B4FINANCE
DATA PRIVACY AND SECURITY POLICY
This Data Privacy and Security Policy (“Policy”) describes the information that we gather on or through the Service, how we use and disclose such information, and the steps we take to protect such information.
This Policy is incorporated into, and is subject to, the Hosted Services agreements signed between the Customer and the Provider.
- DEFINITIONS
“Client” means the clients of B4Finance’s Customers.
“Customer Data“ means personal data, reports, addresses, and other files, folders or documents in electronic form that a User of the Service stores within the Service.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Restricted Area” means web application that can be accessed only by Users, and where access requires logging in.
“Service” means the Hosted Services as described in the Software as a Service agreement
“User” means an employee, agent, or representative of a Customer, who primarily uses the restricted areas for the purpose of accessing the Hosted Service in such capacity.
- ROLES
B4Finance is Data Controller for login details and other personal data necessary for the Provider to provide the Service.
When processing any other personal data or their client’s data within the scope of the Service, the Customer is the Data Controller and the Provider is the Data Processor, as defined by GDPR regulation in force as of 31st of May 2018.
- THE INFORMATION WE COLLECT ON THE SERVICE
We collect different types of information from or through the Hosted Services. The legal bases for B4Finance’s processing of personal data are primarily that the processing is necessary for providing the Service in accordance with B4Finance’s Hosted Services Agreement and that the processing is carried out in B4Finance’s legitimate interests, which are further explained in the section “How We
1
Use the Information We Collect” of this Policy. We may also process data upon your consent, asking for it as appropriate.
User-provided Information
When you use the Hosted Services, as a User, you may provide, and we may collect Personal Data. Examples of Personal Data include name, email address, mailing address, mobile phone number. Personal Data also includes other information, such as geographic area or preferences, when any such information is linked to information that identifies a specific individual. You may provide us with Personal Data in various ways on the Service. For example, when you use the Service, post Customer Data, interact with other users of the Service through communication or messaging capabilities, or send us customer service -related requests.
Information Collected by Customers
A User may store or upload into the Service his Client Data. B4Finance has no direct relationship with the individuals whose Personal Data it hosts as part of Client Data. Each Customer is responsible for providing notice to its clients and third persons concerning the purpose for which Customer collects their Personal Data and how this Personal Data is processed in or through the Service as part of Client Data.
Automatically Collected Information
When a User uses the Service, we may automatically record certain information from the User’s device by using various types of technology. This “automatically collected” information may include IP address or other device address or ID, web browser and/or device type, dates and times of access or use of the Service.
Integrated Services
You may be given the option to interact through the Service with certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Google account, or otherwise have the option to authorize an Integrated Service communicate through an API with our Service.
- HOW WE USE THE INFORMATION WE COLLECT
We use the information that we collect in a variety of ways in providing the Service and operating our business, including the following:
Operations
We use the information – other than Client Data – to operate, maintain, enhance and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions and to provide support to users of the Service. We process Client Data solely in accordance with the directions provided by the applicable Customer or User.
2
Improvements
We use the information to improve the Service, and to develop new products, services, feature, and functionality. Should this purpose require B4Finance to process Customer Data, then the data will only be used in anonymized or aggregated form.
Communications
We may use a User’s email address or other information – other than Client Data – to contact that User for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or defamation issues related to the Customer Data or Personal Data posted on the Service.
- TO WHOM WE DISCLOSE INFORMATION
Except as described in this Policy, we will not disclose the Personal Data or Customer Data that we collect or store on the Service to third parties without the consent of the applicable Customer. We may disclose information to third parties if you consent to us doing so, as well as in the following circumstances:
Service Providers
We work with third party service providers who provide website, application development, hosting, maintenance, and other services for us. These third parties may have access to, or process Personal Data or Customer Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
Law Enforcement, Legal Process and Compliance
We may disclose Personal Data or other information if required to do so by law in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies.
Change of Ownership
Information about Users, including Personal Data, may be disclosed and otherwise transferred to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the User commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.
Customer Data may be physically or electronically transferred to an acquirer, or successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets, for the sole purpose of continuing the operation of the Service, and only if the recipient of the Customer Data commits to a Privacy Policy that has terms substantially consistent with this Privacy Policy.
3
- DATA SECURITY
| Type | Description |
| Backups | VM Snapshots
Application Aware Dumps (SQL dumps) File level backup (copy relevant files to other servers) |
| Disaster Recovery | Infrastructure duplication to another site
Database Replication Backups to external storage (other than main site) |
| Security | Industry standard data encryption protocols (SSL)
Two-factor Authentication HTTPS with properly signed certificates Strong audit mechanisms (logging, log forwarding, log analysis) Periodic testing of our security processes (penetration testing) |
| Database | Each Customer data is stored in a separate database |
