ashely-logo

PRIVACY STATEMENT

ELITE REWARDS PRIVACY STATEMENT

Site Security Features

Elite Rewards (ER) realizes how important security is to our clients and to their participants, so we’ve taken a number of steps to enhance the protection of personal or confidential information sent to or from ER or in accessing information resident at ER. This includes username, password, and any debit card information. First, we require unique usernames and password establishment that are not easily determined by someone other than the intended participant. This requirement protects personal information and access to personal earnings that are available for redemption.

SSL Technology

ER requires that a “secure session” is established, using Secure Socket Layer (SSL) technology. This is done anytime a participant supplies ER with personal or confidential information in one of the secure areas of a website.

SSL technology creates a private conversation that only the participant’s computer and ER can understand. The SSL technology encodes information as it is being sent over the Internet between the participant’s computer and ER’s system helping to ensure that the transmitted information remains confidential.

The use of SSL requires two components: and SSL-compatible browser and a Web server to perform “key-exchange” that establishes a secure connection to ER web servers.

Social Security Number (SSN)

Social security number (SSN) is used for tax paying

Browser Compliance

Participants and client will need a browser with SSL capabilities. Examples of SSL browsers include, Microsoft’s Internet Explorer, Firefox, Chrome and Safari. If a participant does not have a browser with SSL capabilities, the participant can download an SSL browser from the above mentioned SSL browser list and will be required in order to securely access personal or confidential information via the Internet. ER codes sites to current browser version minus 1. ER recommends the use of the latest browser versions available. Accessing secure online areas requires SSL capable browsers due to security concerns.

ISP Compliance

Nearly all Internet Service Providers (ISPs) automatically enable the SSL session described above. If a participant or a client contact uses their company's internal connection to access the Internet they may find they cannot access the ER secure pages with an SSL browser described above, the company may be blocking access via a "firewall." The company’s Internet access systems administrator would have to be contacted for further details on Internet access.

Cookies

A participant or client must have enabled cookies on their browser in order to access confidential information. If they have chosen to disable cookies on their browser, they will not be able to access confidential information.

User ID and Password

Access to all ER sites require the use of a Username and Password as a security measure that helps protect confidential information. This allows ER to verify who is accessing the site, thereby allowing access to account information, and preventing unauthorized access.

In establishing unique Username and Password, the following criteria should be adhered to:

  • The Username and Password cannot be the same (e.g. password / password)
  • The Username and Password must be at least six (6) characters in length.
  • Commonly used configurations or easily determined schema should not be used (e.g. 123456 / 654321)
  • Usernames and Passwords should be personally protected the same way debit or debit card PINs are treated.

Non-compliance with these criteria may permit others to access the account and create mis-redemptions or fraud. ER is not liable for accounts that do not adhere to these criteria.

You should be aware that browser software often "caches" a page as you look at it, meaning that some pages are saved in your computer's temporary memory. Therefore, you may find that clicking on your "Back" button shows you a saved version of a previously viewed page. Caching in no way affects the security of your confidential Username or Password. If a participant or client uses a computer in a public place to access account information, they should simply quit/exit the browser software before leaving to minimize the possibility of anyone else viewing their confidential information.

Third Party Use

ER does not sell, trade or rent personal information to third parties. We do, however, share your shipping information with our suppliers for the sole purpose of delivering your redemption items.

Secure Password Guidelines

The combination of username and password define the identity of users on a system. Adopting a good personal password policy is the most important barrier to unauthorized access in current systems.

Password Content

  • Mixture of numbers, capital letters, small letters, punctuation.
  • Easy to remember (don't need to write it down).
  • Easy to type quickly (difficult for an observer).
  • Minimum acceptable format is six (6) characters in length.

Examples

  • Choose a line or two of a poem, song etc. and use just the first letters.
  • Join two small words with a strange character.
  • Invent an acronym.

Password cracking software is fairly advanced and in a lot of cases relies on a users habit of choosing insecure passwords. Here are some common habits that should be avoided. Bad examples

  • Name of your spouse, parent, colleague, friend, pet, towns, months, days.
  • Number of car/motorbike registration, telephone.
  • Common dictionary words (French, German, English, Italian etc).
  • A series of identical numbers/letters.
  • Obvious keyboard sequences.
  • Any of the above in inverse or with a number before or after.
Guidelines
  • Don't write it down, or disclose via email.
  • Default passwords should not be used.
  • Don't give your password to others.
  • If passwords are disclosed on a system, change them immediately.
  • Always change a default password.