Payment methods
You agree to pay us the purchase price listed on the Website (subject of course to the proviso above, in the case of accidental errors and omissions). We may vary our prices from time to time. You agree and acknowledge that we may do so at any time on notice, and that such notice is given by us posting the updated price on our Website.
You acknowledge and agree that your payment in full in cleared funds (including any postage fees, discussed below) is a condition of this agreement, any breach of which will entitle us to terminate this agreement immediately. If a request for payment is returned or denied by your financial institution or is unpaid by you for any other reason, then you’ll be liable for any associated costs incurred by us, including banking fees and charges. We may also immediately stop delivery of any goods unpaid for unless and until we receive your payment in full.
If you fail to pay us for an order, or if an insolvency event (for example, if you commit an act of bankruptcy or become insolvent) occurs in relation to you, we may suspend delivery of an order, require payment in a particular form or terminate this agreement.
We currently accept payments by Credit Card, Paypal, Afterpay, ZipPay and Stripe.
In making a payment, you warrant to us that you’ve read and agreed to the terms of any third party payment gateway or processor or credit provider (such as PayPal, AfterPay or ZipPay), which are available on their respective websites. You understand that these services are provided by third parties, and are made available to you on our Website for convenience only. We’re not responsible for any issues, loss or damage arising out of those facilities. If you have an issue with a third party provider on our Website, please contact them directly.
Payment security
We use third party payment gateways to process payments. No payment details are stored on our site. All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of the internal servers and daemons can obtain plaintext card numbers but can request that cards are sent to a service provider on a static whitelist. The infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with our primary services (API, website, etc.).
website security
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where we store personal data.
We restrict access to personal information to Concepts of Armidale employees, contractors and agents who need to know that information in order to process it on our behalf. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution if they fail to meet these obligations.