THIS PRIVACY POLICY

This Privacy Policy describes how David Aaron Limited (“David Aaron”, “us”, “we”, or “our”) and https://davidaaron.com/ (“Website”) collects and uses your personal information.

Please read this Privacy Policy carefully and contact us if you have any queries by emailing us at: info@davidaaron.com, calling us on +44 020 7491 9588 or by writing to our registered address at 64 New Cavendish Street, London, England, W1G 8TB, UK.

This Privacy Policy may change from time to time so we recommend that you review it periodically. If the changes are material, we will post a notice on the Website before the changes go into effect and will notify users who have provided us with their email addresses by email. This version of the Privacy Policy was last updated on 3 June 2021.

  1. THE TYPE OF PERSONAL INFORMATION WE COLLECT AND HOW

Personal information only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question; or who can be indirectly identified from that information in combination with other information. Personal information may include your name, contact information such as your address, email address and telephone number; your payment details; and technical information, including your IP address. Most of the personal information we process is provided to us directly by you or made available when you access or use our Website. We set out below some examples of how you may provide personal information to us:

  • as our client, as a person involved in contracts and transactions we are working on, as a business contact or as one of our service providers;
  • contacting us by phone, e-mail, social media or otherwise;
  • submitting information to our site by filling in forms and sending enquiries;
  • information related to your attendance of, and interest in our events; and
  • in the form of information provided by your web browser, when you search and browse our Website for content (through the use of cookies or similar software).

For certain transactions, we may be required to fulfil some Know Your Client (KYC) obligations for regulatory purposes and we may collect personal information about you through direct interaction, such as requesting copies of passports, proof of address and other information or through third parties/ publicly available sources, for example when we need to conduct background checks. These obligations may also require us to process special category information that might be included in the documents and/or the existence of criminal convictions and offences (together “sensitive personal information”). The sensitive personal information will be processed in accordance with the lawful basis set out below and the additional conditions and safeguards set out in Schedule 1 of the Data Protection Act 2018.
This policy does not apply to:

  • our employees as the way we collect and use their personal information is governed by the privacy policy in our employee handbook; and
  • any services which we provide to our clients as a data processor. This is where we are acting under the strict instruction and control of our clients. In those circumstances our collection and use of personal information is covered by our clients’ privacy policy.

2. REASONS FOR PROCESSING AND LAWFUL BASES

We are registered with the Information Commissioner’s Office (ICO) under the Data Protection Register. Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing your personal information are:
(a) Your consent: when you sign up to our mailing list. You are able to remove your consent at any time. You can do this by contacting us at the above contact details.
(b) We have a contractual obligation: to provide our services as a seller and buyer of objects, works, or works of art, as specified in the Invoice (“Works”).
(c) We have a legal obligation: to comply with our legal obligations or making disclosures to government, regulatory or other public bodies where in our reasonable opinion the disclosure is appropriate and permitted by law. This includes legal obligations with respect to Anti Money Laundering requirements if applicable. In accordance with applicable Anti Money Laundering regulations to which we may be subject from time to time, any personal information (including any sensitive personal information) obtained by relevant persons for the purposes to comply with such obligations may only be processed for the purposes of preventing money laundering or terrorist financing. Disclosures may include those required by law or court order; to the police, tax authorities, the National Crime Agency (NCA) or other public or government authorities where in our reasonable opinion the disclosure is required in relation to any criminal investigation or prosecution; and to a government, public or regulatory authority, including any data protection authority where in our reasonable opinion the disclosure is required or permitted by law.
(d) We have a legitimate interest: for the day-to-day operations of our business, including to:

  • provide you with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale/purchase or negotiations of a sale/purchase to you. If you are a new customer, we will contact you by electronic means only if you have consented to this by expressly opting in on the David Aaron’s Website;
  • provide access to our files for audit, review or other quality assurance checks by regulators, auditors, professional advisers and certification bodies;
  • providing information to our insurers; and
  • the use of cookies by the David Aaron’s Website as set out in our Cookie Policy. 

We may also collect personal information to perform other functions that are not listed above, which will either be described to you when the personal information is collected or it may be collected if you have granted your consent for a particular purpose.

3. THIRD-PARTY SERVICES AND TRANSFERS

As a seller and purchaser of Works, we may share personal information with potential investors and other parties in relation to any actual or proposed reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business, or assets, but we will only do so once appropriate confidentiality agreements and/or Standard Contractual Clauses (SCCs) are in place.

Your personal information may be transferred outside the UK. For example, this may be in relation to an international transaction, or where we are sharing information with our colleagues or third party service providers who operate outside the UK. We only transfer your personal information outside of the UK where we are satisfied that the transfer is in accordance with applicable data protection and privacy laws. Where necessary appropriate SCCs will be used for transfers to and from the UK.

This Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every website you visit. One of the third party websites we link to is Instagram, please see their Privacy Policy here.

We also use third-party cookies to capture certain information about our Website’s use as set out in clause 9 below. Like many websites, we use Google Analytics to record activity on our Website. This helps us to understand how our traffic navigates the site, which pages are most commonly viewed, and which content is more effective and relevant to our target audience in order to continue to improve our user experience, functionality and general website design. We do not use any information that is provided to us in the cookie, nor is anyone directly identifiable from the information made available to us or stored by Google. Please see their Privacy Policy here.

We use mailing list management / marketing software to manage how we contact you. This enables us to record and manage how we contact you, and to manage your preferences and bookings for our events. It also enables us (as set out in any such email) to review whether emails are opened or forwarded, and whether links are clicked. This data helps us to ensure our mailing list remains up to date; it also provides us with some basic information about your interests and to personalise our communications with you. We use Mailchimp as out mailing list management / marketing software, please see their Privacy Policy here.

4. WHERE YOU PROVIDE US WITH PERSONAL INFORMATION ABOUT ANOTHER PERSON

If you give us personal information about another person, you should ensure that:
(a) you are legally entitled to give us that information;
(b) the disclosure is in accordance with any applicable data protection or privacy law; and
(c) such other person has also read this Privacy Policy.

5. HOW LONG WE KEEP YOUR PERSONAL INFORMATION

We take reasonable steps to ensure that the personal information we hold about you is reliable for its intended use and as accurate and complete as is necessary to carry out the relevant purposes described in this Privacy Policy. We will retain your personal information for so long as is reasonably necessary for us to fulfil the relevant purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

6. HOW WE PROTECT YOUR PERSONAL INFORMATION

We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us. However, please be aware that there are inherent security risks of sending information by public networks or on public computers and we cannot therefore 100% guarantee the security of any data disclosed or transmitted over the internet.

7. YOUR DATA PROTECTION RIGHTS

Under data protection law, you have rights including:

  • Your right of access: You have the right to ask us for copies of your personal information.
  • Your right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at the above contact details if you wish to make a request.

If you are unhappy with any aspect of how we handle your personal information you can make a complaint to the ICO here.