GiftHorse
Privacy and Data Handling Policy
1. Introduction
We respect the privacy of our customers and are committed to protecting their personal data. This privacy policy outlines how our organization collects, processes, stores, uses, shares, and disposes of Amazon data. This document is a supplement to the main Privacy Policy

2. Data Collection
We collect Amazon data, including personally identifiable information (PII), through our GiftBow and GiftHorse app. Data collection occurs with user consent and in compliance with Amazon's requirements. We collect the following information:
  • Full name
  • Delivery address
  • Contact phone number
  • Email address

3. Data Processing
Collected data is processed solely to provide delivery services and improve our service. Processing includes:
  • Identifying recipients
  • Ensuring accurate and timely delivery
  • Providing customers with order status information

4. Data Retention
We retain PII for no more than 30 days unless a longer period is required by applicable laws and regulations. Data is stored in encrypted form on our secure servers. After this period, data is either anonymized or securely deleted.
We store data in secure data centers with the following security measures:
  • Data encryption: The data is encrypted both in transfer and at rest.
  • Access control: Access to data is restricted and only authorized employees are allowed in the course of their duties.
  • Backup: Regular backups of data to prevent loss in case of unforeseen situations.

5. Data Usage
Data is used solely to fulfill our obligations to customers, such as:
  • Ensuring order delivery
  • Customer support
  • Service improvement
We do not use data for marketing purposes without explicit user consent.

6. Data Sharing
We do not share Amazon data with third parties except as required by law

7. Data Disposal
We use data according to the established rules:
  • Data deletion: Data is deleted or anonymized after the storage period established by our policy and legal requirements.
  • Safe deletion: Use methods that ensure that data cannot be restored after deletion.

8. Data Security
We use the following measures to protect your data:
  • Technical measures: Use of firewalls, anti-virus software, intrusion prevention systems.
  • Organizational arrangements: Regular training of staff on security and data confidentiality.
  • Incident management: Rapid response to data security incidents and minimization of their consequences.
We strive to ensure a high level of protection for the data of Amazon users and fully comply with all applicable laws and regulations in the field of data protection. Our internal procedures and policies are designed to ensure the confidentiality, integrity and accessibility of data.

9. Monitoring and Logging
We use monitoring and logging systems to track and record suspicious activity. This includes:
  • Automated tools to detect threats
  • Manual checks to identify suspicious actions
  • Regular security reviews

10. Risk Management and Incident Response
Our incident response plan includes the following steps:
  • Incident identification
  • Isolation of affected systems
  • Damage assessment
  • Notification of stakeholders
  • Remediation of vulnerabilities
  • Data recovery
  • Analysis of incident causes to prevent future occurrences

11. Vulnerability Management
We regularly conduct vulnerability scans and penetration tests. Remediation progress of identified issues is tracked using a task management system. This includes:
  • Logging each identified issue
  • Assigning a responsible team member
  • Regular status updates until the issue is fully resolved

12. Contact Information
If you have questions about our privacy and data handling policy, please contact us at: support@gifthorse.store