Amazon Privacy
What we collect
- Order data, including buyer name and shipping address, and order/line-item details, for orders we fulfil ourselves (FBM).
- Catalogue, pricing, inventory and listing data for our own products.
We collect only what is necessary to list our products and fulfil our orders.
Purpose & lawful basis
- Buyer name and shipping address are used solely to fulfil the order (pick, pack, ship, provide tracking) and for Amazon-mediated delivery communication.
- We do not use Amazon PII for marketing and we do not sell it.
- Lawful basis: performance of the sales contract.
Processing & storage
- Amazon Information is transmitted over TLS and processed in our serverless backend (Vercel).
- It is stored in our access-controlled database (Supabase / PostgreSQL), which encrypts data at rest with AES-256 using a managed Key Management System.
- Access is restricted to named, authorised users (MFA-protected) on a need-to-know basis, enforced with row-level security.
Sharing
- We share buyer name and shipping address with Picqer (our warehouse-management/fulfilment provider) only, strictly to ship the order.
- No Amazon Information is shared with any other third party.
Retention & disposal
- Buyer PII is retained only as long as needed to fulfil the order and cover the returns window, and is then deleted, in practice less than 31 days after order shipment.
- Backups are encrypted; expired data ages out of backups on the standard backup rotation.
Security
- Encryption in transit (TLS) and at rest (AES-256 + KMS).
- Secrets stored in encrypted environment variables, never in source.
- Continuous dependency/code scanning, an annual penetration test, and a documented incident-response plan with 24-hour Amazon notification.
Data-subject rights
Buyers may exercise their rights (access, rectification, erasure) via Amazon or by contacting us at the address below.
Contact
Fatbikeskopen.nl B.V. —
