Terms and Conditions for Secure Card Data Transmission via Password.link for Refunds

1. Secure Data Transmission
   We use Password.link, a client-side encrypted, one-time link service, to securely collect your payment card information when processing refunds. Password.link employs industry-standard AES-256-GCM encryption to ensure your data is encrypted within your browser before transmission. This means that only authorised recipients can decrypt your data, and it is never stored unencrypted on any server.
   
   
2. Data Privacy and Access
   Only authorised personnel with strict access controls will handle your card data for refund processing. We do not store or retain your card information on our computers or systems at any time. Card data submitted for refund processing is deleted immediately after use, in accordance with PCI DSS guidelines to safeguard your information.
   
   
3. Customer Responsibility
   You acknowledge and agree to provide your card details only through the secure Password.link one-time link provided by us. You understand that this method is used to maintain PCI DSS compliance and protect your sensitive data.
   
   
4. PCI DSS Compliance Commitment
   Our business follows PCI DSS requirements to safeguard cardholder data. Using Password.link is part of our secure data handling measures designed to minimise risk, though no method can guarantee 100% security.
   
   
5. Risk Acknowledgement
   While we have implemented strong security measures and follow PCI DSS guidance to minimise risk, no transmission method is completely risk-free. By accepting this refund process, you acknowledge and accept that some risk remains in the handling and transmission of your cardholder data.
   
   
6. Additional Information
   For details on Password.link’s security technology, privacy policy, and GDPR compliance, please visit their official pages:
   Terms of Service: https://password.link/en/terms
   Privacy Policy: https://password.link/en/p/privacy
   GDPR Compliance: https://password.link/en/p/gdpr
   
   
7. Limitations and Disclaimers
   Refunds processed using this method are subject to the limitations of the payment processing and card network rules. We cannot accept responsibility for unauthorised disclosures caused by factors beyond our direct control, including endpoint security failures.
   
   
8. Security Measures
   We maintain internal policies and controls to comply with PCI DSS, including employee training, secure access, and audit logging related to refund transactions.
   
   
9. Customer Support and Queries
   For questions about this refund process or security practices, customers may contact our support team(bookings@brilliantrentals.co.nz).