Privacy Policy

Privacy Policy

This Privacy Policy describes how Business2Business Ltd (“we,” “us,” or “our”) collects, uses, discloses, and protects personal data when you access or use our software-as-a-service platform at business2businessltd.com and related services (the “Services”). By registering for or using the Services, you agree to the practices described in this policy.

1. Scope and Application

This policy applies to all personal data processed by Business2Business Ltd in its capacity as a data controller or joint‐controller, including information we collect from:

  • Prospective and current customers (businesses and their representatives)
  • End users and individual contacts at those businesses
  • Website visitors, trial users, and newsletter subscribers

All employees, contractors, and third‐party partners of Business2Business Ltd must comply with this policy.

2. Key Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processing” means any operation performed on Personal Data, including collection, storage, use, or disclosure.
  • “Data Controller” means the entity that determines the purposes and means of processing Personal Data.
  • “Data Processor” means the entity that processes Personal Data on behalf of the Data Controller.

Business2Business Ltd acts as the Data Controller for customer and end‐user data.

3. Information We Collect

We collect Personal Data necessary to deliver, maintain, and improve our Services:

  1. Account and Contact Data
  • Business name, billing address, VAT or tax ID, point of contact name, email, phone number.
  1. Authentication Data
  • Usernames, passwords, two‐factor authentication tokens, security questions.
  1. Usage and Technical Data
  • IP addresses, device identifiers, browser type and version, application logs, feature usage.
  1. Billing and Payment Data
  • Payment card details (via PCI-compliant processor), invoicing history, purchase orders.
  1. Support and Communication Data
  • Email and chat transcripts, help desk tickets, feedback surveys.
  1. Marketing and Analytics Data
  • Newsletter sign‐up preferences, email click/open rates, cookies and tracking identifiers.

4. How We Use Your Information

We process Personal Data for the following purposes:

  • To provide, operate, and improve the Services you request.
  • To authenticate your identity and secure your account.
  • To process payments, issue invoices, and manage subscriptions.
  • To handle support inquiries, troubleshoot issues, and respond to feedback.
  • To detect, prevent, and mitigate security risks, fraud, or abuse.
  • To send service-related notifications, updates, and marketing communications (with consent).
  • To conduct internal analytics for product development and performance monitoring.

5. Legal Bases for Processing (GDPR)

For data subjects in the European Economic Area (EEA), our lawful bases include:

  • Consent: where you opt in to marketing or non-essential features.
  • Contractual Necessity: to fulfil our agreement when you subscribe or use the Services.
  • Legal Obligation: to comply with tax, accounting, or regulatory requirements.
  • Legitimate Interests: for platform security, fraud prevention, product improvement, and IT operations.

6. Disclosure and Sharing of Data

We do not sell Personal Data. We may share information with:

  • Authorized Third-Party Processors
  • (e.g., hosting providers, payment gateways, analytics services) under written contracts.
  • Business2Business Ltd Affiliates
  • for centralized support, billing, and product development.
  • Professional Advisors and Auditors
  • (e.g., accountants, legal counsel) as necessary to comply with laws or defend legal claims.
  • Legal and Regulatory Authorities
  • when required by law, court order, or to protect rights and safety.
  • In Connection with a Merger or Sale
  • as permitted under merger and acquisition protocols, subject to confidentiality constraints.

7. International Data Transfers

Personal Data may be transferred to and stored on servers located outside your country of residence.

We safeguard such transfers by:

  • Relying on adequacy decisions by the UK/EU Commission.
  • Using Standard Contractual Clauses approved by relevant authorities.
  • Implementing Binding Corporate Rules where applicable.

8. Data Retention

We retain Personal Data only as long as necessary:

  • Active customer accounts and associated data: until account termination plus six months.
  • Billing and transactional records: seven years for tax and auditing compliance.
  • Support and communications logs: three years to ensure service quality and dispute resolution.
  • Marketing consent records: until consent is withdrawn.

We periodically review retention schedules and securely delete or anonymize obsolete data.

9. Security Measures

We implement industry-standard technical and organizational safeguards, including:

  • TLS encryption for data in transit and encrypted storage for data at rest.
  • Role-based access controls and least-privilege principles.
  • Regular vulnerability assessments, penetration tests, and security audits.
  • Multi-factor authentication for administrative access.
  • Incident response and breach notification procedures.

Employees receive mandatory security and privacy training annually.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain session state and user preferences.
  • Analyze website and application usage patterns.
  • Support marketing campaigns and measure their effectiveness.

You can manage cookie preferences via banners, browser settings, or the cookie management tool on our website.

11. Data Subject Rights

Subject to applicable law, data subjects have the right to:

  • Access their Personal Data and obtain a copy.
  • Rectify inaccurate or incomplete information.
  • Request erasure of Personal Data (“right to be forgotten”).
  • Restrict or object to processing based on legitimate interests or direct marketing.
  • Port data in a structured, machine-readable format.
  • Withdraw consent for specific processing activities.

To exercise these rights, contact our Data Protection Officer at dpo@business2businessltd.com. We will respond within one month, or two months for complex requests.

12. Children’s Privacy

Our Services are intended for business users and adults. We do not knowingly collect Personal Data from individuals under 16. If you believe we have inadvertently processed a minor’s data, contact us to request deletion.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements.

We will post the revised version with an updated “Effective Date” and notify active account holders by email. Continued use after changes indicates acceptance of the revised policy.

14. Contact Information

If you have questions, concerns, or wish to make a privacy request, please contact:

Business2Business Ltd

Data Protection Officer

Email: dpo@business2businessltd.com

Address: 124 City Road, London, EC1V 2NX

Effective Date: 1 October 2025

Business Management

Our experts here show you how our app can streamline your team’s work.

Get Started