Seattle-based Amazon.com Inc., whose wide range of products includes books, toys and hardware, posted the revised policy on its Web site last week and e-mailed notice to its customers.
"As we continue to develop our business, we might sell or buy stores or assets," the new policy reads in part. "In such transactions, customer information generally is one of the transferred business assets."
Company spokeswoman Patty Smith said the new policy is more restrictive in some cases and better explains what Amazon can and cannot do with customer data.
The policy says that "in the unlikely event that Amazon.com Inc. or substantially all of its assets are acquired, customer information will, of course, be one of the transferred assets."
Amazon's old policy also allowed users to opt out of the sharing of their data with a third party. Ms. Smith said customers no longer have that choice, although she said previous requests will still be honored.
Privacy organizations criticized the new policy.
Andrew Shen, spokesman for the Electronic Privacy Information Center, renewed his organization's call for congressional action to protect consumers' information online.
"It's a bad thing for consumers if companies are free to change their privacy policies whenever they wish," Mr. Shen said. He also advocates establishing "baseline legal standards" for the transfer of information such as credit card numbers, names and addresses.
With more than 23 million customers, Amazon.com has an enviable database of names, addresses, e-mail addresses and shopping records. As a customer peruses its Web site, Amazon. com can also track customers as they click on items posted on the site.
In the new policy statement, Amazon.com revealed that it has e-mailed offers to "selected groups of Amazon.com customers on behalf of other businesses."