Data Handling Policy
This Data Handling policy sets out how KhooCommerce (“KhooCommerce” or “we” or “us” or “our”) use and protect any information stored by KhooCommerce. KhooCommerce may change this policy by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
This Data Handling Policy ("Policy") outlines the procedures and guidelines for collecting, processing, storing, using, sharing, and disposing of data ("the Data") within our organisation. This Policy applies to all systems that store, process, or handle data. The Data Handling Officer is the CEO Stephen Khoo (security incidents to firstname.lastname@example.org). We are committed to maintaining the security and confidentiality of the data obtained from the Amazon Services API. To ensure the protection of this information from threats and unauthorised access, we will implement the following security measures:
We implement network protection controls, including network firewalls, access control lists, network segmentation, and anti-virus/anti-malware software on end-user devices. Public access will be restricted to approved users only, and data protection and IT security training will be provided to all individuals with system access.
We use a formal user access registration process to assign unique IDs to individuals with access to the Data. Generic, shared, or default login credentials or user accounts will not be created or used. We will enforce the principle of least privilege and implement fine-grained access control mechanisms based on a "need-to-know" basis. Employees and contractors will be prohibited from storing the Data on personal devices. Account lockout mechanisms are implemented, anomalous usage patterns are monitored, and access to data will be disabled or removed within 24 hours for terminated employees.
Least Privilege Principle
Access to the Data will be granted following the principle of least privilege, ensuring that only authorised individuals and services have access to the required information.
We require minimum password requirements, including length, complexity, and password expiration policies. For example 12 character upper, lower, special and number passwords. Multi-Factor Authentication (MFA) is required for all admin accounts. API keys provided are encrypted, and access will be limited to authorised employees only.
Encryption in Transit
All data transmitted between systems and endpoints will be encrypted using secure protocols such as TLS 1.2+, SFTP, and SSH-2. Data message-level encryption will be used when channel encryption terminates in untrusted multi-tenant hardware.
Risk Management and Incident Response Plan
We will conduct annual risk assessments, including identifying potential threats and vulnerabilities. A risk management process will be established, and a plan or runbook will be maintained to detect and handle security incidents. Incident response roles, procedures, and escalation paths will be defined. Regular plan reviews, incident investigations, and documentation of remediation actions will be conducted. Security incidents will be reported to relevant government or regulatory agencies as required by applicable laws.
Request for Deletion
We will securely delete the Data within 30 days of receiving deletion requests from the party who supplied the Data, unless legal requirements dictate otherwise. Secure deletion will be conducted using industry-standard sanitisation processes. Live instances of data will be permanently and securely deleted 90 days after the notice from the supplier party. Written certification of secure destruction will be provided to the party upon request.
The Data is tagged to identify its origin within any database.
Additional Security Requirements Specific to Personally Identifiable Information (PII)
If our systems process PII obtained from the Amazon Services API, we will adhere to the following additional security requirements:
- PII shall be retained for a maximum of 30 days after order delivery.
- PII is only be retained if necessary to fulfil orders, calculate and remit taxes, produce tax invoices, meet legal requirements, or comply with applicable regulations.
- If retention beyond 30 days is required by law, PII may be retained solely for the purpose of complying with that law.
- Throughout the retention period, PII must be transmitted and stored in a protected and encrypted manner, adhering to specified encryption standards.
- PII is not be transmitted or stored unprotected at any point
We hold a record of data processing activities, including specific data fields and their collection, processing, storage, usage, sharing, and disposal methods for all PII, must be maintained to ensure accountability and compliance.
There are technical and organisational processes and systems in place to assist authorised users with data subject access requests.
Employees who process PII are considered for their suitability and need-to-know basis depending on the confidentiality of PII.
Software and physical assets (e.g., computers, mobile devices) that have access to PII are inventoried and limited wherever possible. Physical assets that store, process, or handle PII must adhere to all the requirements outlined in this policy. PII must not be stored in removable media (such as USB sticks), personal devices, or unsecured public cloud applications unless encrypted using at least AES-128 or RSA-2048 bit keys or higher. Developers must securely dispose of any printed documents containing PII. Data loss prevention (DLP) controls are in place to monitor and detect unauthorised movement of data.
Encryption at Rest
All databases are encrypted at rest using at least AES-128 or RSA with a 2048-bit key size or higher.
Cryptographic materials (e.g., encryption/decryption keys) and capabilities used for encrypting the Data are only be accessible to the Developer's processes and services.
Secure Coding Practices
Sensitive credentials, including encryption keys, secret access keys, or passwords, are not hardcoded in code or exposed in public code repositories.
Separate test and production environments are maintained. Test environments operate with dummy data and not live customer data.
Logging and Monitoring
Developers collect logs for detect security-related events within the applications and systems. Logs include information such as the success or failure of events, date and time, access attempts, data changes, and system errors.
Logging mechanisms are implemented across all channels providing access to information, including service APIs, storage-layer APIs, and administrative dashboards.
Logs do not contain PII unless necessary to meet legal requirements, including tax or regulatory requirements.
Logs are be retained for a minimum of 90 days for reference in the case of a Security Incident.
Mechanisms are in place to monitor logs and system activities, triggering investigative alarms for suspicious actions such as unauthorised calls, unexpected request rates or data retrieval volumes, and access to canary data records.
Monitoring alarms and processes are be in place to detect if information is being extracted from or accessed beyond its protected boundaries.
Investigation of triggered monitoring alarms are be conducted and documented in the Developer's Incident Response Plan.