Mentions légales

Amazon Selling Partner API Data Handling Addendum

1. Data Collection
We collect Amazon Information exclusively through authorized Amazon Selling Partner API (SP-API) endpoints. We only request data for the specific Restricted Roles (e.g., Direct-to-Consumer Shipping) explicitly authorized by the Selling Partner. We do not use web scraping or any unauthorized methods to gather Amazon data.

2. Data Processing
Data is processed strictly to facilitate order fulfillment and tax compliance.
  • Shipping: Customer names and addresses are processed to generate shipping labels via the PostNL API.
  • Invoicing: Order details are processed to generate legally required VAT invoices.
  • No Prohibited Use: We do not process data for marketing, customer profiling, or cross-client data aggregation, in strict adherence to Amazon’s Acceptable Use Policy (AUP).
3. Data Storage & Security
  • Encryption: All Amazon Information is encrypted at rest using AES-256 and in transit using TLS 1.2+.
  • Access Control: Access is restricted to "Approved Users" using AWS IAM roles with Multi-Factor Authentication (MFA).
  • Environment: Data is stored in a secure cloud environment with regular vulnerability scanning.
4. Data Sharing
We share Personally Identifiable Information (PII) only with essential third-party service providers (e.g., PostNL) as required for fulfillment. These partners are vetted to ensure they meet or exceed Amazon’s Data Protection Policy (DPP) standards.
5. Data Disposal & Retention
  • PII Deletion: All PII is programmatically and permanently deleted 30 days after the order is fulfilled.
  • Anonymization: For long-term tax records, all identifying customer data is removed, leaving only anonymized financial transaction data.
  • Disposal Standard: Final data disposal follows NIST 800-88 guidelines to ensure data is unrecoverable.