登录 注册

Wuyou Yishou ERP Privacy and Data Processing Policy

Effective Date: September 2024
Introduction

At Guangzhou Wuyou Yishou Network Information Co., Ltd ("we" "our" or "us"), protecting the privacy and data of our users, partners, and third-party service providers—including Amazon—remains our highest priority. This Privacy and Data Processing Policy sets forth our practices regarding the collection, use, processing, storage, sharing, and secure disposal of personal and restricted data. It applies specifically to all data received from Amazon platforms and interfaces in connection with our service delivery and developer access, and it has been tailored to comply with Amazon’s requirements regarding Restricted Data Access (RDA) and comprehensive data management.

Scope and Definitions

1.Amazon Data: Data provided by Amazon, including personally identifiable information (PII), account credentials, transactional information, and any data marked as restricted under Amazon policies.

2.Personal Data: Any information relating to an identified or identifiable individual, which includes but is not limited to names, contact details, login credentials, and transaction-related data.

3.Restricted Data Access (RDA): Data that require controlled, limited access pursuant to Amazon policies. Our internal and external processing and storage follow strict criteria to ensure that only authorized personnel have access.

4.Data Processing: Any operation or set of operations performed on data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, and disposal.

Data Collection

1.Sources and Methods:

We collect data directly via interactions with our Amazon-based services, APIs, and when integrating with Amazon’s platforms. Data is received with explicit user consent where required and through lawful means.

2.Types of Data Collected:

  • Personal identification information (name, email, contact details, etc.)
  • Account-related credentials and access logs
  • Transactional and operational data to enable service delivery
  • Any other data specifically provided by Amazon or generated during interactions with Amazon systems

Our collection practices are designed to adhere to the principle of data minimization, collecting only the data necessary for service fulfillment.

Data Processing

1.Purpose-Limited Processing:

Data for Amazon services is processed solely for the purpose of enabling and improving our service offerings, order and account management, fraud prevention, customer support, and legal compliance.

Operational Steps:

  • Validation & Classification: Data received is verified for accuracy and classified according to sensitivity.
  • Access Controls: Strict role-based access ensures that processed data is handled only by authorized personnel.
  • Auditability: All processing activities relating to Amazon Data are logged and monitored regularly.
Data Storage

1.Security and Location:

All data is stored on secure servers within controlled data centers that are compliant with industry standards (e.g., encryption, physical security, and access logs).

2.Retention Policies:

Data is stored for the duration necessary to fulfil its purpose, in compliance with applicable laws and contractual obligations with Amazon. When retention is no longer required, data is archived or securely deleted in a manner that prevents recovery.(According to Amazon's personal identity information retention policy, we will automatically delete your buyer's personal identity information 28 days after the date of shipment of your buyer order, and will not make offline backups)

Data Use

1.Permitted Purposes:

Amazon Data is exclusively used to:

  • Fulfill service delivery and order management on Amazon platforms
  • Enhance internal processes and customer support
  • Perform data analytics and improve service quality within the limits of user consent and contractual requirements

2.Prohibited Uses:

Data will not be employed for any external marketing or purposes outside the scope of our agreement with Amazon.

Data Sharing and Disclosure

1.Third-Party Service Providers:

Sharing Necessary to Fulfill Our Legal Obligations:

  • We may share your user information externally as required by applicable laws and regulations, for the purposes of litigation or arbitration, or in response to requests made lawfully by administrative or judicial authorities.

2.Internal Access Controls:

Data sharing within our organization is strictly governed by the principles of “need-to-know” and “least privilege.” Access to Amazon Data is limited to employees and systems with a verified business need.

3.Regulatory Disclosures:

In the event of lawful requests by governmental authorities or legal requirements, only the minimal necessary data will be disclosed, after appropriate legal review.

Restricted Data Access (RDA)

1.Access Limitation:

In direct compliance with Amazon’s RDA requirement, access to all restricted Amazon Data is tightly controlled. Only individuals who have undergone rigorous background verification and training may access such data.

2.Continuous Monitoring:

All access events to restricted data are logged, audited, and reviewed periodically to ensure compliance with Amazon’s policies. We conduct internal audits to enforce these controls and to detect any unauthorized access attempts immediately.

3.Training and Confidentiality:

All personnel with access to restricted data receive regular training on data security and confidentiality. They are also bound by legal agreements to ensure that such data is handled only within permitted contexts.

Data Disposal and Retention

1. Retention Schedule

Data is retained only as long as necessary to meet business and legal requirements, after which it is securely purged.

2. Disposal Procedures

When data is no longer needed, it is disposed of using industry-standard methods (e.g., secure erasure and degaussing) that ensure no recoverable remnants remain.

3. Deletion Requirements

In accordance with Amazon's requirements and notifications, we are committed to the timely and secure deletion of Amazon-related data:

  • Upon receiving a formal request from Amazon or related platforms, we must immediately (but no later than 72 hours after Amazon’s request) permanently and securely delete all relevant Amazon-related data. This deletion must adhere to industry-standard processing methods, such as NIST 800-88.
  • Furthermore, within 90 days of receiving a deletion request from Amazon, we must ensure the permanent and secure removal of all real-time (online or network-accessible) instances of Amazon-related data.

We maintain detailed logs of all deletion processes to ensure compliance with Amazon's policies, allowing for auditability and verification of the secure disposal process.

Security Measures

To safeguard Amazon Data, we have implemented comprehensive security controls including:

1.Encryption:

Data is encrypted in transit (using SSL/TLS) and at rest (using strong encryption standards).

2.Access Management:

We employ multi-factor authentication (MFA), role-based access control (RBAC), and strict password management policies.

3.Network and Physical Security:

Our data centers are protected by robust physical security measures and continuous network monitoring.

4.Regular Audits and Assessments:

We conduct routine security audits, vulnerability assessments, and penetration tests to ensure that our systems remain secure against evolving threats.

Compliance and Enforcement

1.Legal Compliance:

Our privacy practices comply with all applicable data protection laws and regulations, as well as the specific requirements outlined by Amazon.

2.Internal Oversight:

Our Data Protection Officer (DPO) and dedicated compliance teams oversee policy implementation and conduct regular training, risk assessments, and internal audits.

3.Policy Updates:

We reserve the right to revise this Policy at any time. Any significant changes will be communicated via our public website and, where applicable, directly to Amazon.

Contact Information

For any questions, concerns, or requests for data-related inquiries regarding this policy, please contact our Data Protection Officer at:

  • Email: info@51selling.com
  • Phone:+8613242859681
  • Mailing Address: Room 405, No. 50-1 Huanxi West Road, Tianhe District, Guangzhou City, Guangdong Province, China

By adopting the measures and practices described above, Guangzhou Wuyou Yishou Network Information Co., Ltd ensures that all data obtained from—and in relation to—Amazon is managed in a secure, compliant, and responsible manner. This policy fully delineates the lifecycle of Amazon Data from collection and processing to storage, use, sharing, and disposition, thereby meeting the stringent requirements set forth by Amazon.

Should you need any further clarification or details on specific practices, please do not hesitate to contact us.

Additional Insight:

In response to evolving data protection standards and increasing scrutiny by platforms like Amazon, we continuously review our security protocols and privacy measures. Future updates of this policy may include technical enhancements (e.g., automated access logging, refined encryption practices) and revised disposal methods to further ensure the safety and privacy of all sensitive data.

By ensuring a rigorous, transparent, and complete privacy framework, we aim not only to comply with Amazon’s policies but also to build lasting trust with our users and partners.