We are committed to respecting your privacy. This Notice is intended to inform you about how we collect, use and protect any personal data we collect about you. It sets out how we comply with the data protection laws and what your rights are.

This Notice applies to you if we process your personal data and you are not an employee. You could be an individual customer, a sole trader, a partnership, a user of our Website, someone who works at a supplier or customer of ours or another organization that we deal with, someone who enters one of our marketing competitions or attends one of our events, a recruitment candidate or someone else who is affected by our activities.

We are BIG BALLER BRAND INTERNATIONAL OU (“BBB International”). If you have any queries regarding your personal data and how it may be used by BBB International, then you can contact us by email on contact@bigballerbrandinc.comor  post us at Uus-Tatari tn 16-14, Tallinn, 10134, Estonia.

Our store is hosted on SHOPIFY Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.


Our store transfers the personal data necessary for the execution of payments to authorized processor MAKSEKESKUS AS.

References to we, our or us in this Notice are references to BBB International. This Privacy notice provides details about:

  • What personal data we collect
  • Where we collect your personal data from
  • How we use your personal data
  • Who we share your personal data with
  • How we aim to protect your data
  • How long we will keep your personal data
  • International transfers of your personal data
  • Your rights
  • Changes to this notice
  • Contact Us


We may collect the following personal data about you:

  • Contact details such as your name, address (including billing and delivery addresses), telephone number (including mobile number) and email address.
  • Identification information such as your passport and other official identification details, information from a third-party money laundering check provider, Companies House information and your national insurance number.
  • Details of your education and work history, including qualifications, roles, responsibilities and professional qualifications, and other information connected with your business (where you are a sole trader).
  • Personal data including your age or date of birth, gender, marital status, family details and dietary requirements.
  • Your social media handles, posts and information about your followers and the people that follow you.
  • Details of financial and transaction data including purchases, orders, returns and refunds.
  • Online browsing activities on our Website including which items you store in your shopping cart.
  • Your usage of our App and your username and password.
  • Information about the device you use to browse our Website or access our App including the IP address, device type, usernames, account details and passwords.
  • Information connected with any purchases made on our Website or via our App including financial and transaction data.
  • Communication and marketing preferences.
  • Interests, preferences, feedback and competition and survey responses.
  • Your real-time location.
  • Correspondence and communications with us including relating to complaints, allegations, disputes and claims.
  • Other publicly available personal data, including any which you have shared via a public platform (such as LinkedIn, Instagram, YouTube, Twitter or a public Facebook page).
  • Business information, such as where you are a sole trader, a partner or a company director.
  • Creditworthiness, where we are required to undertake investigations in order to establish whether to enter into or continue a business relationship with you or the organization you work for.
  • Details of your performance when working with or for us or in relation to any project or work we are engaged in.
  • Videos, photographs and audio recordings which you or other people take and provide to us or we take ourselves.
  • CCTV images if you visit any of our premises which are covered by our CCTV system.
  • Your usage of our IT systems when you visit our premises such as visitor internet and Wi-Fi facilities.
  • Subscription Information such as when you subscribe to one of our blogs or other materials.

This list is not exhaustive and in specific instances, we may need to collect additional personal data for the purposes set out in this Notice.  


There are limited situations in which we collect, store and use the following “special categories” of more sensitive personal data including:

  • information about your race or ethnicity, religious beliefs and sexual orientation;
  • information about your health, including any medical condition, dietary requirements, health and sickness records, medical records and health professional information; and
  • biometric data including your height and weight.

Where we do collect any special category personal data, we will do so based on your explicit consent.

We may collect, store and use any criminal records information in relation to you; in which case we will do so based on legal obligation or your explicit consent.


We may collect your personal data directly or indirectly from you, for example when you:

  • engage with us during our relationship with you or the organization you work for;
  • set up an online account on our Website and /or purchase products from us;
  • download our App to your device;
  • register to use our App, Website or other services we provide;
  • communicate with us regarding one of our App, Website or services, to ask a question, report a problem or for any other reason;
  • register for, attend and/or participate in one of our events or enter one of our competitions;
  • enquire about a vacancy or apply to become an employee of ours;
  • enquire about and/or become one of our content contributors; and
  • raise a query, complaint, claim, legal dispute on behalf of yourself or the organization you work for.


We may also collect personal data from third parties who have your consent or some other lawful basis for doing so including:

  • professional bodies;
  • credit reference agencies including those which carry out data cleansing services;
  • organizations who carry out research and analysis;
  • Companies House;
  • social media platforms including such as LinkedIn; Instagram, YouTube, Twitter or public Facebook page;
  • referrals and recommendations, usually given by other people who know you or have a working relationship with you;
  • your employer or the organization you work for;
  • our professional advisors including lawyers, accountants and other advisors;
  • your professional advisors including lawyers, accountants and other advisors; and
  • Government, local authorities or relevant regulators.




Personal data Used

Lawful Basis

To carry out identity and credit checks

Contact details and payment information relating to you or the organization you work for


We may have a legal obligation to undertake identification

We also have a legitimate interest in knowing your identity and carrying out money laundering checks and ensuring that we are likely to be paid

To enter into and perform contracts, where we may be supplying products/services to you and/or the organization you work for and/or you may be supplying products/services to us and/or the organization you work for or where we may be involved in similar arrangements with third parties

All the personal data we collect

To enter into and perform contracts with either yourself or the organization that you represent


We have a legitimate interest to properly perform contracts with third parties


To deal with queries, complaints, claims, legal disputes submitted by you or the organization you work for and to make queries, complaints, claims, legal disputes in which relate you or the organization you work for

All the personal data we collect

This may be necessary to perform a contract with you or the organization that you represent


We have a legitimate interest to improve the services and/or products we provide


To defend, bring or establish legal claims

To maintain and improve our services and/or products

All the personal data we collect

We have a legitimate interest to improve the services and/or products we provide


Data analytics, statistical analysis and other research to help us improve our products and services

All the personal data we collect


We have a legitimate interest to improve the products and services we provide and to improve user experience

Security of our IT systems

All the personal data we collect

We have a legitimate interest in ensuring the security of our IT systems


Direct marketing

Contact details and services and products that we have determined may be of interest to you or your organization and/or which you or your organization has purchased in the past

We may ask for your consent to process your data for this purpose, you may revoke your consent at any point. Alternatively, if you or your organization has purchased similar services or products from us previously, we may market similar products or services as a legitimate interest in developing our business.  You have the right to opt out from such marketing at any time. For more details see the ‘Marketing’ section below.

To facilitate and communicate with you regarding our events and to provide you with an acceptable service

Your contact details, details of attendance, your comments in response forms and dietary requirements and CCTV images

We have a legitimate interest in holding events and tracking attendance and providing appropriate food and drinks at events


We may also have a legal obligation to comply with health and safety requirements

For the prevention, detection or investigation of crime or the prosecution of offenders

All of the personal data we collect

We have a legitimate interest in protecting our rights and interests (for example in court cases) and in protecting the rights and interests of our employees, customers and any other third party with who we engage.


To comply with any legal obligations and regulatory requirements

To comply with our legal and regulatory obligations

All the personal data we collect

To comply with any legal obligations and regulatory requirements

To manage our relationship with you or the organization you work for and to operate and manage our business and internal reporting

All the personal data we collect

We have a legitimate interest to operate our business in an efficient way and to expand our business


To enter into and perform contracts with either yourself or the organization that you represent

Storage of records relating to you and also records relating to our business

All the personal data we collect

To be able to manage and fulfill any contract with you, we may have a legal obligation to do so and we also have a legitimate interest to keep proper records

Marketing activities including BBB International website, social media sites and Apps, internal employee engagement and presentations by BBB International employees at internal and external meetings

All the personal data we collect

We have a legitimate interest in tracking attendance at events and using the images and footage produced for business and marketing purposes


We may also have a legal and/or regulatory obligation to comply with



For some of your personal data you may have a legal, contractual or other requirement or obligation for you to provide us with your personal data.  If you do not provide us with the requested personal data, we may not be able to properly perform our contract with you or the organization you represent or comply with legal obligations and we may have to terminate our relationship.  For other personal data you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly provide you with our goods and services or perform our arrangements with you or the organization you represent.

Where you have given us your consent to use your personal data in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the  Contact Us section below.  We will generally only process your personal data based on your consent in relation to direct marketing or in relation to the processing of special category data and data relating to criminal convictions and offences.

Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal data to the extent that we are entitled to do so on a basis other than your consent.  Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide marketing information to you.

We may anonymise and aggregate any of the personal data we hold (so that it does not identify you).  We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site and developing new products and services and for any other purpose.

You have the right to opt out of receiving marketing communications from us at any time, by:

  1. informing us that you wish to change your marketing preferences by contacting our customer support team at;
  2. making use of the simple “unsubscribe” link in emails;

This will not stop service messages such as order updates and other non-marketing communications.


If you visit our Website or use our App, you may receive personalized banner advertisements whilst browsing website of other companies.  Any banner advertisements you see will relate to your browsing activity on our website from your computer or other devices. 

These advertisements are provided by us via external market leading specialist providers using techniques such as pixels, web beacons, ad tags, mobile identifiers and ‘cookies’ placed on your computer or other devices (see further information on the use of cookies in our  Cookies. You can remove or disable cookies at any time - see Cookies for further information.

We may analyze your browsing and purchasing activity online and your responses to marketing communications.  The results of this analysis, together with other demographic data, allow us to decide what marketing communications are suitable for you and to ensure that we contact you with information on products, services, events and offers that are tailored and relevant to you.  To do so, we use software and other technology for automated decision making.

This allows us to provide more personalized services and experiences, we may review personal data held by external social media platform providers about you, such as the personal data available on social media platforms such as Twitter, Instagram, YouTube, Twitter and Facebook. Some of our services enable you to sign-in via external social media platform providers such as Facebook. If you choose to sign-in via a third party app, you will be presented with a dialog box which will ask your permission to allow us to access your personal data (e.g. your full name, date of birth, email address and any other information you have made accessible).

We aim to update you about products and services which are of interest and relevance to you as an individual. To help us do this, we process personal data by profiling and segmenting, identifying what our customers like and ensuring messages we send them are relevant based on their demographics, interests, purchase behavior, online web browsing activity and engagement with previous communications. We may also use your personal data to exclude you from communications, which we feel are irrelevant to you. For example, we may exclude someone from resends of marketing emails when we know that person has already opened the original email sent.

Another example of how we may tailor our communications with you is that we may group individuals with similar interests using this data so we can send them product news or promotional offers that are relevant to that shared interest.

You may have the right to opt out of some automated processing, including profiling, at any time by:

  1. informing us that you wish to opt out of automated processing by contacting us at; and/or
  2. post to: Uus-Tatari tn 16-14, Tallinn, 10134, Estonia.



We use technology such as "cookies" to collect information and store your online preferences. Cookies are small pieces of information sent by a web server to a web browser, which allows the server to uniquely identify the browser on each page.

We use the following categories of cookies on our Website:

CATEGORY 1: STRICTLY NECESSARY COOKIES These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, services you have asked for such as remembering your login details or shopping basket items cannot be provided.

CATEGORY 2: PERFORMANCE COOKIES These cookies collect anonymous information on how you use our Website. For example, we use Google Analytics cookies to help us understand how customers arrive at our site, browse or use our site and highlight areas where we can improve areas such as navigation, shopping experience and marketing campaigns. The data stored by these cookies does not show personal details from which your individual identity can be established. You may opt-in to these cookies using your browser settings..

CATEGORY 3: FUNCTIONALITY COOKIES These cookies remember choices you make such as the country you visit our website from, language and search parameters such as size, color or product line. These can then be used to provide you with an experience more appropriate to your selections and to make the visits more tailored and pleasant. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. You may opt in to these cookies using your browser settings.

CATEGORY 4: TARGETING COOKIES OR ADVERTISING COOKIES These cookies collect information about your browsing habits in order to make advertising more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of an advertising campaign. The cookies are usually placed by third party advertising networks. They remember the websites you visit and that information is shared with other parties such as advertisers. For example, we use third party companies to provide you with more personalized adverts when visiting other websites. You may opt-in to these cookies using your browser settings.

 CATEGORY 5: SOCIAL MEDIA COOKIES These cookies allow you to share what you’ve been doing on the website on social media such as Facebook and Twitter. Please refer to the respective privacy policies for how their cookies work. If you want to delete any cookies that are already on your computer, please refer to the help and support area on your Internet browser for instructions on how to locate the file or directory that stores cookies. Information on deleting or controlling cookies is available at Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or features of our Website.

You can withdraw your consent to these cookies at any time through the following options:

  • Google Analytics cookies across all websites, please visit Google Analytics Opt-out Browser Add-on;
  • other third party cookies relating to behavioral advertising, please go to
  • any other type of cookies, you can clean the cookies through your browser settings.

Please note that refusing cookies does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted out will no longer deliver adverts tailored to your web preferences and usage patterns, so you may see a greater number of adverts that are irrelevant to you and your preferences.



We may share your personal data with the following third parties:

  • The organization that you represent.
  • Other companies within our group.
  • Other organizations within our supply chain so that they can contact you about any issues in the supply chain or where your personal data is relevant to a subcontractor or party above us in the supply chain.
  • Other organization including but not limited to organizations who own the venues at which our events take place, organizations who market and/or facilitate our events and photographers and videographers who attend our events.
  • Purchasers, investors, funders and advisers if we sell or negotiate to sell all or part of our business or assets or restructure our business whether by merger, re-organization or otherwise.
  • Third parties who ask for or want referrals for example we may provide your details to a third party who is seeking services/products which are the same or similar to those that you provide.
  • Other service providers and advisors to us including companies that support our IT, help us analyze the data we hold, process payments, send communications to our customers, provide us with legal, property or financial advice and generally help us deliver our products and services to you or the organization that you represent or for us to purchase them from you or the organization you represent.
  • Our professional advisors including lawyers, accountants and other advisors.
  • Your professional advisors including lawyers, accountants and other advisors.
  • Credit reference agencies and other identification agencies so that we can assess your creditworthiness or verify your identity.
  • Organizations who carry out research, analysis and/or data cleansing services. Governmental bodies, regulators, law enforcement agencies, security services, courts/tribunals and insurers including where we are required to do so in order to comply with our legal obligations and the administration of justice.



Our controls

BIG BALLER BRAND is committed to keeping your personal data safe and secure and so we have numerous security measures in place to protect the loss, misuse and alteration of information under our control.  Our security measures include: -

  • encryption of personal data;
  • regular cyber security assessments of all service providers who may handle your personal data;
  • regular planning to ensure we are ready to respond to cyber security attacks and data security incidents;
  • weekly penetration testing of systems;
  • security controls which protect our IT systems infrastructure and our premises from external attack and unauthorized access;
  • internal policies setting out our data security rules for our personnel; and
  • regular training for our employees.

We take data security very seriously and will use all reasonable endeavors to protect the integrity and security of the personal data we collect about you.


You should always be cautious when sharing your personal data. No one from our company will ever ask you to confirm any bank account or credit card details via email.  If you receive an email claiming to be from BIG BALLER BRAND or BIG BALLER BRAND INTERNATIONAL OU asking you to do so, please ignore it and do not respond.

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety:

  • When creating a password, use a difficult word/number combination of at least 8 characters and something that is not easily guessed or something that cannot be easily obtained such as your name, email address, or other personal data that can be easily obtained.
  • Frequently change your password (you can do this in your account settings).
  • Avoid using the same password for different online accounts.


We will not retain your personal data for longer than necessary for the purpose for which is has been obtained and then for as long as there is any risk of a potential claim, which will be dependent upon the limitation period for the particular type of claim. Various laws, accounting and regulatory requirements applicable to us also require us to retain certain records for specific amounts of time. In relation to your personal data, we will hold this only for so long as we require that personal data for legal or regulatory reasons or for legitimate organizational purposes. We will not keep your data for longer than is necessary for the purposes for which we collect them.

Our Data Retention Policy sets out the length of time we will usually retain personal data and where these default periods might be changed.

It is important to ensure that the personal data we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move position or work for a different organization or change your phone number or email address. You can contact us by using the details set out in the Contact Us section below.


To provide our Website and our services, in accordance with the purposes set out above, we may transfer and store the personal information that we collect from you to a destination outside of the European Economic Area (“EEA”), mostly to the United States, either to one of our Group Companies, to one of our Partners or to one of the third parties with which we work with, as stated below:

- When transferring personal information to one of our Group Companies outside the EEA, which may be the USA, Brazil, Russia, Japan, or China, we rely on the Commission’s model contracts for the transfer of personal data to third countries (i.e. the standard contractual clauses) pursuant to Decision 2010/87/EU;

- We transfer the personal information to one of our Partners outside the EEA, to the extent such transfer is needed to fulfil the contract between you and the Partner which you are ordering the products from.

- When transferring personal information to one of our third party services’ providers set out above, we rely on different adequacy measures, as set out below:

- Adequacy Decision: We transfer the personal data that we collect from you to conduct fraud checks to Israel, which was found to have an adequate level of protection for personal data under Commission Decision 2011/61/EU of 31 January 2011.

- Privacy Shield: Some of our third party providers based in the US, where we transfer your information to, comply with the US Department of Commerce's EU-US Privacy Shield and have certified that adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website.

- Model Clauses: We rely in the Commission’s model contracts for the transfer of personal data to third countries (i.e. the standard contractual clauses) pursuant to Decision 2010/87/EU when transferring your information to our US service providers who do not adhere to the US Department of Commerce's EU-US Privacy Shield.



You have the following rights in relation to your personal data:

  • The right to be informed about how your personal data is being used.
  • The right to request access to personal data we hold about you.
  • The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you.
  • The right to object to processing of your personal data and/or to withdraw any consent you have given us and to opt out of any marketing communications that we may send you.
  • The right to restrict processing of your personal data.
  • The right to object to certain automated decision-making processes using your personal data including profiling.
  • The right to request that we erase your personal data in certain circumstances (the right to be forgotten) for example when the data are no longer necessary for the purpose for which we collected them.
  • The right to have your personal data provided to you by us in a structured, commonly used and machine-readable format and transmitted to another data controller. This is known as the right to data portability.

You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal data recorded and stored by us.  However, some have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Whilst this Notice sets out a general summary of your legal rights in respect of personal data, this is a very complex area of law.

If you wish to exercise any of the above rights, you can always contact us using the details set out in the 'Contact Us' section below.



We may update this Notice from time to time. When we change this Notice in a material way, we will update the version date at the bottom of this Notice. For significant changes to this Notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal data.


  1. in the event of any query or complaint in connection with the information we hold about you, please emailat 
  2. or post us: Uus-Tatari tn 16-14, Tallinn, 10134, Estonia.

Version 3rd February 2020