Securing Your Information

The Global Meteorites Association, Inc. (GMA) is committed to securing your information and implements security measures to protect against the loss, misuse and alteration of the information under our control. We follow security standards, processes and procedures that are designed to oversee the effective and secure processing of your personal data data and improve your shopping experience. Please review the policy below carefully as well as  our Privacy Policy and Website Terms of Service.

First and foremost, The GMA does not retain any personally identifiable financial data such as credit card numbers. We use PCI-DSS compliant third-party payment gateways to process transactions, and as such the payment processor manages all your financial data.

By visiting www.gmeta.org, you are accepting the practices and limitations described in our Privacy Policy, Security Policy and Website Terms of Service.

Last material change to the Privacy Policy was made Jan. 25, 2021.

Definitions

  1. Processing:  Any operation or set of operations which is performed on Personal Data or on sets of Personal Data.
  2. Data subject: A  natural person whose Personal Data is being Processed.
  3. Personal Data: As we have members around the world, The GMA has integrated the European Union’s  GDPR policies and requirements within the relevant aspects of its Privacy Policy and Security Policy. Furthermore, the GMA has adopted the GDPR definition for “Personal Data” stating:

Personal Data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Hacking & Fraud Prevention

Hosting Provider

The GMA uses the USA-based hosting provider called Digital Ocean. In order to provide our clients with high performance and excellent security, we are using their cloud-based Virtual Private Server, also based in the USA, with their baseline firewall called an Uncomplicated FireWall (UFW).

Internal Website Security Measures

The GMA employs a suite of modules, addons and features built into the website to further reduce hacking attempts and minimize fraudulent transactions.

Certain countries and regions are known to present a high risk for fraud and hacking. We block the IP addresses from those areas and prevent them from ever accessing the website. Blocked IP addresses will be added or removed as needed.

We integrate Google reCAPTCHA service into our forms to protect our site from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart.

We use industry-standard Secure Sockets Layer (SSL) encryption technology to keep internet connection secure and safeguarding any sensitive data that is being sent between our site and another system like for example, 1. our website and your browser or 2. our payment gateway and the payment processor. There are visual cues on your browser to verify that our website is protected by SSL. First, you can check that our complete web address starts with “https://” rather than “http://”. That extra “s” stands for secure. Second, the  secure connection is indicated by the presence of a padlock icon just to the left of the web address.

The actual number of cookies used by the www.gmeta.org website will vary.

We ensure that the SSL certificate is valid and encryption is in operation. To verify, a user may click on the lock symbol, then click “Certificate” to view the certificates details including the valid dates and issued party (www.gmeta.org).  

Security Breach Notification

We want you to feel confident and secure in all your interactions with the GMA and our website. As discussed above, we are focused on securing your personal data. However, the internet is a global communications vehicle open to threats, viruses and intrusions from others and so we can never guarantee, nor should you expect, that we will be able to protect your Personal Data at all times and in all circumstances.  If you have an account with us, note that you must and are expected to keep your username and password secret.

In the unlikely event that our security is ever compromised and your personal information is accessed, the GMA will notify you in a timely manner, as per GDPR guidelines within 72 hours of the event being detected. As stated above, the GMA does not store any financial data like credit card numbers. Therefore, any potential breach of our website would be limited to non-financial Personal Data such as your name, physical address, email address, phone numbers and other Personal Data that may have been entered as part of registrations, subscriptions, and purchases.

Changes to this Policy

We reserve the right to modify this policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.  It is the user’s responsibility to check this page periodically for changes. The user’s continued use of or access to the website following the posting of any changes constitutes acceptance of those changes.

If our website is acquired or merged with another organization, your information may be transferred to the new owners in order to continue selling products to you.

Questions and Contact information

If you would like to view, edit or delete any of your information we have accessible, or simply want more information regarding our policies email us at admin@gmeta.org.