Policies, Terms and Conditions:

Copyright and Trademark Notice
Unless otherwise specified, all materials appearing on this site, including the text, site design, logos, graphics, icons, and images, as well as the selection, assembly and arrangement thereof, are the sole property of Kinesio Taping, LLC., Copyright © 2019, ALL RIGHTS RESERVED. You may use the content of this site only for the purpose of shopping on this site or placing an order on this site and for no other purpose. No materials from this site may be copied, reproduced, modified, republished, uploaded, posted, transmitted, or distributed in any form or by any means without our prior written permission. All rights not expressly granted herein are reserved. Any unauthorized use of the materials appearing on this site may violate copyright, trademark and other applicable laws and could result in criminal or civil penalties.

Submitting Copy, Artwork and/or Photographs Disclaimer
By submitting a copy, artwork and/or photographs, you declare you own or have permission to use any copy, artwork, visual image of any identifiable individual(s) or building(s) in the photographs. You also give Kinesio Group the right to use it in current and future communications in any format, including print products, on the web, and in social media. You agree that Kinesio Group will not be responsible for the infringement of any third party rights in the photograph or copy, moral or otherwise, that may arise as a result of your actions or omissions and that you indemnify Kinesio Group against all legal fees, claims, damages and other expenses that may be incurred as a result of your breach of the these rules.

Credit Cards
We accept the following credit cards: Visa, MasterCard, and American Express. There is no surcharge for using your credit card to make purchases. Please be sure to provide your exact billing address and telephone number (i.e. the address and phone number your credit card bank has on file for you). Incorrect information will cause a delay in processing your order. Your credit card will be billed upon completion of your order.

Billing addresses must match what the card issuing bank has on file, or the attempted purchase may not go through.

Links
This site may contain links to other sites on the Internet that are owned and operated by third parties. You acknowledge that we’re not responsible for the operation of or content located on or through any such site.

Multiple Product Orders
For a multiple product order, we will make every attempt to ship all products contained in the order at the same time. Products that are unavailable at the time of shipping will be shipped as they become available, unless you inform us otherwise. You will only be charged for products contained in a given shipment, plus any applicable shipping charges. You will only be charged for shipping at the rate quoted to you on your purchase receipt. The entirety of this shipping charge may be applied to the first product(s) shipped on a multiple shipment order.

Order Acceptance Policy
Your receipt of an electronic or other form of order confirmation does not signify our acceptance of your order, nor does it constitute confirmation of our offer to sell. Sample Store reserves the right at any time after receipt of your order to accept or decline your order for any reason or to supply less than the quantity you ordered of any item.

Other Conditions
These Conditions will supersede any terms and/or conditions you include with any purchase order, regardless of whether Sample Store. signs them or not. We reserve the right to make changes to this site and these Conditions at any time.

Out-of-Stock Products
We will ship your product as it becomes available. Usually, products ship the same day if ordered by 3:00PM MST , or by the next business day if your order is received after this time and for orders received on Saturday, Sunday or any major holiday. However, there may be times when the product you have ordered is out-of-stock which will delay fulfilling your order. We will keep you informed of any products that you have ordered that are out-of-stock and unavailable for immediate shipment. You may cancel your order at any time prior to shipping.

Returns
The following items may be returned within 30 days of purchase for a full refund (minus shipping charges): Unused rolls of tape in their original packaging and in saleable condition. Unused books, manuals and Kinesio accessories in undamaged condition. All sales of instruction DVDs are final – no returns accepted. ALL damaged product will be exchanged for the same item within 7 days.  Once you have returned the product(s) as directed, you will receive a full refund, minus shipping charges. Please contact accounting@kinesiotaping.com to request a refund.

Shipping Policy
All orders will be processed and shipped Monday – Friday, excluding holidays. Please allow 1 – 3 business days for your order to be processed and shipped. Orders are shipped via USPS, UPS or FedEx. **Due to high demand, there may be a delay in processing orders. Thank you for your patience. We cannot guarantee when an order will arrive. Consider any shipping or transit time offered to you by Kinesio or other parties only as an estimate. We encourage you to order in a timely fashion to avoid delays caused by shipping or product availability.

Taxes
Our Store shall automatically charge and withhold the applicable sales tax for orders to be delivered to addresses within the same state. For orders shipped to other states, you are solely responsible for all sales taxes or other taxes.

Typographical Errors
In the event a product is listed at an incorrect price due to typographical error or error in pricing information received from our suppliers, Our Store shall have the right to refuse or cancel any orders placed for product listed at the incorrect price. Our Store shall have the right to refuse or cancel any such orders whether or not the order has been confirmed and your credit card charged. If your credit card has already been charged for the purchase and your order is canceled, Our Store shall immediately issue a credit to your credit card account in the amount of the incorrect price.

Privacy Policy
What information do we collect?

We collect information from you when you register on our site or place an order.

When ordering or registering on our site, as appropriate, you may be asked to enter your: name, e-mail address, mailing address, phone number or credit card information. While visiting our site, visitor IP addresses is collected using tracking technologies such as third party cookies and non-cookie technologies.

What do we use your information for?

Any of the information we collect from you may be used in one of the following ways:

  • To personalize your experience.
    • Your information helps us to better respond to your individual needs.
  • To process transactions
    • Your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested.
  • To send periodic emails
    • The email address you provide for order processing, will only be used to send you information and updates pertaining to your order.
  • Collection of Data
    Our site uses technologies of third-party partners [such as NextRoll] to help us recognize your device and understand how you use our site(s) so that we can improve our services to reflect your interests and serve you advertisements about the [products and/or services] that are likely to be of more interest to you. Specifically, [NextRoll/these partners] collect information about your activity on our site(s) to enable us to:

    • measure and analyze traffic and browsing activity on our site(s);
    • show advertisements for our products and/or services to you on third-party sites;
    • measure and analyze the performance of our advertising campaigns;

Opting-Out
Our partners [such as NextRoll] may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit you to block such technologies. For this reason you can use the following third party tools to decline the collection and use of information for the purpose of serving you interest based advertising:

How do we protect your information?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information.

We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to?keep the information confidential.

After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.

Do we use cookies?

Yes (Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information

We use cookies to help us remember and process the items in your shopping cart.

Do we disclose any information to outside parties?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

California Online Privacy Protection Act Compliance

Because we value your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute your personal information to outside parties without your consent.

As part of the California Online Privacy Protection Act, all users of our site may make any changes to their information at anytime by logging into their control panel and going to the ‘Edit Profile’ page.

Children’s Online Privacy Protection Act Compliance

We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Online Privacy Policy Only

This online privacy policy applies only to information collected through our website and not to information collected offline.

Your Consent

By using our site, you consent to our online privacy policy.

Changes to our Privacy Policy

If we decide to change our privacy policy, we will update the Privacy Policy modification date below.

Date Modified: 2020-04-28

Contacting Us

If there are any questions regarding this privacy policy you may contact us using the information below.

4001 Masthead St NE
Albuquerque, NM 87119
USA
info@kinesiotaping.com
505-856-2029 or 1-855-488-TAPE (8273)

Privacy on Other Web Sites
Other sites accessible through our site have their own privacy policies and data collection practices. Please consult each site’s privacy policy. Our Store is not responsible for the actions of third parties.


Kinesio Holding Corp. / Kinesio University Personal Data Security Policy

Description of the technical and organizational security measures implemented by Kinesio Holding Corp. & Kinesio University (‘data importer”) in accordance with the European data protection regulation (GDPR)

The data importer ensures for his area of responsibility the implementation of appropriate technical and organizational measures to protect customer data from misuse or loss in accordance with the requirements of the GDPR and according to this appendix. In particular, the data importer will design his internal organization so as to be compliant with all applicable data protection requirements.

  1. Confidentiality, Article 32, para 1, lit. a, b GDPR

Encryption, Art. 32 para 1 lit. a GDPR

As a principle, personal data will always be either anonymized or encrypted at data importer unless needed in clear. Carryout of such measures is limited to the possibility of separation of personal data and technical and organizational restrictions.

Entry control

Objective: Denial of admittance to data-processing equipment for unauthorized persons

To enter DATA IMPORTER´s premises, a key is needed. An additional security card or passive transponder system is installed. Turnstiles, an alarm system, a security service and camera systems are additional components that secure DATA IMPORTER´s main entrances and technical rooms.

Visitors are welcomed at reception and are picked up by someone from the relevant department.

Unauthorized persons are prohibited from walking through the premises on their own; however, they may be accompanied by a DATA IMPORTER´s employee. Office areas are structured according to areas of responsibility

Entry to engineering rooms

Engineering rooms are located inside the office buildings and secured by a chip card system and/or PIN key locks.

Entry to the data centre

The Data centre premises are fenced; the lock gate can only be opened by a special chip card system.

The entrance is secured by an alarm system, and the doors can only be opened with a chip card and a double PIN code. The special chip card is stored in a safe, and only authorized people from the IT operations department have access to it. Each removal of the chip card is documented. The list of authorized people is reviewed on a regular basis and updated in a timely manner.

External maintenance personnel can only enter the DC in the company of an authorized person.

System access control

Objective: No access to data-processing systems by unauthorized persons.

Without valid authentication and authorization, no transaction is possible throughout the entire DATA IMPORTER´s data-processing system. Access to all systems is secured by several security measures.

Systems can only be accessed by entering a username and password, whereby the password is subject to restrictions regarding length, special characters, etc.

User access data is allocated upon written application by the HelpDesk. After the first login, the password has to be changed by the user.

In addition, the password must be changed regularly by the user; repeated use of the same password is prevented by the system. Incorrect login attempts lead to the blocking of the user, who will only be unblocked after verification and by the simultaneous assignment of a new password from the HelpDesk.

The internal local area network (LAN) is divided into several segments by virtual local area network (VLAN) technology. The segments include production systems, test systems and office systems.

The gateways are protected by firewall systems and are monitored. Unused LAN ports are physically locked and only put into operation in a controlled manner.

The transition from the internal network to external networks (Internet, partner networks or customer networks) is only possible at central points, which are secured by a multilevel firewall system and monitored and regularly checked by both DATA IMPORTER and third parties.

Data access control

Objective: Limited access for authorized users; protection against unauthorized reading, copying, notice modification or deletion of data.

All users are assigned certain necessary functions according to their activities, which are controlled via their username. Users receive passwords from the HelpDesk for accessing the applications that process personal data. Throughout the DATA IMPORTER´s system, no transaction is possible without valid authentication and authorization.

The users of the applications have access to personal data only to the extent required for the specific role (need-to-know principle). In addition, data and documents are stored and transmitted in an encrypted form as far as necessary and technically possible. This prevents unauthorized activities in DATA IMPORTER´s systems outside of granted authorizations, and provides a demand-oriented design of the authorization concept and the access rights, as well as their monitoring and logging.

Separation control

Objective: Ensuring the appropriateness of the data processing

Data access is based on an authorization concept meaning that data access is only possible for the purposes required. The databases of the applications are operated separately so that one application cannot access other applications.

Every external data input and each read-in data is clearly identifiable by a reference number.

Every access to the data via the products is clearly identifiable and traceable. Transactions are logged separately.

Customer data is separated logically based on individual customer accounts. The multi-client capability of the IT systems used is mandated. The data collected for different purposes is also processed separately.

The origin of the data is traceable at any time, in particular when, why and by whom the data was collected and saved.

Transaction data is kept separate from the personal data pool, and is not modified or used for another purpose.

Data belonging to DATA IMPORTER and data provided by external information bureaus as part of the transaction data are at any time clearly identifiable.

  1. Integrity, Article 32, para 1, lit. b GDPR

Transfer control

Objective: Protecting personal data from unauthorized reading, copying, changing or deletion, and ensuring traceability of data transfer operations.

Access to the database is granted to the user via FTP (file transfer protocol) with tunnel/SFTP (secure file transfer protocol), or via Web services secured by HTTPS (Hypertext Transfer Protocol Secure). Both, the authentication and the transmission of the data is saved. In consultation with the customers and depending on the protection requirements of the data, a variety of state-of-the-art encryption methods are offered.

Each request for information is logged in the system in a way that it can be checked at any time what data has been stored, processed or transmitted by whom. Likewise, the recipient of a data transmission can be determined. When personal data is transferred via direct connection, it is encrypted as a general rule. Communication with external clients is encrypted using HTTPS and/or VPN (virtual private network). The transmission of the data by email (SMTP) is PGP-encrypted. File transfer requires SFTP or file encryption.

Discarded computer hardware, data carriers and unnecessary documents and printouts of lists are destroyed by competent operators which are certified if available and/or appropriate. The devices are carried away in a dedicated lockable data container and disposed of properly. The destruction note is logged.

Input control

Objective: Traceability of entries; changes to or deletion of data

Data is entered by automated processes. Processes are checked in test environments and subject to standardized approval process. In these processes, every automated input is logged and is traceable at any time by the unique process and transaction ID. When using the input data log, it is possible to restore the original state at any time.

Based on a role and rights concept, DATA IMPORTER´s employees are assigned different authorizations depending on their function and the data records to be processed. The processing of data by employees is logged.

Individual entries made manually are done through a program that logs the individual steps and activities of the specific user. The input program is also subject to the standardized approval process at DATA IMPORTER.

The traceability and documentation of data management and maintenance is guaranteed. Measures for the subsequent verification of whether and by whom data has been entered, changed or deleted are in place.

  • Availability and resilience Article 32, para 1, lit. c GDPR

Availability control

Objective: Prevention of data loss and recovery in a timely manner

The availability of productive data is ensured by the operating techniques used (including storage area network (SAN), virtualization and mirroring) and data backup.

Network components such as NICs or switches and carrier connectivity are configured

redundantly, and supported by service level agreements (SLA/UC). Both components and connections are monitored by providers and by DATA IMPORTER.

Servers are redundant. Virtualization ensures fast deployment. The transaction log of the productive databases also allows for the recovery of the production system in the event of a failure with data loss.

In addition, data is backed up several times on magnetic tape drives. Tape cartridges are held both on-site and off-site, in secure locations. Restoring and retrieval are tested on a regular basis (spot checks, automated).

DATA IMPORTER also runs an emergency data centre (geo-redundancy), where all production services are available.

Protective measures against damage caused by fire and water are installed in all technical rooms.

All relevant databases are stored centrally in the data centre.

  1. Regular review, assessment and evaluation procedures, Article 32, para 1, lt. d GDPR

Objective: Maintaining and ensuring measures in place

A nominated individual, responsible for all data protection issues, permanently reviews the measures in place with the aim to protect personal data in the maximum interest of the affected person.

With respect to changes of the legal environment the responsible individual interacts with internal or external legal specialists. Such interaction is in particular related to identify risks and agreed upon appropriate steps to be communicated and proposed by the responsible individual.

The responsible individual reports directly to management. A report is issued annually analyzing the overall data protection situation including proposals for appropriate action – if necessary – in order to maintain the protective level as provided by law.