Privacy Policy

Last updated: March 2026

Buyer Area Ltd ("we", "our", "us") is a company registered in England and Wales (Companies House No. 07830466), with registered office at 32 Stour Close, Slough, SL1 2TU. Trading address: Unit 3, Marlborough Industrial Estate, High Wycombe, HP11 2LB. We operate the website buyerarea.co.uk and sell refurbished electronic devices through multiple channels including Amazon.

This policy explains how we collect, process, store, use, share and dispose of personal data including data received via Amazon Selling Partner API (SP-API).

1. Data We Collect

We collect the following categories of data through Amazon SP-API and our sales channels:

• Buyer name and delivery address (for order fulfilment and shipping label generation only)
• Order ID and transaction references
• Product and pricing information
• Financial and accounting data related to sales transactions

2. How We Process Data

All Amazon data is processed exclusively on our dedicated IONOS UK server via server-side PHP applications. No Amazon data is processed on personal devices, laptops, mobile phones or USB drives. Data is accessed only by the administrator (sole operator) of Buyer Area Ltd.

3. How We Store Data

All data is stored on a dedicated IONOS UK server (London datacentre). Data at rest is encrypted using AES-256 encryption. Encryption keys are managed via IONOS Key Management Service (KMS), stored separately from the encrypted data, and rotated every 90 days. Access to stored data is restricted to the administrator only via SSH key authentication from whitelisted IP addresses.

4. How We Use Data

Amazon buyer data (name and address) is used solely for the following purposes:

• Generating shipping labels to fulfil Amazon orders
• Order tracking and inventory management
• Financial reporting and VAT compliance

We do not use Amazon buyer data for marketing, profiling, or any purpose beyond order fulfilment.

5. Data Sharing

We do not share Amazon buyer data with any third parties. No Amazon Information is disclosed to external parties, data brokers, advertisers or any other organisations. Data is processed internally only.

6. Data Retention and Disposal

Personally Identifiable Information (PII) including buyer names and delivery addresses is retained for a maximum of 30 days following order delivery confirmation. After this period, PII is securely deleted using NIST 800-88 compliant procedures. Order IDs and financial records are retained for 7 years in compliance with UK HMRC requirements, but do not contain buyer PII.

7. Backups

Encrypted backups are stored at two geographically separated locations: primary at IONOS UK datacentre (London) and secondary at IONOS DE datacentre (Frankfurt, Germany). Backups are encrypted using AES-256 with RSA-2048 key wrapping and retained for 30 days before secure deletion.

8. Security

We implement the following security controls to protect personal data:

• AES-256 encryption at rest and TLS 1.2+ encryption in transit
• IP whitelisting and SSH key authentication for server access
• Hardware firewall with all ports closed except HTTPS (443) and SSH (22)
• Fail2ban intrusion prevention with automated email alerts
• Multi-factor authentication on all administrator accounts
• 16-character minimum passwords with complexity requirements
• Security logs retained for 12 months, reviewed regularly

9. Your Rights

Under UK GDPR, you have the right to access, correct, or request deletion of your personal data. To exercise these rights, contact us at:

• Email: support@buyerarea.co.uk
• Address: 32 Stour Close, Slough, SL1 2TU (Registered Office)

10. Contact

For any privacy-related queries, please contact:
Ali Khan
Buyer Area Ltd
Email: support@buyerarea.co.uk
Website: buyerarea.co.uk