Privacy & Data Handling Policy

Organización: Ingenium Ventures S.L. (Brand: Gynebal)

Effective date: 1 de enero de 2026

Website: gynebal.com
Contact: juan.lozano@amazonizate.com

​

​

1. Data Protection Officer (DPO)

Juan Lozano
Ingenium Ventures S.L. (Gynebal)
juan.lozano@amazonizate.com

​

​

2. Purpose of Data Collection

Gynebal, operated by Ingenium Ventures S.L., processes Amazon Information exclusively for the management of its own Amazon Seller account. Data is used only for accounting, VAT compliance, logistics, and internal business operations. We do not provide services to third-party Amazon accounts.

​

​

3. Data Collected

• Transactional data related to sales, orders, invoices, and VAT reports accessed via the Selling Partner API (SP-API).

• Inventory and financial reports required for accounting and logistics.

• No customer payment details or sensitive personal data are collected.

• No Amazon Information is retrieved from non-Amazon sources and no third-party tools are used to access PII.

​​

​

4. Data Usage

• Generate VAT-compliant invoices.

• Prepare and remit tax filings to EU/UK authorities.

• Reconcile financial and accounting records.

• Manage logistics and internal operations.

​​

Amazon Information is never used for marketing and is never shared with external parties.

​

​

5. Data Retention

• Personally Identifiable Information (PII) is retained for less than 30 days after order shipment.

• Primary copies and backups are securely deleted once the legal and accounting purpose has been fulfilled

​

​

6. Data Sharing

Amazon Information is not shared with any outside parties. Data may be disclosed only when legally required (e.g., to tax authorities).

​

​

7. Security Measures

• Encryption in Transit:  TLS 1.2/1.3.

• Encryption at Rest: BitLocker full-disk encryption (AES-256) on the secured workstation; AES-256 on encrypted backups.

• Access Control: Access is restricted exclusively to the Owner (Juan Lozano, Data Protection Officer). No shared accounts or additional employees are authorized.

• Device Security: Antivirus, firewall, and device restrictions (e.g., external media blocked).

• Multi-Factor Authentication: MFA is enabled on all Amazon accounts.

• Incident Response:  Incidents are handled per our Incident Response Plan, including notification to Amazon at security@amazon.com within 48 hours if Amazon Information may be affected.

​

​

8. Data Disposal

After the retention period, Amazon Information is securely deleted using irrecoverable erasure methods (secure overwrite). Encrypted backups are cleared within the same retention period.

​

​

9. User Rights

Individuals whose data may be processed have the right to request access, correction, or deletion by contacting:

​

​

10. Changes to the Privacy Policyad

The Data Protection Officer (DPO) reserves the right to modify this Privacy Policy in order to adapt it to legislative or case law developments. Any changes will be published on this same website.

​

​

11. Entry into Force

This Privacy Policy enters into force on 1 January 2026.