top of page

Payments and Security Policy

The purpose of this policy is to define the guidelines for accepting and processing credit cards and storing personal cardholder information.  The policy will help to ensure that cardholder information supplied to Maplewood Place Park is secure and protected.  Maplewood Place Park is complying with credit card company requirements and the Payment Card Industry Data Security Standard.

Definitions

  1. Payment Card Industry (PCI) Data Security Standard: THE PCI DSS is designed to ensure that all merchants that store, process, or transmit Visa cardholder data, protect it properly. To achieve compliance, merchants and service providers must adhere to the Payment Card Industry (PCI) Data Security Standard.

  2. PCI:The PCI Standard is the result of collaboration between the four major credit card brands to develop a single approach to safeguarding sensitive data. The PCI standard defines a series of best practices for handling, transmitting and storing sensitive data.

  3. Cardholder Data: Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, Card Validation Code CVC 2 (MasterCard), Card Verification Value CVV2 (VISA), or CID  - Card Identification Number (American Express) (e.g., three- or four-digit value printed on the front or back of a payment card.

  4. System Administrator / Data Custodian: An individual who performs network/system administration duties and/or technical support of network/systems that are accessed by other people, systems, or services. Only full-time and permanent part-time employees of the Maplewood Place Park and/or third party vendors approved by IT and/or Senior Management may function as system/network administrators and/or data custodians.

Scope

The policy pertains to all employees that process, transmit, or handle cardholder information.  The cardholder information may be in a physical or an electronic format.

Security Policy

All transactions that Maplewood Place Park processes must meet the standards outlined in the policy.

  1. Electronic credit card numbers shall not be transmitted or stored on a personal computer or e-mail account. Electronic lists of customer’s credit card numbers shall not be retained. Credit card information shall only be accepted online through the secure reservation booking portal, by telephone, mail, or in person.  This information should not be accepted via e-mail and employees shall not e-mail credit card information.

  2. Physical cardholder data must be locked in a secure area.  Access shall be limited to individuals that require the use of the data.  Access should also be restricted on a ‘need to know’ basis.

  3. Only essential information should be stored.  Do not store the Card Verification Code (CVC). Do not store users PIN’s or the full data from a cards magnetic stripe.

  4. Cardholder Data, if stored, shall be stored in a secure segregated area of the database behind a second layer of electronic security with a special Cardholder Data password. Only Finance Department members shall have access to Cardholder Data. 

  5. Credit card information should only be retained for the time needed to process, or if retained for reconciliation, for as long as one-year maximum if necessary.

  6. Credit card information, if it does not need to be retained, should be destroyed.  Information should be destroyed by shredding (cross-cut) immediately after processing, or immediately after they no longer need to be retained.

  7. Credit card receipts may only show the up to the last five digits of the credit card number.  If receipts show more than the last five digits, the receipts must be shredded or retained in a secure area.

  8. All employees must comply with the Payment Card Industry Data Security Standard

Customer Payment and Refund Policy

A deposit of $50.00 for each reservation is required to confirm a reservation. This deposit is refundable up until 4:00 PM Central Time on the arrival day. After this, the deposit is non-refundable. Rental payments made, if a resident departs before the reservation end-date are non-refundable.

Payments made on this website are for the deposit on the initial reservation only. Renewals shall be made in person at the site office and require the completion of a rental agreement. The payment terms for extended stays shall be according to the terms of the rental agreement and are not available for payment via the reservation website.   

The nightly rate charged is a function of the length of stay. Stays of less than one month shall be charged at the weekly rate. Stays of less than 7 days shall be charged at the nightly rate.

If you have any questions about the payment or refund policy, please contact the rental office directly at 337-888-3002 or by email at info@maplewoodplacepark.com

bottom of page