Regional Privacy Details

🇪🇺 European Union - GDPR Compliance

The General Data Protection Regulation (GDPR) is one of the world's most comprehensive privacy laws. For users in the European Union, we provide the following protections:

Legal Basis for Processing

• Contract Performance: Processing necessary for providing financial services
• Legal Obligation: Compliance with AML, KYC, and financial regulations
• Legitimate Interests: Fraud prevention and service improvement
• Consent: Marketing communications and optional features

Your GDPR Rights

• Right of Access: Request information about your personal data
• Right of Rectification: Correct inaccurate personal data
• Right of Erasure: Request deletion of personal data
• Right to Data Portability: Receive data in machine-readable format
• Right to Restrict Processing: Limit how we process your data
• Right to Object: Object to processing for direct marketing

Data Protection Officer

Our appointed Data Protection Officer can be contacted at: dpo@b21.net

Supervisory Authority

You have the right to lodge complaints with your local Data Protection Authority in the EU.

🇺🇸 United States - CCPA Compliance

The California Consumer Privacy Act (CCPA) provides California residents with specific rights regarding their personal information. We extend these protections to all US users:

Your CCPA Rights

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

Categories of Information Collected

• Identifiers: Name, email, phone number, government ID
• Financial Information: Bank accounts, transaction history
• Commercial Information: Purchase history, preferences
• Internet Activity: Usage patterns, device information
• Geolocation Data: With your consent

Authorized Agent Requests

You may designate an authorized agent to make requests on your behalf. We require proper verification and authorization.

🇨🇦 Canada - PIPEDA Compliance

The Personal Information Protection and Electronic Documents Act (PIPEDA) governs how private sector organizations collect, use, and disclose personal information in Canada:

PIPEDA Principles

• Accountability: Designated privacy officer responsible for compliance
• Identifying Purposes: Clear communication of collection purposes
• Consent: Meaningful consent for collection, use, and disclosure
• Limiting Collection: Only necessary information collected
• Limiting Use and Disclosure: Information used only for stated purposes
• Accuracy: Personal information kept accurate and up-to-date
• Safeguards: Security measures appropriate to sensitivity
• Openness: Transparent policies and practices
• Individual Access: Right to access personal information
• Challenging Compliance: Right to challenge accuracy and compliance

Privacy Officer Contact

Our Privacy Officer for Canadian matters: privacy@b21.net

Office of the Privacy Commissioner

You may file complaints with the Office of the Privacy Commissioner of Canada regarding our privacy practices.

🇳🇬 Nigeria - NDPR Compliance

The Nigeria Data Protection Regulation (NDPR) provides comprehensive data protection for Nigerian residents. As a Nigerian-based company, we maintain full NDPR compliance:

NDPR Compliance Framework

• Data Protection Compliance Organization (DPCO) registration maintained
• Lawful basis for processing under Nigerian law
• Local data storage for critical personal data
• NITDA breach notification within 72 hours
• Annual data protection audit and compliance reporting

Data Subject Rights

• Right of Access: Request access to personal data
• Right of Rectification: Correct inaccurate data
• Right of Erasure: Request deletion of personal data
• Right to Data Portability: Receive data in portable format
• Right to Object: Object to certain processing activities

NITDA Registration

B21 is registered with the National Information Technology Development Agency (NITDA) as a Data Controller and maintains active DPCO status.

🇸🇬 Singapore - PDPA Compliance

The Personal Data Protection Act (PDPA) governs the collection, use, and disclosure of personal data in Singapore. We comply with all PDPA requirements:

PDPA Obligations

• Data Protection Officer appointment and PDPC notification
• Consent management for collection, use, and disclosure
• Data breach notification to PDPC within 3 days
• Data portability and access request procedures
• Do Not Call (DNC) Registry compliance for marketing

Individual Rights

• Right to Access: Request access to personal data
• Right to Correction: Correct inaccurate personal data
• Right to Withdraw Consent: Withdraw consent for processing
• Right to Data Portability: Receive data in portable format

Personal Data Protection Commission

You may lodge complaints with the Personal Data Protection Commission (PDPC) regarding our data practices.

🇦🇺 Australia - Privacy Act Compliance

The Privacy Act 1988 and Australian Privacy Principles (APPs) govern how we handle personal information of Australian residents:

Australian Privacy Principles

• Open and transparent management of personal information
• Anonymity and pseudonymity options where practicable
• Collection of solicited personal information
• Dealing with unsolicited personal information
• Notification of collection of personal information
• Use or disclosure of personal information
• Direct marketing restrictions and opt-out rights
• Cross-border disclosure safeguards
• Government related identifier restrictions
• Quality of personal information
• Security of personal information
• Access to personal information
• Correction of personal information

Notifiable Data Breach Scheme

We comply with mandatory data breach notification requirements under the Notifiable Data Breach scheme.

Office of the Australian Information Commissioner

You may lodge complaints with the Office of the Australian Information Commissioner (OAIC) regarding privacy matters.

🇯🇵 Japan - Personal Information Protection Act

The Personal Information Protection Act (PIPA) governs the handling of personal information in Japan. We ensure full compliance with Japanese privacy requirements:

PIPA Compliance Framework

• Consent requirements for sensitive personal information
• Cross-border transfer restrictions and adequacy assessments
• Data breach notification to authorities and individuals
• Personal information protection management system
• Regular compliance audits and assessments

Individual Rights

• Right to Disclosure: Request disclosure of personal information
• Right to Correction: Correct inaccurate personal information
• Right to Deletion: Request deletion of personal information
• Right to Suspend Use: Request suspension of processing

Personal Information Protection Commission

The Personal Information Protection Commission oversees compliance with PIPA. You may file complaints regarding our data practices.