Legal

Security Statement

The following measurements has been put in place to keep your information secure:

Secure Connection:
All information send between your Internet Browser and our website will be exchanged through a secure connection. This means no one else is able to see what information you send to our website.
In case where you access information, which needs a secure connection, but you are on a non secure connection, you will be automatically redirected to a secure connection. So you never have to worry about whether you should switch to a secure connection.
On the other hand, in case where you access information, which does not need a secure connection, but you are on a secure connection, you will be automatically redirected to a non secure connection. By doing this, your connection to our website will not be unnecessary slowed down. A secure connection will add, in average, a 15% overhead, which translates into an average of 15% speed reduction.
This measurement has been put in place to prevent exposure of secure and private information.
Network Access:
Every computer, which has a network connection, whether it is to a home network, office network, or the Internet, has a unique network address; also know as IP address.
Some functionality on our website can only be accessed by a computer, which has an IP address within a certain range. In case where the computer has an IP address outside this range, access to the functionality will be denied.
For example some website administrator functions access sensitive information. Our website is configured to allow access to these particular functions, only when the IP address of the computer, which access these functions, is the IP address of the website administrator's computer.
This measurement has been put in place to eliminate for unauthorized people to access and change secure and private information.
Login:
Some functionality on our website can only be accessed by a person who has been identified. This is enforced by the following login process:
  • You have a limited number of attempts to provide the right user name. In case where this number is exceeded you can no longer login. To make another attempt, you have to close your browser and try again.
    This measurement has been put in place to prevent automatic programs to guess login credentials.
  • You have a limited number of attempts to provide the right password. In case where you have provided the correct user name, but the wrong password for the limited number of attempts, your account will be locked.
    This measurement has been put in place to prevent people from attempting to guess your password.
  • Once you are logged in, but have not been working with the website for a certain amount of time, you will be automatically logged of. To access the functions, which require you to be logged in, you have to login again.
    This measurement has been put in place to prevent people from attempting to access your information, in case where you forgot to log off.
  • When you login to our website, the website records your unique IP address. When ever you access a functions, which require you to be logged in, the website will compare your current IP address with the IP address, which was recorded at the moment you logged in. In case they do not match, you will be logged out automatically.
    When your Internet Browser makes a connection to our website a session is started. This session is identified by a unique key; also known as session ID. As long as you do not close your Internet Browser, this session ID is send back and forth between your Internet Browser and our website. Information, like wether you are logged in or not, is stored relative to the session ID.
    In case somebody would be able to get a hold of your session ID, they potentially could get access to your information. But due to the fact that your computer's IP address was recorded at login and this other person's computer has a different IP address, the other person will be logged out automatically.
    This measurement has been put in place to prevent people from attempting to access your information, in case where they got a hold of your session ID.
Session Information Storage:
Information, related to your session is usually stored in a cookie. A cookie usually contains information like whether or not you are logged in, your user name and password, your IP address at the moment of login, etc.
This cookie is send back and forth between a Internet Browser and a website. In case somebody gets a hold on this cookie, the information in the cookie can be exposed.
On our website will not make use of cookies to store this kind of information. On our website, this information is stored in our database of our website.
This measurement has been put in place to prevent people from attempting to access your information, in case they were able to gain access to your cookie.
As a side effect, because no large amounts of data has to be send back and forth between your Internet Browser and our website, it will not decrease the performance of our website.
Account Suspension:
In case where you have not used your account for a specified number of days, your account will be suspended automatically. To gain access to your account again, you have to contact the website administrator to have your account released.
This measurement has been put in place to prevent people from attempting to access your information, in case where they got a hold of your login credentials (user name and password).
Temporarily Password:
When an account has been created by a (website) administrator, a temporarily password has been assigned to your account. The first time you log into your account, you are forced to change the temporarily password.
This measurement has been put in place to prevent people from attempting to access your information, in case where they know your login credentials.
Password expiration:
Your password will expire within a specified number of days. After your password has been expired, and you login again with the "old" login credentials, you are asked to change your password.
When the date to the expiration of your password is getting close, usually a couple of days, you will get a warning that your password is about to expire. This will give you a chance to change your password, before it expires.
This measurement has been put in place to limit the time that people have to guess your login credentials and gain access your information.
Password Rules:
The following list of password rules can be enforced:
  • A password should have a minimum length.
  • A password should contain a mixed of upper and lower case letters.
  • A password should have at least one letter.
  • A password should have at least one digit.
  • A password should have at least one special character. Special characters are: `!@$%^&*()-_=+[];:'",<.>/?
  • A password cannot contain spaces.
  • A password cannot begin with an exclamation mark.
  • A password cannot begin with a question mark.
  • A password cannot be the same as your user name.
  • A password cannot have sequential characters. E.g. password (ss is sequential).
  • A password cannot be the same as a previous used password.
This measurement has been put in place virtually make it impossible for people to guess your password.
Always keep your login credentials confidential and never share them with anybody!
Password Change:
When ever you are forced or chose to change your password, you always have to provide your old password.
This measurement has been put in place to eliminate the chance for people to change your password in case you are logged and have left your computer unattended.
Group Access:
Some functionality on our website can only be accessed by a person, which is part of a certain group. In case where somebody, tries to access a function, for which a certain group membership is required, and this person is not member of this group, access to the functionality will be denied.
This measurement has been put in place to eliminate for unauthorized people to access and change secure and private information they should not have access to.
Secret Question:
When you create your account, you are asked to chose a secret question and to provide a secret answer. This information is needed in case where:
  • Forgot your user name.
  • Forgot your password.
  • Locked your account.
This measurement has been put in place to be as self sufficient as possible.
Forgotten user name:
In case where you would like to login, but fail to remember your user name, you need to follow the following procedure to have the user name send to your e-mail address:
  • Provide your e-mail address.
  • Select your secret question.
  • Provide the answer to your secret question.
  • In case where you have chosen the correct secret question, provided the correct secret answer and an existing e-mail address, your user name will be send to your e-mail address.
In case you cannot execute this procedure successfully, you have to contact the website administrator to gain your user name.
This measurement has been put in place to prevent unauthorized people to access and change your information.
Forgotten password:
In case where you would like to login, but fail to remember your password, you need to follow the following procedure to have the user name send to your e-mail address:
  • Provide your user name.
  • Select your secret question.
  • Provide the answer to your secret question.
  • In case where you have chosen the correct secret question, provided the correct secret answer and an existing user name, a temporarily password will be set for your account. This temporarily password is send to your e-mail address.
  • You have to login into your account with the temporarily password.
  • In case where you were able to login with the temporarily password, you are forced to change your password.
In case you cannot execute this procedure successfully, you have to contact the website administrator to have your password reset.
This measurement has been put in place to prevent unauthorized people to access and change your information.
Locked Account:
In case you failed to provide the correct password within the limited number of attempts, your account will be locked. To unlock your account, you have to follow the following procedure:
  • Provide your user name.
  • Select your secret question.
  • Provide the answer to your secret question.
  • In case where you have chosen the correct secret question, provided the correct secret answer and an existing user name, your account will be unlocked and a temporarily password will be set for your account. This temporarily password is send to your e-mail address.
  • You have to login into your account with the temporarily password.
  • Once you are logged in with the temporarily password, you are forced to change your password.
In case you cannot execute this procedure successfully, you have to contact the website administrator to unlock your account.
 

Copyright © 2010 ALCES™ Landscape & Land-Use Ltd. All rights reserved. www.alces.ca|Legal| Administrators| Site Map Follow Alces on Twitter