Data Protection Policy
Last updated: April 13, 2026
This Data Protection Policy describes the safeguards and operational practices that Hifun Design and Trading Inc. ("Hifun") applies to personal information and, in particular, to customer and order data that we receive through third-party marketplaces, including data received through the Amazon Selling Partner API (SP-API). This policy is intended to demonstrate Hifun's compliance with the Amazon Services Data Protection Policy and with generally accepted data protection principles.
1. Scope
This policy applies to all employees, contractors and service providers of Hifun Design and Trading Inc. who have access to personal information in the course of performing their duties, and to all systems, applications and storage used to process such data. It covers all categories of personal information that Hifun handles, with particular attention to "Amazon Information" as defined by the Amazon Services Data Protection Policy, including Personally Identifiable Information (PII).
2. Data Minimization and Purpose Limitation
Hifun collects and retains only the minimum amount of personal information necessary to fulfill the specific business purpose for which it is collected. Customer and order information received from Amazon SP-API or any other source is used solely for legitimate fulfillment, customer service, tax compliance, fraud prevention and accounting purposes, and is not used for any other purpose without proper legal basis and authorization.
3. Access Control
- Access to personal information is restricted to authorized personnel with a demonstrated business need.
- Individual user accounts are required for all systems that process personal information; shared or generic accounts are prohibited.
- Multi-factor authentication is required for access to systems containing personal information wherever technically feasible.
- Access rights are reviewed periodically and revoked promptly when an individual no longer requires them or leaves the company.
- Privileged administrative access is logged and subject to additional controls.
4. Encryption
- In transit: All personal information is transmitted over secure, encrypted channels (TLS 1.2 or higher). Unencrypted protocols are not used to transmit personal information.
- At rest: Personal information is stored on systems protected by full-disk or volume-level encryption. Database backups containing personal information are encrypted before storage using industry-standard symmetric encryption (for example, AES-256).
- Encryption keys are managed separately from the data they protect and are accessible only to authorized personnel.
5. Network and System Security
- Systems storing or processing personal information are hosted on reputable cloud infrastructure with commercial security controls.
- Operating systems and application software receive regular security patches and updates.
- Network access to production systems is restricted by firewalls and, where applicable, by IP allow-lists.
- Intrusion prevention tools (such as fail2ban) are deployed to mitigate unauthorized access attempts.
- Administrative access to production systems is performed exclusively over SSH using key-based authentication; password-based SSH authentication is disabled.
6. Data Retention and Deletion
Personal information is retained only for as long as necessary to fulfill the purposes outlined in our Privacy Policy and to comply with legal, tax and accounting obligations. When personal information is no longer required, it is deleted from primary systems, and any copies contained in backups are overwritten during normal backup rotation within a reasonable period. Requests from customers to delete their personal information are honored in accordance with applicable law.
For Amazon Information specifically, Hifun does not retain any Amazon Information for longer than 30 days after order delivery except where required to comply with tax obligations, and in all cases the retention will not exceed what is permitted by the Amazon Services Data Protection Policy.
7. Data Processing Locations
Personal information processed by Hifun is stored on servers located in the United States and mainland China, operated by reputable cloud service providers. Transfers between processing locations are performed over encrypted channels and are subject to this Data Protection Policy.
8. Subcontractors and Service Providers
Where Hifun uses third-party service providers to process personal information (for example, cloud hosting, shipping carriers, payment processors), such providers are required to provide contractual commitments equivalent to the protections set forth in this policy. Hifun does not disclose Amazon Information to any party except as strictly necessary to fulfill orders or comply with law.
9. Incident Response
Hifun maintains an incident response process for security events involving personal information. In the event of a confirmed or suspected breach affecting Amazon Information or other personal information, Hifun will:
- Contain and investigate the incident promptly.
- Notify Amazon within 24 hours of confirmation of a security incident involving Amazon Information, as required by the Amazon Services Data Protection Policy.
- Notify affected individuals and regulatory authorities where and as required by applicable law.
- Take corrective action to prevent recurrence.
10. Employee Training and Accountability
All employees and contractors with access to personal information receive appropriate guidance on their obligations under this policy. Personnel are required to report suspected security incidents or policy violations immediately.
11. Auditing and Review
This Data Protection Policy is reviewed at least annually and updated when there are material changes to our systems, processes or applicable legal requirements. Records of access to sensitive systems and of data handling activities are maintained for audit and compliance purposes.
12. Contact
For questions or concerns regarding this Data Protection Policy, or to report a suspected security incident, please contact:
Hifun Design and Trading Inc.
Atlanta, Georgia, United States
Email: info@hifundesign.com