Privacy policy

Privacy policy

Eesti Kunstioksjonid OÜ ( hereinafter EKO ) is the controller of personal data, EKO forwards the personal data necessary for the execution of payments to the processor Maksekeskus AS.

Personal data protection and privacy policy under the General Data Protection Regulation (GDPR)

This Privacy Policy and Personal Data Protection Overview provides information on how and for what purpose collects, processes and shares visitors’ data (including enquiries, customer contracts). The Privacy Policy is based on the General Data Protection Regulation (GDPR), which can be found on the official website

The purpose of the Personal Data Protection and Privacy Policy is to ensure the privacy of our customers in accordance with the laws of the Republic of Estonia and the legislation of the European Union.

“Personal data” means any information relating to an identified or identifiable natural person. For example, name, telephone number, postal address, e-mail address. Also included under “Personal Data” is information collected by Artandtonic – website visits, various social media channels and use of the services we provide.

By using the website belonging to, you agree to the use of cookies and the terms and conditions of the processing of personal data as described in our Privacy Policy. The privacy policy and cookies on the website are valid from 15.07.2023. All previously collected data will need to be verified and reconciled as “personal data” and brought into compliance with the GDPR.

Whose data does the ERO process?

If you have any questions about GDPR issues, please email

EKO will use the data of those who have sent a request (e.g. a question via a contact form or e-mail) for our services or who have used the services in the past or are still using the services. We collect and use data about loyal customers and contacts (including “old” or “inactive” customers). We use data collected from public sources (this includes public information sent as a recommendation by a third party).

Purposes of and legal basis for the processing of personal data

We process personal data of EKO’s customers, i.e. users of our services, in order to fulfil our contractual obligations. We use the personal data of our customers, as well as the information we receive from them, to provide better service and more accurate information to existing (and potential) customers. Where the ERO processes personal data for the purposes mentioned above, the legal basis for the processing of the personal data collected is our legitimate interest in ensuring the correct and, as far as possible, better quality of the service provided.

We collect data on the effectiveness and usage of the EKO’s marketing channels (including website, social media). In addition, where possible, we will collect data on the interests and objectives of potential customers in order to improve our own level of customer communication by better understanding the real interests and objectives of our customers, and to provide better quality service, more accurate information and ensure (improve) the user-friendliness of the functionality of the EKO website. Where the ERO processes personal data for these purposes, the legal basis for the processing is our legitimate interest to better understand the needs of our customers in order to provide a better service.

EXAMPLE. EKO processes data on: service requests; the opening of newsletters sent by us and the use of outgoing links (referrals to a website) contained in the letter; feedback sent by customers in order to improve and improve the quality of the service provided.

EKO processes personal data for the following purposes: creating and managing the customer base; offering new services to the customer and enhancing (improving) existing services; correctly responding to the customer’s (including potential customer’s) queries; analysing and improving EKO’s services; managing and improving the functioning of EKO’s marketing channels (including the website).

How the ERO collects personal data:

We collect personal data directly from data subjects with their consent, either by e-mail, by sending a feedback request form (including by agreeing to receive emails from us). In addition, we use automatic data collection tools (e.g. Google Analytics), including cookies (which record website usage activity) and other tracking tools that help to optimise the user experience of the EKO website and thus ensure the high quality of the services provided and convenient navigation on the website.

On the website we usecookies andpixels, which are optional for each website visitor and can be refused.

Acookie is a small text file sent by a web server to the user’s web browser (e.g. Chrome, Safari, Firefox, Internet Explorer, Opera) and stored on the user’s computer’s hard drive (usually under Temporary files ). Cookies allow remembering user preferences (such as font size, communication language, computer location, device information, most visited web pages/addresses, etc.) in order to provide the client with a faster and “smarter” web browser. By default, web browsers are set to allow cookies, but the option is left to manually change the settings so that the browser rejects cookies, blocks third-party cookies, notifies the user of each cookie sent. If the last option is not activated, it is strongly recommended to do so in order to have an overview of the websites that store personal data.

A pixel tag is a small snippet of website code that allows cookies to be set and read. The pixel tags are triggered when the user opens, for example, an email, arrives at a website. It is then recorded that the user has opened an email or downloaded third-party cookies.

Cookies used by the EEIG:

Session cookies (temporary cookies). Session cookies are temporary and disappear when you leave the website or close your browser. Session cookies may be used for certain features of the website. The purpose is to enable you to use our service.

Persistent cookies (stored on the user’s computer after closing the browser, if the visitor gives consent), designed to remember the customer’s choices on Artandtonic websites. Persistent cookies may be used, for example, to recognise you as a repeat visitor to a website (e.g. to use Google’s ReMarketing feature) and to tailor website content to your needs or to collect statistical data.

Cookies are used on our websites to provide visitors to the Artandtonic website with a better user experience. Cookies allow our web servers to recognise the Artandtonic website and automatically adapt the content of the website (the advertisements displayed to the customer) to suit your needs when you visit the site again and again in the future. The use of cookies makes it easier to recognise the needs of website users. Cookies allow us to collect user statistics that help us measure and improve the performance of our website.

The cookies used by the EAO may be created by different service providers that help us promote our online services. Examples of such providers are Google and Facebook – more about them in the section “more about how we use cookies”.

Users of our websites are deemed to have accepted cookies if their browser settings allow cookies. If you do not accept cookies, not all services and features of our website may function properly.

It is always up to you to decide whether or not to allow cookies in your browser settings. If you don’t want cookies, you can set your browser to automatically refuse cookies or to notify you each time a website asks you for permission to add a cookie. Please consult your browser’s help function to make the necessary settings.

More details on the use of cookies by the EEIG:

Analytical cookies. Collect information on how the website is used – which content pages are visited and for how long; which content pages are used the most; what is searched for on the website, etc. Analytical cookies do not collect any information that would allow a website user to be directly identified. Examples of analytical cookies are Google Analytics cookies. Artandtonic websites use data collected by Google Analytics, primarily through the services provided by Google Analytics, and are subject to the Google Analytics Terms and Conditions. To protect against inappropriate use of the website, we may use the Google Invisible reCAPTCHA tool, which collects hardware and software data, such as device and application data and the results of service integrity checks, as well as unique web identifiers such as IP address, and sends this data to Google for analysis. By using this service (“cookies” enabled), you consent to the transfer of personal data to Google Analytics for the purpose of verifying the integrity of the service and for the sole purpose of implementing measures necessary for the safe use of the website.

Advertising cookies. Help serve (display on some ad networks) ads targeted to the user’s interests. For example, a Facebook Pixel code has been added to the EKO homepage to help visitors see targeted ads on Facebook. If you no longer wish to see the EKO website’s ads on Facebook, you can disable them in your Facebook preferences. You go to and delete from “advertisers you have contacted” all the websites you do not want to see ads from.

Users have the right to refuse the storage of cookies on their computer. When blocking cookies, you should be aware that some of the website’s features may no longer be available. Cookies can also be reactivated manually in the web browser later.

Personal data processed by the EO

Contact details: name, postal address, e-mail address, telephone number.

Data generated during the process of filling in the enquiry form, feedback form, customer contract form and e-mail: company name, personal/registration code, VAT number, legal address, customer preferences in relation to EKO services, data provided in the feedback form, data provided in the enquiry form, data sent by e-mail.

Automatically collected data: data received from the user’s web browser (e.g. type of web browser), type of device (the device used to visit the website), language of communication, website address, incoming link to the Artandtonic website, which content pages the user consulted, how long the user stayed on certain pages, the user’s IP address and other such website statistics.

Data collected by the sending of e-mails (newsletters) by the EKO: data on which e-mails, how many and when and how the user opened them.

Other personal data: data that you have made publicly available or made available to us on third party social networks such as Facebook, Twitter, Google Plus, Instagram, etc.

The ERO does not process special categories of personal data.

Sharing of personal data by the ERO

The ERO does not transfer customer data outside the European (EU) Economic Area and does not share personal data with third parties (except under the conditions set out in the following section). All data will be used only for customer communication and for the purpose of product and service development. We may share personal data in the following cases: debt recovery; National Supervisory Authorities and the Police; Public feedback with customer consent.

Storage and security of your personal data

EKO may send customers information about services, offers and news if the customer has provided us with their contact details or agreed to receive information from us. The information will remain available until the customer requests to stop the latest activities or leaves the group of newsletter recipients.

The ERO will retain personal data for as long as necessary to achieve the purpose for which it was collected. The retention period also depends on the need to respond to requests from data subjects, to solve various problems and to comply with the legal requirements for keeping records.

If we are not required by law to retain personal data, we will delete that personal data. In this case, we may only use the personal data for statistical purposes and only in pseudonymised (anonymised) form.

When it comes to the security of personal data, we do our utmost to prevent unauthorised access to data. Navinmedia OÜ has put in place reasonable safeguards to protect the personal data collected and processed by Navinmedia OÜ, with technical and physical limitations. We only grant access to the data in accordance with the applicable legislation, while protecting the confidentiality of personal data to the maximum extent possible.

If you have any questions about the storage or security of your personal data, please contact

Client rights

The Customer has the right to access the Customer’s own personal data processed and stored by EKO and the right to request the correction of inaccuracies.

To opt-out of receiving marketing communications from the EEIG, please follow the opt-out instructions at the bottom of the marketing communication (Footer) or write a request to this effect in the enquiry form on the website or send an e-mail to

The EEO must respect a number of customer rights: the right of rectification gives the customer the right to request that inaccurate personal data relating to him/her be corrected without delay; the customer has the right to request the deletion of his/her data if certain additional conditions are met. Customers have the right to request the processing of their personal data.

Where the processing of personal data is based on the consent of the customer, the customer has the right to withdraw that consent at any time.

If you have any questions about your rights, or if you wish to exercise any of the rights set out below, please write to If you are not satisfied with the solution offered by the ERO, you have the right to contact the Estonian Data Protection Inspectorate.

Other provisions

EKO may unilaterally change the Personal Data Protection and Privacy Policy from time to time without notice to ensure our compliance with the law and/or generally accepted practices regarding cookies. This Privacy Policy is governed by the laws of the Republic of Estonia. If you have any questions, please contact us by sending an email to