The company has implemented a Privacy Management System: a set of technical and organizational security measures aimed at guaranteeing corporate compliance with the GDPR.
This process includes the creation of documents required by law (treatments policies, data retention policies, documents for identification of the data processors, etc.) and procedures to manage the protection of corporate personal data in general.
A DPO has been appointed for foreseeing the updating of the Privacy Management System currently implementing an overall document which will describe all the documents that the company has implemented in relation to the privacy legislation.
The DPO has defined an audit plan to update periodically the outcome of the above activity.
Here a summary about the internal policy about the management of Amazon Data and customers PIIs (Personally Identifiable Information).
As SPN, our company collects from Amazon only the data needed to permit to our app to work correctly and provide to Account Managers, Customer Care Operators and Warehouse Operators a more efficient way to do their job.
Relatively to PIIs, we collect personal information only to ship the goods, making invoices/documents and support the customer care operations. Those are the only propose of treatment about PIIs.
All Amazon data are collected only via the official API services and following the guidelines provided by Amazon.
The collected data are combined, filtered and aggregated to obtain an higher-level data with which our algorithms can make decision, alerts for the users or make the rest of the business logic.
The non-personal data from Amazon can be combined and integrated with data from internal sources (ex: inventory forms, products information, data from our ERP, quantiy streams from our customers).
PIIs are not subject to data mining and we not combine PIIs with other external data.
Not all the collected data have a persistent state, and only information useful in time are stored on our database infrastructure. Data are stored in different databases and tables, with different levels of protection/encryption based on data relevance.
Right now, PIIs are stored using a TDE (Transparent Data Encryption) with cryptography at-rest with CBC (Cipher Block Chaining) of AES-256. The direct access to the main databases is available only for the CTO, the Sysadmin and the Vulnerability Group team for investigation propose.
A backup process is scheduled to backup periodically the entire app data, saving the results in an encrypted file in a separated partition on the server.
A mid-term backup for disaster recovery is saved locally every week in a company NAS, protected in the locked server room of the company headquarter.
Our app saves logs of every connection and important operation, but no PIIs are saved at log-level. The application refers to the entity only with anonymized data (ex: the user ID instead of the name).
Our app have a multi level role/visibility system to permit to every use to see only the needed information. For example, an operator can see only the orders of products of a certain supplier and of a certain channel. Only that products/orders stats are available and If this operator don’t manage FBM shipments or customer care, PIIs are not showed at all.
Otherwise, only the operation-related PIIs are showed, for example only the customer name if the customer address is not mandatory for the task.
Our company will never use data or personal information obtained from Amazon for commercial propose or other out-of-policy aims. The usage of the Amazon data is only connected to improve the quality of services for the final customers (fastest warehouse-to-courrier process, better customer care, better issue solving, lower prices) and for channels we manage as a SPN (better product rotation, less stock break, better warehouse performance and less wasted space, optimized ADV campaigns), in a full compliance with the official Amazon Acceptable Use Policy (https://sellercentral.amazon.com/mws/static/policy?documentType=AUP&locale=it_IT).
Our company knows the fundamental importance of the data, and can share information only in 5 specific cases
- Channel owner (as SPN)
We never share PIIs in this case
Our company can share stats, reports, aggregated and higher-level data with Brand owners or Channel owners. This kind of information can be accessed directly by Channel owners on ther Sellercentral/Vendorcentral panel, but in a “raw” state and without a strategic focus and overview
- Product suppliers
We can temporary share PIIs for FBM shipments / Direct Fullfilment
Our company can share orders details and addresses to suppliers to manage direct shipments. After the shipments are done, the access to that orders PIIs became forbidden
For FBA inbound shipments and Vendor orders, the company can share details about the goods, the shipments details and the destination address
We can temporary share PIIs for FBM shipments / Direct Fullfilment
Our company can share via the courrier’s webservices/APIs the names and the addresses of the final customer to permit the shipment service
- IT department / Sysadmins / Vulnerability Group team / Storage services
With a Letter of Appointment, our company can delegate the access of the data for technical management of the storage infrastructure.
This kind of access is strictly confidential and related to specific scheduled maintenance operation or disaster investigations. An agreement with the company binds collaborators not to divulge the information in any way
- Competent authorities, judicial authorities, police departments
In compliance with the GDPR, our company can collaborate with competent authorities, with the direct consent of a judge, sharing information for national security issues or investigations about crimes
The internal use of the app is regulated with the sign of a Letter of Appointment for every user that can access (even partially, with PIIs).
Also in this case, an agreement with the company binds collaborators not to divulge the information in any way.
For every type of data collected and stored in the app databases, our company have planned a disposing procedure with a specific timing.
Daily archiving and conservation for 12 months (for investigations and debug)
Sets as “non visible” right after the shipment of the goods is done, conservation for 2 years if an invoice or other fiscal document is generated, as requested by the actual laws in Italy
- Non personal data / stats / inventory information
Conservation for 5 years, for statistical reason
- Daily based backups (encrypted)
Conservation for 24 hours, for fast recovery
- Mid-term backups (encrypted and stored in the HQ)
Conservation for 30 days, for disaster recovery
During the disposal process, every data (included the cached ones) are removed by an automated process.