Information Clause - Affiliate Programme

Information Clause

  1. Following the entry into force of the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”), the Estonian Data Protection Act of 12 December 2018 and other provisions relating to the protection of personal data, I acknowledge that the controller of my personal data is BB Trade Estonia OÜ with its registered office in Harju maakond, Tallinn, Lasnamäe linnaosa, Lõõtsa tn 8a, 11415, Estonia, entered in the Register of Companies under the number 14814864 (hereinafter the “Controller”).
  2. The provision of data is voluntary, but necessary to register and participate in the Affiliate Programme. If the following personal data are not provided, the agreement will not be concluded/implemented. The provision of personal data by the Programme Participant is a contractual requirement.
  3. The Controller shall process the following personal data of the Programme Participants: first names, last names, email address, login, name, citizenship, residency, telephone number, date of birth, sex, physical likeness (recorded on photographs or on video, or linked through services with a third party tool, e.g. Facebook, Google or Weibo), home address (street, house/apartment number, postal code, city, country), information about the purpose of creating the account on the website, order details (amount spent, date, time, offers or vouchers used), information about the participant’s website, referral link, number of users invited along with their logins and information on the commissions collected on the exchange transactions, information about the participant’s revenue on the affiliate programme, and registration date.
    • In addition, in the case of business users, the personal data processed shall include: form of business, business name, NIP (Tax Identification Number), KRS (National Court Register Number) or commercial register number, REGON (National Official Business Register Number), country where business is conducted, date of establishment, business website, and information concerning members of the management board.
  4. The legal basis for the processing of personal data is:
    • a) contractual requirements – under Article 6(1)(B) of the GDPR – the processing of data is necessary to participate in the Controller’s Affiliate Programme
    • b) compliance with a legal obligation to which the Controller is subject – under Article 6(1)(C) of the GDPR - handling of the complaint procedure, keeping accounting records for a period required by law
    • c) legitimate interests pursued by the Controller – under Article 6(1)(F) of the GDPR, which involves in particular: managing customer relationships and other forms of marketing, improving the quality of services and adapting them to the needs of users, increasing the efficiency of the website and services, preventing fraud, preventing misuse of company IT systems, counteracting money laundering, physical, IT and network security, exercise of or defence against legal claims in the administration of justice by courts, mailing of the newsletter, marketing of the controller’s own products
  5. In certain circumstances, Programme Participants have the right to request from the Controller access to personal data, to object to the processing of data, to request rectification data, restriction of processing of data, erasure of data, to receive a copy of data, and also the right to data portability. In addition, the Programme Participant has the right to lodge a complaint with the supervisory authority competent for the protection of personal data, to protect their rights before court against a decision of the supervisory authority, and to exercise their rights before court without a complaint procedure before the supervisory authority.
  6. To exercise the rights described above or to ask questions about the processing of personal data, please contact us:
    • by email at: [email protected]
    • by registered letter: BB Trade Estonia OÜ, Harju maakond, Tallinn, Lasnamäe linnaosa, Lõõtsa tn 8a, 11415, Estonia.
  7. For security reasons, we may require a written form for requests. We may also refuse to act on requests if we have reasonable grounds to believe that they are unfair, impossible to fulfil or may threaten the privacy of others.
  8. If the Programme Participant believes that their personal data are processed in breach of the applicable provisions, they have the right to lodge a complaint with the supervisory authority – the Estonian Data Protection Inspectorate, 39 Tatari, 10134 Tallinn, Estonia.
  9. In addition, the personal data provided may be made available to the competent public authorities if applicable provisions of law so require.
  10. Personal data will be processed:
    • for the period necessary for the implementation of the agreement – participation in the Affiliate Programme
    • until the agreement is fully settled
    • until the end of the limitation period for claims in respect of the agreement concluded
    • until expiry of the data retention obligation arising from the law, in particular the obligation to keep accounting documentation relating to the agreement
  11. Personal data of the Programme Participant are not subject to automated decision making, including profiling.
  12. The Controller may transfer the personal data of Programme Participants for processing to third parties identified below:
    • business partners, banks, payment operators, as this is necessary in connection with our business activity, in particular for the implementation of our contractual relations with such third parties, for service and provision of the relevant benefits, for compliance with applicable laws and safety requirements, for communication with the Participant and third parties, for compliance with the financial obligations of the Data Controller, and for responding to legal requests and applications
    • processors The Controller may conclude written personal data processing agreements with another entity (the Processor). The right to conclude such agreements arises from the law. The entities which may be processors include in particular entities such as: IT service companies, audit firms, accounting offices, employee outsourcing agencies, customer service software providers, Internet mail service providers (Google Inc.), server hosting services.
  13. The processors shall be subject to contractual obligations concerning the implementation of appropriate technical and organisational security measures in order to protect the data of the persons concerned and users, and also to process those data as instructed by the Data Controller.
  14. Your personal data may be made available to companies affiliated in capital or personally with the Controller, i.e. taXsaprent sp. z o. o., Orion Software sp. z o. o., Expofer service house s. r. o, ICEO sp. z o. o., Pinewood Holdings Limited, BITBAYPAY AS., to the extent necessary for the business cooperation of these entities and the performance of contractual obligations.