Pursuant to Article 13 (1) - (2) of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR), we inform you that:
The controller of your personal data is BB Trade Estonia OÜ with its registered office at Harju maakond, Tallinn, Lasnamäe linnaosa, Tähesaju tee 9, 1391 Estonia (office number 10), registered in the Register of Entrepreneurs under the number: 14814864, Tax ID number: EE102200164 (hereinafter referred to as "Controller" or "Operator of zondacrypto Exchange").
You can contact the Data Controller regarding data protection:
Your personal data will be processed for the purpose of implementing the rules of the Affiliate Program of the exchange operator zondacrypto, including joining and participating in such Affiliate Program under the terms of the Affiliate Program Rules.
Legal basis for processing your personal data:
consent voluntarily given by you as an Interested Person to the processing of data (Article 6(1)(a) of the DPA) to the extent of the request made through the form available on the website of the Operator of the zondacrypto Exchange, available after logging in to the Website under the "Affiliation" tab and accepting the provisions of the Affiliate Program Regulations and the contents of this clause, which is considered as giving the required consent;
contractual requirements, i.e. the processing of Personal Data is necessary to provide and browse the website, register and use an account on www.zondacrypto.com (Article 6(1)(b) GDPR);
fulfillment of a legal obligation, i.e. the processing of Personal Data is necessary for the fulfillment of a legal obligation incumbent on the Data Controller, including but not limited to tax obligations and obligations arising from Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing and amending Directives 2009/138/EC and 2013/36/EU, Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015. on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing, amending Regulation (EU) No. 648/2012 of the European Parliament and of the Council and repealing Directive 2005/60/EC of the European Parliament and of the Council and Commission Directive 2006/70/EC (Text with EEA relevance), hereinafter referred to as the "AML Directive" and the Estonian Law of October 26, 2017 on the prevention of money laundering and terrorist financing "AML Law";
legitimate interest of the Data Controller (Article 6(1)(f) GDPR), consisting of, among other things, improving the quality of the services provided by the Data Controller and adapting them to the needs of Users, Customers, Interested Persons, Site Visitors, or responding to your requests, increasing the efficiency of the website and services, ensuring the security of the Data Controller's website, sending newsletters, marketing the Data Controller's own products.
Under the GDPR, you have the right to request access to your personal data (Article 15 GDPR) and to receive a copy of it (Article 15(3) GDPR), the right to request rectification (Article 16 GDPR), deletion (Article 17 GDPR) or restriction of the processing of your personal data (Article 18 GDPR), as well as the right to portability of your personal data (Article 20 GDPR) and to object (Article 21 GDPR).
You also have the right, in the case of processing based on Article 6(1)(a) or Article 9(2)(a), to withdraw your consent at any time without affecting the legality of the processing carried out on the basis of consent before its withdrawal.
In order to exercise the above-mentioned rights, the data subject should contact, using the contact information provided, the controller and inform him of which right and to what extent he wishes to exercise it.
We inform you that the Controller does not make decisions by automated means, including profiling.
Personal data will be processed:
for the period necessary for the implementation of the agreement – participation in the Affiliate Programme,
until the agreement is fully settled,
until the end of the limitation period for claims in respect of the agreement concluded,
until expiry of the data retention obligation arising from the law, in particular the obligation to keep accounting documentation relating to the agreement.
The provision of personal data for participation in the zondacrypto Affiliate Program is voluntary, although without providing such data, participation in the Affiliate Program will be impossible.
The data subject has the right to lodge a complaint with the competent supervisory authority, which in Estonia is the Estonian Data Protection Inspectorate, 39 Tatari St., 10134 Tallinn.
The Controller may transfer the personal data of Programme Participants for processing to third parties identified below:
business partners, banks, payment operators, as this is necessary in connection with our business activity, in particular for the implementation of our contractual relations with such third parties, for service and provision of the relevant benefits, for compliance with applicable laws and safety requirements, for communication with the Participant and third parties, for compliance with the financial obligations of the Data Controller, and for responding to legal requests and applications
processors The Controller may conclude written personal data processing agreements with another entity (the Processor). The right to conclude such agreements arises from the law. The entities which may be processors include in particular entities such as: IT service companies, audit firms, accounting offices, employee outsourcing agencies, customer service software providers, Internet mail service providers (Google Inc.), server hosting services.
The processors shall be subject to contractual obligations concerning the implementation of appropriate technical and organisational security measures in order to protect the data of the persons concerned and users, and also to process those data as instructed by the Data Controller.
