Privacy Policy for End Users
Last updated: May 15, 2024
B2V protects organization against impersonation attacks. Using only anonymized data via cryptographic methods, our solution employs a fundamentally new approach to impersonation attack prevention and therefore does not depend on tracking users and exploiting personal data.
Your privacy is critically important to us. At B2V, we have a few fundamental principles:
- We are thoughtful about the information that we collect through the operation of our services.
- We store information for only as long as we have a reason to keep it.
- We aim to make it as simple as possible for you to keep control over your data.
- We help protect you from overreaching government demands for your information.
- We aim for full transparency on how we gather, use, and share information.
- Below is our Privacy Policy for End Users, which incorporates and clarifies these principles. It is B2V’s policy to respect your privacy regarding any information we may collect from you across our online service, https://b2v.xyz, and other sites we own and operate.
Service Users are those who incorporate our service into their organization's Mutual Authentication and Signature flows.
End Users are individuals who interact with our service through the public interfaces of the organizations of our Service Users.
This Privacy Policy is only valid for End Users.
This policy is split into sections. For your convenience, links to each of those sections is as follows:
- Information we collect
- Legal bases for processing
- Use of information
- Sharing of information
- Your rights and controlling your personal information
- Cookies
- Limits of our policy
- Changes to this policy
Information we collect
When you visit an organization's public interface via https://b2v.xyz/{organization handle}
or https://b2v.xyz/{organization handle}/{session id}
, we collect the following log data:
- The request headers User-Agent, Origin and Referer.
- The Organization handle found in the URL path relating to the Mutual Authentication or Signature provided by the Service User
- The Session ID found in the URL path relating to the Mutual Authentication or Signature provided by the Service User
- The digest (one-way hash with salt) of the inputed End User Mutual Authentication or Signature field(s), which contains information about the session they are related to
Legal bases for processing
We will process your information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so.
These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where:
- it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
- it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to offer our services, and to protect our legal rights and interests;
- you give us consent to do so for a specific purpose; or
- we need to process your data to comply with a legal obligation.
Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% foolproof. If necessary, we may retain your personal information for our compliance with a legal obligation or to protect your vital interests or the vital interests of another natural person.
Use of information
We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes:
- to provide you with our platform’s core features;
- to enable you to access and use our service and associated applications;
- for internal record keeping and administrative purposes;
- to operate and improve our service, associated applications and associated sites; and
- to comply with our legal obligations and resolve any disputes that we may have.
Sharing of information
We may only disclose personal information to:
- our IT service, data storage, hosting and server providers for the purpose of enabling them to provide their services;
- our employees, contractors and/or related entities; and
- courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights.
B2V is a globally available service headquartered in France. We host our solutions in data centers located in the USA and EU and on the edge distributed across more than 200 data centers worldwide, which means that requests are routed to a data center close to the requester.
By providing us with your information, you consent that the information we collect is stored and processed where we and our service providers maintain facilities. We will ensure that any transfer of information will be protected by appropriate safeguards, by using the new standard data protection clauses approved by the European Commission or the use of binding corporate rules.
Your rights and controlling your personal information
Choice and consent: By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this privacy policy. If you are under 16 years of age, you must have, and warrant to the extent permitted by law to us, that you have your parent or legal guardian’s permission to access and use the website and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of our services offered on or through it.
Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.
Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party.
Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
Notification of data breaches: We will comply laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
Cookies
A cookie is a small piece of data that an online service stores on your computer, and accesses each time you visit, so it can track you and understand how you use the service.
Our end user solution does NOT use cookies.
Limits of our policy
Our service for Mutual Authentication and Signatures may be used by external sites and mobile apps by embedding a URL that direct End Users to a Service User's B2V Organization or Session. Please note that this privacy policy does not apply to any external site or mobile app, even if it links to our site or incorporates our service. Please refer to the applicable privacy policies before deciding to provide any information to third parties. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Changes to this policy
At our discretion, we may change our privacy policy to reflect current acceptable practices. We will take reasonable steps to let users know about changes via our website. Your continued use of our service after any changes to this policy will be regarded as acceptance of our practices around privacy and personal information.
If we make a significant change to this privacy policy, for example changing a lawful basis on which we process your personal information, we will ask you to re-consent to the amended privacy policy.