PRIVACY POLICY & DATA PROTECTION DIGINOVA – La Estrategia Digital
en.laestrategia.digital Last updated: January 2026
1. ABOUT US DIGINOVA (Known also as La Estrategia Digital) is a digital services company based in San José, Costa Rica. We provide Amazon account management, advertising optimization, catalog management, and e-commerce consulting services. Contact: info@en.laestrategia.digital | +506 6296-1332
2. DATA WE COLLECT In the course of providing services to Amazon sellers, we may access: seller account performance data, advertising campaign data, inventory and catalog data, order and transaction reports, and business metrics. We do not collect or store personal data of Amazon end-customers (buyers) beyond what is strictly necessary to provide the contracted service.
3. HOW WE USE DATA Data accessed through Amazon Seller Central or SP-API is used exclusively to: deliver the contracted service to the authorized seller, generate performance reports and recommendations, and optimize advertising campaigns, catalog listings, and account health. We do not sell, share, or transfer seller or customer data to third parties for any purpose.
4. DATA RETENTION We retain seller business data only for the duration of the active service agreement. Upon contract termination, all seller data is deleted within 30 days. Personal Identifiable Information (PII) of Amazon buyers, if accessed under restricted roles, is never stored beyond the immediate operational need and is deleted within 24 hours of use.
5. ORGANIZATIONAL CHANGE NOTIFICATION In compliance with Amazon’s Acceptable Use Policy (AUP), DIGINOVA commits to notifying Amazon within 30 days of any organizational change that affects our need for or use of Amazon seller data. This includes changes in ownership, business structure, service scope, or data handling practices.
6. INCIDENT RESPONSE PLAN In the event of a data security incident (database breach, unauthorized access, or data leak), DIGINOVA follows this response plan:
- Step 1 — Detection & Containment (0–1 hours): Immediately isolate affected systems, revoke compromised credentials, and disable API access keys.
- Step 2 — Assessment (1–8 hours): Determine scope of breach, identify what data was accessed, and assess impact on seller and buyer data.
- Step 3 — Notification (within 24 hours): Notify affected sellers and Amazon Security (security@amazon.com) within 24 hours of confirmed breach. Provide incident details, scope, and immediate actions taken.
- Step 4 — Remediation (24–72 hours): Patch vulnerabilities, rotate all credentials and API keys, restore systems from clean backups, and implement additional security controls.
- Step 5 — Post-Incident Review (within 7 days): Document lessons learned, update security procedures, and submit full incident report to Amazon if required.
- Step 6 — Ongoing Monitoring: Implement enhanced monitoring for 90 days post-incident to detect any residual unauthorized activity.
7. SECURITY CONTROLS
- All API credentials are stored encrypted and never shared via email or unsecured channels
- Access to seller accounts is limited to authorized personnel only
- Two-factor authentication is required for all team members with account access
- Regular security audits are conducted quarterly
- Network access is protected via firewall and VPN for remote access
8. AMAZON POLICY COMPLIANCE DIGINOVA complies with: Amazon’s Acceptable Use Policy (AUP), Amazon’s Data Protection Policy (DPP), Amazon SP-API Terms of Service, and applicable data protection laws including Costa Rica’s Ley 8968 de Protección de la Persona frente al tratamiento de sus datos personales.
9. CONTACT FOR DATA REQUESTS For any data access, correction, or deletion requests: info@en.laestrategia.digital