Privacy Policy

This Privacy Policy explains how World Business Software Solutions, a division of syhtek software solutions, collects, uses, stores, shares, protects and otherwise processes personal data in connection with its websites, software systems, ecommerce platforms, wholesale systems, recycling and buyback systems, backend infrastructure, integrations, support services and related business operations.

World Business Software Solutions develops and supports digital business systems for serious commercial organisations, including wholesalers, retailers, distributors, recycling companies, buyback businesses, logistics operators, importers, exporters, and international trading businesses. Our services may include ecommerce systems, business automation tools, inventory and order management platforms, booking systems, integrations, API connections, cloud infrastructure and operational backend systems.

This Privacy Policy is intended to provide clear and transparent information about how personal data is handled when you:

• visit our website
• contact us
• request information, proposals or support
• engage us for software or development services
• use systems, portals, dashboards or platforms we provide
• interact with us as a client, supplier, business contact, or authorised user
• access content, communications or service-related documentation

We operate globally and may process business data, customer data, staff data and technical usage data across multiple jurisdictions. We recognise the importance of privacy, confidentiality and lawful data handling. We are committed to handling personal data responsibly and in line with applicable data protection laws.

By using our website, services or systems, you acknowledge that your personal data may be processed in accordance with this Privacy Policy.

For the purpose of this Privacy Policy, World Business Software Solutions, a division of syhtek software solutions, is the business responsible for determining how and why certain personal data is processed in relation to our own website, enquiries, sales processes, service delivery, support operations, account management, invoicing, security and internal administration.

In some situations, we act as a data controller. This means we decide the purpose and method of processing personal data for our own business activities.

In other situations, particularly where we host, support, maintain or technically process information within systems built for clients, we may act as a data processor or service provider on behalf of a client. In those cases, the client remains responsible for the legal basis, privacy notices, customer disclosures and lawful instructions connected to the data stored or processed within the client’s own system.

This distinction is important:

• if you are visiting our website or contacting us directly, we usually act as the data controller
• if you are using a platform we built for one of our clients, that client may be the data controller and we may only process data on their behalf

If you are unsure whether we are acting as controller or processor in relation to your data, you should contact us using our official business contact channels.

This Privacy Policy applies to personal data processed through:

• our corporate or marketing websites
• contact forms and enquiry forms
• software demonstrations and proposal requests
• client onboarding processes
• project communications
• support and maintenance services
• hosted systems and cloud-based environments managed by us
• account administration and user access systems
• technical monitoring and security processes
• invoicing, payments and business administration
• communications by email, messaging platforms, telephone, or other business channels

This Privacy Policy does not override any separate written agreement, data processing agreement or client contract. Where a client-specific agreement applies, that agreement may provide additional detail on how data is handled within a particular project or service environment.

This Privacy Policy also does not replace the privacy obligations of our clients. If we build or host a platform for a client and that client collects data from its own customers, users or suppliers, the client is responsible for its own privacy notices, legal disclosures and compliance obligations.

We may collect, receive, store or process different categories of personal data depending on the relationship and the service involved.

This may include:

• full name
• company name
• job title
• business email address
• telephone number
• billing address
• country or region
• delivery or office address

This may include:

• usernames
• encrypted or secured password-related information
• account IDs
• user roles and permissions
• login records
• access history
• account status

This may include:

• enquiry details
• quotation requests
• order information
• invoice details
• payment status
• contract records
• service history
• support records
• communications relating to a project or platform

This may include:

• IP address
• browser type
• device type
• operating system
• session information
• date and time of access
• pages viewed
• referral source
• system logs
• error logs
• API activity
• performance and diagnostic data

This may include:

• emails
• call notes
• messages
• support tickets
• meeting notes
• feedback
• file attachments shared for project or support purposes

Where we develop, host, support or maintain software for clients, personal data within those platforms may include categories defined by the client, such as:

• customer names
• contact details
• order details
• booking information
• shipping information
• trade-in or recycling records
• supplier records
• staff user details
• business contact databases

In these situations, the client controls the purpose of the data and we may process it only as required to provide the service.

This may include:

• preferences relating to communications
• consent records where required
• records of marketing opt-ins or opt-outs
• interest in specific services, products or sectors

We do not intentionally request or require special category data unless it is strictly necessary and lawfully supported. Clients and users should avoid submitting unnecessary sensitive personal data unless specifically requested for a lawful business purpose.

We may collect personal data in several ways.

You may provide personal data when you:

• contact us through our website
• request a quote or consultation
• engage us for services
• create or use an account
• communicate with our team
• submit support tickets
• join meetings or calls
• provide feedback or project materials

We may collect technical and usage data automatically through:

• website analytics tools
• cookies and similar technologies
• server logs
• application logs
• security systems
• monitoring tools

We may receive data from a client, business partner, employer, or authorised representative where:

• they appoint users to a system
• they nominate contacts for a project
• they provide staff or supplier information
• they request support on behalf of their organisation

We may receive information from third-party systems connected to our operations or a client project, such as:

• payment providers
• cloud hosting services
• CRM systems
• support platforms
• analytics tools
• API integrations
• business communication tools

We process personal data only where there is a legitimate business or legal reason to do so.

We may use personal data to:

• respond to enquiries and proposal requests
• assess service requirements
• onboard clients and manage projects
• create and administer accounts
• provide software, websites, systems and technical services
• host, maintain, update and support client platforms
• manage user access and permissions
• provide customer support and issue resolution
• process billing, invoicing and payment administration
• communicate service updates, notices and operational messages
• improve platform performance and usability
• monitor infrastructure, system health and security
• investigate suspicious activity, abuse or unauthorised access
• maintain backups, logs and operational records
• comply with legal obligations
• protect contractual rights and business interests
• conduct internal reporting, service review and planning
• send business communications where lawful and appropriate

We do not sell personal data. We do not use personal data for unrelated or hidden purposes.

Where applicable data protection law requires a legal basis, we may rely on one or more of the following:

We process personal data where necessary to enter into, deliver, manage or enforce a contract. This includes project delivery, account administration, support services, hosting, invoicing, and service communications.

We may process personal data where necessary for our legitimate business interests, provided those interests are not overridden by your rights. This may include:

• managing client relationships
• responding to business enquiries
• improving services
• maintaining system security
• preventing misuse
• documenting communications
• protecting legal rights
• operating and growing our business

We may process personal data where necessary to comply with law, regulation, taxation, accounting, fraud prevention, legal process or lawful requests from authorities.

In some circumstances, we may rely on consent, especially for certain non-essential cookies or marketing communications where required by law. Where consent is the basis, it may be withdrawn at any time, although this does not affect processing already carried out lawfully before withdrawal.

Because our business develops and supports digital systems for other businesses, our privacy position can vary depending on the situation.

We usually act as controller for:

• our own website operations
• lead generation and enquiries
• client communications
• support communication records
• contracts and invoices
• internal administration
• compliance and security monitoring
• our own marketing and business development

We may act as processor or service provider where we:

• host or maintain client systems
• support client databases
• manage infrastructure on behalf of clients
• access platform data for debugging, upgrades or support
• process data only under a client’s instructions

In these circumstances:

• the client is responsible for the purpose and legal basis of the data
• the client must provide its own privacy notices to its users or customers
• the client must ensure it has lawful authority to instruct us
• we process data only to provide the agreed service, comply with law or protect system integrity

Clients using our systems must ensure that any personal data they collect, upload, store or process through our platforms is handled lawfully, fairly and transparently. This includes providing notice, obtaining consent where required, handling user rights requests and complying with applicable data protection law.

We may share personal data where necessary and lawful, but only to the extent reasonably required.

We may share data with:

• employees, contractors and authorised personnel who need access for service delivery
• cloud hosting and infrastructure providers
• support software providers
• payment service providers
• communication and collaboration tools
• email service providers
• analytics or security tools
• legal, professional, tax or compliance advisers
• regulators, authorities, courts or law enforcement where legally required
• business partners or subcontractors involved in a project, where appropriate and subject to confidentiality controls

We require service providers and subcontractors to handle data only for authorised purposes and with appropriate confidentiality and security obligations.

We do not sell personal data to third parties for commercial resale.

We operate in connection with global clients and international systems. Personal data may be processed, accessed, stored, or transferred across different countries depending on the infrastructure, support model, client operations or service providers involved.

This means personal data may sometimes be transferred outside the country where it was originally collected.

Where we transfer personal data internationally, we take reasonable steps to ensure that appropriate safeguards are used where required. These may include:

• contractual protections
• provider commitments on security and confidentiality
• recognised transfer mechanisms where required by law
• access controls and operational limitations

By using international systems or engaging us for global service delivery, you acknowledge that cross-border data transfers may occur.

We retain personal data only for as long as reasonably necessary for the purpose for which it was collected or as required by law, contract, dispute management or legitimate business need.

Retention periods may vary depending on the type of data and the context. For example:

• enquiry data may be retained for follow-up, reference, or record keeping
• client account and project data may be retained during the service relationship and for a reasonable period afterward
• invoices, payment records and tax-related documentation may be retained to comply with legal and accounting obligations
• system logs and security records may be retained for investigation, protection and operational review
• backup copies may remain for a limited period under normal backup cycles

When retention is no longer necessary, data may be deleted, anonymised, archived or securely removed, subject to technical and legal limitations.

Clients are responsible for managing retention settings and business records within their own systems unless a managed data retention service is specifically agreed.

We take data security seriously and implement reasonable technical and organisational measures designed to protect personal data against unauthorised access, misuse, disclosure, alteration or loss.

These measures may include:

• access controls
• user permission structures
• authentication protections
• server and infrastructure security practices
• logging and monitoring
• encrypted communications where appropriate
• restricted administrative access
• backup procedures
• internal confidentiality controls
• security review processes

However, no internet-based platform, software environment, email system, hosting service or data transmission method can be guaranteed to be completely secure. For that reason:

• we do not guarantee absolute security
• clients and users must also protect passwords, devices, accounts and internal access
• misuse, negligence, weak credential practices or unmanaged third-party services may create security risk

Where a client is responsible for hosting, renewals, passwords, domains, Cloudflare, SSL, payment gateways, email systems, or external infrastructure, that responsibility remains with the client unless covered under a specific managed service agreement.

Our website and some systems may use cookies, pixels, scripts, log files or similar technologies to support functionality, security, performance measurement and analytics.

These technologies may be used to:

• keep sessions active
• remember settings
• improve website performance
• understand visitor behaviour
• monitor traffic sources
• support security
• measure content or campaign effectiveness

Some cookies may be necessary for the operation of the website or platform. Others may be optional and used only where consent is given where required by law.

More detail should be provided in our separate Cookie Policy. Where cookie consent tools are used, you may manage your preferences through those tools.

We may send business-related communications where lawful and appropriate, such as:

• responses to enquiries
• service information
• account notices
• operational updates
• relevant business communications relating to our services

Where marketing consent is required, we will seek it appropriately. Where consent is not required, we may still contact existing business contacts where permitted for relevant business purposes.

You may opt out of non-essential marketing communications at any time using the unsubscribe method provided or by contacting us directly. Opting out of marketing does not affect necessary service-related or contractual communications.

Depending on the law that applies to your location, you may have certain rights in relation to your personal data.

These rights may include the right to:

• request access to your personal data
• request correction of inaccurate data
• request deletion of data in certain situations
• request restriction of processing
• object to certain forms of processing
• withdraw consent where consent is the legal basis
• request transfer of data where applicable
• complain to a relevant supervisory authority

These rights are not absolute. In some cases, we may need to keep or continue processing data for legal, contractual, security, fraud prevention, technical or administrative reasons.

If we process data only on behalf of a client, requests relating to that data may need to be directed to the client as the data controller. We may assist our clients as required under our service arrangements.

To exercise rights relating to personal data we control, you should contact us through our official business contact channels and provide enough information for us to understand and verify the request.

To protect privacy and security, we may need to verify the identity or authority of any person making a request before taking action. This may include requesting additional information or documentation.

We may refuse, limit or delay a request where:

• identity cannot be verified
• the request is clearly excessive or unfounded
• legal obligations require data retention
• disclosure would affect the rights of others
• we are acting only as processor and the request should be handled by the controller

Many of the systems we build are designed for commercial use in sectors such as wholesale electronics, ecommerce, recycling, trade-in, distribution and global trading. Those systems may process customer, supplier, staff and order data as part of the client’s own business operations.

Where a client uses a platform developed, hosted or maintained by us, the client is responsible for:

• deciding what personal data is collected
• ensuring a lawful basis for collection and use
• providing privacy notices to its own users and customers
• obtaining required consents where necessary
• defining retention periods
• responding to user rights requests
• ensuring the lawfulness of uploaded or imported data
• complying with local and international privacy laws

We are not responsible for unlawful client data practices, misleading privacy notices or data collection activities performed independently by the client outside our instructions or control.

Our website, services and software systems are intended for business and commercial use. They are not directed to children, and we do not knowingly collect personal data from children for our own business purposes.

If you believe a child has provided personal data to us inappropriately, please contact us so that appropriate steps can be considered.

Our website, systems or communications may contain links to third-party websites, services, plugins, payment gateways, integrations or external platforms. We do not control the privacy practices of those third parties.

If you access third-party services, you should review their own privacy policies, terms and data practices. We are not responsible for the privacy, security, content or data handling practices of third-party services outside our direct control.

We take security incidents seriously and may investigate any suspected unauthorised access, data misuse, platform abuse, or security breach affecting our systems or services.

Where required by law or contract and where applicable to our role, we may:

• investigate the issue
• take containment and recovery steps
• notify affected clients
• maintain records of the incident
• cooperate with legal or regulatory requirements

Clients must also act responsibly by securing their own accounts, passwords, renewals, infrastructure, devices and internal access controls. Privacy and security obligations are shared in practice, especially in hosted or integrated business environments.

We may update this Privacy Policy from time to time to reflect:

• changes in law or regulation
• changes in our services or systems
• updates to technology or infrastructure
• security or operational developments
• changes in how personal data is processed

The latest version should be published with an updated “Last Updated” date. Continued use of our website, services, or systems after changes take effect may be treated as acceptance of the updated Privacy Policy where permitted by law.

For privacy-related enquiries, data protection concerns, or requests relating to this Privacy Policy, you should contact:

World Business Software Solutions
A Division of syhtek software solutions

Official contact details should be provided through the company’s approved communication channels and website contact methods.

When contacting us, please include enough detail for us to identify the relevant account, project, platform, or communication.

World Business Software Solutions handles personal data as part of providing serious digital infrastructure for business operations, including websites, software systems, automation platforms, ecommerce environments, backend tools, integrations, and hosted services. We understand that privacy, security, trust and legal clarity are essential for businesses operating online at scale.

We are committed to processing personal data in a lawful, fair, practical and commercially responsible way. At the same time, clients remain responsible for the data practices of their own businesses, especially where they collect or manage customer and operational data through systems we build or support.

This Privacy Policy is intended to provide clear information, support trust and reflect the standards expected from a serious international software and business systems company.