Amazon Privacy and Data Handling Policy for Progress Technologies, Inc. D.B.A. Skiff Life

1. Introduction

  • Purpose: This policy outlines our commitment to safeguarding Amazon data in compliance with Amazon's Data Protection Policy (DPP) and Acceptable Use Policy (AUP).

  • Scope: This policy applies to all data obtained through the Selling Partner API (SP-API) and encompasses all personnel and systems involved in handling this data.

2. Data Collection

  • Authorization: Data is collected exclusively through authorized SP-API endpoints, adhering strictly to Amazon's guidelines and obtaining necessary consents.

  • Minimal Data Principle: Only data essential for business purposes is collected, avoiding the accumulation of unnecessary information.

3. Data Processing

  • Purpose Limitation: Data is processed solely for purposes explicitly authorized by Amazon and agreed upon by data subjects.

  • Data Accuracy: Measures are implemented to maintain data accuracy and relevance throughout its lifecycle.

4. Data Storage

  • Encryption: All stored data, especially personally identifiable information (PII), is encrypted using robust encryption standards to prevent unauthorized access.

  • Access Controls: Strict access controls are established, ensuring only authorized personnel can access sensitive data, with regular reviews of access permissions.

  • Retention Policy: Data retention periods are defined in compliance with Amazon's DPP and legal requirements, ensuring data is not stored longer than necessary.

5. Data Usage

  • Compliance: Data is used strictly in accordance with Amazon's policies, ensuring all actions taken with the data are compliant with agreed-upon terms.

  • Monitoring: Data usage is regularly monitored to detect and prevent unauthorized or inappropriate activities.

6. Data Sharing

  • Third-Party Agreements: Any third parties with whom data is shared are contractually obligated to adhere to Amazon's data protection standards.

  • Due Diligence: Thorough assessments of third-party data handling practices are conducted before sharing any data.

7. Data Disposal

  • Secure Deletion: Procedures are implemented for the secure deletion of data that is no longer required, ensuring it cannot be recovered or misused.

  • Documentation: Records of data disposal activities are maintained to demonstrate compliance with data protection obligations.

8. Security Measures

  • Network Protection: Robust network security measures, including intrusion detection and prevention systems, are implemented to safeguard against unauthorized data access.

  • Regular Audits: Periodic security audits are conducted to identify and address vulnerabilities in data handling processes.

  • Employee Training: Ongoing training is provided to employees on data protection principles and Amazon's specific requirements to ensure compliance.

9. Incident Response

  • Breach Notification: Protocols are established for promptly notifying Amazon and affected individuals in the event of a data breach, in accordance with Amazon's DPP.

  • Mitigation: Strategies are developed and implemented to contain and mitigate the impact of data breaches, preventing recurrence.

10. Policy Review and Updates

  • Continuous Improvement: The Privacy and Data Handling Policy is regularly reviewed and updated to reflect changes in Amazon's requirements, legal obligations, or internal processes.

  • Version Control: Version control of the policy document is maintained to track changes and ensure transparency.