1300 240 817
Little Bird Electronics
Store

Privacy and Data-Handling Policy for Amazon Data

1. Purpose This policy outlines how Little Bird Electronics Pty Ltd collects, processes, stores, uses, shares, and disposes of Amazon data in compliance with Amazon's Selling Partner API Data Protection Policy, the Australian Privacy Act 1988, and other applicable regulations.

2. Data Collection We collect only the Amazon data necessary to fulfil our obligations as an Amazon seller, including: buyer name and shipping address (for shipping label generation), order details (for fulfilment and inventory management), and transaction data (for tax invoicing and financial reconciliation). Data is collected exclusively via the Amazon Selling Partner API.

3. Data Processing Amazon data is processed within secured systems hosted on Amazon Web Services (AWS). All data is transmitted over encrypted channels (TLS 1.2+). Access is limited to authorised personnel based on role-based access controls (RBAC) and job responsibilities.

4. Data Storage Amazon data is stored in AWS RDS databases and S3 storage, encrypted at rest using AES-256. Access is restricted via RBAC and multi-factor authentication (MFA). Databases reside in private VPC subnets with no public internet access.

5. Data Retention Personally Identifiable Information (PII) is retained for less than 30 days after order delivery. Non-PII transactional data is retained only as long as required to meet legal and tax obligations under Australian law. Data is securely deleted upon expiry of the retention period.

6. Data Use Amazon data is used exclusively for: order fulfilment and shipping label generation, Australian tax invoice generation (GST compliance), inventory synchronisation, financial reconciliation, and compliance with legal obligations. We do not use Amazon data for marketing, profiling, or any purpose not specified in our Amazon developer agreement.

7. Data Sharing Amazon data is not shared with any third parties other than Amazon Web Services, which hosts our infrastructure. Shipping carriers receive only the minimum information required to deliver parcels (name, address). No Amazon data is sold, licensed, or disclosed to any other party.

8. Data Disposal When Amazon data is no longer required, it is permanently deleted using industry-standard secure deletion methods. Database records are purged automatically based on our retention schedule. Backups containing Amazon data are encrypted (AES-256) and purged within 30 days of the source data's deletion.

9. Data Protection Measures

Encryption: All Amazon data is encrypted in transit (TLS 1.2+) and at rest (AES-256) using AWS-managed key management.

Access Control: Access is restricted to individually identified employees via unique accounts, MFA, and RBAC on a need-to-know basis. Access is revoked immediately upon role change or termination.

Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS), VPN with MFA, network segmentation, and endpoint protection are in place to prevent unauthorised access.

10. Logging and Monitoring All access to Amazon data is logged in a centralised logging system. Logs are reviewed at least bi-weekly and retained for a minimum of 12 months.

11. Vulnerability Management Vulnerability scans are conducted every 30 days and penetration testing is performed annually across all systems handling Amazon data.

12. Incident Response We maintain a documented incident response plan that is reviewed every six months. In the event of a security incident involving Amazon data, we will contain and assess the breach immediately and notify Amazon within 24 hours of detection.

13. Change Management All application changes are evaluated in a dedicated test environment before deployment to production.

14. Password and Credential Management Passwords must be a minimum of 12 characters with upper/lower case, numbers, and special characters, and are rotated annually. Multi-factor authentication is enforced for all accounts with access to Amazon data.

15. Contact Information For enquiries regarding this policy, contact our Data Protection Officer at team@littlebird.com.au.

This policy is reviewed annually and updated as necessary to ensure continued compliance with Amazon's Data Protection Policy and applicable privacy laws.

Last updated: February 2025

Maddy, co-founder of Little Bird

Need help? We're here for you!

Hi, I'm Maddy. My team and I are ready to help with your order or any questions.

Email Us 1300 240 817 Browse Help Articles