Data Protection Policy

Our Commitment to Data Protection

Effective Date: January 1, 2025

B2B Enterprises is committed to protecting the privacy and personal data of our customers, employees, partners, and website visitors. This Data Protection Policy outlines how we collect, process, store, and protect personal data in compliance with applicable data protection laws and regulations.

As a provider of POS systems, hardware solutions, and software services since 2018, we handle various types of personal and business data. We recognize the importance of data protection and have implemented comprehensive measures to ensure the security, confidentiality, and integrity of all data entrusted to us.

This policy applies to all data processing activities conducted by B2B Enterprises, including our website, products, services, and business operations.

Types of Data We Collect

Personal Information

We may collect the following categories of personal information:

• Identity Data: Name, title, designation, and identification numbers
• Contact Data: Email address, telephone numbers, business address
• Business Data: Company name, industry, business requirements, GST numbers
• Transaction Data: Purchase history, payment information, order details
• Technical Data: IP address, browser type, device information, usage data
• Communication Data: Email correspondence, support tickets, meeting notes
• Marketing Data: Preferences for receiving communications and offers

Sensitive Personal Data

In limited circumstances, we may process sensitive personal data including:

• Financial information for payment processing and credit assessments
• Location data for delivery and installation services
• Background verification data for employees and contractors
• Health and safety information for workplace compliance
• Legal and compliance data for regulatory requirements

Business Data

We also process business-related data that may contain personal elements:

• Employee information from customer organizations
• Customer databases and transaction records
• Vendor and supplier contact information
• Partner and distributor business details
• Technical documentation and system configurations

How We Collect Data

Direct Collection

We collect data directly from you through:

• Website Forms: Contact forms, inquiry forms, and registration processes
• Business Communications: Emails, phone calls, and face-to-face meetings
• Order Processes: Purchase orders, quotation requests, and service agreements
• Support Interactions: Technical support requests and customer service contacts
• Events and Meetings: Trade shows, conferences, and business meetings

Automatic Collection

We automatically collect certain data through:

• Website Analytics: User behavior, page views, and site interactions
• Cookies and Tracking: As detailed in our Cookie Policy
• System Logs: Server logs, error reports, and security monitoring
• Device Information: Hardware specifications and software configurations
• Location Data: IP-based geographic location for service delivery

Third-Party Sources

We may receive data from third-party sources including:

• Business directories and industry databases
• Partner companies and referral sources
• Social media platforms and professional networks
• Government databases and regulatory authorities
• Credit agencies and financial institutions

Legal Basis for Processing

Legitimate Business Interests

We process personal data based on our legitimate business interests including:

• Customer Relationship Management: Maintaining and developing business relationships
• Service Delivery: Providing products, services, and technical support
• Business Development: Marketing, sales, and partnership activities
• Security and Compliance: Protecting systems and meeting legal obligations
• Quality Improvement: Enhancing products and services based on feedback

Contractual Necessity

We process data when necessary to perform contracts including:

• Fulfilling purchase orders and service agreements
• Processing payments and managing billing
• Providing installation and configuration services
• Delivering technical support and maintenance
• Managing warranty and return processes

Legal Compliance

We process data to comply with legal obligations such as:

• Tax reporting and GST compliance requirements
• Financial record keeping and audit requirements
• Employment law and workplace safety regulations
• Anti-money laundering and fraud prevention
• Data protection and privacy law compliance

Consent

Where required, we obtain explicit consent for:

• Marketing communications and promotional activities
• Processing sensitive personal data
• Sharing data with third parties for specific purposes
• Using data for purposes beyond the original collection
• Transferring data to countries without adequate protection

How We Process and Use Data

Business Operations

We use personal data for core business activities including:

• Order Management: Processing orders, managing inventory, and scheduling deliveries
• Customer Service: Responding to inquiries, providing support, and resolving issues
• Financial Management: Invoicing, payment processing, and account management
• Quality Assurance: Monitoring service quality and customer satisfaction
• Business Analytics: Understanding market trends and customer preferences

Product and Service Development

We analyze data to improve our offerings through:

• Product usage analysis and feature enhancement
• Service quality monitoring and improvement
• Customer feedback analysis and implementation
• Market research and competitive analysis
• Innovation and new product development

Marketing and Communications

We use data for marketing purposes including:

• Sending relevant product information and updates
• Promoting new products and services
• Inviting customers to events and webinars
• Conducting market research and surveys
• Personalizing marketing content and offers

Data Sharing and Disclosure

Service Providers

We share data with trusted service providers who assist us with:

• Technology Services: Cloud hosting, software development, and IT support
• Payment Processing: Banks, payment gateways, and financial institutions
• Logistics Partners: Shipping companies, delivery services, and installation teams
• Professional Services: Legal advisors, accountants, and business consultants
• Marketing Platforms: Email marketing, analytics, and advertising services

Business Partners

We may share data with business partners including:

• Authorized distributors and reseller partners
• Manufacturer partners (Zebra, TSC, TVS, Epson, DCODE)
• Technology integration partners
• Joint venture and collaboration partners
• Industry associations and trade organizations

Legal and Regulatory Disclosure

We may disclose data when required by:

• Court orders, subpoenas, and legal proceedings
• Government agencies and regulatory authorities
• Tax authorities and financial regulators
• Law enforcement agencies for criminal investigations
• Emergency situations involving safety or security threats

Business Transfers

In the event of a merger, acquisition, or business transfer, personal data may be transferred to the new entity subject to appropriate protections and notifications.

Data Security Measures

Technical Safeguards

We implement robust technical security measures including:

• Encryption: Data encryption in transit and at rest using industry standards
• Access Controls: Multi-factor authentication and role-based access systems
• Network Security: Firewalls, intrusion detection, and monitoring systems
• Backup Systems: Regular backups with secure off-site storage
• Vulnerability Management: Regular security assessments and patch management

Administrative Safeguards

Our administrative security measures include:

• Security Policies: Comprehensive information security policies and procedures
• Employee Training: Regular data protection and security awareness training
• Access Management: Principle of least privilege and regular access reviews
• Incident Response: Documented procedures for security incident management
• Vendor Management: Due diligence and security requirements for third parties

Physical Safeguards

Physical security measures protect our facilities and systems:

• Secure access controls to offices and data centers
• Environmental controls for equipment protection
• Surveillance and monitoring systems
• Secure disposal of documents and electronic media
• Visitor access controls and escort procedures

Your Data Protection Rights

Access Rights

You have the right to:

• Access Your Data: Request copies of personal data we hold about you
• Data Portability: Receive your data in a structured, machine-readable format
• Information: Understand how your data is processed and for what purposes
• Source Information: Know the source of your personal data
• Processing Details: Understand the legal basis and retention periods

Control Rights

You can exercise control over your data through:

• Rectification: Correct inaccurate or incomplete personal data
• Erasure: Request deletion of personal data under certain circumstances
• Restriction: Limit processing of your personal data
• Objection: Object to processing based on legitimate interests
• Withdrawal: Withdraw consent for specific processing activities

Exercise Your Rights

To exercise your data protection rights:

• Contact us using the information provided at the end of this policy
• Provide sufficient information to identify your records
• Specify which rights you wish to exercise
• Include verification documents if requested
• Allow up to 30 days for us to respond to your request

Data Retention and Deletion

Retention Periods

We retain personal data for different periods based on data type and purpose:

• Customer Records: 7 years after last transaction for accounting and legal compliance
• Employee Data: 7 years after employment termination
• Marketing Data: Until consent is withdrawn or 3 years of inactivity
• Website Analytics: 26 months for statistical analysis
• Support Records: 3 years for service quality and training purposes
• Financial Records: 10 years for tax and audit requirements
• Legal Documents: As required by applicable laws and regulations

Deletion Procedures

When data reaches the end of its retention period, we:

• Securely delete data from active systems
• Remove data from backup systems and archives
• Anonymize data where complete deletion is not possible
• Ensure third-party service providers also delete the data
• Document the deletion process for audit purposes

Legal Holds

Data may be retained beyond normal periods when required for legal proceedings, regulatory investigations, or other legal obligations.

International Data Transfers

Transfer Scenarios

We may transfer personal data internationally for:

• Cloud storage and backup services
• Software development and technical support
• Payment processing and financial services
• Marketing and analytics platforms
• Business operations and partner collaboration

Transfer Safeguards

When transferring data internationally, we ensure appropriate safeguards:

• Adequacy Decisions: Transfers to countries with adequate data protection
• Standard Contractual Clauses: EU-approved contractual protections
• Binding Corporate Rules: Internal data protection standards
• Certification Schemes: Industry-recognized privacy certifications
• Explicit Consent: Informed consent for specific transfers

Transfer Documentation

We maintain records of all international transfers including the legal basis, destination country, safeguards applied, and data categories transferred.

Data Protection Contact Information

For questions about data protection, to exercise your rights, or to report data protection concerns, please contact us:

Supervisory Authority: If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction. We are committed to working cooperatively with authorities to resolve any data protection concerns.