At B2B Wave, we are firmly committed to the privacy of our customers and the data that is stored on our cloud platform.
What information do we collect?
We may collect, store and use the following kinds of personal information:
How we use your information
We use the information we collect from you in various ways, such as:
We will not, without your express consent, share your personal information with any third parties for the purpose of direct marketing.
We retain the personal information we collect from you if we have an ongoing legitimate business need to do so. For example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements.
If and when we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it within one month after the legitimate business need has ended.
If this is not possible (e.g. because your personal information has been stored in our backup archives), then we securely store your personal information and isolate it from any further processing until deletion is possible.
About your customers
Any information that you add on your B2B Wave platform about your customers will be deleted when there is no ongoing legitimate business need (e.g. if you cancel your account).
You can also request a clean-up/removal of order data placed before a certain period (e.g. more than two years old). If you do not need your data retained after a specific period of time, please send us your request at email@example.com.
If you choose to link our services to a third-party account, we will receive information about that account, such as your authentication token from the third-party account in order to authorize linking. If you wish to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options.
For example, if you link your Quickbooks account to B2B Wave, we receive information from your Quickbooks account. You can always unlink a service from a third-party account, or send us a request to do it for you, at firstname.lastname@example.org.
How we share your information
We may share the information we collect from you in various ways, including:
(i) satisfy any applicable law, regulation, legal process, or governmental request;
(iii) detect, prevent, or otherwise address fraud, security, or technical issues;
(iv) respond to your requests; or
(v) protect our rights, property or safety, our users, and the public.
This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
Vendors and service providers and sub-processors
All our vendors and service providers are GDPR compliant. While we do not disclose the full list of the vendors online, the sub-processors fall into the following categories:
Unless there is a specific integration in place (e.g. accounting software or payment gateways), the only sub-processor/vendor with which we share your customers' data is our email sending service and that solely for purposes instructed by you (e.g. an update on a customer's order).
Should you require a full list of our sub-processors, please send us an email at email@example.com.
Legal basis for processing personal information
Our legal basis for collecting and using the personal information described above will depend on the personal information shared and the specific context in which we collect it.
However, we normally collect personal information from you only:
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need your personal information to protect your vital interests or those of another person.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences, if you do not provide your personal information).
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
We use both "session" cookies and "persistent" cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted or until they reach a specified expiration date.
We use the session cookies to:
We do not use the persistent cookies to:
See more information about our cookies here.
In addition, we may disclose your personal information:
International data transfers
The information that we collect from you is only stored in EEA.
All communications with B2B Wave are transmitted over TLS (HTTPS) for all of our services (SSL grade A+).
The B2B Wave platform software responds only to secure https requests. Plain http is disabled for both trial and paid accounts.
Data centere colocation attestations and certifications
B2B Wave’s data centre is stored, audited, and/or certified by various internationally-recognised attestation and certification compliance standards.
Our data centre complies to the following reports and certifications:
We take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information. We store all the personal information you provide on our secure (password- and firewall-protected) servers.
Passwords are encrypted and we are not able to recover any password on our own. You can only reset your password, if you have forgotten it. Login attempts per IP are restricted to a certain number.
We monitor the security advisories of the software we use on a regular basis and we perform a penetration test on our application each month.Should any breach of security occur, we are obliged to inform you within 72 hours for all the affected parties.
Backups and location of your data
All our data is stored in Europe (main location London, backup location in Ireland and Amsterdam). All our backups are transferred and store encrypted (AES-256).
The website contains links to other websites. We are not responsible for the privacy policies or practices of third-party websites.
Your data protection rights under the General Data Protection Regulation (GDPR)
Data processor and data controller definitions
When using B2B Wave, you (the customer) are the “data controller” in the sense that you control the data that comes in and out of our platform.
B2B Wave is the “data processor” in the sense that we process the data that you input to our service.
Right to be informed
We are obliged to inform you about how your information is processed by us, about our our sub-processors, and about your rights.
Right of access
You can request at any time any data that we hold for your company by sending us an email at firstname.lastname@example.org.
Your information will be delivered in a secure method and encoded in either XLS or JSON format. Your customers can also request the data that we hold for them. Since we do not directly communicate with your customers, you will need to delegate that request to us.
All Right of Access requests are executed within seven days.
Right to rectification
You can request updates on the information you have on you on your account at any time.
Your customers can also make any changes to their account on their own. In case these changes are not possible by them (e.g. if editing is disabled for them), you (as the administrator) should be able to make any amendments on their behalf.
If you have any problems when editing specific information for a customer, please send us an email at email@example.com.
Right to erasure
You can cancel your account and request full removal of your information at any time. We will also delegate that request to our sub-processors, if that is required. For example, in order to remove you from our CRM.
Your customers can also request to be erased from our platform. Should that be the case, please send us an email at firstname.lastname@example.org.
In this email, please make sure to mention:
We proceed to the full removal of your customer’s information within seven days.
Please note that we are not responsible for removing customer information from payment providers, accounting systems, and in general systems that you as the “data controller” have direct access to.
Right to restrict processing
B2B Wave processes information for analysing usage if its software (e.g. how many orders were placed). If you need to restrict B2B Wave’s processing information activities, please send us email at email@example.com.
In this email, make sure you mention:
Right to data portability
You can export the following information directly from the platform in XLS format on your own:
Your customers can export the following information directly from the platform in XLS format on their own:
Should you require a more detailed export of your data, please send us a request at firstname.lastname@example.org.
In this email, make sure you provide us with the following information:
Right not to be subject to automated decision-making, including profiling
Currently, B2B Wave does not make automated decisions.
Right to object
Should at any time you want to object how B2B Wave processes data or even propose a better way, please send us an email at email@example.com stating your objection.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.