1.1 This policy explains when and why we collect personal information, how we use it and how we keep it secure and your rights in relation to it.
1.4 We will always comply with the General Data Protection Regulation (GDPR) (or in Dutch Algemene Verordening Gegevensbescherming) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.autoriteitpersoonsgegevens.nl/). For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
2. Who are we?
2.1 We are Daatselaar Fine Art & Antiques We can be contacted at:
5301 EP Zaltbommel
Phone: 0031 418 712 300
E-mail: [email protected]
3. What information we collect and why
3.1 The information we collect helps us to operate, improve, protect, and customize our services, and to develop new services.
3.2 The information we collect also helps us to provide support and make our services more efficient for you. For the sake of transparency, it is our responsibility to outline for you the legitimate business purposes for the collection of information, and the reasons why we do so, in order for you to make an informed decision regarding the use of our services.
3.3 In addition to the other uses of information described in this policy, the following information may be used and processed:
(a) information such as your name, address, telephone number and email address;
(b) financial data i.e. your bank name, account number and payment details;
(c) information related to your attendance of, and interest in, events and art fairs;
(d) information about you that you give us, by filling in forms on our site (e.g. the contact us section or to sign up to our mailing list) or by corresponding with us by phone, e-mail or in person (e.g. at events, art fairs or in our shop) or otherwise;
(e) IP address, your browser type and language while using our website or applications;
(f) information in relation to your purchase of art works or use of our services;
(g) CCTV footage we record in our shop.
4. How we protect your personal data
4.1 We will not transfer your personal data outside the EU without your consent.
4.2 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
4.3 For any payments which we take from you online we will use a recognised online secure payment system.
4.4 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
5. Who else has access to the information you provide us?
5.1 We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or as set out in paragraph 3.3 above or in paragraph 5.2 below.
5.2 We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf (e.g. to print newsletters and send you mailings). We do this for the purpose of our legitimate interests in operating our business and for performing our contract with you. However, we disclose only the personal data that is necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes. It is possible that third parties may themselves engage others (subprocessors) to process your data. Where this is the case third parties will be required to have contractual arrangements with their sub-processor(s) that ensure your information is kept secure and not used for their own purposes.
6. How long do we keep your information?
6.1 We will hold your personal data for as long it is in our legitimate interest to do so or for as long as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment, exercise or defence of legal claims.
7. Your rights
You have rights under the GDPR:
(a) to access your personal data
(b) to be provided with information about how your personal data is processed
(c) to have your personal data corrected
(d) to have your personal data erased in certain circumstances
(e) to hand the personal data that we process to a third party at your request
7.2 If you wish to exercise any of these rights (subject to applicable local laws), or have complaints about our processing of your personal information, please contact us as set out in section 2.1 of this document. You can also lodge a complaint about our processing of your personal information with the body regulating data protection in your country.