Skip to content
Country/region
Search
Cart

Privacy Policy

Company: NCK INTERNATIONAL CORP.   |   Contact: support@mova-globes.com

Overview

This document describes how NCK INTERNATIONAL CORP. (MOVA Globes) collects, stores, processes, protects, and retains Amazon-related data for integrations and SP-API usage. It is intended for platform review and auditors.

Storage & Location

  • Data storage region: AWS EU (eu-west-1).
  • Backups: encrypted backups stored within EU region.

Encryption & Transport

  • Encryption at rest: AES-256.
  • Encryption in transit: TLS 1.2 or higher.

Purposes & Data Minimization

  • Purposes: order verification, warranty/replacement processing, returns handling, basic fraud detection, and customer support.
  • PII collected: order ID, buyer name, buyer email, phone, shipping address, and minimal transaction metadata. Payment card PANs are never stored.
  • Data minimization: only the minimum necessary fields are collected for each purpose.

Retention

  • Support & warranty records: retained 18 months.
  • Order/tax/audit records: retained 7 years.
  • Security logs: retained 12 months; operational logs: 90 days.

Access Control & Credential Management

  • Authentication: SSO (SAML/OIDC) with MFA for all staff.
  • Access control: Role-Based Access Control (RBAC) and quarterly privileged access reviews.
  • Secrets & keys: stored in AWS Secrets Manager / HashiCorp Vault and rotated every 90 days.

Logging, Monitoring & Incident Response

  • Centralized logging to SIEM (Elastic/Datadog or equivalent).
  • Detection: IDS/IPS integration, anomaly detection rules, and threat intelligence feeds.
  • Alerting: critical alerts routed to on-call via PagerDuty (24/7).
  • Incident response: documented IR playbook, RCA, and post-incident reporting.

Vulnerability & Patch Management

  • Weekly automated vulnerability scans and annual third-party penetration testing (summary available).
  • Findings tracked in ticketing system (e.g., JIRA); SLAs: Critical = 7 days; High = 30 days.

Third-Party Processors & Data Transfers

  • Third-party processors engaged under Data Processing Agreements (DPA).
  • Cross-border transfers limited; when required, adequate safeguards are applied.

Auditability & Evidence

We can provide on-request summaries or evidence: privacy policy URL, DPA summary, SIEM dashboard screenshot, pentest summary, ISO/SOC2 certificates (if available).