HOW AND WHEN WE COLLECT YOUR PERSONAL DATA
Information we collect directly from you:
We may collect Personal Data directly from you (whether face to face, over the telephone, by email, in paper form or online), including when you:
subscribe to our newsletters;
express an interest in our Services or interact with us as a client or prospective client;
create an account with our website or applications;
instruct us to provide Services to you and sign contractual documentation;
Information we process on your behalf: In order to provide you with the Services, you need to upload certain information about your clients and the property you sell. We use and process this information to provide the Services in accordance with our Terms of Service.
Information we collect from other sources:
We may collect Personal Data about you from external sources (social media sites for instance), including when:
someone introduces you to us;
we may work to expand our customer base by acquiring names, financial information, contact data, and demographic information from other sources such as private companies, public registers, and social media sites.
Automated data collection:
We collect information about you, your computer and devices when you visit our website, which includes your internet address, your operating system and browser type. We use this information to personalize your experience and administer our website and for security and analytical purposes.
We use (and authorize third parties to use) cookies, web beacons, pixels, scripts, tags, and other technologies when you visit or access our Services (for example when you visit our website). For more information about cookies, web beacons, similar technologies, and how they are used, please see our Cookies Policy.
We may record your communications with us, including by telephone and online (e.g. telephone and on-line bidding) for client service, security, and bid monitoring purposes. Where we record such information we will process it for the purposes set out below.
WHAT PERSONAL DATA DO WE COLLECT AND WHY?
We may process your contact details (including email address, postal address, telephone numbers), bank account details, insurance details, employment information, records of your communications with us, the person or organization who has introduced you, and any fee they receive and more, in order to provide our Services to you, including new Services we develop later, prevent fraud and collect fees (legal ground: performance of a contract);
We may process your date of birth, identification documents (including photo), and any information relating to a dispute or legal proceeding, in order to enforce compliance with our Terms & Conditions and to comply with our legal obligations (legal ground: compliance with a legal obligation, performance of a contract);
We may process personally identifiable information, together with web activity history, transactional history, survey data, and other data sources in order to improve our Service, customize our website, provide personalized experiences (through our sales staff, client services staff, accounting, shipping, as well as print and digital channels), focus our direct marketing efforts and send you personalized marketing communications, manage our fraud risks, establish credit limits, and other similar goals to further our business (legal ground: legitimate interest, consent);
We process data from your account, including the Personal Data of your clients, to provide and improve the Services. For example, when you open an account with the website as a auction house or gallery and upload your property details and clients’ information, we use such information like clients’ details and bidding history, so we can create purchase recommendation for your clients and audience segmentation, whether offering recommendation or other services on your behalf or on our behalf. As always, we take the privacy of Personal Data seriously and will continue to implement appropriate safeguards to protect this Personal Data from misuse or unauthorized disclosure (legal ground: legitimate interest, consent).
We may process your IP address, browser type, and operating system, and any data obtained from cookies, web logs and other similar technologies that monitor the use of our website and Services digitally in order to monitor, evaluate and improve your user experience and the performance and effectiveness of our website, applications and Services (legal ground: legitimate interest, consent);
We may process your complaints, opinions, responses to our surveys or market research in order to train our staff and improve your client or user experience (legal ground: legitimate interest);
We may process your name and contact details, identification and other documentation (including passport, ID card, proof of address) for our Know Your Client checks and tax status in order to carry out identity and credit checks (legal ground: compliance with a legal obligation, legitimate interest).
WHEN WE MAY DISCLOSE YOUR PERSONAL DATA
When processing your Personal Data for the purposes listed above, we may have to share or transfer your Personal Data and any other information you provided to us with other companies or entities relying on the legal grounds for processing described above, including:
To business partners and vendors that work on our behalf to provide services such as mailings, customer account and technology support, secure payment processing, fraud prevention and digital marketing management;
We may transfer Personal Data about you to ad technology firms so that they may deliver interest-based content and advertisements to you where you have consented to marketing (such consent can be withdrawn at any time), or they may inform our Services to you or other audiences similar to you on third-party sites.
Persons acting on your behalf;
Financial institutions, fraud prevention agencies, credit reference agencies, professional advisors and internal and external auditors;
Law enforcement and judicial, administrative and regulatory bodies;
As part of a sale, merger, liquidation, or transfer of our business assets.
We require third parties acting as data processors to respect the security of your Personal Data and to treat it in compliance with applicable law.
TRANSFERRING YOUR PERSONAL DATA
Your Personal Data may be transferred and processed outside the EEA including in countries which have different data protection standards to those which apply in the EEA. Where we do so, we will put in place an appropriate safeguard (typically approved data protection clauses) to ensure adequate protection of your Personal Data. For more information on the appropriate safeguards in place, please contact us.
HOW DO WE ENSURE THE PROTECTION OF YOUR PERSONAL DATA?
We are committed to ensure that any Personal Data we hold about you is properly safeguarded. We protect your Personal Data using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. However, as effective as modern security practices are, we cannot guarantee the complete security of Personal Data held in our systems, nor that that information you supply through the internet or any computer network is entirely safe from unauthorized access or manipulation during transmission. Any transmission is at your own risk. We will not be liable for any resulting misuse of your Personal Data.
Please note that we may seek your credit card details and/or bank account information by email in order to take payment for transactions or guarantee payments. Please note that the security, confidentiality and reliability of email cannot always be guaranteed.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We will retain your Personal Data as long as your account is active, as necessary to provide you Services. We will also retain and use your Personal Data for as long as necessary to fulfill the purposes outlined in the “What personal data do we collect and why?” section and to satisfy any legal, accounting, regulatory, or reporting requirements.
WHAT LEGAL RIGHTS DO YOU HAVE?
You can stop getting email marketing by using the “opt out,” or “unsubscribe” mechanism at the bottom of our email marketing messages, without affecting the lawfulness of our marketing and processing based on consent before its withdrawal. In most cases, we will give you a choice about stopping just one kind of email or opting out of all email marketing from us.
Some jurisdictions have laws that give people the right to access, correct, erase and stop processing their Personal Data which a company has about them. We will honor any statutory right you may have to access or correct your Personal Data that we have in our records, and you can email such requests to firstname.lastname@example.org. Once we receive your request, we will let you know if an administrative fee will apply to fulfill your request, as permitted by applicable law. However, please note that even if you have a legal right to request access to information, process it or correct it, as permitted by applicable law, we may reject requests that are unreasonably repetitive, would require disproportionate technical effort (for example, developing a new system or materially changing an existing practice), would jeopardize the privacy of others, or would be extremely impractical to fulfill (for example, requests to access information located on backup systems). We may also be entitled to refuse requests where exceptions apply, for example where we have a continuing or other legal basis to process your Personal Data.
HOW TO CONTACT US?
If you have raised a concern with us regarding the processing of your Personal Data in respect of which GDPR applies and which we have not been able to resolve or you are not satisfied with our response, you may refer the matter to the relevant Supervisory Authority. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.
Compliance with a legal obligation - processing is necessary to ensure we comply with our legal and regulatory obligations.
Consent – you have given specific consent to the processing of your personal data.
Data Controller – the person or entity who determines the purposes for which and the manner in which any personal data are, or are to be, processed.
EEA – the European Economic Area which comprises countries that are members of the European Union and Norway, Iceland and Liechtenstein.
Legitimate Interest - processing is necessary for our or a third party’s legitimate interests in carrying on, managing and administering our respective businesses effectively and properly (except where our or the third party’s interests are overridden by your own interests, rights and freedoms).
Performance of a contract – processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.
Personal Data - any data relating to an identified or identifiable natural person. This can include names, user ID, location data, email addresses, photographs, job applications, purchase history, user account information, opinions, and correspondence to and from an individual, but shall not include insights derived from such data by Artbrain (for example: your client’s preferences and areas of interest).
Processing - any operation performed on personal data, such as collection, recording, storage, retrieval, use, combining it with other data, transmission, disclosure or deletion.
Public Interest – processing is necessary for the performance of a task carried out in the public interest.