Data Retention Policy
Global Data
Retention Policy
Privacy, Security & Data Lifecycle Management Framework for all users, suppliers, buyers, partners, and third parties interacting with the XB2BX platform.
Introduction
XB2BX.COM ("XB2BX", "the Platform", "we", "our", or "us") is committed to protecting the privacy, confidentiality, integrity, and lawful management of all personal, corporate, transactional, and operational data processed through our global B2B marketplace platform.
This Global Data Retention Policy establishes the principles, standards, retention periods, security measures, and deletion procedures applicable to all information collected, stored, processed, transferred, or archived through XB2BX.COM.
- — Protect users and corporate clients from data misuse
- — Ensure compliance with international data protection laws
- — Minimise legal, regulatory, and cybersecurity risks
- — Define transparent data handling standards
- — Prevent unauthorised access or unlawful retention
- — Establish responsible data lifecycle management procedures
Scope of This Policy
This policy applies globally to all individuals and entities interacting with the XB2BX platform in any capacity.
- — Registered users and account holders
- — Buyers and procurement professionals
- — Suppliers and product vendors
- — Corporate partners and enterprise clients
- — Service providers and contractors
- — Advertisers and marketing partners
- — Affiliates and referral partners
- — Employees, agents, and consultants
- — API integrations and technical partners
- — Website visitors and anonymous users
- — XB2BX.COM web platform
- — Mobile applications
- — APIs and third-party integrations
- — CRM and customer support systems
- — Cloud infrastructure and storage
- — Payment and compliance systems
- — Marketing and analytics platforms
Legal & Regulatory Compliance
XB2BX.COM operates in accordance with applicable international privacy, data protection, and financial compliance regulations. This policy is designed to satisfy the requirements of multiple regulatory frameworks simultaneously.
- — UK GDPR (General Data Protection Regulation — retained)
- — EU GDPR (Regulation 2016/679)
- — Data Protection Act 2018 (United Kingdom)
- — CCPA / CPRA (California Consumer Privacy Act)
- — International AML/KYC compliance obligations
- — Electronic commerce and consumer protection regulations
- — Cross-border data transfer standards (SCCs / adequacy decisions)
- — FATF Recommendations on data in financial crime prevention
Types of Data Collected
XB2BX may collect and process information across four principal data categories. All data collection is conducted on the basis of a lawful processing ground under applicable data protection law.
- — Full name and contact details
- — Email address and telephone number
- — Business address and registered office
- — Government-issued identification documents
- — User account information and preferences
- — Login credentials (encrypted)
- — IP addresses and device identifiers
- — Company registration documents
- — Tax and VAT information
- — Shareholder and director details
- — Supplier verification documentation
- — Commercial licences and certifications
- — Banking and payment information
- — Orders, invoices, and receipts
- — Payments, refunds, and credits
- — Shipping and logistics information
- — Marketplace communications
- — Supplier and buyer interactions
- — Dispute records and resolutions
- — Cookies and analytics data
- — System and access logs
- — Security monitoring records
- — Fraud prevention data
- — Compliance screening records
- — API usage logs
Purpose of Data Retention
XB2BX retains information only where necessary for legitimate business, operational, legal, contractual, security, or regulatory purposes. Data is not retained indefinitely without a documented lawful basis.
- — User account management and authentication
- — Marketplace operations and transaction processing
- — Customer and supplier support
- — Fraud prevention and cybersecurity monitoring
- — Compliance with regulatory and legal obligations
- — Legal defence and dispute resolution
- — Financial reporting and auditing
- — Platform improvement and analytics
- — Marketing communications (where consent exists)
- — AML/KYC obligations and sanctions screening
Data Retention Periods
The following retention periods apply by default. XB2BX reserves the right to retain information beyond these periods where required for legal claims, regulatory investigations, fraud prevention, court orders, or enforcement of contractual rights.
| Data Category | Standard Retention Period |
|---|---|
| Active User Accounts | Duration of Activity |
| Inactive Accounts | Up to 24 months |
| Deleted Accounts | Up to 12 months |
| Data Category | Standard Retention Period |
|---|---|
| KYC / AML Verification Records | Up to 7 years |
| Corporate Registration Documents | Up to 7 years |
| Supplier Compliance Records | Up to 7 years |
| Data Category | Standard Retention Period |
|---|---|
| Invoices & Payment Records | Up to 10 years |
| Accounting Records | Up to 10 years |
| Tax Records | As required by law |
| Transaction Logs | Up to 7 years |
| Data Category | Standard Retention Period |
|---|---|
| Security Monitoring Logs | 12 – 36 months |
| System Access Logs | Up to 24 months |
| Fraud Investigation Records | Duration of investigation + legal hold |
| Data Category | Standard Retention Period |
|---|---|
| Marketing Consent Records | Until consent withdrawn |
| Customer Support Records | Up to 5 years |
| Email & Platform Communications | Up to 5 years |
Data Security & Protection Measures
XB2BX implements commercially reasonable administrative, technical, organisational, and cybersecurity safeguards designed to protect all data against unauthorised access, loss, misuse, alteration, disclosure, destruction, or cyberattack.
User Rights
Subject to applicable data protection laws, users may exercise the following rights in relation to their personal data held by XB2BX. Requests must be submitted in writing and may be subject to identity verification.
- Email Submit your request in writing to privacy@xb2bx.com with your full name, registered email address, and description of the right you wish to exercise.
- Verification XB2BX reserves the right to verify your identity before processing any rights request. We may request additional documentation.
- Response We aim to respond within 30 days of receipt. Complex requests may require up to 90 days with prior notice.
Data Sharing & Third Parties
XB2BX may share information with trusted third parties where necessary for legitimate operational, compliance, or legal purposes. All data processors are engaged under contractual arrangements requiring appropriate confidentiality and security standards.
- — Payment processing providers
- — Logistics and shipping operators
- — Identity and KYC verification services
- — Cloud hosting and infrastructure providers
- — Customer support platform providers
- — Analytics and performance monitoring services
- — Compliance and sanctions screening providers
- — Legal, audit, and regulatory advisers
- — Law enforcement where legally required
Cross-Border Data Transfers
As a global B2B marketplace platform, XB2BX may process or transfer information internationally, including to countries outside the United Kingdom and the European Economic Area (EEA). Users acknowledge and consent that their information may be transferred to and processed in jurisdictions with different data protection frameworks.
- — Standard Contractual Clauses (SCCs) approved by the ICO and European Commission
- — Adequacy decisions where the destination country has been assessed as providing equivalent protection
- — Binding Corporate Rules where applicable
- — Explicit consent where other transfer mechanisms are not available
Account Termination & Data Deletion
Users may request account deletion subject to legal, regulatory, security, operational, and contractual requirements. Deletion requests are processed in accordance with the procedures below.
- Step 1 Public-facing account profile and listing information will be removed from the platform within 30 days of a verified deletion request.
- Step 2 Certain records will remain archived in accordance with the retention periods in Section 6, including financial, legal, and compliance records.
- Step 3 Backup systems may temporarily retain limited data copies during routine backup cycles; these will be overwritten in accordance with our backup schedule.
- Step 4 Legal, financial, and regulatory records are preserved for the mandatory periods regardless of deletion requests.
Children's Data
XB2BX is intended exclusively for registered business users and professional participants. The platform is not directed to individuals under the age required by applicable law in their jurisdiction to enter into legally binding commercial agreements.
XB2BX does not knowingly collect, store, or process personal information from children. If we become aware that personal data has been inadvertently collected from a minor, we will take prompt steps to delete such data.
Policy Violations & Enforcement
Unauthorised access, misuse, disclosure, extraction, scraping, copying, resale, or abuse of XB2BX data, systems, or user information constitutes a serious violation of this policy and applicable law.
- — Immediate suspension of platform access and account privileges
- — Permanent account termination and blacklisting
- — Civil legal action for damages, injunctive relief, and account of profits
- — Reporting to relevant regulatory and law enforcement authorities
- — Referral to data protection authorities (ICO, EDPB, and equivalents)
- — Financial claims for losses, including consequential and reputational damage
XB2BX reserves all legal rights relating to the protection of its systems, users, intellectual property, and business operations.
Disclaimers & Limitation of Liability
XB2BX.COM operates as a global B2B marketplace, technology intermediary, and commercial platform. XB2BX is not a bank, financial institution, regulated investment adviser, escrow provider, or payment processor unless expressly stated otherwise in a specific service agreement.
- — No digital system can guarantee complete cybersecurity protection against all threats
- — Third-party service providers and integrations may introduce independent security risks
- — Users are solely responsible for protecting their own login credentials, devices, and access controls
- — XB2BX does not guarantee uninterrupted availability of the platform or data systems
Policy Updates
XB2BX reserves the right to update, amend, or modify this Data Retention Policy at any time to reflect changes in law, regulatory guidance, platform operations, or best practice. Material changes will be communicated to registered users prior to taking effect.
Updated versions will be published at www.xb2bx.com/data-retention-policy with a revised effective date. Continued use of the platform following the publication of any updated version constitutes acceptance of the revised policy.
Contact Information
For all data protection enquiries, rights requests, complaints, or questions relating to this policy, please contact our Privacy & Compliance Department using the details below.
