Amazon Data Protection Policy

General Security Requirements

In alignment with the leading industry security standards and Amazon's specified criteria based on information sensitivity, 3PW Commerce upholds physical, administrative, and technical safeguards. These measures are implemented to:

• Maintain the security and confidentiality of Amazon Information throughout its lifecycle.
• Protect information from known or anticipated threats, ensuring its integrity and safeguarding against unauthorized access, accidental loss, alteration, or disclosure.

Network Protection

All servers within 3PW Commerce implement robust network protection controls, including firewalls that restrict public access exclusively to authorized users.

Access Management

Access to Amazon information is strictly controlled, limited to users with specific task-related requirements. User access is monitored, logged, and subject to regular review. Any suspicious activity triggers immediate account permission revocation and investigation. When an employee no longer works with the company, their access permissions are promptly revoked. Amazon data is strictly prohibited from being stored on removable devices, except for anonymized data like overall sales figures. Downloading any Personally Identifiable Information (PII) onto devices is strictly forbidden. In case of detecting suspicious activities, such as numerous failed login attempts or an unusually high volume of requests, account permissions will be promptly revoked. Subsequent investigations will be conducted by Systems Administrators.

Encryption in Transit

All data in transit is encrypted using HTTPS on 3PW Commerce systems to ensure secure transmission over the network.

Incident Response Plan

3PW Commerce has a comprehensive incident response plan to address service interruptions or degradation. The plan includes assessing impact and urgency, informing relevant personnel, and conducting a thorough investigation. Incident response plans are reviewed biannually or more frequently with major platform changes.

Request for Deletion or Return

Upon Amazon's request, 3PW Commerce will securely delete or return Amazon Information within 72 hours. Certification of secure destruction is provided if requested.

Data Retention and Recovery

Amazon PII is stored on privately hosted Database Servers for order management purposes and is removed within 30 days after order fulfillment. No Amazon PII is stored in logs or other files.

Data Governance

3PW Commerce adheres to an asset management policy, reviewing and updating asset inventories every 6 months. A publicly available privacy policy highlights compliance with data privacy regulations.

Encryption and Storage

All PII is encrypted at rest using industry-standard AES-256 encryption. No PII is stored in external media or unsecured Cloud applications.

Least Privilege Principle

Access is granted on a need-to-know basis, utilizing fine-grained access controls to minimize access based on specific roles and duties.

Logging and Monitoring

Logging includes access logs and authorization attempts, stored for 12 months. Code changes and API logs are maintained without containing PII.

Audit

3PW Commerce commits to providing Amazon with compliance records upon request to demonstrate compliance with the Acceptable Use Policy, Data Protection Policy, and Amazon Marketplace Developer Agreement during the period of our agreement with Amazon and for 12 months thereafter. Cooperation with Amazon-assigned auditors includes inspections of books, records, facilities, operations, and system security. For any breaches, failures, or deficiencies flagged during an audit, 3PW Commerce will rectify them at our expense within the agreed timeframe.