Security Policy

We take security very seriously. Our servers have been rigorously checked to ensure that they are not vulnerable to unauthorised access and activity on the servers is continually monitored.

 

Credit card security

It is absolutely safe to supply your credit card details to this site to pay for a purchase. In fact, it’s probably safer than doing a transaction in a shop or restaurant. Here’s why.

When you enter your card details, the communication between your browser and our server is encrypted using SSL. You can tell that this is the case by the little padlock displayed on the status bar of your browser on the page where you enter your card details. This means that it is virtually impossible for a third party to listen in when you submit the form. We use a certificate issued by Thawte for SSL encryption. No credit card number has ever been intercepted while in transit over SSL.

When you send us your card number, you can choose whether or not you want us to retain the card details in our database. If you tell us not to retain your card number, we don’t store it in our database. Instead, we get authorisation for the transaction from your bank and, from that point onward, we only work with the authorisation number. For orders that take less than a week to complete, we debit your card when we dispatch your order. For orders that take longer, we will debit your card before our authorisation expires. This is the only way that we can do the transaction without storing your card details in our database.

If you tell us to retain your card number, we will encrypt it and store it in our database. We use a 1024 bit RSA public key to encrypt the number and it can only be decrypted with the corresponding private key. The private key is not stored on our web server, nor any machine directly connected to the internet.

Either way, we do remember the first and last four of the 16 digits in your card number so that we can link future payments from the same card.

When you use your credit card to pay for something in a shop, they give you a slip that usually contains your name, your entire credit card number, and the expiry date of your card. Many people just throw these slips in the bin. Even if you dispose of them safely, the shop still keeps the counterfoil and you rely on them to keep your card details private. In a restaurant, most people are happy to have the waiter disappear with their card while the transaction is put through… These risks are much more significant than those that you face when using your card on this site.

General information security

Access to all information held in your account is password protected. It is essential that you keep your password secret so that no-one else can gain unauthorised access to this information. When you use your web browser to view or update information relating to your account, the communication is encrypted over HTTPS to prevent any third parties from eavesdropping, but we do not enforce interaction with your cart or wish lists to be over HTTPS.

Once you have used your password to authenticate yourself to our server, the session is considered to be authenticated and access will be permitted to all information relating to your account. In addition, an authenticated session may be used to place orders and purchase gift vouchers and pay for certain orders up to R1000 by selecting a credit card previously used to pay for a purchase. When accessing our website from a web browser, the authenticated session is ended when you explicitly choose sign out or automatically after about 15 minutes of inactivity, so you don’t have to remember to sign out. After authenticating using your password while using bookabook’s iOS or Android shopping application on a mobile device, that application remains in an authenticated session that ends only when you explicitly sign out or uninstall the application so it is essential that the security of your device is not compromised. Similarly it is essential to preserve the security of all devices used for accessing our website using a web browser, especially where the web browser or a password management tool has been used to store your bookabook password.

You agree that once the correct username and password for your account have been used to authenticate a session, you will be liable for purchases paid for in the resulting authenticated session, except where the purchase is cancelled by you in accordance with these Terms and Conditions. You will be liable for payment of purchases irrespective of whether the use of your username and password is unauthorised or fraudulent, and you expressly indemnify bookabook against any loss you may incur, financial or otherwise, that may result from fraudulent or unauthorised use of your account.

While an authenticated session in your web browser will end automatically after about 15 minutes of inactivity, the web browser will remain signed into your account unless you explicitly choose to sign out. In a signed-in but unauthenticated session, your cart and wish lists may be viewed and altered without having to re-authenticate using your password, but access to other account information or placing of orders or purchasing of gift vouchers will require re-authentication. You are liable for any activity on your account while you remain signed in.

You agree to notify bookabook.co.za immediately upon becoming aware of or reasonably suspecting any unauthorised access to your account and to take steps to mitigate any resultant loss or harm.

We value your privacy and all information about you and your account is handled in accordance with our Privacy Policy.

 

Detailed description of goods and/or services

Bookabook pty is a business in the Retail industry that rents outs textbooks to students.

Delivery policy
Subject to availability and receipt of payment, requests will be processed within 2 days and delivery confirmed by way of order and waybill number from Uafrica or by a signed invoice from the customer (if its cash on delivery) . Book a book provided free delivery only in south africa.

Return and Refunds policy
The provision of goods and services by bookabook is subject to availability. In cases of unavailability, bookabook will refund the client
in full within 30 days. Cancellation of orders by the client will attract no cost by if cancellation is done, a return delivery is charged to the customer..

 Customer Privacy policy
Bookabook shall take all reasonable steps to protect the personal information of users. For the purpose of this clause, “personal
information” shall be defined as detailed in the Promotion of Access to Information Act 2 of 2000 (PAIA). The PAIA may be downloaded from:
http://www.polity.org.za/attachment.php?aa_id=3569.

Payment options accepted
Payment may be made via Visa, MasterCard, Diners or American Express Cards or by bank transfer into the Bookabook bank account, then details of which will be provided on request.

Card acquiring and security
Card transactions will be acquired for Bookabook via PayGate (Pty) Ltd who are the approved payment gateway for all South African
Acquiring Banks. DPO PayGate uses the strictest form of encryption, namely Secure Socket Layer 3 (SSL3) and no Card details are stored on the
website. Users may go to www.paygate.co.za to view their security certificate and security policy.

Customer details separate from card details
Customer details will be stored by bookabook separately from card details which are entered by the client on DPO PayGate’s secure site.
For more detail on DPO PayGate refer to www.paygate.co.za.

Merchant Outlet country and transaction currency
The merchant outlet country at the time of presenting payment options to the cardholder is South Africa. Transaction currency is South African Rand (ZAR).

Responsibility
Bookabook takes responsibility for all aspects relating to the transaction including sale of goods and services sold on this website,
customer service and support, dispute resolution and delivery of goods.

Country of domicile
This website is governed by the laws of South Africa and Bookabook chooses as its domicilium citandi et executandi for all purposes under this agreement, whether in respect of court process, notice, or other documents or communication of whatsoever nature.

Variation
Bookabook may, in its sole discretion, change this agreement or any part thereof at any time without notice.

Company information
This website is run by __Bookabook pty__ based in South Africa trading as _Book a Book_ and with

registration number _2016 / 485837 / 07_ and Directors.

Bookabook contact details
Company Physical Address:

Tshimologong Precinct,

41 Juta street,

Braamfontein

Johannesburg

2001

Email: [email protected]

Telephone: _011 026 7440

Last updated: 12/01/2019