Contact Us

Amazon Data Protection and Privacy Policy

Last updated November 8, 2023

1. NETWORK PROTECTION

At G&Z Trading Ltd, we are committed to safeguarding the security and privacy of Amazon Information and customer data. We have implemented robust network protection measures to ensure data integrity and confidentiality:

  • We employ AES-256 encryption and maintain a network firewall to block unauthorized access to our systems.
  • Unique Authentication credentials are assigned to our developers to control and monitor access to Amazon Information, and we strictly prohibit the use of generic, shared, or default login credentials.
  • We enforce mechanisms to restrict access to Amazon Information to only the required user accounts.
  • Access authorization is periodically reviewed by our CTO, and unnecessary accounts are promptly removed.
  • Our employees are strictly prohibited from storing Amazon data on personal devices.
  • We maintain an “account lockout” system to detect and respond to anomalous usage patterns or unauthorized login attempts.
  • All data in transit, both within our network and between hosts, is encrypted using HTTPS.
  • We enforce encryptions for all applicable external endpoints used in internal communication channels.

2. DATA RETENTION AND RECOVERY

At G&Z Trading Ltd, we understand the importance of responsible data retention and recovery practices:

  • We retain Personally Identifiable Information (PII) only for the purpose of fulfilling orders, and not beyond 30 days after order shipment or for tax calculation and remittance.
  • Any archived Amazon Information for legal or regulatory purposes is stored offline in a physically secure facility, ensuring it is not available for immediate or interactive use.
  • Archived data on backup media is encrypted to maintain data security.
  • We have comprehensive data recovery measures in place to ensure that, in the event of data loss, we can recover all PII lost.

3. DATA GOVERNANCE

We take data governance seriously to protect the privacy of our customers and Amazon Information:

  • We have established a comprehensive privacy and data handling policy for our applications and services, outlining appropriate conduct and technical controls.
  • Regular inventory is maintained for devices and assets with access to PII.
  • We keep records of data processing activities, including data collection, processing, storage, usage, sharing, and disposal, to ensure accountability and compliance with data privacy regulations.
  • We have a robust privacy policy that aligns with customer consent and data rights, including access, rectification, erasure, and the ability to stop sharing or processing data where required.

4. ENCRYPTION AND STORAGE

Data security is a top priority at G&Z Trading Ltd:

  • We encrypt all PII at rest using industry best practices, including AES-256 encryption.
  • Cryptographic materials, including encryption/decryption keys, are strictly accessible only to authorized processes and services.
  • We do not store PII on removable media, unsecured public cloud applications, or public links.
  • We securely dispose of printed documents containing PII.

5. LEAST PRIVILEGE PRINCIPLE

We implement fine-grained access control mechanisms to protect customer data:

  • Access rights are carefully controlled, allowing access only to specific data based on the principle of least privilege.
  • Application sections or features that handle PII are protected under unique access roles and accessed on a “need-to-know” basis.

6. LOGGING AND MONITORING

We maintain an effective logging and monitoring system to ensure the security of our systems:

  • We gather logs to detect security-related events, such as access and authorization, intrusion attempts, and configuration changes.
  • Logs are subject to strict access controls to prevent unauthorized access and tampering, and they do not contain PII.
  • Logs are retained for at least 90 days for reference in case of security incidents.
  • We have mechanisms in place to monitor logs and system activities, triggering alarms on suspicious actions.
  • Investigations are carried out in the event of alarms, and these are documented in our Incident Response Plan.

7. AUDIT

We maintain all necessary records to verify compliance with policies and agreements:

  • We retain records to verify compliance with our Data Protection and Privacy Policy.
  • We cooperate with Amazon’s audit requests, which may occur at our facilities and/or subcontractor facilities.

At G&Z Trading Ltd, we are dedicated to protecting your data and Amazon Information through stringent security and privacy measures. We are committed to compliance with relevant regulations and ensuring the highest level of data security and privacy for our customers.