Big Internet Seller Services Inc provides e-commerce Services

Data Protection Policy

This Data Protection Policy (“DPP”) governs the treatment (e.g., receipt, storage, usage, transfer, and disposition) of the data collected and retrieved by https://biginternetcommerce.com (Big Internet eCommerce/ Big Internet Seller Services Inc)

Definitions

“Amazon Information” means any information that is exposed by Amazon through the Marketplace APIs, Seller Central, or Amazon’s public-facing websites. This data can be public or non-public, including Personally Identifiable Information about Amazon customers.

“Customer” means any person or entity who has purchased items or services from Amazon’s public-facing websites.

“Personally Identifiable Information” (“PII”) means information that can be used on its own or with other information to identify, contact, or locate an individual or to identify an individual in context. This includes, but is not limited to, a Customer or Seller’s name, address, e-mail address, phone number, gift message content, survey responses, payment details, purchases, cookies, digital fingerprint (e.g., browser, user device), IP Address, geo-location, or Internet-connected device product identifier.

“Security Incident” means any actual or suspected unauthorized access, collection, acquisition, use, transmission, disclosure, corruption, or loss of Amazon Information, or breach of any environment containing Amazon Information, or managed by Big Internet eCommerce/ Big Internet Seller Services Inc with controls substantially similar to those protecting Amazon Information.

“Seller” means any person or entity selling on Amazon’s public-facing websites.

Big Internet eCommerce/ Big Internet Seller Services Inc means the company that owns https://biginternetcommerce.com, or its managers, or the services depending on context.

Big Internet eCommerce/ Big Internet Seller Services Inc complies with the following requirements

  1. Data Retention and Recovery.

Big Internet eCommerce/ Big Internet Seller Services Inc retains PII only for the purpose of, and as long as is necessary to fulfil orders. PPI of Customers is automatically removed in 30 days after order shipment.

  1. Data Governance.

Big Internet eCommerce/ Big Internet Seller Services Inc’s privacy and data handling policy governs the appropriate conduct and technical controls that are applied in managing and protecting information assets. Big Internet eCommerce/ Big Internet Seller Services Inc keeps inventory of software and physical assets (e.g. computers, mobile devices) with access to PII, and updates regularly. A record of data processing activities such as specific data fields and how they are collected, processed, stored, used, shared, and disposed for all PII Information should be maintained to establish accountability and compliance with regulations. Big Internet eCommerce/ Big Internet Seller Services Inc according to the privacy policy can rectify, erase, or stop sharing/processing the customers information where applicable.

  1. Encryption and Storage.

All PII is encrypted at rest using industry best practice standards (AES-128, AES-256, or RSA with 2048-bit key size (or higher), this depends on particular server configuration. The cryptographic materials (e.g., encryption/decryption keys) and cryptographic capabilities used for encryption of PII at rest is only accessible to the processes and services. PII is not stored in removable media (e.g., USB) or unsecured public cloud applications (e.g., public links made available through Google Drive). Any printed documents containing PII should be securely disposed.

  1. Least Privilege Principle.

Big Internet eCommerce/ Big Internet Seller Services Inc has implemented fine-grained access control mechanisms to allow granting rights to any party using the Application (e.g., access to a specific set of data at its custody) and the Application’s operators (e.g., access to specific configuration and maintenance APIs such as kill switches) following the principle of least privilege. Application sections or features that vend PII must be protected under a unique access role, and access should be granted on a “need-to-know” basis.

  1. Logging and Monitoring.

Big Internet eCommerce/ Big Internet Seller Services Inc gathers logs to detect security-related events (e.g., access and authorization, intrusion attempts, configuration changes) to the Application and systems. Big Internet eCommerce/ Big Internet Seller Services Inc implements this logging mechanism on all channels (e.g., service APIs, storage-layer APIs, administrative dashboards) providing access to Amazon Information. All logs must have access controls to prevent any unauthorized access and tampering throughout their lifecycle. Logs themselves should not contain PII and must be retained for at least 90 days for reference in the case of a Security Incident. Big Internet eCommerce/ Big Internet Seller Services Inc has mechanisms to monitor the logs and all system activities to trigger investigative alarms on suspicious actions (e.g., multiple unauthorized calls, unexpected request rate and data retrieval volume, and access to canary data records). Big Internet eCommerce/ Big Internet Seller Services Inc should perform investigation when monitoring alarms are triggered, and this should be documented in the Incident Response Plan.

  1. Network Protection.

Big Internet eCommerce/ Big Internet Seller Services Inc has implemented network protection controls to deny access to unauthorized IP addresses and public access must be restricted only to approved users.

  1. Access Management.

Big Internet eCommerce/ Big Internet Seller Services Inc assigns a unique ID to each person with computer access to Amazon Information. Persons with access to data don’t create or use generic, shared, or default login credentials or user accounts. Big Internet eCommerce/ Big Internet Seller Services Inc reviews the list of people and services with access to Amazon Information on a regular basis (at least quarterly), and remove accounts that no longer require access. Big Internet eCommerce/ Big Internet Seller Services Inc restricts employees from storing Amazon data on personal devices. Big Internet eCommerce/ Big Internet Seller Services Inc will maintain and enforce “account lockout” by detecting anomalous usage patterns and log-in attempts, and disabling accounts with access to Amazon Information as needed.

  1. Encryption in Transit.

Big Internet eCommerce/ Big Internet Seller Services Inc encrypts all Amazon Information in transit (e.g., when the data traverses a network, or is otherwise sent between hosts). This is accomplished using HTTP over TLS (HTTPS). Big Internet eCommerce/ Big Internet Seller Services Inc enforces this security control on all applicable external endpoints used by customers as well as internal communication channels (e.g., data propagation channels among storage layer nodes, connections to external dependencies) and operational tooling. Big Internet eCommerce/ Big Internet Seller Services Inc disables communication channels which do not provide encryption in transit even if unused (e.g., removing the related dead code, configuring dependencies only with encrypted channels, and restricting access credentials to use of encrypted channels). Big Internet eCommerce/ Big Internet Seller Services Inc uses data message-level encryption where channel encryption (e.g., using TLS) terminates in untrusted multi-tenant hardware (e.g., untrusted proxies).

  1. Incident Response Plan.

Big Internet eCommerce/ Big Internet Seller Services Inc has and maintains a plan to detect and handle Security Incidents. Such a plan identifies the incident response roles and responsibilities, defines incident types that may impact Amazon, defines incident response procedures for defined incident types, and defines an escalation path and procedures to escalate Security Incidents to Amazon. Big Internet eCommerce/ Big Internet Seller Services Inc reviews and verifies the plan every six (6) months and after any major infrastructure or system change. Big Internet eCommerce/ Big Internet Seller Services Inc investigates each Security Incident, and documents the incident description, remediation actions, and associated corrective process/system controls implemented to prevent future recurrence.
Big Internet eCommerce/ Big Internet Seller Services Inc will inform Amazon within 24 hours of detecting any Security Incidents.

10 Request for Deletion or Return.

Big Internet eCommerce/ Big Internet Seller Services Inc within no more than 72 hours after Amazon’s request permanently, and securely delete (in accordance with industry-standard sanitization processes, e.g., NIST 800-88) or return Amazon Information upon and in accordance with Amazon’s notice requiring deletion and/or return. Big Internet eCommerce/ Big Internet Seller Services Inc also permanently and securely deletes all live (online or network accessible) instances of Amazon Information within 90 days after Amazon’s notice.

 

Scroll to Top