Privacy Policy for PPCTailor (Kronklik SRL)
Last Updated: January 26, 2026
At Kronklik SRL, we provide Advertising (PPC) Optimization and Account Management services to Amazon Sellers. We are committed to maintaining the highest standards of data privacy and security. This Privacy Policy outlines how we collect, use, store, and protect data in strict compliance with the Amazon Data Protection Policy (DPP) and Acceptable Use Policy (AUP).
1. Data Collection and Purpose
We only collect and process information retrieved from the Amazon Services API that is strictly necessary to perform our services (PPC Optimization and Account Management).
Authorized Use: We use Amazon Information solely for the purpose of helping Authorized Users (Sellers) manage and grow their business.
Prohibited Use: We do not use Personally Identifiable Information (PII) for marketing, review fabrication, or any purpose other than those explicitly authorized by the seller and permitted by Amazon.
2. Data Retention and Secure Disposal
In accordance with Amazon’s DPP Sections 1.7 and 2.1, we adhere to the following retention schedule:
PII Retention: Any Personally Identifiable Information (PII) is retained for no longer than 30 days after order delivery, and only as necessary to fulfill legal or tax requirements.
Non-PII Retention: All non-PII retrieved from Amazon APIs is deleted within 18 months, unless a longer retention period is required by law.
Secure Deletion: Data is permanently and securely deleted in accordance with industry standards (NIST 800-88). Upon Amazon’s request, we will certify in writing that all information has been destroyed.
3. Data Protection and Security
Kronklik SRL maintains rigorous physical, administrative, and technical safeguards:
Encryption at Rest: All PII is encrypted at rest using AES-128, RSA-2048, or higher.
Encryption in Transit: All data in transit is encrypted using TLS 1.2 or higher, SFTP, and SSH-2.
Network Protection: We utilize firewalls, network access control lists (ACLs), and monthly anti-virus/anti-malware scans.
Access Management: We follow the Principle of Least Privilege. Access to Amazon Information is restricted to “Approved Users” (employees with specific coding or management responsibilities) who have completed annual security training.
Authentication: Multi-Factor Authentication (MFA) is mandatory for all staff accounts accessing Amazon data.
4. Data Sharing and Aggregation
No Aggregation: We do not aggregate data across different sellers to provide insights to competitors or sell to third parties (AUP 4.4).
Third Parties: We do not disclose Amazon Information to any outside parties unless required to perform the authorized activities for the seller. Any subcontractors used are subject to annual risk assessments and must maintain security standards at least as strict as our own.
5. Incident Response
In the event of a suspected Security Incident (unauthorized access or loss of data), Kronklik SRL will:
Notify Amazon (at security@amazon.com) within 24 hours of detection.
Investigate, remediate, and document the incident according to our formal Incident Response Plan.
Designate an Incident Management Point of Contact (IMPOC) to coordinate with Amazon’s security team.
6. Data Rights and Compliance
We respect the rights of data subjects to access, rectify, or erase their information.
Audits: We maintain books and records to verify compliance with Amazon’s policies and agree to cooperate with any audits requested by Amazon.
Transparency: We are clear and honest with sellers about what data we access and for what purpose.
Contact Information
For questions regarding this policy or to exercise your data rights, please contact:
Kronklik SRL Email: ads@ppctailor.com Website: www.ppctailor.com