Privacy Policy

Last Updated Date : 08/26/2020

We at B2BWorks.com ("B2BWorks.com," "we," "us," "our") know that our users ("you," "your") care about how your personal information is used and shared, and we take your privacy seriously. Please read the following B2BWorks.com Privacy Policy (the "Privacy Policy"). By visiting or using the www.B2BWorks.com website or application, and any other linked pages, features, content, or any other services we offer from time to time in connection therewith (collectively, "B2BWorks.com"), you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways. This Privacy Policy only applies to products and services related to B2BWorks.com; other products and services provided by B2BWorks.com may be governed by separate privacy policies.

Data Protection Policy

Network Protection

Virtual network resources are protected by Next Gen Firewall. Firewall deny access to unauthorized IP addresses. Public access to the database through the network is disabled and standard ports are closed.

Access Management

We assign a unique ID to each person with computer access to Amazon Information. Access rights are provided to employees based on their role within the company and are progressive, based on their responsibility. The list of people and services with access to Amazon Information are reviewed on a regular basis, and remove accounts that no longer require access by system developers.

Encryption in Transit

All data in transit must be accomplished over TLS/HTTPS. In the case we are working with legacy systems, we highly recommend converting to HTTPS, as we must enforce this security control on all applicable external endpoints used by customers as well as internal communication channels and operational tooling. Unsecured communication channels will be disabled.

Incident Response Plan

Plans and Tooling will be in place to detect and handle security incidents, which identify the incident response roles and responsibilities, define incident types that may impact third-parties, define incident response procedures for defined incident types, and define an escalation path and procedures to escalate Security Incidents to respective parties. Such Plans and Tooling will be reviewed and verify the plan every 6 months. Data breaches require the client (customer), users, third-party APIs and all other parties to be notified within 24 hours.

Request for Deletion and Return

We will respond with data requests within 72 hours and you may ask for data to be permanently deleted, with written confirmation after it is completed.

Encryption and Storage

All PII data is stored in an encrypted (AES-256, or RSA with 2048-bit key size). The cryptographic materials and cryptographic capabilities used for encryption will only accessible to the our processes and services, and will never be shared. Data will never be persisted using removable media (e.g., USB) or unsecured public cloud applications (e.g., public links made available through Google Drive) unless their is written consent via the client.

Logging and Monitoring

We have our own proprietary logging and monitoring system which gathers logs to detect security-related events to Applications and systems. All logs are only accessible privately by us and we prevent any unauthorized access and tampering throughout their lifecycle. Our internal system contains mechanisms to monitor the logs and all system activities to trigger investigative alarms on suspicious actions. In case their is an incident, it will be dealt with in accordance with our Incident Response Plan. Anomalies are detected by scanning user activity. The risk is evaluated by looking at over 30 different risk indicators, grouped into risk factors, as follows:
- Risky IP address
- Login failures
- Admin activity
- Inactive accounts
- Location
- Impossible travel
- Device and user agent
- Activity rate
Based on the policy results, security alerts are triggered. App Security looks at every user session on the system.

What information does B2BWorks.com collect?

We DO NOT collect and store any information in our website.

How does B2BWorks.com use cookies?

A cookie is a string of information that a website stores on a visitorís computer, and that the visitorís browser provides to the website each time the visitor returns. We use cookies to identify and track visitors, their usage of our website, and their website access preferences. We also use cookies to help us to improve the performance of our website to provide you with a better user experience.

Will B2BWorks.com share any of the information it receives?

We neither rent nor sell your Personal Information to anyone. We DO NOT share your Personal Information (in personally identifiable form) with third parties

Protection of B2BWorks.com and others

We may release Personal Information when we believe in good faith that release is necessary to comply with the law or in response to any request from any law enforcement agency or other governmental organization; to enforce or apply our conditions of use and other agreements; or to protect the rights, property, or safety of B2BWorks.com, our employees, our users, or others. This includes exchanging Personal Information with other companies and organizations for fraud protection and credit risk reduction.

Changes to this privacy policy

We may amend this Privacy Policy from time to time. Use of information we collect is subject to the Privacy Policy in effect at the time such information is used. If we make changes in the way we use Personal Information, we will post the changes to the B2BWorks.com website and/or send you an email prior to the change becoming effective.