RULES FOR PROCESSING PERSONAL DATA

Valid as of 15 September 2021

  1. The controller of personal data is TheBestAntique OÜ, registry code 14896448, address: Harju maakond, Rae vald, Peetri alevik, Allika tee 7, 75312, Estonia.

  2. To contact TheBestAntique OÜ, please send us an e-mail at: info@bag-auction.eu, or post a letter to: Harju maakond, Rae vald, Peetri alevik, Allika tee 7, 75312, Estonia.

  3. To contact the Data Protection Officer at TheBestAntique OÜ, please send an e-mail at: info@thebestantique.com, or post a letter to Data Protection Offices, TheBestAntique OÜ, Harju maakond, Rae vald, Peetri alevik, Allika tee 7, 75312, Estonia.

  4. TheBestAntique OÜ shall process personal data in order to:

    1. decide whether TheBestAntique OÜ can to allow a potential client to participate in the auction; The processing of personal data is based on the General Data Protection Regulation Article 6 Paragraph 1 points (a), (b) and (c). In addition, TheBestAntique OÜ shall verify the identity of the potential client (according to the Money Laundering and Terrorist Financing Prevention Act Chapter 3). The decision whether to allow a potential client to participate in the auction is based on the profile analysis of a potential client.

    2. execute an agreement signed with a client (incl. the recovery of debt); The processing of personal data is based on the General Data Protection Regulation Article 6 Paragraph 1 point (b). The decisions connected to the execution of an agreement are based on the client’s profile analysis and the experience of TheBestAntique OÜ about the client in question for making decisions concerning the steps taken to execute the agreement (incl. which measures to take for the recovery of purchase price).

    3. execute agreements with Partners; The processing of personal data is based on the General Data Protection Regulation Article 6 Paragraph 1 point (f). In addition, data processing may be necessary for executing an agreement between TheBestAntique OÜ and the merchant, from whom the client buys the product.

    4. prevent fraud and other criminal offences and to lower risks; The processing of personal data is based on the General Data Protection Regulation Article 6 Paragraph 1 points (f) and (c). For this, TheBestAntique OÜ shall use all reasonable efforts in order to verify whether the data presented by a potential client is valid. In addition, TheBestAntique OÜ shall take various measures for preventing possible fraud.

    5. fulfil other obligations imposed by law; The processing of personal data is based on the General Data Protection Regulation Article 6 Paragraph 1 point (c). For example, in certain cases, TheBestAntique OÜ may have an obligation to inform the Estonian Financial Intelligence Unit (according to the Money Laundering and Terrorist Financing Prevention Act Chapter 3) about certain transactions. The obligations imposed by law may be subject to change.

    6. for analytic reasons; The processing of personal data is based on the General Data Protection Regulation Article 6 Paragraph 1 point (f). TheBestAntique OÜ monitors consumer habits, e.g. how the company website is used, which of the offered products are most popular amongst clients, what are the preferences of different client groups, the progress of cooperation with different partners, etc. In addition, TheBestAntique OÜ conducts financial analyses and collects data for statistics. These actions enable TheBestAntique OÜ to develop products and services offered to its clients.

    7. for offering the products and services of TheBestAntique OÜ and of other entities belonging to the same business group to clients; The processing of personal data is based on the General Data Protection Regulation Article 6 Paragraph 1 points (a) and (f). TheBestAntique OÜ is interested in offering its clients the products of TheBestAntique OÜ and of its associated entities in the future. The decisions about which offers should be made to clients are based on the profile analysis of clients (incl. using TheBestAntique OÜ experience gained about a certain client) to decide whether the client might have an interest and/or the capacity to use a certain product.

  5. TheBestAntique OÜ shall collect personal data both from the person and from other public sources. In addition to the data provided by the client, TheBestAntique OÜ shall collect the following personal data:

    1. data about using the website (e.g. the IP-address and the time of using the website);

    2. data about the product purchased by the client;

    3. data (e.g. data about the person’s financial position and tax behavior, available from national registers and other public (incl. paid) databases;

    4. data about the client’s connection to third persons (e.g. whether the client is a person with a governmental background).

  6. TheBestAntique OÜ may forward the collected personal data for the following entities:

    1. providers of server-, network- and communication services;

    2. providers of other IT-services

    3. providers of marketing services;

    4. providers of analytics services;

    5. companies dealing with assessing creditworthiness;

    6. companies dealing with identity verification;

    7. companies dealing with debt recovery;

    8. payment default registers;

    9. registers from where TheBestAntique OÜ makes queries about a potential client;

    10. merchants whom the client has purchased the product or service from;

    11. providers of financial services;

    12. the councillors of TheBestAntique OÜ (auditors, law firms etc.);

    13. enterprises of the same business group as TheBestAntique OÜ;

    14. supervisory authorities;

  7. TheBestAntique OÜ processes the client’s personal data until necessary to achieve the purposes of the processing, including in order to perform the duty to preserve the data as prescribed by legislation, and to protect the rights of TheBestAntique OÜ in resolving a dispute which may arise from an agreement entered into with the client. As a rule, TheBestAntique OÜ preserves the client’s personal data until the expiry of the limitation period for any potential claims arising from the client relationship (i.e., 3 years after the expiry of the agreement), unless a longer preservation period is prescribed by legislation (for example, accounting documents must be preserved for 7 years and the information collected to perform the requirements prescribed by the Money Laundering and Terrorist Financing Act must be preserved for 5 years).

  8. As a rule, TheBestAntique OÜ will not transfer a client’s personal data outside the European Economic Area. However, if this is necessary, a thorough background check is made on the respective third country beforehand and appropriate protection measures are applied, such as transferring data to a country for which the European Commission has decided that this country guarantees an adequate level of data protection, transferring data to a person in the United States of America who has been certified under the Privacy Shield framework, or transferring data under the standard contractual clauses developed by the European Commission. According to subsection 49(1) of the General Data Protection Regulation, in the absence of protection measures, personal data may be transferred to a third country outside the European Economic Area if necessary for the performance of a contract between the client and TheBestAntique OÜ AS or the implementation of precontractual measures taken at the client’s request or for the conclusion or performance of a contract concluded in the interest of the client between TheBestAntique OÜ and another person or for the establishment, exercise or defence of legal claims.

  9. A data subject has the following rights:

    1. The right of access – the client has the right to know which data TheBestAntique OÜ has collected about him/her, the purposes of the processing of such data; the recipients of the data; the parties disclosing the data (except the customer); the period for which the personal data are stored and the client’s rights with regard to the rectification, erasure and restriction of processing of the data.

    2. The right to rectification – the client has the right to request the rectification of the personal data concerning him or her if the data are incorrect or incomplete.

    3. The right to erasure – in certain cases, the client has the right to request that TheBestAntique OÜ erase his or her personal data, for example, if the client withdraws consent on which the processing is based and there is no other legal ground for the processing, or if we have processed the personal data unlawfully.

    4. The right to restriction of processing – in certain cases, the client has the right to prohibit or restrict the processing of his or her personal data for a certain period (e.g. if the client has objected to data processing).

    5. The right to object – the client has the right to object to the processing of personal data concerning him or her which is based on the legitimate interests of TheBestAntique OÜ, including to the profiling based on this legal ground. If the client objects, we are required to discontinue the processing, except where we are able to demonstrate compelling legitimate grounds for the processing of the client’s personal data which override the interests, rights and freedoms of the data subject or where the processing is necessary for the establishment, exercise or defence of legal claims. Furthermore, the client has the right to object to the processing of his or her personal data for the purposes of direct marketing. In this case, TheBestAntique OÜ will no longer process such personal data for the purposes of direct marketing.

    6. The right to data portability – if the personal data are processed based on the client’s consent or a contract signed with TheBestAntique OÜ and the data are processed by automated means, the client has the right to receive personal data concerning him or her which he or she has provided to TheBestAntique OÜ in a structured, commonly used and machine-readable format. The client also has the right to request that TheBestAntique OÜ transmit the personal data directly to another service provider where technically feasible.

    7. The right to withdraw consent – if the processing of the client’s personal data is based on the client’s consent (e.g. communication of direct marketing messages), the client has the right to withdraw the consent at any time. If the client withdraws his or her consent, we will not continue processing the client’s personal data for the purposes described in the consent. Withdrawal of the consent will not affect the lawfulness of processing based on consent before its withdrawal. To execute your rights as a data subject, please contact TheBestAntique OÜ at the contact information provided in clause 2 or 3 of these principles. TheBestAntique OÜ will respond to requests without undue delay, but within 1 month at the latest after receipt of the request.

  10. Profiling is any form of processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse aspects concerning the client’s economic situation, personal preferences, interests, reliability, behaviour, location or movements. TheBestAntique OÜ uses profiling to prevent fraud and other types of misuse and mitigate any risks; for marketing purposes, for the assessment of risks to meet money laundering and terrorist financing prevention requirements; for verifying transactions in combating fraud and for assessing the likelihood of insolvency. Profiling is based on the personal data known about the client, which are collected in accordance with these principles. This type of personal data processing is carried out either based on the legitimate interest of TheBestAntique OÜ (profiling for marketing purposes), in order to perform the legal duties of TheBestAntique OÜ, including on the basis of the Money Laundering and Terrorist Financing Act and Regulation No. 575/2013 of the European Parliament and of the Council, or for entering into or performance of a contract between the client and TheBestAntique OÜ.

  11. If you need more information about the processing of your personal data or execution of your rights, please contact TheBestAntique OÜ at the contact information provided in clause 2 or 3 of these principles. TheBestAntique OÜ takes the client’s personal data and privacy seriously and follows the applicable legislation and regulations when processing the data. Should the client find the processing of the personal data concerning him or her to be in conflict with legislation, the client will have the right to turn to the Data Protection Inspectorate or a court to protect his or her rights and interests.

  12. TheBestAntique OÜ will have the right to unilaterally change these rules if the legislation governing personal data protection or TheBestAntique OÜ own data processing procedures change.