This Privacy Policy describes how Margau Trading OÜ ("we", "us", "VendorCore") collects, uses, and protects information when you use the VendorCore service (the "Service").
Margau Trading OÜ
Registry code: 14866499
VAT identification number: EE102748875
Address: Männimäe/1, Pudisoo küla, 74626 Kuusalu vald, Harju maakond, Estonia
Email: [email protected]
When you contact us or request access to the Service, we collect the information you submit, including your name, work email address, company name, and any free-text content you provide.
If you authorize VendorCore via Amazon's Selling Partner API OAuth flow, we retrieve data from your Vendor Central account on your behalf, including but not limited to:
We access this data exclusively under the scope of the roles you grant during the OAuth authorization process. VendorCore does not access personally identifiable information about end customers of Amazon.
We collect basic usage information (pages viewed, features used, browser type, IP address in truncated form) for product improvement and security purposes.
We process your data exclusively for the following purposes:
We do not sell your data, share it with third parties for marketing purposes, or aggregate vendor data across customers.
We process personal data under the following legal bases of the EU General Data Protection Regulation (GDPR):
Vendor data is stored in encrypted form (AES-256 at rest, TLS 1.2 or higher in transit) on infrastructure located within the European Union. Access is restricted to authenticated users explicitly authorized by the vendor account owner and to a limited number of VendorCore engineers on a strict need-to-know basis. We maintain access logs and security monitoring in accordance with Amazon's Data Protection Policy.
We retain vendor data for as long as your authorization is active. If you revoke authorization or terminate your use of the Service, we delete or anonymize associated vendor data within 30 days, subject to any legal retention obligations.
We may use carefully selected sub-processors to operate the Service, including cloud infrastructure providers within the EU. All sub-processors are bound by data processing agreements requiring equivalent levels of data protection. A current list of sub-processors is available upon request.
Under the GDPR, you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data. You also have the right to lodge a complaint with a supervisory authority. To exercise any of these rights, contact us at [email protected].
This website uses only essential cookies required for its functionality. We do not use tracking cookies or third-party analytics services that profile visitors.
Where data is transferred outside the European Economic Area (for example, in communication with Amazon's Selling Partner API), such transfers occur under appropriate safeguards including Standard Contractual Clauses.
We may update this Privacy Policy from time to time. Material changes will be communicated through the Service or by email.
For any questions or concerns about this Privacy Policy, contact us at [email protected].