You have accessed the City Hall Systems, Inc. (CHS) municipal epayment web site (the Site). The purpose of the Site is to allow you to retrieve, view and pay your municipal bills, and by setting up a user account, access other Site features, such as, retrieving your billing and payment history, receiving email notifications, and scheduling payments.
YOUR PRIVACY, AND THE SECURITY OF YOUR DATA, IS OF THE UTMOST IMPORTANCE TO US. TO THAT END, WE ARE PROVIDING THIS ONLINE PRIVACY AND SECURITY POLICY TO HELP YOU UNDERSTAND HOW WE HANDLE YOUR DATA AND TO HELP YOU DECIDE HOW TO USE OUR SITE.
1. Access and Use of Site
You may visit the Site in order to ascertain information regarding a bill you have, or have had, with a municipality. You do not have to provide us with any personal information in order to look up a bill. However, in order to pay a bill or to create a user account we will have to ask you for certain personal information in order to process your request. This Privacy and Security Policy describes the type of personal information we collect from you, how we use that information and the measures we take to protect that information.
2. Type of Personal Information
You will be required to provide personal information when you are registering for a user account or paying a bill. You agree to provide accurate and complete information when providing personal information. Generally, the type of information we will collect includes:
• Your name, mailing address, email address, phone number,
• Your credit/debit card or bank account information,
• Your social security or driver’s license number (for excise bills only).
3. Use of Personal Information
We use the information you provide to deliver to you the services you request from the Site, such as payment of your bills or accessing your payment and billing history through your user account. We limit access to your personal information to our employees who require it as part of their jobs. We do not share, sell, rent, or trade your personal information with third parties for their promotional purposes. We use a third-party intermediary to manage credit/debit card and e-check processing. This intermediary is not permitted to store, retain, or use your personal information except for the sole purpose of processing payments on your behalf. We reserve the right to disclose your personal information if required by law or if we reasonably believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process.
4. Protection of Personal Information
We use robust security measures to protect your personal information from unauthorized access, maintain data accuracy, and help ensure the appropriate use of personal information. When the Service is accessed using Internet Explorer version 6.0 or later, Firefox version 2.0 or later, or Safari version 3.0 or later, Secure Socket Layer (SSL) technology protects your personal information using both server authentication and data encryption. These technologies help ensure that your personal information is safe and secure. We also implement an advanced security method based on dynamic data and encoded session identifications. The Site is hosted in a secure server environment that uses firewalls and other advanced technology to prevent interference or access from outside intruders.
The backbone of the Site is the largest IaaS (Infrastructure as a Service) provider, Amazon Web Services (AWS). AWS meets or exceeds the most stringent internet security standards. AWS has taken the steps to secure their infrastructure:
• Certifications and Accreditations. AWS has achieved ISO 27001 certification and has successfully completed multiple SAS70 Type II audits. AWS has also achieved Level 1 PCI compliance. They have been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). AWS will continue to obtain the appropriate security certifications and conduct audits to demonstrate the security of their infrastructure and services. CHS is Level 2 PCI DSS certified and meets or exceeds the security requirements of NACHA (National Automated Clearinghouse Association).
• Physical Security. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.
• Secure Services. Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand.
The third-party intermediary who manages the credit/debit card and e-check processing has also achieved Level 1 PCI compliance and successfully completed multiple SAS70 Type II audits. They have been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS).
The security of your personal information is important to us. We, or our licensors, take commercially reasonable precautions to protect the personal information submitted to us. However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to protect your personal information, we cannot guarantee its absolute security. When doing business with others, such as advertisers to whom you can link from the Site, you should consider the separate security and privacy policies of those other sites.
In the event you become aware of a possible misuse of your personal information, please contact us as quickly as possible so that corrective steps may be taken.
5. Modification to Terms
We reserve the right to modify our Privacy and Security Policy at any time. If we make any substantial changes in this Privacy and Security Policy, we will notify you by posting a prominent announcement on the Site thirty (30) days prior to implementing the changes, unless a shorter notice is required in the interest of protecting your personal information. You are responsible for regularly reviewing this policy. Continued use of the Site after any such changes shall constitute your consent to such changes.
Questions or Additional Information:
If you have questions regarding this policy or wish to obtain additional information, please send an e-mail to firstname.lastname@example.org
Modified: September 24, 2012