We use cookies to make your experience better.
To comply with the new e-Privacy directive, you agree to the privacy policy and our use of cookies.
(142814 ratings)
Data Protection Policy
Plexon, Inc.'s Policy on Protecting Data with Personally Identifiable Information (PII)
This policy outlines the procedures and guidelines followed by Plexon, Inc. regarding the handling and protection of data obtained and exchanged through the Amazon Marketplace APIs, specifically involving Personally Identifiable Information (PII).
General Security Policies
Plexon, Inc. maintains stringent security measures to ensure the security and confidentiality of Amazon Information accessed, collected, used, stored, or transmitted by the company. These measures are designed to safeguard the information from potential threats, such as unauthorized access, loss, alteration, disclosure, or any other form of unlawful processing. Plexon, Inc. adheres to the following policies:
Network Protection: Plexon, Inc. utilizes Security Groups and network firewall controls to prevent access from unauthorized IP addresses. Only approved users are granted public access.
Access Management: Each individual with computer access to Amazon Information is assigned a unique ID. Plexon, Inc. does not employ generic, shared, or default login credentials or user accounts. User account access to Amazon Information is regularly reviewed, removing unnecessary accounts. Employees are prohibited from accessing or storing Amazon data on personal devices. Anomalies in usage patterns and login attempts are monitored, and accounts with access to Amazon Information are disabled when necessary.
Encryption in Transit: All Amazon Information transmitted over networks or communication channels is encrypted using HTTPS (HTTP over TLS). The Plexon, Inc. Application ensures encryption is enforced on external endpoints used by customers and internal communication channels. Message-level encryption is employed when channel encryption terminates in untrusted multi-tenant hardware.
Incident Response Plan: Plexon, Inc. has an Incident Response Plan in place to address and handle various types of security incidents that may affect Amazon Data. The plan includes defined roles, responsibilities, and escalation procedures. Security incidents are thoroughly investigated, and relevant documentation is maintained and made available to Amazon upon request.Incident Response Plan is reviewed every six (6) months as well as after any major infrastructure or system change. Plexon, Inc. promptly informs Amazon of any Security Incidents within 24 hours via email([email protected]). Regulatory authorities or customers are only notified if specifically requested by Amazon or if required by law.
Request for Deletion or Return: Upon receiving a request from Amazon, Plexon, Inc. promptly and securely deletes or returns Amazon Information as per Amazon's notice within 72 hours. Live instances of Amazon Information are permanently and securely deleted within 90 days after Amazon's notice. Plexon, Inc. can provide written certification of secure destruction, if requested by Amazon.
Additional Security Policies for Personally Identifiable Information
The following policies specifically apply to Personally Identifiable Information (PII) within the Plexon, Inc. Application that utilizes the Amazon Marketplace API:
Data Retention and Recovery: PII is retained for a maximum of 30 days from shipment and online confirmation of delivery to the customer, solely for order fulfillment purposes. Plexon, Inc. does not retain backup copies of PII beyond this 30-day period unless required by law. In case of data loss or system failure during the 30-day retention period, a backup copy of all PII is securely stored and encrypted. All security backups are purged along with the original data at the end of the retention period.
Data Governance: Plexon, Inc. maintains an inventory of software and physical assets with access to PII, which is updated every 30 days. Records of data processing activities, including data fields and processing procedures related to PII, are kept to ensure compliance with regulations. Plexon, Inc. follows its published Privacy Policy, which includes customer consent and data rights in accordance with applicable data privacy regulations.
Encryption and Storage: All PII is encrypted at rest using AES-256 industry standards. Cryptographic materials and capabilities used for encryption are accessible only to Plexon, Inc.'s system processes and services. PII is not stored in removable media or unsecured public cloud applications.
Least Privilege Principle: Plexon, Inc. applies fine-grained access controls, following the principle of least privilege, to parties and operators using the Application. Sections or features of the Application that handle PII are protected by unique access roles, granting access on a need-to-know basis.
Logging and Monitoring: Plexon, Inc. maintains logs to detect security-related events and activities in its Applications and systems. Logs do not contain PII and are accessible only to authorized personnel. They are retained for 90 days as a reference in the event of a Security Incident. Plexon, Inc. monitors logs and system activities regularly, with real-time notifications via email, phone call, and SMS alerting in case of suspicious actions. Alerts are handled according to the Incident Response Plan.
Log In