xb2bx DSAR Policy

DSAR — Data Subject Access Request | xb2bx.com
Data Protection & Privacy Rights

Your Data.
Your Rights. Our Commitment.

Submit a Data Subject Access Request to xb2bx.com — the global B2B marketplace. Free of charge, legally binding, and processed within your statutory deadline.

GDPR Art. 15–21 CCPA / CPRA LGPD Brazil PIPEDA Canada PDPA Thailand UK GDPR
Submit Your Request Learn About Your Rights
30 Days GDPR Response Deadline
📋
15 Days CCPA Response Deadline
🌍
180+ Countries Covered
🔒
Free No Charge, Ever
7 Rights Fully Supported
⚠️

Legally Binding Policy: This DSAR process constitutes a legally enforceable policy of xb2bx.com Ltd. By using the xb2bx.com platform, all users acknowledge this policy. xb2bx.com is committed to full compliance with applicable global data protection legislation. This page supersedes all previous versions. Document ID: XB2BX-PRIV-DSAR-2025-v2.0

Section 01

Your Data Subject Rights

Depending on your jurisdiction, you are entitled to exercise the following rights. xb2bx.com honours all applicable rights under the most protective standard available.

📂

Right of Access

Obtain a complete copy of all personal data we hold about you, including the purposes of processing, categories of data, and any third parties it has been shared with.

GDPR Art. 15 · CCPA §1798.110
🗑️

Right to Deletion

Request the erasure of your personal data where it is no longer necessary for the purpose it was collected, or where you withdraw consent on which processing is based.

GDPR Art. 17 · CCPA §1798.105
✏️

Right to Rectification

Correct any inaccurate or incomplete personal data held by xb2bx.com without undue delay, including through supplementary statements.

GDPR Art. 16 · CPRA §1798.106
📤

Right to Portability

Receive your personal data in a structured, commonly used, machine-readable format (CSV/JSON) and transmit it to another controller.

GDPR Art. 20 · CPRA §1798.100
🚫

Right to Restriction

Limit how we process your data where you contest accuracy, oppose erasure, or need it for legal claims — we will flag and restrict processing accordingly.

GDPR Art. 18 · CCPA Opt-Out

Right to Object

Object to processing for direct marketing, profiling, or where we rely on legitimate interests — processing will cease unless compelling grounds are demonstrated.

GDPR Art. 21 · CCPA §1798.120
⚖️

Non-Discrimination

Exercise any of your rights without fear of receiving a different level of service, price discrimination, or any penalty whatsoever from xb2bx.com.

Cal. Civ. Code §1798.125
Section 02

How to Submit a DSAR

Simple, secure, and free of charge. Follow these five steps — we will handle the rest.

1

Initiate Your Request

Contact us via the form below, email privacy@xb2bx.com, or use our online DSAR portal at xb2bx.com/dsar-request. Postal requests should be addressed to the Data Protection Officer, xb2bx.com Ltd., London, United Kingdom. Include "DSAR" in your subject line.

2

Identity Verification

To protect your data from unauthorised disclosure, we will ask for a copy of a government-issued photo ID (passport or national ID card). Requests made on behalf of another person require written authorisation and ID for both parties.

3

Written Acknowledgement

You will receive a written acknowledgement within 5 business days confirming: the date of receipt, your applicable response deadline, and any additional information required from you.

✓ Within 5 business days
4

Processing & Review

Our Privacy Team locates, compiles, and reviews all personal data associated with your identity. We may contact you for clarification if the scope is broad. All responses are delivered securely in writing, by encrypted email or secure file transfer.

5

Delivery of Response

Your complete response will be delivered within the applicable statutory deadline — GDPR: 30 days, CCPA: 15 days. Data access requests are provided in structured format (PDF + CSV). Deletions and restrictions are confirmed in writing with reference number.

✓ GDPR 30 days · CCPA 15 days

Submit Your DSAR

Complete the form below. All fields marked * are required. Your request will be acknowledged within 5 business days.

🔒 Submitted securely · No charge · Reference number provided on confirmation

Alternative Channels

Other Ways to Reach Us

✉️

Email — Privacy Team

Send your request directly to our Data Protection team. Include "DSAR" in the subject line.
privacy@xb2bx.com

⏱ Acknowledged within 5 business days
🛡️

Data Protection Officer

Escalations, complaints, or complex requests can be directed to our DPO directly.
dpo@xb2bx.com

⏱ DPO responds within 10 business days
📮

Postal Address

Data Protection Officer
xb2bx.com Ltd.
London, United Kingdom

🌐

Online DSAR Portal

24/7 self-service portal with instant acknowledgement and real-time status tracking.
xb2bx.com/dsar-request

✓ Instant automated acknowledgement
Section 03

Response Deadlines by Jurisdiction

Legally mandated deadlines we are bound to meet, by applicable framework.

Framework Jurisdiction Standard Deadline Extension Legal Basis
GDPR European Union / EEA 30 calendar days Up to 90 days (complex) Art. 12(3) GDPR
UK GDPR United Kingdom 30 calendar days Up to 90 days (complex) UK GDPR Art. 12(3)
CCPA/CPRA California, USA 15 days (xb2bx SLA) Additional 45 days w/ notice Cal. Civ. Code §1798.130
LGPD Brazil 15–30 days 30 days w/ written justification Art. 18 & 19 LGPD
PIPEDA Canada 30 calendar days Extension with notice Schedule 1, Principle 9
PDPA Thailand / Singapore 30 calendar days Extension with written notice Sec. 23 PDPA TH
xb2bx SLA Global Standard 30 days max 15 days for CCPA-scope Voluntary commitment
Section 04

Lawful Exemptions & Limitations

There are limited, clearly defined circumstances in which xb2bx.com may lawfully decline or partially restrict a DSAR.

⚖️ Legal Proceedings

Data may be retained or withheld where required by court order, law enforcement request, or to establish, exercise, or defend legal claims — Art. 17(3)(e) GDPR; CCPA §1798.105(d).

👥 Third-Party Rights

We will redact information that would reveal the identity of or personal data about a third party who has not consented to disclosure.

🔄 Excessive Requests

We reserve the right to charge a reasonable administrative fee or decline manifestly unfounded or repetitive requests, with written justification always provided.

🔬 Public Interest Research

Where erasure would seriously impair research conducted in the public interest, limited retention may apply under applicable derogations.

🛡️ Fraud Prevention

Where fulfilment of a request would compromise an ongoing fraud investigation or materially undermine platform security measures.

📝 Your Right to Complain

In all cases where we decline or limit a request, we will provide written reasons and notify you of your right to lodge a complaint with the relevant supervisory authority.

Section 05

Frequently Asked Questions

Yes. xb2bx.com does not charge any fee to submit or process a Data Subject Access Request. The only exception is where requests are manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee — we will always notify you in writing before doing so.
We acknowledge all requests within 5 business days. The full response is delivered within the deadline applicable to your jurisdiction: 30 calendar days for GDPR/UK GDPR requests, 15 days for CCPA-scope requests (our voluntary commitment). Complex requests may take up to 90 days under GDPR with prior written notice to you.
To protect your data from disclosure to an unauthorised person, we require a copy of a government-issued photo ID — such as a passport, national identity card, or driving licence. For requests made on behalf of another person, we require written authorisation from that person plus valid ID for both the requester and the data subject.
Yes. You may request the deletion of your personal data under the Right to Erasure (GDPR Art. 17) or Right to Delete (CCPA). We will erase your data unless retention is required for legal obligations, ongoing contractual commitments, or legitimate interests such as fraud prevention. We will inform you in writing of any data we are required to retain and the reason why.
Data access responses are provided in structured, machine-readable formats. You will typically receive a PDF summary report and a CSV file containing your raw data records. If you require a specific format for portability purposes (e.g., JSON), please indicate this in your request.
You may first escalate to our Data Protection Officer at dpo@xb2bx.com. If you remain unsatisfied, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction — the ICO (UK), your national DPA (EU), the CPPA (California), the ANPD (Brazil), or the OPC (Canada).
Section 06

Supervisory Authorities

If you are unsatisfied with our response, you have the right to lodge a complaint directly with your national data protection authority.

🇬🇧

ICO — United Kingdom

Information Commissioner's Office

ico.org.uk
🇪🇺

National DPAs — EU/EEA

Your member state data protection authority

edpb.europa.eu
🇺🇸

CPPA — California

California Privacy Protection Agency

cppa.ca.gov
🇧🇷

ANPD — Brazil

Autoridade Nacional de Proteção de Dados

gov.br/anpd
🇨🇦

OPC — Canada

Office of the Privacy Commissioner

priv.gc.ca
DSAR Submitted Successfully You will receive an acknowledgement within 5 business days.
live chat xb2bx
Items (0)
No Record Found

Your Shopping Bag Is Empty