SECURITY POLICY

I. Policy Statement

It is the purpose of this policy to establish guidance on how to identify, measure, monitor, and control risks arising from the use of electronic services. It sets forth the expectations of the CNM ltd. and the Board of Directors when implementing and operating e-commerce systems.

II. Scope

E-commerce refers to computer hardware, software, and telecommunication systems that enable members to access both specific account and general CNM ltd. information on products and services and to conduct transactions through a personal computer. CNM ltd. design and telecommunication links utilise public networks, i.e., the Internet.

III. Responsibility

It is the responsibility of the Board of Directors to approve the CNM ltd.’s written e-commerce policy. It is also the responsibility of the Board of Directors to oversee the development, implementation and maintenance of the e-commerce program or to delegate to an individual or committee authority to perform those responsibilities.

A. Responsibility for development, implementation and maintenance is delegated to third parties.

B. Reports on compliance with the e-commerce policy will be presented to the Board of Directors monthly.

C. The policy will be reviewed and modified on a least an annual basis to provide for changes in technology, services, and changes in business arrangements.

IV. Risk Assessment

E-commerce systems expose the CNM ltd. to transaction, strategic, reputation, and compliance risk.

A. Transaction risk results from weaknesses in design, implementation and monitoring. Transactions should be accurate and legally enforceable, and the records of these transactions should be reliable and accessible. Transaction risk also occurs when CNM ltd. personnel are unfamiliar with the technology used in the e-commerce program. Transaction risk can also arise from outsourcing activity to third-party vendors.

B. Strategic risk necessitates effective planning to implement and monitor its e-commerce systems. It must be ensured that the e-commerce system is consistent with the CNM ltd. ’s strategic and business plans, and that adequate expertise and resources are available to operate and maintain the e-commerce systems.

C. Reputation risk occurs when e-commerce system problems or failures create adverse member or media reaction. A proper communications plan and outreach strategy must be in place to enable the CNM ltd. to respond promptly and properly.

D. Compliance risk occurs when CNM ltd. management and staff are unfamiliar with the laws, regulations, and interpretive rulings that govern e-commerce. The CNM ltd. must take the action necessary to comply with all applicable laws, as well as having systems in place to monitor and comply with any changes. Compliance risk also involves the validity and enforceability of contracts with third-party vendors.

V. Risk Management

A. Safeguarding Member Information – E-commerce systems require effective and reliable controls to maintain data integrity, ensure member privacy and protect the CNM ltd. ’s computer and telecommunications systems from unauthorised intrusion, misuse or fraud. The CNM ltd. ’s security policy provides “end to end” security controls for critical data.

B. Security Controls - The CNM ltd. has developed controls that govern network and data user authentication, transaction verification, data integrity, and virus protection. Periodic risk assessments are conducted to identify internal and external threats that undermine security and decisions are made based on those findings to modify or add controls.

C. Network and Data Access Controls – The CNM ltd. requires verification and enforcement of a user’s authorised right to access network, application, and data. The CNM ltd. prohibits unauthorised individuals to enter our operations facilities, retrieve confidential information, or to gain access to CNM ltd. software applications and operating systems. To enforce access authorisation the following controls are used:

i. User IDs
ii. Passwords, including regular password updates
iii. Verifying log files
iv. Physical control, combination lock, etc., to the computer room
v. Software and hardware security devises, i.e., anti-virus software, firewall, PC, computer control/monitoring software

D. User Authentication – The CNM ltd. will identify the member before issuing authorisation codes. Once the member has been identified, the CNM ltd. will assign an access code and password. Each time a member attempts to access the e-commerce system, his/her identity is authenticated. Once the authentication has passed, the member can access account information or engage in online transactions.

The CNM ltd. does not allow members to complete an application for e-commerce services online. The application process requires the member to know the related account numbers and submit the application either electronically or by mail. Identity of the applicant is established and verification of the member number is then reviewed before issuing the access code. An email communication is sent to the member notifying them that their access has been approved as submitted.

E. Passwords - If no password is requested, a randomly generated eight-character temporary password is assigned. Members are prompted and required to change the temporary password to their own selection upon their initial access to the system.

i. Must be a minimum eight-characters in length
ii. Use of alphanumeric passwords is encouraged, but can be alpha or numeric
iii. Users must call to have user passwords and identifications reset
iv. Session controls automatically logoff after one hour of non-use
v. Session controls automatically logoff after three failed access attempts
vi. The use of unencrypted or clear-test password storage is prohibited
vii. User ID and passwords are encrypted during transmission


F. Firewalls – Firewalls combine hardware and software to block unwanted communication into and out of the CNM ltd. ’s network while allowing acceptable communications to pass. They provide protection of the internal network and protect all connection points between the internal network and external networks, such as the Internet. The firewall position is based on the desired level of security as dictated by the CNM ltd. ’s risk assessment and data classification efforts. The CNM ltd. will periodically review and test firewalls. In addition, an independent provider will conduct an annual review and test for intrusion risks.

G. Encryption – Encryption transforms data into readable format. The CNM ltd. ’s system uses 128-bit encryption for all e-commerce system communications. Encryption is used when transmitting all sensitive or critical data. The strength of encryption depends on a combination of three elements:

i. a mathematical algorithm
ii. key length
iii. the confidentiality of the key used to encode the message

H. Transaction verification – The CNM ltd. ’s e-commerce agreements define the procedures for valid and authentic electronic communications between the CNM ltd. and its members. The agreements specify that the parties intend to be bound by communications that comply with these procedures. Audit trails are maintained for purposes of identifying the parties that initiate transactions. Audit trails enable the CNM ltd. to verify specific transactions and can provide proof of transactions to avoid claims of repudiation by members.

I. Virus Protection – The CNM ltd. has established a CNM ltd. -wise detection and prevention program to reduce the likelihood of computer viruses. The program includes end-user policies, training and awareness programs, anti-virus detection tools, and enforcement procedures.

VI. Monitoring

Monitoring is essential for effective e-commerce risk management. Data generated by monitoring techniques allow the CNM ltd. to measure performance and assess the effectives of security controls.

A. Security Monitoring – The CNM ltd. places a strong emphasis on using monitoring tools to identify vulnerabilities and, in a real-time mode, detect possible intrusions from external and internal parties (hackers). As provided in the CNM ltd. ’s security policy, staff should report security breaches promptly to appropriate management.

B. Penetration Testing – Penetration testing is the process of identifying, isolating, and confirming possible flaws in the design and implementation of passwords, firewalls, encryption, and other security controls. Tests simulate the probable actions of unauthorised and authorised users. Because the tactics used by unauthorised users to infiltrate computer systems frequently change, penetration tests do no guarantee that firewalls will prevent all type of attacks. The CNM ltd. will contract with a bonded outside firm that specializes in monitoring security for financial institutions to conduct penetration testing, provide results of those tests, and recommend manual or automated processes to ensure security.

C. Intrusion Detection – Transaction and audit logs will be produced indicating network traffic on a real-time basis. Systems will be in place to notify the proper parties, or to terminate suspicious network connections. Intrusion detection tools will also enable management to maintain an incident database for tend analysis of network intrusions and attach attempts.

VII. Audit/Quality Assurance

A. Objective Review – The CNM ltd. relies on internal audits, and IT Department audit, and other qualified professional sources to conduct appropriate reviews.

B. Scope of Review – The objective review must include procedures for critiquing the e-commerce system design to:

i. Assess the adequacy of internal controls
ii. Ensure that appropriate policies, procedures and standards are developed and practiced

C. Expertise – If the CNM ltd. lacks internal expertise, management will us other qualified professionals, such a management consultants of CPA firms to provide appropriate independent reviews.

D. Service Providers – Because a third party supplies the software the CNM ltd. uses and provides the e-commerce systems services, the CNM ltd. will ensure that this third-party provider has performed appropriate reviews, including but not limited to:

i. The CNM ltd. will exercise due diligence in selecting its service providers
ii. The CNM ltd. will contractually require service providers to meet appropriate guidelines in safeguarding member information
iii. The CNM ltd. will require service providers to provide audits, test results or other evaluation tools to assure compliance with security guidelines.

VIII. Breach of Security

Following the detection of an unauthorised act or user, the CNM ltd. will initiate procedures to respond to the intrusion.

A. Management and Board of Directors will be notified immediately regarding the cause and scope of the breach.

B. The extent of damage or disclosure of information will be determined, including the legal liability the CNM ltd. may incur.

C. Proper response activities will be put in place by the CNM ltd. to cover communications with members, law enforcement agencies, regulatory agencies, and the media.

D. Only designated individuals will be authorised to communicate with any of the above detailed entities.

IX. Contingency Planning/Business Continuity

All e-commerce systems are incorporated into the CNM ltd. ’s overall contingency planning and business continuity efforts. The CNM ltd. ’s core processor and e-commerce provider have each addressed disaster recovery and contingency planning. Similar to other processes and application, the CNM ltd. ’s recovery plan for e-commerce is to be based on a business impact analysis. This analysis should evaluate business applications and processes to determine importance and establish prioritized order of business resumption designed to recover the most critical functions and systems first.

X. Expertise and Training

The CNM ltd. relies on its e-commerce system provider for all software development and support. The CNM ltd. will assess all personnel to determine if special staffing or training needs are required for those involve in systems development, operation, and member support. As deemed appropriate, additional training will be provided. Training needs will be assessed annually to keep pace with technological and personnel changes.

Approved by the Board of Directors on: 30.07.2018

PRIVACY POLICY

1. PRIVACY POLICY

We know that the confidentiality of your data is important to you; it is also important for CNM ltd. . If you provide information concerning yourself - for example name, surname, postal address, electronic mail address or other personal data – it is used solely for the requested purposes.
Regarding the processing of personal data we comply with Swiss legislation governing protection of data and telecommunications.

2. CLIENT DATA

When you visit our website various pieces of information are memorised. Some data is provided directly by the user when he or she registers for provision of services, such as for example the name, the address and the field of interest. Other data which is not personal is memorised through technical processes, for example the IP addresses.  By using certain services such as prize-based games, discussion forums or chat areas, ordering goods or services or contacting us directly the user thereby provides us with other data.

3. BUSINESS RELATIONS WITH THIRD PARTIES

Our web site contains links to other offers. We have no control over processing of information shown on these pages by linked parties offering services. If you have any queries in this regard please contact these parties directly.   We can not be held liable with regard to compliance with the laws governing the protection of data or with regards to the contents of these websites.

4. COOKIES

In certain circumstances we use what are known as cookies. A cookie is a small file sent by the web server to your Internet browser which is memorised by your computer. This allows us to recogniee you the next time you visit our site. Cookies and other similar techniques are also used to execute certain processes, services and transactions, for example when you use a trash folder for your virtual expenditure in an electronic store on Internet. You can configure your browser so that before memorizing a cookie a confirmation request appears on your screen or you can configure it so as to disallow cookies. You can also choose not to enjoy the advantages of personal cookies. In this case certain services cannot be used.

5. USE AND TRANSMISSION OF DATA

We process your data in order to provide our services. Variations. We reserve the right to change our website at any time. Our aim is to provide you with a service which gets better and better and to protect your privacy; we are available if you need any information or have any queries: please contact our staff at the following e-mail address: info@cnm.com

 

TERMS OF SALE

In case of dispute only the English version of these Terms of Sale made times.

1. GENERAL

The sending of the order by the customer implies its adherence to these terms and conditions in their entirety. The Internet Sale Agreement is between, CNM ltd. and the customer. The customer declares having the ability to contract with CNM ltd. on the basis of the general conditions of sale present on the website of CNM ltd. These general conditions of sale will prevail over any other condition stated on our site.

2. CHARACTERISTICS OF AN ARTICLE

All our items are NATURAL, BIOLOGICAL & ECOLOGICAL products. The items are sold with no other quality guarantee than the one referred by manufacturer.

3. DELIVERY

If the order could not be sent within 1 to 3 days, a new deadline will be communicated to the customer within 48 hours after his order.

4. PRICE

The prices of the items invoiced to the customers are those in force on the date of the order and appearing on the confirmation of order.
Our prices are fixed in Swiss francs and Euro and displayed VAT / IVA / MwSt included.

5. EXPORT, excluding Switzerland

The customer is solely responsible for all the necessary steps to import the goods on its territory in accordance with the law in force (outside Switzerland). He certifies to be of age, to have the right and the power to order the goods. He also warrants to have previously informed and made sure that the order does not violate any provision of the law in force in the country of delivery or domicile of the buyer and that all information provided is accurate.

6. CONDITIONS OF PAYMENT AND SECURITY

When the buyer orders an item on our site, all payments made are secure. CNM ltd. uses the credit card payment system provided by recognised third parties. Confidential data (customer identity and card number) are only stored by banking partners on highly secure servers. Payments can be made by credit card: VISA, MASTERCARD / EUROCARD, via PayPal or POSTCARD / POSTFINANCE at no additional charge. The payment is validated with the order.

In case of payment by bank transfer in advance, the order is released once the amount on our account. (24 hours to 48 hours extra)

7. DATA PROTECTION

The customer gives his consent that the personal data he has provided as part of the contractual relationship with CNM ltd. is saved by CNM ltd. . The personal data relating to the customer is saved only for the purpose of facilitating the purchase of new items by the customer and to ensure the smooth running of the commercial transaction (Article 4 paragraph 3 LPD). Personal data relating to the customer is treated confidentially and securely (Article 7 LPD).
In no case these data are transmitted to third parties.

8. ORDER

The contract comes into effect when the customer has placed his order and when it has been validated.

9. ACCEPTANCE OF ORDER

The acceptance of the order is made upon receipt and the control of its validity. When sending the order, the buyer automatically recognise having read the general conditions of sale and accepts them. In exceptional circumstances, including insolvency and inaccurate information, CNM ltd. reserves the right to refuse or accept a customer's order.

10. CONFIRMATION

Each customer will receive an order confirmation by email.

11. RETURN POLICY

- WHAT can be returned?
If the goods should arrive at the customer's home in poor condition, CNM ltd. will exchange it. Just return the damaged goods with an official statement of the post, a request for return must be made from your account. The client have to send us a picture and a description of the product at info@cnm.com

- WHEN do items need to be returned by?
3 days

- WHERE do items need to be returned to?
Pharmotech SA
Chemin des Aulx 14
1228 Plan les Ouates
Switzerland

- Are original shipping rates refundable? Does customer pay for shipping the return? CREDIT for returns?
The client will be accredited on his account.

- Packing materials? Do items need to be in original packaging for returns?
Yes

11. PROPERTY AND LEGAL PROPERTIES

The goods remain the property of CNM ltd. until full payment of the goods. The present general conditions of sale as well as the contracts concluded in application are governed by the Swiss law.

The competent court in case of dispute is that of Geneva in Switzerland.