About limitation of personal identity information and Incident response plan

1、Scope and limitation of personal identity information

Personal identity information is only used in the following two usage scenarios:
1.Our company has the use scenario of MFN, which needs to deliver goods directly to consumers. On the other hand, it is convenient for inventory allocation and management.

2. Using tax invoices to help with tax cost management, tax planning and  tax declaration.
 Other business scenarios will not use PII, and users using PII will be restricted to protect the security of PII information. At the same time, The use of PII data will be monitored to prevent data leakage.

2、 Incident response plan developed by the company

Our incident  response plan is roughly as follows:

Determine the technical director of the company as the person responsible for event response. When a safety event or suspicious event is detected, timely record and manage the event description, remedial measures and relevant corrective measures and defense control technical plans to prevent recurrence in the future, The event recording information is managed and recorded in real time in the enterprise's internal issue system, and the person in charge of synchronization will timely report the security event to Amazon (send it to Amazon by e-mail) security@amazon.com ), in case of any safety incident, the safety director can retrieve the original safety incident content through the issue system and take remedial measures according to the actual situation.

       For the content of security events, we will refer to the scheme proposed by Amazon and classify security events as objective / blind spot / internally known / unknown for the management of security events. We will hire professional network security technicians to troubleshoot and resolve complex security problems.