Table of Contents
1.Introduction & Scope
FrozenB2B is committed to protecting the personal data of all individuals who interact with our platform. This Data Protection Policy sets out our approach to compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Israeli Privacy Protection Law 5741-1981 (as amended), and other applicable data protection legislation.
This policy applies to all personal data processed by FrozenB2B in connection with:
- Buyer RFQ submissions and follow-up communications
- Supplier and exporter applications and onboarding
- Website usage and analytics data
- Newsletter subscriptions and trade communications
- Any other services offered through www.frozenb2b.com
ð¡ï¸ FrozenB2B operates as a Data Controller for personal data collected through our website, and as a Data Processor where we handle personal data on behalf of trade partners.
2.Data Protection Principles
We adhere to the following core data protection principles in all our processing activities:
- Lawfulness, fairness, and transparency: We process data on a clear legal basis and are transparent about how it is used.
- Purpose limitation: Data collected for a specific purpose is not used for incompatible purposes.
- Data minimisation: We only collect data that is necessary for the stated purpose.
- Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
- Storage limitation: We retain data only as long as necessary (see Section 8).
- Integrity and confidentiality: We implement appropriate technical and organisational security measures.
- Accountability: We can demonstrate compliance with these principles.
3.Personal Data We Process
The following categories of personal data are processed by FrozenB2B:
| Category | Data Elements | Source |
|---|---|---|
| Business contact data | Contact name, business email, company name, country | Form submissions |
| Trade data | Product specifications, quantities, pricing, port preferences, payment terms | Buyer RFQ forms |
| Supplier profile data | Export experience, production capacity, certifications, BOL capability | Supplier applications |
| Usage data | IP address, browser type, pages visited, session duration | Automatic collection |
| Cookie data | Session identifiers, preference cookies, analytics cookies | Browser cookies |
| Communication data | Email correspondence, trade desk interactions | Direct communications |
We do not intentionally collect special category data (e.g., health data, biometric data, political opinions) or personal data relating to children under 18.
4.Legal Bases & Purposes
| Processing Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Processing buyer RFQs and matching with suppliers | Article 6(1)(b) â Performance of a contract / pre-contractual steps |
| Processing supplier applications and onboarding | Article 6(1)(b) â Performance of a contract / pre-contractual steps |
| Sending trade match notifications and follow-ups | Article 6(1)(f) â Legitimate interests |
| Website analytics and performance monitoring | Article 6(1)(f) â Legitimate interests (with consent for non-essential cookies) |
| Newsletter and trade intelligence communications | Article 6(1)(a) â Consent |
| Compliance with legal obligations | Article 6(1)(c) â Legal obligation |
| Fraud prevention and platform security | Article 6(1)(f) â Legitimate interests |
Where processing is based on legitimate interests, we have conducted and documented a Legitimate Interest Assessment (LIA) to ensure that our interests are not overridden by the rights and freedoms of data subjects.
5.Data Minimisation
Our forms are designed to collect only the minimum data required to deliver our matching service. We regularly review our data collection practices to ensure:
- Optional fields are clearly marked and not required for service delivery.
- No sensitive financial, banking, or payment card data is collected through our platform.
- Data collected for one purpose is not repurposed without a compatible legal basis.
- Users can submit enquiries with minimal mandatory fields (company name, email, country, product, and quantity for buyers).
6.Data Processors & Sub-processors
FrozenB2B engages the following categories of data processors:
| Processor | Purpose | Location |
|---|---|---|
| Google LLC (Google Workspace) | Form data storage, email communications, spreadsheet management | USA / EU (SCCs in place) |
| Google Analytics | Website analytics and performance measurement | USA / EU (SCCs in place) |
| WordPress / Web host | Website infrastructure and content management | EU/US |
All processors are subject to data processing agreements (DPAs) requiring them to process data only on our documented instructions, implement appropriate security measures, and assist with data subject rights requests.
7.International Data Transfers
FrozenB2B is based in Israel. Israel has been recognised by the European Commission as providing an adequate level of personal data protection for commercial transfers under GDPR Article 45.
Where we transfer data to processors in third countries without an adequacy decision, we rely on:
- Standard Contractual Clauses (SCCs): The European Commission’s approved module-specific SCCs for controller-to-processor transfers.
- Supplementary measures: Including encryption in transit and at rest, and access controls.
Data transfers to Google are covered by Google’s Data Processing Addendum incorporating the EU Standard Contractual Clauses.
8.Retention Schedule
| Data Type | Retention Period | Basis |
|---|---|---|
| Buyer RFQ records | 3 years from submission or end of trade relationship, whichever is later | Legitimate interests / legal basis |
| Supplier application records | 3 years from submission or end of relationship | Legitimate interests |
| Active trade partner correspondence | Duration of relationship + 5 years | Legal obligation (commercial records) |
| Newsletter subscriber data | Until unsubscription + 1 month | Consent |
| Website usage / analytics data | 26 months (aggregated) | Legitimate interests |
| Security / access logs | 12 months | Legitimate interests (security) |
After retention periods expire, data is securely deleted or anonymised in a manner that makes re-identification impossible.
9.Your GDPR Rights
If you are located in the EU/EEA, UK, or a jurisdiction with equivalent data protection rights, you have the following rights which you can exercise at any time:
- Right of access (Art. 15): Obtain a copy of personal data we hold about you, plus information about how it is processed.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your data where it is no longer necessary, consent is withdrawn, or other grounds apply.
- Right to restrict processing (Art. 18): Request we limit processing while accuracy is contested or objection is pending.
- Right to data portability (Art. 20): Receive data in a structured, commonly used, machine-readable format (applies to consent-based or contract-based processing).
- Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
- Rights related to automated decision-making (Art. 22): We do not use solely automated decision-making that produces legal or similarly significant effects.
To exercise any right, submit your request to [email protected]. We will acknowledge receipt within 72 hours and respond within 30 days (extendable to 3 months for complex requests with notification).
We do not charge a fee for reasonable requests but may charge for manifestly unfounded or excessive requests.
10.Data Breach Procedure
In the event of a personal data breach, FrozenB2B will:
- Identify, contain, and assess the breach as quickly as possible.
- Notify the relevant supervisory authority within 72 hours of becoming aware, where the breach is likely to result in a risk to the rights and freedoms of individuals.
- Notify affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
- Document all breaches, including those not requiring notification, in our breach register.
- Implement corrective measures to prevent recurrence.
If you believe your personal data has been compromised, please contact us immediately at [email protected].
11.Contact
For all data protection enquiries, requests, and complaints:
- Email: [email protected]
- Website: www.frozenb2b.com
EU/EEA-based users who are not satisfied with our response have the right to lodge a complaint with their local data protection supervisory authority (e.g., the Irish Data Protection Commission for EU-wide matters, or the relevant national authority in their country).
This Data Protection Policy is reviewed annually and updated when required by changes in law or our processing activities. Material changes will be communicated via our website.