Privacy Policy

XB2BX LTD is the data controller responsible for your personal information and determines the means and purposes of processing.

UK Representative

UKGB Limited — 45 Albemarle Street, London, W1S 4JL, England. Email: contact@ukgblimited.com · Tel: +44 (0)7413774377

EEA & Switzerland Representative

UKGB Limited — 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, England. Email: info@ukgblimited.com · Tel: +44 (0)7490324157

2.1 Information You Provide Directly

• Identity data Full name, username, job title, company name
• Contact data Email address, phone number, mailing and billing address
• Account credentials Password, authentication data, contact preferences
• Financial & payment data Billing address and payment instrument details (handled by our payment processors)
• Business information Country, industry, trade and professional information
• Communications Messages, enquiries, feedback, and support requests

2.2 Sensitive Personal Information

In limited circumstances and only with your explicit consent or as required by law, we may collect:

• Biometric data For identity verification purposes only
• Financial & credit-worthiness data For transaction compliance
• Government identifiers National ID or passport numbers where legally required
• Trade union membership Where disclosed in professional profiles

We do not use sensitive data to infer characteristics about you beyond the stated purpose.

2.3 Information Collected Automatically

• Log & usage data IP address, browser type, device identifiers, pages visited, timestamps, search queries
• Device data Device type and model, operating system, mobile carrier, hardware configuration
• Location data Approximate location via IP; precise geolocation only with your consent
• Cookies & tracking Session identifiers, preferences, and analytics data (see Section 8)

2.4 Information From Third Parties

• Social media platforms Facebook, X/Twitter, LinkedIn — when you connect your account or use social login
• Public business databases For B2B verification and due diligence
• Marketing & analytics partners Behavioural and intent data for service improvement
• Payment processors Transaction verification data from PayPal, Stripe, Authorize.net, GoCardless, WePay, and Razorpay

2.5 Payment Data

XB2BX does not store your full payment card details. Payments are processed by our authorised PCI-DSS compliant providers: PayPal, Stripe, Authorize.net, GoCardless, WePay, and Razorpay. Each operates under its own privacy policy.

2.6 Facebook Application Data

If you use the XB2BX Facebook application, we may access your basic Facebook account information — including name, email, gender, profile picture URL, and current city — plus other data you choose to make public. Additional permissions (friends list, check-ins, likes) are optional and individually controlled by you.

• Account management Create, authenticate, and maintain your XB2BX account securely
• Platform services Facilitate B2B connections, marketplace transactions, and partner matching
• Transaction processing Process payments, manage orders, handle returns and disputes
• Customer support Respond to enquiries, troubleshoot issues, provide assistance
• Communications Service notifications, administrative updates, policy changes, and (where opted-in) marketing
• Security & fraud prevention Detect and prevent fraud, unauthorised access, and platform abuse
• Analytics & improvement Analyse usage patterns, test features, and improve platform quality
• Legal compliance Meet legal obligations, respond to lawful authority requests, assert or defend claims
• Vital interests Protect the safety of individuals in emergency situations

Where we rely on legitimate interests, we conduct a balancing test to ensure our interests do not override your fundamental rights. You may request details by contacting policy@xb2bx.com.

• Service providers Cloud infrastructure, payments, analytics, and support — bound by data processing agreements
• Business partners Verified B2B partners on the XB2BX platform, with your knowledge and where required your consent
• Google Maps Platform Location data for mapping features; subject to Google's Privacy Policy; revocable at any time
• Corporate affiliates Parent companies, subsidiaries, or joint ventures with equivalent privacy protections
• Business transfers In the event of a merger, acquisition, or asset sale — with advance notice to you
• Legal & regulatory Where required by law, court order, or to protect rights and safety

🚫 No Data Sales: XB2BX does not sell, rent, or trade your personal information to third parties for their own commercial purposes. We have not done so in the preceding 12 months and will not do so.

As a global marketplace, XB2BX may transfer personal data to countries outside the UK and EEA. We protect such transfers through:

• Adequacy decisions UK Adequacy Regulations or EU adequacy decisions for the destination country
• Standard Contractual Clauses ICO-approved or EU Commission-approved SCCs
• Binding Corporate Rules Where applicable within our corporate group
• Other lawful mechanisms As permitted under applicable data protection law

You may request a copy of the relevant transfer safeguards by contacting policy@xb2bx.com.

We retain personal data for the duration of your account relationship with XB2BX plus any additional period required by law. Upon account closure:

• Active account data is promptly deactivated from live systems
• Certain records may be retained for fraud prevention, legal compliance, or dispute resolution
• Anonymised or aggregated data (which cannot identify you) may be retained indefinitely for analytics
• Data in backup archives is isolated and protected pending scheduled deletion cycles

• Essential cookies Required for login sessions, security tokens, and user preferences. Cannot be disabled.
• Analytics cookies Help us understand platform usage (e.g. Google Analytics). Used in aggregated, anonymised form.
• Marketing & remarketing Serve relevant advertising, including Google Remarketing. Opt out via Google Ads Settings.
• Third-party cookies Placed by payment processors and social login providers under their own policies.

Google Analytics

We share anonymised usage data with Google Analytics. To opt out across all websites, install the Google Analytics Opt-out Browser Add-on (available at tools.google.com/dlpage/gaoptout). For targeted advertising opt-outs, visit www.aboutads.info/choices.

Most browsers allow you to control cookies through settings. Disabling certain cookies may affect platform functionality.

XB2BX offers registration and login via Facebook, X (formerly Twitter), and other supported platforms. When you use this feature, we receive profile information determined by your social media account's privacy settings, which may include your name, email address, profile picture, and — in the case of Facebook — friends list, check-ins, and likes if you grant such permissions.

We use this information solely in accordance with this Privacy Policy and are not responsible for how social media platforms use your data. We encourage you to review their privacy policies and manage your privacy preferences directly on those platforms.

• Encryption TLS/HTTPS encryption in transit and encryption at rest for stored data
• Access controls Role-based permissions limiting staff access to personal data on a need-to-know basis
• Security assessments Regular security reviews and penetration testing
• Incident response Established breach notification protocols compliant with applicable law
• Vendor due diligence Security assessments for all third-party processors

No electronic transmission is 100% secure. We encourage you to use strong, unique passwords and access the platform only via secure networks. You are responsible for keeping your credentials confidential. In the event of a security breach affecting your rights and freedoms, we will notify you and the relevant authorities as required by law.

How to Exercise Your Rights

Contact us via any of the following methods. We will respond within 30 days (extendable to 90 days for complex requests).

Opting Out of Marketing

Unsubscribe at any time via the unsubscribe link in any email, by replying "STOP" to SMS messages, or by contacting us. Opting out does not affect essential service communications.

XB2BX does not currently respond to browser-level Do-Not-Track (DNT) signals, as no universally accepted technical standard has been finalised. We will update this Policy if a recognised standard is adopted. California residents are informed of this practice in accordance with applicable law.

XB2BX is a professional B2B marketplace and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately at policy@xb2bx.com and we will delete it promptly.

Our platform may contain links to third-party websites, applications, or services. XB2BX is not responsible for the privacy practices, content, or security of those third parties. Inclusion of a link does not imply endorsement by XB2BX. We encourage you to read the privacy policy of any third-party site you visit. Data you provide directly to third parties is not governed by this Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The "Last Updated" date at the top of this page will be revised accordingly. For material changes, we will notify you via a prominent notice on our platform or by direct communication. We encourage you to review this Policy periodically. Continued use of our Services after an update constitutes your acknowledgement of the revised Policy.

To review, correct, or request deletion of your personal data, or to exercise any privacy right, contact us through any of the channels below:

You may also update your information directly by logging into your account settings. Upon account termination, we will deactivate and remove your data from active systems, subject to legal retention requirements.