Privacy Policy for Amazon Data
Company Information
- Company: GLOBAL BRANDS FACTORY, SOCIEDAD LIMITADA
- Website: https://globalbrandsfactory.com/
- Contact Email: help@globalbrandsfactory.com
Introduction
Global Brands Factory is committed to protecting the confidentiality and security of data collected through Amazon's Selling Partner API (SP-API). This page preserves the public commitments currently stated on the live site and explains how that data is handled for operational and compliance purposes.
Data Collected
- Inventory data such as FBA and AWD information.
- Invoice and financial data required for VAT reporting and accounting compliance.
- Order and sales reports used for reconciliation, tax compliance, and business operations.
Purpose and Use
Amazon data is processed only for internal business operations, inventory planning, tax and financial compliance, and security obligations. The public policy states that this data is not shared with third parties and is handled within the company's own infrastructure.
Storage and Encryption
The live policy states that data is stored in secure cloud environments with AES-256 encryption at rest, that backups are also encrypted, and that access is restricted to authorised personnel only.
Access Control
The current public commitments include role-based access control, multi-factor authentication, periodic access reviews, pre-authorised device restrictions, and logging of access attempts.
Network and Device Security
The policy describes network restrictions such as firewalls, VPNs, ACLs, monitoring of access attempts, limitations on USB and external storage, and blocked mobile access for sensitive operational data.
Retention, Backup, and Disposal
Amazon data is retained only as long as necessary for legal, operational, and audit requirements. Backup data is encrypted and purged according to retention rules, and disposal follows secure erasure methods.
Incident Response and Risk Management
The live policy commits to continuous monitoring, incident containment, remediation, vulnerability scanning, penetration testing, and notification to Amazon within 24 hours when required under Amazon's Data Protection Policy.
Passwords and Credential Management
The current public policy states minimum password complexity requirements, mandatory MFA, credential protection through encrypted environments, and periodic password rotation.
Note on This Page
This page is a condensed, architecture-aligned version of the public policy currently published on the live site at /privacy-policy-for-amazon-data/. The raw imported source remains stored in the repository import snapshot for full traceability.
Adapted from the current live policy. Last revised: April 2026.