS requirements, though many of them will be satisfied solely because you use FareHarbor. However, your bank may still require certification that you are adhering to the PCI security standard. If FareHarbor is your sole point of sale system and you don’t accept EMV payments, this can usually be done easily by completing a PCI SAQ-A and providing that document to your bank.
If you accept EMV payments and/or FareHarbor is not your primary point of sale, you may need to report on different guidelines. Please reach out to email@example.com to schedule a PCI discovery session or with any PCI compliance questions.
Organizational Security & Infrastructure
All FareHarbor employees are trained about the importance of privacy and security and must adhere to an inflexible, comprehensive internal security and data use policy.
FareHarbor runs in Amazon Web Services’ highly secure data centers. The FareHarbor application runs inside a Virtual Private Cloud, with individual hosts protected by firewalls configured with the most stringent rules. All communication with FareHarbor is protected at the network level using industrial-strength, secure protocols. A secured architecture, internal best practices, and third-party audits are all important components of our security program.
If you have any questions about this information or would like to request access to your personal data, please contact us at firstname.lastname@example.org.