Information Security

Information Security Policy - Meridian Speciality Packaging

Last updated May 2018

Revised due to introduction of Data Protection Act 2018 as UK enforcement of EU General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679]

Meridian Speciality Packaging’s (“Meridian”) is aware of how important personal information is to its customers and is committed to delivering a highly secure and reliable service based on trust and responsible information handling practice.

Meridian does not store sensitive cardholder data and has designed a cardholder data environment to control risks to cardholder data and personal information.

Meridian is committed to maintaining compliance with the Payment Card Industry (PCI) Data Security Standard (DSS) (“PCI-DSS”), which is a standard created to demand best practice security controls where sensitive data is collected, handled, processed or transmitted and to prevent payment card fraud.

This is focused on ensuring Meridian:

    • Builds and maintains a secure network
    • Protects cardholder data
    • Maintains a vulnerability management program
    • Implements strong security measures
    • Regularly tests and monitors networks
    • Maintains an information security policy

Meridian will never release private data to third parties for any purpose unless explicitly stated in our Privacy Policy. When a customer makes a purchase from Meridian’s website, Meridian does collect certain personal information from its customers (for example: name, email address, payment address and other details). All such information is held on secure servers. Meridian complies with all applicable Data Protection and consumer legislation, and treats personal information as fully confidential.

When cardholder data is processed through Meridian’s online shop, this is done through a secure connection; cardholder data management is fully outsourced to a third-party and no cardholder data is stored by Meridian.

Meridian will never collect cardholder data or sensitive information via email or other messenger systems or social media.

Meridian does use cookies on its website. Cookies are tiny text files stored on your computer when you visit certain web pages.

In order to offer the most secure methods of processing cardholder data, reputable third-party banking (including PayPal, Stripe and Elavon) handle Meridian’s credit card transactions. Secure cardholder data is securely transferred to the third party by the e-commerce website provider [from the host environment] to verify and authorise a customer’s payment card and to process the order; no cardholder data is stored in the e-commerce website hosting environment. An attestation of compliance is obtained for the e-commerce hosting environment.

Information security is the responsibility of all employees who handle or process cardholder data or sensitive information – but supervision and policy implementation in the responsibility of a Manager responsible for Meridian’s PCI-DSS compliance (“Responsible Manager”).

The Responsible Manager for Meridian is: David Holmes

This policy statement is supported by a detailed Information Security Policy (and supported by a site security policy) which is available on request.

If you have any questions or queries relating to this Information Security Policy then please contact us at:

Meridian(Speciality Packaging) Limited
Spring Lane North
WR14 1BU
Telephone: +44 (0)1684 578441