Security Policy

Lux Watch Winders Security Policy

Lux Watch Winders Security Policy


Electronic commerce:

Electronic financial services delivered via electronic means including, but not limited to, the Internet or other electronic delivery vehicles.

Specific examples of e-commerce activities include:

1. Internet/World Wide Web services

  • Email inquiries and responses
  • Publishing of general information on Lux Watch Winder's website
  • Data entry or verification by staff on a vendor’s data processing system
  • File transfers of member information for direct mail projects or statement generation

2. Web account access

  • Viewing transaction history and balances
  • Transferring funds between accounts (internal and external), or Person to Person Transfers
  • Applying for Lux Watch Winders services through applications or forms
  • Email statements
  • Electronic retrieval of check copies
  • E-alerts

3. Online bill-paying services

4. Audio response/phone-based services

5. Wireless services

6. Mobile banking


Encryption is the conversion of data into a form called ciphertext, which cannot be easily understood by unauthorized people.


Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Depending on the transactions, a more stringent authentication process may be required.


A firewall refers to any hardware and/or software designed to examine network traffic using policy statements (ruleset) to block unauthorized access while permitting authorized communications to or from a network or electronic equipment.


Lux Watch Winders recognizes the importance of electronic commerce (e-commerce) activities to its present-day operations. We are committed to using e-commerce activities in a cost-effective manner that promotes accuracy, safety, security, and efficiency. These activities bring automation and efficiency to traditional manual tasks and allow quicker access to information, resulting in improved customer service.


This e-commerce policy is to be used as both a guideline and an overview of the management of Lux Watch Winders electronic services.

Policy Detail

Lux Watch Winders is committed to enhancing customer service using various forms of e-commerce activities.

Electronic commerce activities include Lux Watch Winders website, email, telephone access system, ACH transactions, online bill payment, and banking services. They also include business-to-business transactions where interaction is conducted electronically between Lux Watch Winders and its business partners using the Internet as the communications network.

Lux Watch Winders' practice is to always safeguard customer data, including the processing of e-commerce transactions. Information must be protected at both the sending and receiving ends of each transaction. To accomplish this, several levels of protection are applied to e-commerce activities.


Encrypting transactions provides security by ensuring that no portion of a transaction is readable except by the parties at each end of the transmission. This ensures that data can be transmitted securely without concern that another party could intercept all or part of the transaction. Encryption also makes certain that the transaction is not tampered with as it routes from point to point, and data is received exactly as it was sent. Lux Watch Winders' will use a minimum of 128-bit encryption. This also applies to vendors that host Lux Watch Winders'customer data.


After establishing a secure connection, the initiating party must prove their identity before conducting the transaction. This is typically handled with user IDs, account numbers, and passwords or PIN combinations. Additionally, encryption certificates are also employed to validate the authenticity of both servers and users. System administrators control system access by assigning users different levels of access for applications and data. These access levels are determined by the President.

Multi-factor Authentication (MFA):

For online banking, MFA offers more than one form of authentication to verify the legitimacy of a transaction. The layered defense makes gaining access more difficult for an unauthorized person.


Lux Watch Winders' will deploy and utilize firewalls as necessary to protect internal systems from threats originating from the Internet and those that might be present when connecting to vendors' networks. Firewall operating systems and configurations will be reviewed periodically to ensure maximum protection. Firewalls and other access devices will be used, as needed, to limit access to sites or services deemed inappropriate or non-corporate in nature. Vendor-hosted solution firewalls will be reviewed prior to implementation.

Network Traffic Rules and Restrictions:

Intra-network traffic is subject to distinct operating rules and restrictions. With firewall technology, outside parties are directed only to approved internal resources. An example of this is web page services that allow certain types of traffic from the Internet (web page browsing) but have other types of traffic blocked (i.e., administrative tasks). This strategy dramatically reduces the risk of any party gaining unauthorized access to a protected server. The internal network is also protected from virus attacks using network-level anti-virus software that is updated regularly. These regular updates are loaded automatically to each PC as they are available. This provides the most up-to-date virus protection and security available. E-mail is also scanned prior to delivery, reducing the potential of a virus entering the network in this manner.

Physical Site Security:

All digital assets are stored at secure third-party locations.

Staff Training and Review:

Staff receives training and reviews all procedures at least annually or as major system additions or changes are implemented.

User Password Maintenance:

Staff passwords on the host data processing system expire after 45 or 90 days, forcing users to modify their passwords. This control, along with a strict Lux Watch Winderspolicy prohibiting users from sharing or disclosing their passwords, is intended to prohibit unauthorized access to systems and data.

Expert Assistance:

Lux Watch Winders' recognizes that e-commerce security issues change daily. New security, safety, and accuracy threats appear daily, and system vendors publish updates and patches regularly to eliminate the threat. To assist in the ongoing maintenance of key components of system security, the company will engage, at a regularly scheduled interval, consulting, and auditing oversight with a nationally recognized leader in the area of e-commerce security. This vendor may also provide technical assistance as new e-commerce-related features are added - to the system to ensure existing systems' continued safety and security.

Communications Network:

Lux Watch Windersemploys the use of several types of data communication lines, including direct point-to-point circuits and other private and public network connections. Data transmissions are secured, encrypted, and/or password protected, as needed.

Response Program:

In the event of suspected or detected unauthorized access to customer information systems,Lux Watch Winders' will promptly respond and take appropriate actions. The response program includes the following steps:

  1. Identification and Isolation: If unauthorized access is suspected or detected, the team will promptly identify the affected systems or accounts and isolate them from further unauthorized access.
  2. Incident Reporting: Lux Watch Winders's team will immediately report the incident to the appropriate regulatory and law enforcement agencies according to the company's information security response procedures.
  3. Investigation and Analysis: A thorough investigation and analysis of the incident will be conducted to determine the extent of the unauthorized access, the potential impact on customer data, and the root cause of the breach.
  4. Notification: If it is determined that customer data has been compromised, Lux Watch Winders' will promptly notify affected customers in accordance with applicable laws and regulations.
  5. Remediation and Mitigation: The team will take necessary actions to remediate the security breach and prevent similar incidents in the future. This may include applying security patches, strengthening access controls, and enhancing monitoring capabilities.
  6. Continuous Improvement: Lux Watch Windersis committed to continuously improving its security measures to protect customer data. Regular security reviews, audits, and risk assessments will be conducted to proactively identify potential vulnerabilities and address them.

Confidentiality and Compliance

Lux Watch Winders' acknowledges the critical importance of maintaining the confidentiality and privacy of customer information. All employees and third-party service providers are required to adhere to strict confidentiality requirements and are bound by non-disclosure agreements.

Lux Watch Winders' is committed to complying with all applicable laws and regulations related to data protection and security. This includes but is not limited to the California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), and other relevant data protection laws.

Training and Awareness

Lux Watch Windersrecognizes that cybersecurity is a shared responsibility. Therefore, regular training and awareness programs will be conducted for employees to educate them about the latest security threats, best practices, and the importance of safeguarding customer data.


Lux Watch Winders' provides a secure and trustworthy e-commerce platform for our valued customers. We will continue to invest in robust security measures and remain vigilant in protecting customer data and transactions. Our commitment to transparency and adherence to best security practices aim to instill trust and confidence in our customers as they interact with our e-commerce services.

This Security Policy will be regularly reviewed and updated as necessary to align with industry standards and the evolving threat landscape. For any questions or concerns related to the security of our e-commerce services, please contact our customer support team at