Privacy & Data Protection

Privacy Policy

Data Protection Policy Compliance

Last Updated: January 20, 2025

This Privacy Policy describes how DELEO KOREA CO., LTD. ("Company", "we", "us", or "our") collects, uses, stores, and protects data obtained through the Amazon Selling Partner API (SP-API), including customer personal information (PII). This policy ensures full compliance with the Amazon Data Protection Policy.

1. Data Collection

We collect the following types of data through Amazon SP-API:

  • Order Information: Order IDs, order details, item information, order status
  • Customer Personal Information (PII):
    • Customer name
    • Shipping address
    • Phone number
    • Email address (when provided)
  • Shipment Information: Tracking numbers, carrier information, delivery status

Collection Method:

  • Via Amazon SP-API standard operations (Orders, Shipping APIs)
  • Using Restricted Data Tokens (RDT) for PII access with minimal scope
  • Through Amazon Notifications for event-based data updates

2. Data Use

Customer data is used exclusively for the following purposes:

  • Order Processing: Picking, packing, and preparing orders for shipment
  • Shipping Label Generation: Creating accurate shipping labels and documentation
  • Delivery Management: Tracking shipments and handling delivery exceptions
  • Customer Support: Responding to order-related inquiries and issues
  • Returns Processing: Managing return authorization and restocking

Important: We NEVER use customer data for:

  • Marketing or promotional purposes
  • Customer profiling or behavioral analysis
  • Third-party sales or data monetization
  • Any purpose unrelated to order fulfillment

3. Data Storage & Security

We implement industry-leading security measures to protect your data:

  • Secure Cloud Infrastructure: Your data is stored on Amazon Web Services (AWS) in Seoul, South Korea - one of the world's most secure cloud platforms
  • Bank-Level Encryption: All stored data is encrypted using AES-256 encryption (the same standard used by financial institutions)
  • Private & Isolated: Data is stored in private, isolated networks with no public internet access
  • Strict Access Controls:
    • Only authorized employees with a business need can access data
    • All access requires multi-factor authentication
    • Every data access is logged and monitored

4. Data Protection Measures

  • Advanced Encryption: Military-grade encryption (TLS 1.3) protects all data during transmission
  • 24/7 Security Monitoring: Our security team continuously monitors for threats and suspicious activity
  • Multi-Layer Protection: Multiple security layers including firewalls, intrusion detection, and DDoS protection
  • Regular Security Testing: Vulnerability scans and penetration tests every 6 months with immediate remediation of critical issues
  • Secure Access Controls:
    • Multi-factor authentication required for all employee access
    • Strong password requirements (12+ characters)
    • Background checks for all employees handling customer data
    • Regular security training for all staff
  • Data Loss Prevention: Automated systems prevent unauthorized data transfers
  • Audit Logging: All data access is logged and regularly reviewed

5. Data Sharing

We share customer data only with the following trusted partners, and only to the extent necessary for order fulfillment:

  • Shipping Carriers (UPS, DHL, FedEx, USPS):
    • Why: To generate shipping labels and deliver your packages
    • What we share: Your name, shipping address, and phone number
    • How it's protected: Transmitted securely via encrypted connections
  • Amazon Web Services (AWS):
    • Why: To securely store and process order data
    • Security: ISO 27001 certified, all data encrypted, AWS cannot access your personal information in plaintext

We Do NOT:

  • Sell customer data to any third party
  • Share data for marketing purposes
  • Allow third parties to use data beyond fulfillment needs

6. Data Retention & Deletion

We believe in keeping your personal information only as long as necessary - and no longer.

  • 30-Day Automatic Deletion: Your personal information (name, address, phone number) is automatically and permanently deleted within 30 days after your order is shipped
  • Complete Removal: When we delete your data, it's removed from:
    • Our active systems and databases
    • All backup copies
    • System logs and temporary storage
  • Data Protection During Storage:
    • Daily automated backups ensure we can recover from any system failures
    • All backups are encrypted and stored securely
    • Regular testing ensures backups work when needed (4-hour recovery time)
    • Your personal information in backups is automatically purged after 30 days

Important Note About Tax Records:

Under Korean law, we must keep certain business records (like shipping addresses) for tax and audit purposes for up to 5 years. This is separate from our 30-day operational data deletion.

How we protect this compliance data:

  • Stored in isolated, highly secure systems separate from our regular operations
  • Accessible only to our Legal and Finance teams (not customer service or operations)
  • Every access is logged and audited
  • Used exclusively for legal compliance - never for marketing
  • Protected with additional encryption and security controls

Non-Personal Data: We may retain order numbers and product information (without any personal details) for business analytics and service improvement.

7. Your Rights

You have the following rights regarding your personal data:

  • Right to Access: Request a copy of your personal data we hold
  • Right to Correction: Request correction of inaccurate data
  • Right to Deletion: Request deletion of your personal data
  • Right to Object: Object to processing of your data
  • Right to Data Portability: Receive your data in a structured format

How to Exercise Your Rights:

  • Email us at: dhseong@deleo.co.kr
  • Response time: Within 7 business days
  • For Amazon marketplace transactions, rights may be exercised through Amazon's customer service

8. Amazon Marketplace Compliance

As an authorized fulfillment partner, we meet all strict data protection requirements:

  • Amazon Data Protection Policy: We fully comply with Amazon's Data Protection Policy, which ensures your data is handled with the highest security standards
  • Secure Data Access: We use Amazon's official API with restricted access tokens that limit what data we can see and for how long
  • 30-Day Deletion: Your personal information is automatically deleted within 30 days of shipment, as required by Amazon
  • Fulfillment Only: Your data is used exclusively for shipping your orders - never for marketing or other purposes
  • Official Amazon Systems Only: We only access your data through Amazon's official systems - we never use:
    • Third-party data collection services
    • Web scraping or automated tools
    • Unofficial APIs or data brokers

If a Security Incident Occurs:

  • We notify Amazon within 24 hours if any security incident affects customer data
  • Our security team monitors systems 24/7 to detect and respond to threats
  • Immediate action is taken to contain any incident and protect your information
  • We provide Amazon with a full incident report within 72 hours

9. Policy Updates

This Privacy Policy may be updated periodically to reflect:

  • Changes in legal or regulatory requirements
  • Updates to Amazon Data Protection Policy
  • Improvements to our security practices
  • Changes to our services

We will notify users of significant changes by posting the updated policy on this page with a new "Last Updated" date.

10. Contact Information

Data Protection Officer

Name: Dong-Hoon Seong

Title: Chief Technology Officer (CTO)

Email: dhseong@deleo.co.kr

Phone: +82-2-2088-8241

Address: 12F, 1201, 36, Teheran-ro 87-gil, Gangnam-gu, Seoul, 06164, Republic of Korea

Company Information:

  • Legal Name: DELEO KOREA CO., LTD. (주식회사 델레오 코리아)
  • Business Registration: Available upon request
Back to Home