Data controllers decide what personal data is collected and how it is used. For the purposes of the General Data Protection Regulations (GDPR), East Bristol Auctions is the designated data controller. This means that East Bristol Auctions are responsible for the personal information you provide us and the personal information we collect about you in relation to services we provide to you.
We may collect and process the following data about you:
We store personal data on individuals and companies with whom we have dealings; including, staff, partners, suppliers, valuation and other clients, and buyers and sellers both trade and private individuals. The information includes names, addresses, post codes, phone numbers, email addresses, and in some cases bank account details, and ownership of goods offered for sale – including descriptions, provenance, and images of goods offered for sale
We collect this data via several forms, including (but not limited to):
Information that you provide by filling in our forms for instance registration forms, entry forms, commission bid forms;
If you make contact with us, we may keep a record of that correspondence;
From third parties such as: other auction houses, solicitor firms, clearance companies and individuals and organisations in the auctioneering trade whom we may contact to check background details about you;
the-saleroom.com, invaluable.com or any other live bidding service provider who provide us with the name and contact details and transaction history (in relation to activity on their sites) of individuals who register for one of our auctions (please see their privacy policies for further information).
Shipping / Courier companies whom you hire to collect items you purchased from us.
Your image, as captured by CCTV, if you attend our premises.
Personal identification documents, including copies of government -issued identification such as passport and driving license which are required to register bidders (or when we need to verify a seller’s details).
Account details and other information relating to your transactions/ dealings with us and your use of our Services.
Payment details such as credit card and bank account details either as a buyer, seller or potential buyer.
Reasons for collecting and processing this data other than usual business:
The definition of Processing for the purposes of the GDPR can be interpreted to include the collection, recording, utilisation, holding, maintenance, erasure and deletion of personal data. For the purposes of GDPR, MAI is the designated Data Processor of your personal data.
Under GDPR there are now specific bases for the processing of personal data: Legitimate Interest; Contract; Consent; Legal Obligation; Vital Interest and Public Tasks. More information is available from the Information Commissioner’s Office at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
Record keeping for Taxation; PAYE, pensions and NI for employees and partners.
Provision against money laundering to confirm our compliance with cash limits and to enable us to assist authorities in relation to tax, money laundering and theft investigations where asked to provide information.
To combat fraud and forgery unlimited by time.
Details of goods sold for accounting purposes and for CGT, Inheritance tax, DACS and VAT.
We have to retain details of clients and valuations for our insurers in the event of claims for professional negligence.
Ownership details. Required for retention for an unlimited period (ie against title claims.)
Details of and images of goods required for transactional record purposes to go in catalogues and on line on our website and other third party auction platforms.
Marketing and advising buyers of goods coming up for sale which they may be interested in as traders or collectors.
Bank details of staff, partners, suppliers, buyers and sellers held in our GAP Office software and on third party bank website principally for recurring payments
Uses made of the information:
We use information held about you in the following ways:
For the course of usual business – including advertising items for auction to online websites, advertising items in printed forms (magazines, newspapers etc) and for other auction-related purposes.
To provide you with information, products or services that you request from us or which we feel may interest you. If you do not wish to receive such information, please let us know now or at any time in the future, and your details will be removed from our marketing list.
We will not provide your personal data to third party organisations to use for their own marketing purposes;
To notify you about changes to our service;
We may also process your personal data because it is necessary for our or a third party’s legitimate interests. Our legitimate interests include our commercial interests. In this respect, we may use your personal data for the following:
To deal with any concerns or feedback you may have in the performance of the Services.
For our internal business record keeping and processes.
To seek advice on our rights and obligations, including obtaining legal advice.
To collect money owed to us or our consignors.
To carry out background and credit checks in relation to bidders and buyers.
In this respect we will provide your data to the following:
the-saleroom.com or any other such live auction sites that you have registered with for accessing our services.
Courier / Postal services with which you have agreed to use.
Debt collection agencies.
Our professional advisors.
GDPR provides the individual with a number of rights relating to your personal data such as the right to:
1. Be informed about the collection and usage of your personal data;
2. Have any errors relating to personal data corrected;
3. Request that your personal data is deleted;
4. Ask that the processing of your personal data is restricted;
5. Object to your personal data being processed in certain circumstances;
6. Ask for a copy of your personal data (known as a Subject Access Report) held by MAI.
Please note that the above rights are not absolute, and we may be entitled to refuse requests where exceptions apply.
Our Legal obligations:
We may process your Personal Data for our compliance with our legal obligations. In this respect, we may use your Personal Data for the following: To meet our compliance and regulatory obligations, such as our tax reporting requirements or to carry out identity checks. To assist with investigations (including criminal investigations) carried out by competent authorities; In this respect we will provide your data to the following: external auditors; the police and other competent authorities, including HMRC.
How long your information is kept:
We will retain your personal data for as long as we are providing you with the Services referred to in any contractual document, and for as long as is required for legal, regulatory, fraud prevention and our legitimate business purposes after the termination of your account/ agreement with us, or if your application for a particular Service is declined or abandoned.
In relation to CCTV images taken when you attend our premises, we will retain these images for a few months;
In relation to personal data relating to the transactions you have entered into with us as part of the provision of our Services, we will retain that data for period of seven years after that transaction has concluded in case any legal claims arise out of the provision of those Services.
We will retain your details on our marketing database until you inform us that you no longer wish to receive our marketing communications. However, where you do unsubscribe from our marketing communications we will keep your details on a suppression list to ensure that we do not send you information you have asked not to receive;
In relation to personal data relating to the provenance of works, we may retain that data indefinitely in our legitimate interests and the legitimate interests of the wider art market in maintaining the integrity of that market.