- THE TYPE OF PERSONAL INFORMATION WE COLLECT AND HOW
Personal information only includes information relating to natural persons who can be identified or who are identifiable, directly from the information in question; or who can be indirectly identified from that information in combination with other information. Personal information may include your name, contact information such as your address, email address and telephone number; your payment details; and technical information, including your IP address. Most of the personal information we process is provided to us directly by you or made available when you access or use our Website. We set out below some examples of how you may provide personal information to us:
- as our client, as a person involved in contracts and transactions we are working on, as a business contact or as one of our service providers;
- contacting us by phone, e-mail, social media or otherwise;
- submitting information to our site by filling in forms and sending enquiries;
- information related to your attendance of, and interest in our events; and
For certain transactions, we may be required to fulfil some Know Your Client (KYC) obligations for regulatory purposes and we may collect personal information about you through direct interaction, such as requesting copies of passports, proof of address and other information or through third parties/ publicly available sources, for example when we need to conduct background checks. These obligations may also require us to process special category information that might be included in the documents and/or the existence of criminal convictions and offences (together “sensitive personal information”). The sensitive personal information will be processed in accordance with the lawful basis set out below and the additional conditions and safeguards set out in Schedule 1 of the Data Protection Act 2018.
This policy does not apply to:
2. REASONS FOR PROCESSING AND LAWFUL BASES
We are registered with the Information Commissioner’s Office (ICO) under the Data Protection Register. Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing your personal information are:
(a) Your consent: when you sign up to our mailing list. You are able to remove your consent at any time. You can do this by contacting us at the above contact details.
(b) We have a contractual obligation: to provide our services as a seller and buyer of objects, works, or works of art, as specified in the Invoice (“Works”).
(c) We have a legal obligation: to comply with our legal obligations or making disclosures to government, regulatory or other public bodies where in our reasonable opinion the disclosure is appropriate and permitted by law. This includes legal obligations with respect to Anti Money Laundering requirements if applicable. In accordance with applicable Anti Money Laundering regulations to which we may be subject from time to time, any personal information (including any sensitive personal information) obtained by relevant persons for the purposes to comply with such obligations may only be processed for the purposes of preventing money laundering or terrorist financing. Disclosures may include those required by law or court order; to the police, tax authorities, the National Crime Agency (NCA) or other public or government authorities where in our reasonable opinion the disclosure is required in relation to any criminal investigation or prosecution; and to a government, public or regulatory authority, including any data protection authority where in our reasonable opinion the disclosure is required or permitted by law.
(d) We have a legitimate interest: for the day-to-day operations of our business, including to:
- provide you with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale/purchase or negotiations of a sale/purchase to you. If you are a new customer, we will contact you by electronic means only if you have consented to this by expressly opting in on the David Aaron’s Website;
- provide access to our files for audit, review or other quality assurance checks by regulators, auditors, professional advisers and certification bodies;
- providing information to our insurers; and
We may also collect personal information to perform other functions that are not listed above, which will either be described to you when the personal information is collected or it may be collected if you have granted your consent for a particular purpose.
3. THIRD-PARTY SERVICES AND TRANSFERS
As a seller and purchaser of Works, we may share personal information with potential investors and other parties in relation to any actual or proposed reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business, or assets, but we will only do so once appropriate confidentiality agreements and/or Standard Contractual Clauses (SCCs) are in place.
Your personal information may be transferred outside the UK. For example, this may be in relation to an international transaction, or where we are sharing information with our colleagues or third party service providers who operate outside the UK. We only transfer your personal information outside of the UK where we are satisfied that the transfer is in accordance with applicable data protection and privacy laws. Where necessary appropriate SCCs will be used for transfers to and from the UK.
4. WHERE YOU PROVIDE US WITH PERSONAL INFORMATION ABOUT ANOTHER PERSON
If you give us personal information about another person, you should ensure that:
(a) you are legally entitled to give us that information;
(b) the disclosure is in accordance with any applicable data protection or privacy law; and
5. HOW LONG WE KEEP YOUR PERSONAL INFORMATION
6. HOW WE PROTECT YOUR PERSONAL INFORMATION
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us. However, please be aware that there are inherent security risks of sending information by public networks or on public computers and we cannot therefore 100% guarantee the security of any data disclosed or transmitted over the internet.
7. YOUR DATA PROTECTION RIGHTS
Under data protection law, you have rights including:
- Your right of access: You have the right to ask us for copies of your personal information.
- Your right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing: You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing: You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability: You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us at the above contact details if you wish to make a request.
If you are unhappy with any aspect of how we handle your personal information you can make a complaint to the ICO here.