Amazon Selling Partner - Privacy & Data Handling Policy

1. Introduction

MetaKocka d.o.o. ("we", "us", "our") is committed to protecting the privacy and security of personal data. This Privacy & Data Handling Policy describes how we collect, process, store, use, share, and dispose of data, including Amazon Information obtained via the Amazon Selling Partner API (SP-API), in compliance with:

  • the Amazon Data Protection Policy,
  • the Amazon Acceptable Use Policy,
  • the General Data Protection Regulation (GDPR) (EU Regulation 2016/679).

     

This policy applies to:

  • Data processed via our MetaKocka ERP application.
  • Data processed on behalf of our customers (Amazon Selling Partners).
  • Data transmitted through SP-API integrations.

     

2. Data Collection

We collect the following types of personal data and Amazon Information:

  • Order details (order ID, order date, item(s) purchased).
  • Shipping information (customer name, shipping address, phone number, email address).
  • Tracking numbers and shipping statuses.
  • Inventory and product listing data.

     

This data is collected solely via:

  • SP-API integration with Amazon on behalf of our customers (Amazon Selling Partners).
  • Data manually entered by our customers into the MetaKocka ERP system.

     

3. Data Usage and Processing

We process Amazon Information strictly to provide the following services to Amazon Selling Partners:

  • Syncing product listings and inventory between Amazon stores and MetaKocka ERP.
  • Receiving and processing Amazon orders.
  • Generating shipping labels via integrated delivery services.
  • Syncing tracking numbers and order statuses back to Amazon.
  • Generating customer reports and accounting data required by local tax authorities.

     

We do not process Amazon Information for any other purpose. We do not use Amazon Information for marketing purposes.

4. Data Sharing

We share Amazon Information only as strictly necessary to provide our services:

  • Delivery service providers: shipping address and contact information are shared to generate shipping labels.

     
  • No other third parties: we do not share Amazon Information with any other parties or services.

     

All such sharing is performed under contractual agreements ensuring compliance with the Amazon Data Protection Policy and GDPR.

5. Data Storage and Security

All Amazon Information is stored exclusively on:

  • AWS RDS databases, located in AWS EU regions (Frankfurt).
  • Encrypted at rest using AWS Key Management Service (KMS) with AES-256 encryption.
  • Encrypted in transit using TLS 1.2 or higher.

     

Access to Amazon Information is strictly controlled:

  • Only authorized personnel (SysAdmin and CTO) with a need-to-know are granted access.
  • Access is authenticated via individual AWS IAM roles with enforced MFA.
  • Access logs are monitored and regularly reviewed.

     

6. Data Retention and Disposal

We retain Amazon Information for no longer than 30 days, in alignment with the Amazon Data Protection Policy. Specifically:

  • Order data and shipping information are deleted from our databases within 30 days after the order is fulfilled.
  • Backups of databases (AWS RDS snapshots) are automatically rotated and retained no longer than 30 days.
  • After the retention period, all data is securely deleted using industry-standard secure deletion mechanisms.

     

7. Data Protection Measures

We implement the following technical and organizational security measures:

  • Network isolation using AWS VPC, Security Groups, and firewalls.
  • No public access to databases.
  • Continuous monitoring with AWS GuardDuty, AWS CloudTrail, and internal SIEM systems.
  • Endpoint protection on all developer and administrator endpoints.
  • Vulnerability management program with regular scanning and penetration testing.
  • Change management process with dedicated staging environments and approval workflows.

     

8. Data Subject Rights

In accordance with GDPR, data subjects whose personal data is processed have the following rights:

  • Right to access their personal data.
  • Right to request correction of inaccurate data.
  • Right to request deletion of their personal data.
  • Right to restrict processing of their personal data.
  • Right to object to processing.
  • Right to data portability.

     

To exercise these rights, individuals may contact us via the contact details below.

9. Contact Information

For any questions regarding this Privacy & Data Handling Policy, or to exercise your data protection rights, please contact:

MetaKocka d.o.o.
Slovenia
Email: matic.petek@metakocka.si
Phone: +386 41 596 307

10. Updates to This Policy

We may update this Privacy & Data Handling Policy from time to time to reflect changes in our practices, legal requirements, or Amazon Data Protection Policy updates. The latest version will be published at: