Amazon Privacy and Policy

Effective Date: 10.07.2025

This Privacy and Data Handling Policy describes how our organization collects, uses, stores, shares, and disposes of Amazon data, including Personally Identifiable Information (PII), in compliance with Amazon's Data Protection Policy (DPP), Acceptable Use Policy (AUP), and related security standards.

1. Data Collection and Purpose We collect Amazon customer data such as name, shipping address, phone number, and email address solely for the purposes of:

• Fulfilling orders,

• Generating shipping labels,

• Creating legally compliant invoices,

• Providing post-sale customer service.

We do not collect or use Amazon data for marketing, profiling, analytics, or resale.

2. Data Storage and Protection

• All Amazon data is encrypted in transit (TLS 1.2 or higher) and at rest (AES-256).

• Data is stored only in secure environments managed by authorized personnel.

• Access to data is controlled via role-based access control (RBAC), unique user credentials, and Multi-Factor Authentication (MFA).

3. Access Controls and Monitoring

• Access is granted only on a need-to-know basis.

• Audit logs and access records are retained and monitored through centralized logging systems.

• Unauthorized access attempts are flagged and investigated.

4. Data Retention and Disposal

• Amazon customer data is retained no longer than 30 days after order fulfillment.

• Data is permanently deleted using secure methods compliant with NIST 800-88.

5. Third-Party Sharing

• We do not share Amazon customer data with third parties, except when legally required.

6. Updates to This Policy We may revise this policy periodically. Changes will be reflected on this page with an updated effective date.