Amazon Data Protection Policy
This Data Protection Policy ("ADPP") governs the receipt, storage, usage, transfer, and disposal of the data vended and retrieved through the Amazon Services API (including but not limited to the Marketplace Web Service API and SP-API). This policy is applicable to all systems that store, process, or otherwise handle data vended and retrieved from the Amazon Services API.
1. General Security Requirements
Consistent with industry-leading security, Tieguys.com, Inc. (“The Company”) will maintain physical, administrative, and technical safeguards, and other security measures (i) to maintain the security and confidentiality of Information accessed, collected, used, stored, or transmitted by the Company, and (ii) to protect that his Information from known or reasonably anticipated threats or hazards to its security and integrity, accidental loss, alteration, disclosure, and all other unlawful forms of processing. Without limitation, the Company will comply with the following requirements:
1.1 Network Protection. The Company will implement network protection controls including network firewalls and network access control lists to deny access to unauthorized IP addresses. The Company will implement anti-virus and anti-malware software on end-user devices. The Company will restrict public access only to approved users.1.2 Access Management. The Company will assign a unique ID to each person with computer access to Information. The Company will not create or use generic, shared, or default login credentials or user accounts. The Company will implement baselining mechanisms to ensure that at all times only the required user accounts access Information. The Company will review the list of people and services with access to Information at least quarterly, and remove accounts that no longer require access. The Company will restrict employees and contractors from storing Information on personal devices. The Company will maintain and enforce "account lockout" by detecting anomalous usage patterns and log-in attempts, and disabling accounts with access to Information as needed.1.3 Least Privilege Principle. The Company will implement fine-grained access control mechanisms to allow granting rights to any party using the Application and the Application's operators following the principle of least privilege. Access to Information will be granted on a "need-to-know" basis.1.4 Password Management. The Company will establish minimum password requirements for personnel and systems with access to Information. Password requirements will be a minimum of twelve (12) characters, contain upper and lower case letters, contain numbers, contain special characters, and rotated at least quarterly.1.5 Encryption in Transit. The Company will encrypt all Information in transit with secure protocols such as TLS 1.2+, SFTP, and SSH-2. The Company will enforce this security control on all applicable internal and external endpoints. The Company will use data message-level encryption where channel encryption (e.g., using TLS) terminates in untrusted multi-tenant hardware (e.g., untrusted proxies).1.6 Incident Response Plan. The Company holds and maintains a plan and/or runbook to detect and handle Security Incidents. Such plans will identify the incident response roles and responsibilities, define incident types that may affect Amazon, define incident response procedures for defined incident types, and define an escalation path and procedures to escalate Security Incidents to Amazon. The Company will review and verify the plan every six (6) months and after any major infrastructure or system change, including changes to the system, controls, operational environments, risk levels, and supply chain. The Company will notify Amazon (via email to 3p-security@amazon.com) within 24 hours of detecting Security Incident or suspecting that a Security Incident has occurred. The Company will investigate each Security Incident, and document the incident description, remediation actions, and associated corrective process/system controls implemented to prevent future recurrence. The Company will maintain the chain of custody for all evidences or records collected, and such documentation will be made available to Amazon upon request (if applicable). If a Security Incident occurred, The Company cannot represent or speak on behalf of Amazon to any regulatory authority or customers unless Amazon specifically requests in writing that the Developer do so.1.7 Request for Deletion or Return. The Company will permanently and securely delete or return Information upon and in accordance with Amazon's notice requiring deletion or return within 72 hours of Amazon’s requests unless the data is necessary to meet legal requirements, including tax or regulatory requirements. Secure deletion will occur in accordance with industry-standard sanitization processes such as NIST 800-88. The Company will also permanently and securely delete all live (online or network accessible) instances of Information 90 days after Amazon's notice. If requested by Amazon, the Developer will certify in writing that all Information has been securely destroyed.
2. Additional Security Requirements Specific to Personally Identifiable Information
The following additional Security Requirements will be met for Personally Identifiable Information ("PII"). PII is granted to The Company for select tax and merchant fulfilled shipping purposes, on a will-have basis. If an Amazon Services API contains PII, or PII is combined with non-PII, then the entire data store will comply with the following requirements:
2.1 Data Retention. The Company will retain PII for no longer than 30 days after order delivery and only for the purpose of, and as long as is necessary to (i) fulfill orders, (ii) calculate and remit taxes, (iii) produce tax invoices, or (iv) meet legal requirements, including tax or regulatory requirements. If the Company is required by law to retain archival copies of PII for tax or other regulatory purposes, PII will be stored as a "cold" or offline encrypted backup (e.g., not available for immediate or interactive use).2.2 Data Governance. The Company will create, document, and abide by a privacy and data handling policy for their Applications or services, which govern the appropriate conduct and technical controls to be applied in managing and protecting information assets. A record of data processing activities such as specific data fields and how they are collected, processed, stored, used, shared, and disposed for all PII should be maintained to establish accountability and compliance with regulations. The Company will establish a process to detect and comply with privacy and security laws and regulatory requirements applicable to their business and retain documented evidence of their compliance. The Company will establish and abide by their privacy policy for customer consent and data rights to access, rectify, erase, or stop sharing/processing their information where applicable or required by data privacy regulation.2.3 Asset Management. The Company will keep inventory of software and physical assets (e.g. computers, mobile devices) with access to PII, and update quarterly. Physical assets that store, process, or otherwise handle PII will abide by all of the requirements set forth in this policy. The Company will not store PII in removable media, personal devices, or unsecured public cloud applications (e.g., public links made available through Google Drive). The Company will securely dispose of any printed documents containing PII.2.4 Encryption at Rest. The Company will encrypt all PII at rest using at least AES-128 or RSA with 2048-bit key size or higher. The cryptographic materials (e.g., encryption/decryption keys) and cryptographic capabilities (e.g. daemons implementing virtual Trusted Platform Modules and providing encryption/decryption APIs) used for encryption of PII at rest will be only accessible to the Developer's processes and services.2.5 Secure Coding Practices. The Company will not hardcode sensitive credentials in their code, including encryption keys, secret access keys, or passwords. Sensitive credentials will not be exposed in public code repositories. The Company will maintain separate test and production environments.2.6 Logging and Monitoring. The Company will gather logs to detect security-related events to their Applications and systems including success or failure of the event, date and time, access attempts, data changes, and system errors. The Company will implement this logging mechanism on all channels (e.g., service APIs, storage-layer APIs, administrative dashboards) providing access to Information. All logs will have access controls to prevent any unauthorized access and tampering throughout their lifecycle. Logs will not contain PII. Logs will be retained for at least 90 days for reference in the case of a Security Incident. The Company will build mechanisms to monitor the logs and all system activities to trigger investigative alarms on suspicious actions (e.g., multiple unauthorized calls, unexpected request rate and data retrieval volume, and access to canary data records). The Company will implement monitoring alarms to detect if Information is extracted from its protected boundaries. The Company should perform investigation when monitoring alarms are triggered, and this should be documented in the Developer's Incident Response Plan.2.7 Vulnerability Management. The Company will create and maintain a plan and/or runbook to detect and remediate vulnerabilities. The Company will protect physical hardware containing PII from technical vulnerabilities by performing vulnerability scans and remediating appropriately. The Company will conduct vulnerability scanning or penetration tests at least every 180 days and scan code for vulnerabilities prior to each release. Furthermore, The Company will control changes to the storage hardware by testing, verifying changes, approving changes, and restricting access to who may perform those actions.
3. Audit and Assessment
The Company will maintain all appropriate books and records reasonably required to verify compliance with the Acceptable Use Policy, Data Protection Policy, and Amazon Services API Developer Agreement during the period of this agreement and for 12 months thereafter. Upon Amazon's written request, The Company will certify in writing to Amazon that they are in compliance with these policies.
Upon request, Amazon may, or may have an independent certified public accounting firm selected by Amazon, audit, assess and inspect the books, records, facilities, operations, and security of all systems that are involved with the Company's Application in the retrieval, storage, or processing of Information. The Company will cooperate with Amazon or Amazon's auditor in connection with the audit or assessment, which may occur at the Company's facilities and/or subcontractor facilities. If the audit or assessment reveals deficiencies, breaches, and/or failures to comply with our terms, conditions, or policies, the Company will, at its sole cost and expense, and take all actions necessary to remediate those deficiencies within an agreed-upon timeframe. Upon request, the Company will provide remediation evidence in the form requested by Amazon (which may include policy, documents, screenshots, or screen sharing of application or infrastructure changes) and obtain written approval on submitted evidence from Amazon before audit closure.
4. Definitions
"Amazon Services API" means any application programming interface (API) offered by Amazon for the purpose of helping Amazon Authorized Users to programmatically exchange data.
"API Materials" means Materials we make available in connection with the Amazon Services API, including APIs, documentation, specifications, software libraries, software development kits, and other supporting materials, regardless of format.
"Application" means a software application or website that interfaces with the Amazon Services API or the API Materials.
"Authorized User means a user of Amazon’s systems or services who has been specifically authorized by Amazon to use the applicable systems or services.
"Customer" means any person or entity who has purchased items or services from Amazon's public-facing websites.
"Company" means Now Group UK Ltd.
"Information" means any information that is exposed through the Amazon Services API, Amazon Portals, or Amazon's public-facing websites. This data can be public or non-public, including Personally Identifiable Information about Amazon Customers.
"Personally Identifiable Information" ("PII") means information that can be used on its own or with other information to identify, contact, identify in context, or locate an Amazon Customer or Authorized User. This includes, but is not limited to, a Customer or Authorized User's name, address, e-mail address, phone number, gift message content, survey responses, payment details, purchases, cookies, digital fingerprint (e.g., browser, user device), IP Address, geo-location, nine-digit postal code, or Internet-connected device product identifier.
"Security Incident" means any actual or suspected unauthorized access, collection, acquisition, use, transmission, disclosure, corruption, or loss of Information, or breach of any environment containing... Read more
Introduction
Welcome to Tieguys.com! This Site is provided by Tieguys.com, Inc. (referred throughout as "Tieguys.com") as a service to our customers. Please read carefully the following basic rules that govern your use of the Tieguys.com website. Please note that if you visit or shop at the Tieguys.com website, you accept these conditions.
Privacy
Please review our Privacy Policy, which governs your visit to this Site and Tieguys.com, to understand our practices and protections of your privacy.
Order Acceptance
Please note that there may be certain orders that we are unable to accept and must cancel. We reserve the right, at our sole discretion, to refuse or cancel any order for any reason. Some situations that may result in your order being canceled include limitations on quantities available for purchase, inaccuracies or errors in product or pricing information, or problems identified by our credit and fraud avoidance department. We may also require additional verifications or information before accepting and processing any order. We will contact you if all or any portion of your order is canceled or if additional information is required to accept your order. If your order is canceled after your credit card has been charged, we will issue a credit to your credit card in the amount of the charge.
Colors
We have made every effort to display the colors of our products that appear on the Site as accurately as possible. However, as the actual colors you see will depend on your monitor or display device, we cannot guarantee that your monitor’s display of any color will be accurate.
Copyright
Unless otherwise noted, all Contents are copyrights, trademarks, trade dress and or other intellectual property owned, controlled or licensed by Tieguys.com and are protected by U.S. and international copyright laws. The compilation of all content on this site is the exclusive property of Tieguys.com and is also protected by U.S. and international copyright laws.
All graphics, logos, page headers, button icons, scripts, page footers, and service names are trademarks, registered trademarks, or trade dress of Tieguys.com and may not be used in connection with any product or service that is not Tieguys.com’s, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Tieguys.com. All other trademarks not owned by Tieguys.com that appear on this site are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Tieguys.com.
Use of this Site
Tieguys.com grants you a limited license to access and make personal use of this site and not to download (other than page caching) or modify it, or any portion of it, except with express written consent of Tieguys.com. This license prohibits any resale or commercial use of this site or its contents; any collection and use of any product listings, descriptions, or prices; any derivative use of this site or its contents; any downloading or copying of account information for the benefit of another merchant; or any use of data mining, or similar data gathering and extraction tools. This site or any portion of this site may not be reproduced, duplicated, copied, sold, resold, visited, or otherwise exploited for any commercial purpose without express written consent of Tieguys.com. You may not frame or utilize framing techniques to enclose any trademark, logo, or other proprietary information (images, text, illustrations, designs, icons, photographs, programs, music clips or downloads, video clips and written and other materials that are part of this Site) of Tieguys.com without express written consent.
Site Security
Users are prohibited from violating or attempting to violate the security of the Site, including, without limitation, (a) accessing data not intended for such user or logging onto a server or an account which the user is not authorized to access; (b) attempting to probe, scan or test the vulnerability of a system or network or to breach security or authentication measures without proper authorization; (c) attempting to interfere with service to any user, host or network, including, without limitation, via means of submitting a virus to the Site, overloading, "flooding," "spamming," "mailbombing" or "crashing;" (d) sending unsolicited email, including promotions and/or advertising of products or services; or (e) forging any TCP/IP packet header or any part of the header information in any email or newsgroup posting. Violations of system or network security may result in civil or criminal liability. Tieguys.com will investigate occurrences that may involve such violations and may involve, and cooperate with, law enforcement authorities in prosecuting users who are involved in such violations. You agree not to use any device, software or routine to interfere or attempt to interfere with the proper working of this Site or any activity being conducted on this Site. You agree, further, not to use or attempt to use any engine, software, tool, agent or other device or mechanism (including without limitation browsers, spiders, robots, or intelligent agents) to navigate or search this Site other than the search engine and search agents available from Tieguys.com on this Site and other than generally available third party web browsers (e.g., Chrome, Firefox, Microsoft Explorer/Edge).
Pricing
While Tieguys.com strives to provide accurate pricing and product information, pricing and typographical errors may occur. Tieguys.com cannot confirm the pricing of a product until after an order is placed. In the event that an item is listed at an incorrect price or with incorrect information due to an error in pricing or product information, Tieguys.com shall have the right, at our sole discretion, to refuse or cancel any orders placed for that item. In the event that an item is mispriced, Tieguys.com may, at our sole discretion, either contact you for instructions or cancel your order and notify you of such cancellation.
If you are under 18, you may use Tieguys.com only with involvement of a parent or guardian. Tieguys.com reserves the right to refuse service, terminate accounts, remove or edit content, or cancel orders in their sole discretion.
Disclaimer of Warranties and Limitation of Liability
THIS SITE AND ALL INFORMATION, CONTENT, MATERIALS, PRODUCTS, AND SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THIS SITE ARE PROVIDED BY TIEGUYS.COM ON AN "AS IS" AND "AS AVAILABLE" BASIS, UNLESS OTHERWISE SPECIFIED IN WRITING. TIEGUYS.COM MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESSED OR IMPLIED, AS TO THE OPERATION OF THIS SITE OR THE INFORMATION, CONTENT, MATERIALS, PRODUCTS, OR SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THIS SITE, UNLESS OTHERWISE SPECIFIED IN WRITING. YOU EXPRESSLY AGREE THAT YOUR USE OF THIS SITE IS AT YOUR SOLE RISK.
TO THE FULL EXTENT PERMISSIBLE BY APPLICABLE LAW, TIEGUYS.COM DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. TIEGUYS.COM AND ITS AFFILIATES DO NOT WARRANT THAT THIS SITE; INFORMATION, CONTENT, MATERIALS, PRODUCTS OR SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THIS SITE; THEIR SERVERS; OR E-MAIL SENT FROM TIEGUYS.COM ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. TIEGUYS.COM WILL NOT BE LIABLE FOR ANY DAMAGES OF ANY KIND ARISING FROM THE USE OF THIS SITE OR FROM ANY INFORMATION, CONTENT, MATERIALS, PRODUCTS OR SERVICES INCLUDED ON OR OTHERWISE MADE AVAILABLE TO YOU THROUGH THIS SITE, INCLUDING, BUT NOT LIMITED TO DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, AND CONSEQUENTIAL DAMAGES, UNLESS OTHERWISE SPECIFIED IN WRITING.
CERTAIN STATE LAWS DO NOT ALLOW LIMITATIONS ON IMPLIED WARRANTIES OR THE EXCLUSION OR LIMITATION OF CERTAIN DAMAGES. IF THESE LAWS APPLY TO YOU, SOME OR ALL OF THE ABOVE DISCLAIMERS, EXCLUSIONS, OR LIMITATIONS MAY NOT APPLY TO YOU, AND YOU MIGHT HAVE ADDITIONAL RIGHTS.
Applicable Law
By visiting Tieguys.com, you agree that the laws of the state of Florida, without regard to principals of conflict laws, will govern these Terms and Conditions of Use and any dispute of any sort that might arise between you and... Read more
Emails
Tieguys.com uses emails as one of our primary ways to respond and communicate. All emails sent are either a direct response to an inquiry or a communication concerning an order (reciept, shipping confirmation, etc).
Text Messages
Tieguys.com uses text messages to reach out to you if there is an issue with your order. All text messages sent are directly related to your order. We will never text you for any other reason.
Sharing Information
Information about our customers is an important part of our business, and we are not in the business of selling it to others. Tieguys.com will not sell, distribute, or make available any of our customer information to third parties. No exceptions. Period.
Transaction Security
We electronically verify each transaction with the credit company, processing only those orders if the credit company so authorizes it. In the case of a suspicious or declined transaction, our company may contact you to confirm the validity and ensure your identity or cancel that order with full notification.
We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input at 256-bit strength. This is often symbolized on most web-browsers by a small padlock appearing by the address bar of the window and the address of the window changing from http:// to https://, indicating a secure connection. In the event that an order cannot be completed, please contact our Customer Service. If our website cannot establish a secure connection, we will not risk your confidential information and it will not be transmitted.
Cookies
Cookies are alphanumeric identifiers that we transfer to your computer's hard drive through your Web browser to enable our systems to recognize your browser and to provide features such as the storage of items in your Shopping Cart. The "help" portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. However, if you disable cookies, you will not be able to purchase from the web site. We recommend that you leave them turned on or please contact our Customer Service to have your order placed.
Personal Information you give us
We receive and store any information you enter on our Web site or give us in any other way, with the exception of your credit card numbers. We use the information that you provide for such purposes as responding to your requests, customizing future shopping for you, improving our store, and fulfilling your order.
*Emails: Email addresses we receive are used to contact you concerning inquiries before, during and after your order is placed, solely concerning your order.
Automatic Information
We receive and store certain types of information whenever you interact with us. For example, like many Web sites, we use "cookies," and we obtain certain types of information when your web browser accesses Tieguys.com. This information is solely used to assist you in placing your order. A number of companies offer utilities designed to help you visit Web sites anonymously. Although we will not be able to provide you with a personalized experience at Tieguys.com if we cannot recognize you, we want you to be aware that these tools... Read more
Sign In
Create New Account