Website Security Policy

  1. Summary

This Security Policy outlines the security measures and procedures implemented by Invidia Exhausts Australia, an Australian-based E-Commerce website, to safeguard customer data, protect against cyber threats, and ensure compliance with relevant Australian laws and regulations.

  1. Security Objectives

2.1. Data Protection

We are committed to protecting the confidentiality, integrity, and availability of customer data. All data, including personal and financial information, will be handled with the utmost care and not used to market outside of the Invidia Exhausts Australia business ethics.

2.2. Compliance

Invidia Exhausts Australia will adhere to all applicable Australian laws and regulations related to data protection, privacy, and cybersecurity, including but not limited to the Privacy Act 1988 and the Australian Cyber Security Centre (ACSC) guidelines.

2.3. Incident Response

In the event of a security incident or data breach, Invidia Exhausts Australia will respond promptly and effectively to mitigate harm and comply with mandatory reporting requirements.

  1. Access Control

3.1. Authentication

Strong password policies will be enforced for all user accounts.

Multi-factor authentication (MFA) will be implemented for privileged accounts.

3.2. User Access

Access to systems and data will be granted based on the principle of least privilege.

Regular access reviews and account deprovisioning will be conducted.

  1. Data Security

4.1. Encryption

Sensitive data in transit will be encrypted using industry-standard protocols (e.g., HTTPS).

Sensitive data at rest will be stored in encrypted form.

4.2. Data Retention

Customer data will only be retained for the minimum period required by law and business needs.

Customer consent will be obtained for any data processing activities.

4.3. Secure Payment Processing

Payment card data will be processed in compliance with the Payment Card Industry Data Security Standard (PCI DSS).

Third-party payment processors will be used to handle payment transactions securely. We do not store credit card information, we securely submit credit card information to our bank for processing. 

4.4 Afterpay Terms of Use 

4.5 Zipmoney Terms of Use 

  1. Network Security

5.1. Firewall and Intrusion Detection

Firewalls and intrusion detection systems will be employed to protect against unauthorised access and attacks.

5.2. Regular Scanning and Penetration Testing

Periodic vulnerability scans and penetration tests will be conducted to identify and address potential weaknesses.

  1. Employee Training and Awareness

6.1. Security Training

All Invidia Exhaust employees will receive security awareness training to recognise and report security threats.

6.2. Incident Reporting

Invidia Exhaust employees will be encouraged to report security incidents promptly through established reporting channels.

  1. Incident Response

7.1. Incident Handling

A well-defined incident response plan will be maintained and executed in case of a security incident.

7.2. Data Breach Notification

In compliance with Australian law, customers and authorities will be notified of any data breaches as required.

  1. Continuous Improvement

8.1. Security Review

Regular record keeping and audits will be conducted to identify areas for improvement.

8.2. Policy Updates

This security policy will be reviewed and updated periodically to reflect changes in the threat landscape, technology, and regulations.

  1. Enforcement

Violations of this security policy may result in disciplinary actions, up to and including termination of employment or legal action.

  1. Contact Information

If you have any security-related questions or concerns, please contact:

Invidia Exhaust