Privacy Policy

1. Information We Collect

Personal Information

We collect personal information that you provide directly to us when you create an account, use our services, or communicate with us. This includes:

• Full name, email address, and phone number
• Date of birth and government-issued identification
• Physical address and billing information
• Employment information and income details
• Bank account and payment card information
• Biometric data for identity verification (where legally permitted)

Financial Information

To provide our financial services, we collect:

• Transaction history and payment patterns
• Account balances and financial statements
• Credit history and risk assessment data
• Investment preferences and portfolio information
• Tax identification numbers and related documents

Technical Information

We automatically collect technical information when you use our platform:

• IP address, device identifiers, and browser information
• Operating system and mobile device characteristics
• Usage patterns, click-through rates, and session data
• Location data (with your consent)
• Cookies and similar tracking technologies

2. How We Use Your Information

Service Provision

We use your information to provide, maintain, and improve our financial services:

• Process transactions and manage your account
• Verify your identity and prevent fraud
• Provide customer support and respond to inquiries
• Develop and enhance our platform features
• Personalize your user experience

Legal and Regulatory Compliance

We process your data to comply with legal obligations:

• Anti-money laundering (AML) and Know Your Customer (KYC) requirements
• Tax reporting and regulatory filings
• Court orders, legal processes, and government requests
• Risk management and compliance monitoring

Marketing and Communications

With your consent, we may use your information for:

• Sending promotional materials and service updates
• Market research and customer feedback surveys
• Personalized product recommendations
• Educational content and financial literacy resources

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

Service Providers

• Payment processors and banking partners
• Identity verification and fraud prevention services
• Cloud storage and data processing providers
• Customer support and communication platforms
• Analytics and marketing service providers

Legal Requirements

• Compliance with applicable laws and regulations
• Response to legal processes and government requests
• Protection of our rights, property, and safety
• Prevention of fraud and illegal activities

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

4. Data Security

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

• End-to-end encryption for data transmission and storage
• Multi-factor authentication and access controls
• Regular security audits and penetration testing
• Secure data centers with 24/7 monitoring
• Advanced threat detection and response systems

Organizational Measures

• Employee training on data protection and privacy
• Strict access controls and need-to-know basis
• Regular security awareness programs
• Incident response and breach notification procedures
• Third-party security assessments and certifications

5. Your Privacy Rights

You have several rights regarding your personal information:

Access and Portability

• Request access to your personal information
• Obtain a copy of your data in a portable format
• Review how your information is being used

Correction and Updates

• Update or correct inaccurate information
• Complete incomplete personal data
• Modify your communication preferences

Deletion and Restriction

• Request deletion of your personal information
• Restrict processing of your data
• Object to certain types of data processing

Exercising Your Rights

To exercise these rights, please contact us using the information provided below. We will respond to your request within 30 days and may require identity verification.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and analyze platform usage:

Types of Cookies

• Essential cookies for platform functionality
• Performance cookies for analytics and optimization
• Functional cookies for personalized features
• Marketing cookies for targeted advertising (with consent)

Managing Cookies

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect platform functionality.

7. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

• Adequacy decisions by relevant data protection authorities
• Standard contractual clauses approved by regulatory bodies
• Binding corporate rules and certification mechanisms
• Your explicit consent for specific transfers

Cross-Border Transfer Safeguards

We implement robust safeguards for international data transfers including:

• EU-approved Standard Contractual Clauses (SCCs) for GDPR compliance
• Transfer Impact Assessments (TIAs) for high-risk jurisdictions
• Data localization requirements compliance where mandated
• Encryption and pseudonymization during transit and storage
• Regular monitoring of third-country legal developments

8. Global Privacy Compliance Framework

European Union - GDPR Compliance

For users in the European Union, we comply with the General Data Protection Regulation (GDPR):

• Lawful basis for processing: Contract performance, legal obligation, legitimate interests, and consent
• Data Protection Officer (DPO) appointed and contactable at dpo@b21.net
• Right to lodge complaints with supervisory authorities
• Data retention periods: Maximum 7 years for financial records, 3 years for marketing data
• Automated decision-making transparency and opt-out rights
• Breach notification within 72 hours to authorities and affected individuals

United States - CCPA Compliance

For California residents, we comply with the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it is used
• Right to delete personal information (subject to legal retention requirements)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising CCPA rights
• Authorized agent requests accepted with proper verification
• Annual disclosure of data collection and sharing practices

Canada - PIPEDA Compliance

For Canadian users, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA):

• Accountability principle: Designated privacy officer responsible for compliance
• Identifying purposes: Clear communication of collection and use purposes
• Consent requirements: Meaningful consent for collection, use, and disclosure
• Limiting collection: Only necessary information for identified purposes
• Safeguards: Appropriate security measures for sensitivity level
• Individual access: Right to access and challenge accuracy of personal information

Nigeria - NDPR Compliance

For Nigerian users, we comply with the Nigeria Data Protection Regulation (NDPR):

• Data Protection Compliance Organization (DPCO) registration maintained
• Lawful basis for processing under Nigerian law
• Data subject rights: Access, rectification, erasure, and portability
• Local data storage requirements for critical data
• Mandatory data breach notification to NITDA within 72 hours
• Annual data protection audit and compliance reporting

Asia-Pacific Frameworks

For users in Asia-Pacific regions, we comply with relevant frameworks including:

Singapore - Personal Data Protection Act (PDPA)

• Data Protection Officer appointment and notification to PDPC
• Consent management for collection, use, and disclosure
• Data breach notification requirements (within 3 days to PDPC)
• Data portability and access request procedures
• Do Not Call (DNC) Registry compliance for marketing

Australia - Privacy Act and Australian Privacy Principles (APPs)

• Notifiable data breach scheme compliance
• Cross-border disclosure restrictions and safeguards
• Individual access and correction rights
• Privacy policy transparency requirements

Japan - Personal Information Protection Act (PIPA)

• Consent requirements for sensitive personal information
• Cross-border transfer restrictions and adequacy assessments
• Individual rights to disclosure, correction, and deletion
• Data breach notification to authorities and individuals

9. Comprehensive Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Universal Rights

• Right of Access: Request information about personal data we hold about you
• Right of Rectification: Correct inaccurate or incomplete personal data
• Right of Erasure: Request deletion of personal data (subject to legal requirements)
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Restrict Processing: Limit how we process your personal data
• Right to Object: Object to processing based on legitimate interests or direct marketing

Automated Decision-Making Rights

• Right to human review of automated decisions affecting you
• Right to explanation of algorithmic decision-making logic
• Right to challenge automated decisions and request manual review
• Opt-out rights for profiling and automated processing

Exercising Your Rights

To exercise these rights:

• Submit requests through our privacy portal or contact privacy@b21.net
• Provide sufficient information to verify your identity
• Specify the right you wish to exercise and relevant details
• We will respond within the timeframes required by applicable law (typically 30 days)
• No fees for reasonable requests (excessive requests may incur administrative fees)

10. Data Retention and Deletion

We retain personal information only as long as necessary for the purposes outlined in this policy and as required by applicable law:

Retention Periods

• Account Information: Retained while account is active plus 7 years for regulatory compliance
• Transaction Records: 7 years from transaction date (financial regulations requirement)
• KYC/AML Documentation: 5-10 years depending on jurisdiction
• Marketing Data: 3 years from last interaction or until consent withdrawal
• Technical Logs: 12 months for security and system optimization
• Support Communications: 3 years for quality assurance and training

Secure Deletion

When retention periods expire or deletion is requested:

• Secure deletion using industry-standard data destruction methods
• Overwriting of magnetic media and cryptographic erasure
• Physical destruction of hardware containing sensitive data
• Verification and certification of deletion processes
• Backup system purging within 90 days of primary deletion

11. Policy Updates and Changes

We may update this privacy policy periodically to reflect changes in our practices or legal requirements. We will:

• Notify you of material changes via email or platform notifications
• Post the updated policy on our website with the revision date
• Provide a summary of key changes when significant updates occur
• Maintain previous versions for your reference
• Obtain fresh consent where required by applicable law
• Provide advance notice for changes affecting your rights

Version Control

This privacy policy version 3.0 supersedes all previous versions. Previous versions are available upon request for reference purposes.