Privacy Policy

Privacy Policy - Gloseg B2B Marketplace

Effective date: 5 September 2025

1. Who we are

1.1. Gloseg B2B Marketplace is operated by GLOSEG B2B LIMITED, a company registered in England and Wales, Company No. 15793182, registered office at 124 City Road, London, EC1V 2NX. (Companies House)

1.2. References to "Gloseg", "we", "us", or "our" include our affiliated entities in Ghana and Nigeria that support the service. The contracting entity for your account will be shown in your account settings or order documentation.

1.3. Contact for privacy requests: privacy@gloseg.com
Postal: Privacy Team, Gloseg, 124 City Road, London EC1V 2NX, United Kingdom.

1.4. Data Protection Officer or Privacy Lead: privacy@gloseg.com.
EU GDPR Article 27 and UK representatives: to be appointed. We will update this notice when appointed. Until then, contact us directly using the details above.

2. Scope and audience

2.1. This policy explains how we handle personal data in a strictly business-to-business context for our marketplace that connects corporate buyers and suppliers for product sourcing, trade inquiries, payments, logistics and global trade facilitation.

2.2. The service is not intended for consumers or children. Accounts may only be created and used by authorized representatives of a business who are at least 18 years old.

3. Data we collect

3.1. Business and account data: company name, registration number, VAT or GST, industry, registered and trading addresses, billing contacts.

3.2. User data for authorized representatives: names, job titles, work emails, work phone numbers, authentication credentials, optional ID documents for KYC or sanctions screening where required by law or by our payment and risk controls.

3.3. Transaction data: RFQs, quotes, purchase orders, invoices, payment status, chargeback information, shipment details, customs documentation, dispute records.

3.4. Content and communications: product listings, catalogs, certifications, compliance documents, messages between buyers and suppliers, support tickets, recordings if you opt into recorded demos or webinars.

3.5. Device and usage data: IP addresses, device identifiers, browser information, referring URLs, pages viewed, time on page, interaction data, diagnostic logs, security logs.

3.6. Cookies and similar technologies: see Section 10.

3.7. We do not intentionally collect sensitive personal data. If you upload such data in error, contact us to remove it.

4. How we use data

4.1. Operate and secure the platform: user registration, authentication, account administration, fraud prevention, abuse detection, service monitoring, incident response.

4.2. Facilitate marketplace transactions: matching buyers and suppliers, enabling RFQs and quotes, order processing, payments, logistics coordination, and dispute support.

4.3. Compliance: KYC, AML and sanctions screening where required, tax and accounting obligations, record keeping, responding to lawful requests.

4.4. Improve and develop the service: analytics, diagnostics, testing, quality assurance, product research.

4.5. Marketing and communications: service announcements, onboarding emails, marketplace insights, promotional messages about our features or events. You may opt out of marketing at any time.

4.6. Legal grounds under GDPR and UK GDPR: contract performance, legitimate interests (for security, analytics, service improvement and B2B marketing), legal obligation, and consent for non-essential cookies or where required.

5. Data sharing and disclosures

5.1. Within Gloseg: among Gloseg entities in the UK, Ghana and Nigeria for centralized operations, support and compliance.

5.2. Service providers and processors:

Hosting and infrastructure: Amazon Web Services in EU West regions, and associated sub-services.
Analytics: Google Analytics.
Marketing automation: Mailchimp.
Payments: Stripe and PayPal.
Some providers may engage sub-processors. We contractually require appropriate confidentiality, security and data protection commitments.

5.3. Counterparties: when you engage with another business on the marketplace, we share the information needed to fulfill that transaction, such as company details, contact data, order and shipment information.

5.4. Logistics partners and customs brokers: to arrange shipments, tracking, import or export filings where you or a supplier request those services via the platform.

5.5. Legal, compliance and risk: courts, regulators, law enforcement, auditors, insurers, dispute resolution providers, or where we in good faith believe disclosure is necessary to comply with law, enforce our terms, or protect rights, property or safety.

5.6. Business transfers: if we undergo a corporate transaction, we may transfer data consistent with applicable law and subject to confidentiality.

5.7. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under US state privacy laws. If this changes, we will update this policy and provide an opt-out.

6. International transfers

6.1. We may transfer data internationally, including to the United Kingdom, the European Union and countries where our service providers operate. When transferring out of the UK or EEA to a country without an adequacy decision, we use the European Commission Standard Contractual Clauses and, for the UK, the International Data Transfer Addendum. We also apply additional safeguards such as encryption in transit and at rest and role-based access controls.

7. Security

7.1. We implement technical and organizational measures appropriate to the risk, including encryption in transit and at rest, role-based access controls, least-privilege staff access, multi-factor authentication for administrative access, segregation of environments, regular vulnerability scanning and logging with alerting.

7.2. No method of transmission or storage is completely secure. We continually review and improve our safeguards.

8. Retention

8.1. We keep business account records for the life of the account and for up to 6 years after closure for tax, accounting and legal purposes.

8.2. Transaction records are retained for 7 years, or longer if required by law or to resolve disputes.

8.3. Marketing contact data is retained until you opt out or after 24 months of inactivity.

8.4. Logs and telemetry are typically retained for up to 12 months.

8.5. We may anonymize data for statistical purposes and retain aggregated insights indefinitely.

9. Your rights

9.1. Depending on your location, you may have rights to access, correct, delete, port or restrict processing of your personal data, and to object to processing for direct marketing.

9.2. EU, UK and similar jurisdictions: you may lodge a complaint with your local supervisory authority.

9.3. California and certain US states: you may have the right to know, delete, correct, and to limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising.

9.4. To exercise rights, email privacy@gloseg.com from your work email associated with the account. We will verify your identity using your account details and may request additional information for security. We aim to respond within one month under GDPR and within 45 days under CCPA, subject to lawful extensions.

10. Cookies and tracking

10.1. We use cookies and similar technologies to operate the site, remember preferences, provide security, analyze usage and, where permitted, for marketing.

10.2. Categories: strictly necessary, functional, performance/analytics, and advertising. Non-essential cookies are used with your consent in jurisdictions that require it.

10.3. Controls: you can manage cookie preferences via our cookie banner and your browser settings. We honor Global Privacy Control signals in supported regions for applicable opt-out rights.

10.4. Example tools: Google Analytics, Mailchimp tracking for marketing emails. Specific cookies may change over time.

11. B2B communications

11.1. We may send service and transactional communications to your business contacts. You can opt out of promotional messages at any time without affecting essential service emails.

12. Children

12.1. The service is not directed to children. We do not knowingly collect data from anyone under 16. If you believe a minor has provided data, contact us for deletion.

13. Third-party links

13.1. Our site may link to third-party websites or services. Their privacy practices are governed by their policies.

14. Changes to this policy

14.1. We will update this policy as our services and laws evolve. We will notify account owners by email and provide an in-app notice for material changes. The "Effective date" at the top shows the latest version.