Last Updated: October 23, 2025
1. Purpose
This Privacy and Data Handling Policy describes how Dr.Fish collects, processes, stores, uses, shares, and disposes of Amazon Information obtained through the Amazon Selling Partner API (SP‑API) and related integration systems. The policy ensures compliance with Amazon’s Data Protection requirements, the General Data Protection Regulation (GDPR), and all applicable financial and tax regulations.
2. Data We Collect
- Order & Fulfillment Data: Order IDs, buyer names, shipping addresses, contact details, product details (ASIN, SKU, quantity, pricing).
- Operational Metadata: Shipment tracking, fulfillment center identifiers, delivery confirmation logs.
- Financial & Tax Data: Settlement reports, transaction amounts, refunds, Amazon fees, invoices, VAT/GST details, tax identifiers, and compliance records.
- System Metadata: Access logs, timestamps, and API request history for security and auditing.
3. Purpose of Data Processing
- Order management, fulfillment, and after‑sales support.
- Financial reconciliation, invoice generation, and tax reporting to authorized agencies.
- Maintaining accounting and fiscal records under legal retention obligations.
- Ensuring data integrity, fraud prevention, and regulatory auditing.
4. Data Storage & Security
- All Amazon data is stored in encrypted databases using AES‑256 encryption standards.
- Data transmission utilizes HTTPS/TLS 1.2+ to guarantee confidentiality and integrity.
- Access is restricted via role‑based access controls (RBAC) and multi‑factor authentication (MFA).
- Financial and tax data access is logged and periodically reviewed as part of compliance audits.
5. Data Sharing & Disclosure
Dr.Fish does not sell, rent, or disclose Amazon Information to unauthorized third parties. Data may only be shared with certified infrastructure and financial partners (such as AWS providers or licensed accountants) under binding Data Processing Agreements (DPAs) to ensure strict confidentiality and compliance.
6. Data Retention & Disposal
Operational data is retained only as long as necessary for business operations and regulatory compliance. Financial and tax data are retained for up to seven (7) years in accordance with statutory requirements. After expiration, the data is erased securely via cryptographic erasure or anonymization methods.
7. Employee Access & Controls
Access to Amazon data, including financial records, is limited to authorized employees only. All access requires MFA authentication and is logged for traceability. Access permissions are reviewed regularly to maintain the principle of least privilege.
8. Data Backup & Recovery
Encrypted backups of Amazon data are stored securely in AWS S3 with server‑side encryption (AES‑256). Backups follow the same confidentiality policies as production data and are automatically deleted upon expiration.
9. Data Subject Rights
In compliance with GDPR and other applicable privacy laws, data subjects may request access, correction, or deletion of personal information collected by Dr.Fish. Requests can be submitted to cs@drfishtackle.com, and responses will be provided within 30 days.
10. Updates to This Policy
Dr.Fish may update this Privacy Policy periodically to reflect legal, regulatory, or Amazon platform changes. Revised versions will be posted on this webpage with a new "Last Updated" date.
