1.1. Definitions

• Personal Data — any information relating to a directly or indirectly identified individual
• Personal Data Processing — any action with personal data, including collection, recording, systematization, accumulation, storage
• Operator — B2BRICS, determining the purposes and content of personal data processing
• Data Subject — individual to whom personal data relates
• Consent — voluntary expression of will by the subject for processing their personal data

1.2. Data Processing Principles

B2BRICS processes personal data based on principles of lawfulness, fairness, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality in accordance with BRICS+ countries legislation requirements.

1.3. Legal Grounds

Personal data processing is carried out based on subject consent, contract performance, compliance with legal obligations and protection of operator's legitimate interests within BRICS legal compatibility framework.

1.4. Cross-border Data Transfer

Personal data transfer between BRICS+ countries is carried out in accordance with principles of mutual recognition of data protection standards and national legislation requirements of each country.

2.1. Registration Data

• First name, last name, position
• Email address
• Phone number
• Company name and details
• Business registration country

2.2. Verification Data

• Identity documents
• Company registration documents
• Banking details
• Licenses and certificates
• Powers of attorney and authorities

2.3. Platform Usage Data

• IP address and geolocation
• Device type and browser
• Session time and duration
• Viewed pages and products
• Search queries

2.4. Communication Data

• Correspondence through Telegram integration
• Support service requests
• Reviews and comments
• Transaction and contract data

3.1. Primary Purposes

• Providing access to platform functions
• User identification and authentication
• Identity and authority verification
• Platform security assurance
• Fraud prevention
• User technical support

3.2. Additional Purposes

• Service quality improvement
• Content personalization
• Platform usage analytics
• Marketing communications (with consent)
• BRICS+ countries legal requirements compliance

4.1. Accredited Partners

Personal data may be transferred to B2BRICS accredited partners for logistics, payment, legal support services exclusively to the extent necessary for performing their functions.

4.2. Telegram and External Services

When using Telegram integration, data is processed in accordance with Telegram privacy policy. DeepL AI translator processes only textual information without personal data.

4.3. Government Authorities

Data transfer to government authorities is carried out only upon lawful requests in the manner established by applicable legislation of the respective BRICS+ country.

4.4. Cross-border Transfers within BRICS+

Data transfer between BRICS+ countries is carried out based on:

• BRICS legal compatibility principles
• Mutual recognition of data protection standards
• National legislation requirements compliance
• Data subject consent when necessary

5.1. Active Accounts

Personal data of active users is stored throughout the platform usage period and 3 years after last activity to ensure account recovery possibility.

5.2. Verification Documents

Documents provided for verification are stored for 5 years after platform usage termination in accordance with currency and tax legislation requirements of BRICS+ countries.

5.3. Communication Data

Correspondence and support requests are stored for 3 years to ensure service quality and dispute resolution.

5.4. Technical Logs

Platform visit and usage data is stored for 1 year to ensure security and service improvement.

6.1. Right to Access

You have the right to obtain information about what personal data is processed, for what purposes and to whom it is transferred. Requests can be sent to export@b2brics.pro.

6.2. Right to Rectification

You can request correction of inaccurate or incomplete personal data through personal account or support service request.

6.3. Right to Erasure

You can request deletion of your personal data, except when their storage is required by BRICS+ countries legislation or for legitimate interests protection.

6.4. Right to Restrict Processing

You can request restriction of your data processing in case of disputing their accuracy or objecting to processing.

6.5. Right to Withdraw Consent

Consent to personal data processing can be withdrawn at any time by sending appropriate request.

6.6. Rights under National Legislation

Additional data subject rights are determined in accordance with legislation of their residence or citizenship country within BRICS+.

7.1. Technical Measures

• Data encryption during transmission and storage
• Multi-factor authentication
• Regular security system updates
• Unauthorized access monitoring
• Data backup

7.2. Organizational Measures

• Data access restriction on need-to-know basis
• Employee data protection training
• Regular data processing system audits
• Incident response procedures
• Employee confidentiality agreements

7.3. BRICS+ Standards Compliance

Security measures comply with all BRICS+ countries legislation requirements and international information security standards.

7.4. Incident Notification

In case of personal data security breach, B2BRICS notifies regulatory authorities of respective BRICS+ countries within established timeframes and affected data subjects within reasonable time.

8.1. Cookie Types

• Necessary cookies — for platform functionality
• Functional cookies — for remembering settings
• Analytics cookies — for usage analysis
• Marketing cookies — for personalization (with consent)

8.2. Cookie Management

You can manage cookie settings through browser or platform settings panel. Disabling necessary cookies may limit website functionality.

9.1. Age Restrictions

B2BRICS platform is intended for persons over 18 years old in accordance with B2B activity requirements. We do not intentionally collect personal data of children under 18.

9.2. Children's Data Discovery

If we become aware that we have collected personal data of a child under 18, we will immediately delete such data in accordance with BRICS+ countries legislation requirements.

10.1. Change Notification

Significant privacy policy changes are communicated to users 30 days before taking effect through email or platform notifications.

10.2. Consent to Changes

Continued platform use after changes means consent to the new privacy policy version.

10.3. Legislation Changes Compliance

Policy may be updated to comply with changes in BRICS+ countries personal data protection legislation.

11.1. Data Processing Responsible

For personal data processing questions contact:
Email: export@b2brics.pro
Telegram: @b2bricssupport_bot

11.2. Request Processing Timeframes

Personal data requests are processed within 30 days from receipt.

11.3. Supervisory Authority Complaints

You have the right to file complaints with data protection supervisory authorities in case of rights violations:

• Russia: Roskomnadzor
• Brazil: Autoridade Nacional de Proteção de Dados (ANPD)
• India: Data Protection Authority (under establishment)
• China: Cyberspace Administration of China
• South Africa: Information Regulator
• UAE: UAE Data Office
• Other BRICS+ countries: respective national authorities