Privacy Policy | B2B Wave

At B2B Wave, we are firmly committed to the privacy of our customers and the data that is stored on our cloud platform.

What information do we collect?

We may collect, store, and use the following kinds of personal information:

Information about your computer and about your use of this website. This may include your IP address, your location, your browser type and version, your operating system, your referral source, your length of visit, your page views, and website navigation.
Information relating to any transactions carried out between you and us on or in relation to our website. This may include information related to any purchases you make of our goods or services. We may also ask for your contact information, including information such as your name, your company name, your address, your email address, and your telephone number. We will never ask you to share any sensitive information.
Information that you provide to us for the purpose of subscribing to our website services, email notifications, and/or newsletters
Information that you provide to us in the form of support to our platform

How we use your information

We use the information we collect from you in various ways, such as:

to provide, operate, and maintain our services
to improve, personalize, and expand our services
to understand and analyze how you use our services
to develop new products, services, features, and functionalities
to communicate with you to provide you with updates and other information relating to our services
to communicate with you for marketing and promotional purposes when we have your previous consent
to process your transactions
to keep our website secure and prevent fraud
to send you email notifications that you have specifically requested
for compliance purposes, including enforcing our Terms of Service or other legal rights, or as it may be required by applicable laws and regulations or requested by any judicial process or governmental agencies

We will not, without your express consent, share your personal information with any third parties for the purpose of direct marketing.

Data retention

About you

We retain the personal information we collect from you if we have an ongoing legitimate business need to do so. For example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements.

If and when we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it within one (1) month after the legitimate business need has ended.

If this is not possible (e.g., because your personal information has been stored in our backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

About your customers

Any information that you add on your B2B Wave platform about your customers will be deleted when there is no ongoing legitimate business need (e.g. if you cancel your account).

You can also request a clean-up/removal of order data placed before a certain period (e.g. more than two years old). If you do not need your data retained after a specific period of time, please send us your request at privacy@b2bwave.com.

Third-party accounts

If you choose to link our services to a third-party account, we will receive information about that account, such as your authentication token from the third-party account, in order to authorize linking. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.

For example, if you link your Quickbooks account to B2B Wave, we will receive information from your Quickbooks account. You can always unlink a service from a third-party account or send us a request to do it for you at privacy@b2bwave.com.

How we share your information

We may share the information we collect from you in various ways, including:

Vendors and Service Providers. We may share information with third-party vendors and service providers that provide services on our behalf and to provide you with information relevant to you, such as product announcements, software updates, special offers, or other information. An extensive list of what our main service providers do follows in the next section.
Aggregated Information. Where legally permissible, we may use and share information about users with our partners in an aggregated or de-identified form that cannot reasonably be used to identify you.
Third-Party Partners. We also share information about our users with third-party partners in order to receive additional and publicly available information about you.
Analytics. We use analytics providers such as Google Analytics. Google Analytics uses cookies to collect non-identifying information. Google provides some additional privacy options regarding its Analytics cookies at http://www.google.com/policies/privacy/partners/.
Business Transfers. Information may be disclosed and otherwise transferred to any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, debt financing, sale of assets, or similar transaction or in the event of insolvenc, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets.
As Required By Law and Similar Disclosures. We may also share information to:

(i) satisfy any applicable law, regulation, legal process, or governmental request;

(ii) enforce this Privacy Policy and our Terms of Service, including investigation of potential violations hereof;

(iii) detect, prevent, or otherwise address fraud, security, or technical issues;

(iv) respond to your requests; or

(v) protect our rights, property or safety, our users, and the public

This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.

With Your Consent. We may share information with your consent.

Vendors and service providers and sub-processors

All our vendors and service providers are GDPR compliant. While we do not disclose the full list of the vendors online, the sub-processors fall into the following categories:

Server hosting providers
Email marketing service
Email sending service
Customer support software
Online chat software
CRM software
Application analytics software
Subscription management software
Webpage editing software
Invoicing software (if applicable)
Accounting firm
Payment gateways (if applicable)

Unless there is a specific integration in place (e.g., accounting software or payment gateways), the only sub-processor/vendor with which we share your customers' data is our email sending service, and that is solely for purposes instructed by you (e.g.,an update on a customer's order).

Should you require a full list of our sub-processors, please send us an email at privacy@b2bwave.com.

Legal basis for processing personal information

Our legal basis for collecting and using the personal information described above will depend on the personal information shared and the specific context in which we collect it.

However, we will normally collect personal information from you only:

when we need the personal information to perform a contract with you
in case the processing is in our legitimate interests and not overridden by your rights or
when we have your consent to do so
when we have a legitimate interest in operating our services and communicating with you as necessary to provide these services. For example, when responding to your queries, when asking you how to improve our platform, or for the purposes of detecting or preventing illegal activities.

In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need your personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences, if you do not provide your personal information).

Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We use both “session” cookies and “persistent” cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted or until they reach a specified expiration date.

We will use the session cookies to

keep track of you while you navigate our website
prevent fraud and increase our website security

We will use the persistent cookies to

enable our website to recognize you when you visit it
keep track of your preferences in relation to your use of our website
keep track of the marketing performance of our services

We use Google Analytics to analyze the performance of our website. Google Analytics generates statistical and other information about website use by means of cookies that are stored on users’ computers. The information generated relating to our website is used to create reports about how our website is used. Google will store this information. Google's privacy policy is available at http://www.google.com/privacypolicy.html.‍

Disclosures

We may disclose your personal information to our employees, officers, agents, suppliers, or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy Policy.

In addition, we may disclose your personal information:

to the extent that we are required to do so by law
in connection with any ongoing or prospective legal proceedings
in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling
to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information

We will not provide your information to third parties except as designated in this Privacy Policy,

Communications

All communications with B2B Wave are transmitted over TLS (HTTPS) for all of our services (SSL grade A+).

The B2B Wave platform software responds only to secure https requests. Plain http is disabled for both trial and paid accounts.

Data center colocation attestations and certifications

B2B Wave’s data center is stored, audited, and/or certified by various internationally-recognized attestation and certification compliance standards.

Our data center complies with the following reports and certifications:

SOC 1 Type II
SOC 2 Type II
ISO/IEC 27001:2013
PCI-DSS

Security

We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information. We will store all the personal information you provide on our secure (password-protected and firewall-protected) servers.

Passwords are encrypted, and we are not able to recover any password on our own. You can only reset your password if you have forgotten it. Login attempts per IP are restricted to a certain number.

We monitor the security advisories of the software we use on a regular basis, and we perform a penetration test on our application each month. Should any breach of security occur, we are obliged to inform you within seventy-two (72) hours for all the affected parties.

Backups and location of your data

All our data is stored in Europe (main location London, backup location in Ireland and Amsterdam). All our backups are transferred and stored encrypted (AES-256).

Policy amendments

We may update this Privacy Policy from time to time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

Third-party websites

The website contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites.

Your data protection rights under the General Data Protection Regulation (GDPR)

Data processor and data controller definitions

When using B2B Wave, you (the customer) are the “data controller” in the sense that you control the data that comes in and out of our platform.

B2B Wave is the “data processor” in the sense that we process the data that you input into our service.

Right to be informed

We are obliged to inform you about how your information is processed by us, about our sub-processors, and about your rights.

Right of access

You can request at any time any data that we hold for your company by sending us an email at privacy@b2bwave.com.

Your information will be delivered in a secure method and encoded in either XLS or JSON format. Your customers can also request the data that we hold for them. Since we do not directly communicate with your customers, you will need to delegate that request to us.

All Right of Access requests are executed within 7 days.

Right to rectification

You can request updates on the information you have on you on your account at any time.

Your customers can also make any changes to their accounts on their own. In case these changes are not possible by them (e.g. if editing is disabled for them), you (as the administrator) should be able to make any amendments on their behalf.

If you have any problems when editing specific information for a customer, please send us an email at privacy@b2bwave.com.

Right to erasure

You can cancel your account and request full removal of your information at any time. We will also delegate that request to our sub-processors if that is required. For example, in order to remove you from our CRM.

Your customers can also request to be erased from our platform. Should that be the case, please send us an email at privacy@b2bwave.com.

In this email, please make sure to mention:

Your account details and your customer's company name
"Customer removal request" as your email subject

We will proceed to the full removal of your customer’s information within seven (7) days.

Please note that we are not responsible for removing customer information from payment providers, accounting systems, and in general, systems that you, as the “data controller,” have direct access to.

Right to restrict processing

B2B Wave processes information for analyzing usage of its software (e.g., how many orders were placed). If you need to restrict B2B Wave’s processing information activities, please send us an email at privacy@b2bwave.com.

In this email, make sure you mention:

your account details, and
“Restrict usage” as your email subject

Right to data portability

You can export the following information directly from the platform in XLS format on your own:

Customer lists
Product lists
Price lists
Orders

Your customers can export the following information directly from the platform in XLS format on their own:

Orders

Should you require a more detailed export of your data, please send us a request at privacy@b2bwave.com.

In this email, make sure you provide us with the following information:

your company’s name
the domain name you use
your email
your position in the company

Right not to be subject to automated decision-making, including profiling

Currently, B2B Wave does not automatically make any decisions.

Right to object

Should at any time you want to object to how B2B Wave processes data or even propose a better way, please send us an email at privacy@b2bwave.com stating your objection.

Contact

If you have any questions about this Privacy Policy or our treatment of your personal information, please send us an email at privacy@b2bwave.com.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.