1 Information on the collection of personal data
(1) The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit our website. The term „personal data“ comprises all data that can be used to personally identify you, e.g. name, address, email-addresses, user behaviour.
(2) The person responsible according to Art. 4 Sect. 7 EU General Data Protection Regulation GDPR is:
Van Ham Kunstauktionen GmbH & Co. KG
50968 Cologne, Germany
Telephone: +49 (221) 92 58 62-0
E-mail: firstname.lastname@example.org (cf. our imprint).
(3) The appointed data protection officer for Van Ham Kunstauktionen GmbH & Co. KG is Mr. Markus Weuthen. You can contact the data protection officer at:
EU-CON BeraterForum GmbH
Waldfeuchter Str. 266
52525 Heinsberg, Germany
Telephone: +49 (0) 2452 – 99 33 11
(4) When you contact us by e-mail or via a contact form, the data you provide us with (your e-mail address, if applicable your name and telephone number) will be saved by us in order to answer your questions. We delete the data collected in this context after storage is no longer required, or restrict processing if there are legal retention obligations.
(5) If we wish to use contracted service providers for individual features of our services or to use your data for advertising purposes, we herewith inform you in detail about the respective processes. We also specify the criteria for the storage period.
2 Your rights
(1) You have the following right in relation to us regarding your personal data:
(2) You moreover have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
3 Collection of personal data when you visit our website
(1) If you only wish to use our website for information purposes, i.e. if you do not register or otherwise provide us with information, only the personal data transmitted by your browser to our server will be collected. If you wish to consult our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (legal basis: Art. 6 Sect. 1 S.1 lit. f GDPR):
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are placed on your hard drive and assigned to the browser you are using and through which certain information flows to the location that sets the cookie (here by us). Cookies cannot execute programmes or transmit viruses to your computer. They serve to make the internet offer more user-friendly and effective.
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
Duty to provide information when collecting personal data
Transient cookies (see b)
Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
d) You can set your browser settings to suit your wishes and, for example, reject third-party cookies or all cookies. We would like to point out that in this case the functions of this website may be limited.
4 Further functions and offers of our website
(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you will generally have to provide further personal data which we use to provide the respective service and to which the aforementioned data processing policies apply.
(2) In some cases we use external service providers for the processing of your data. These have been carefully selected and commissioned by us, are bound by our instructions and are checked regularly.
(3) We may also pass on your personal data to third parties in the case of competitions, participation in promotions, conclusion of contracts or similar services if the services are offered in cooperation with a partner. You will receive detailed information on this when you provide your personal data or below in the description of the offer.
(4) If our service providers or partners have their place of business in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
5 Objection or revocation against the processing of your data
(1) If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have given it to us.
(2) You have the right to object to the processing, provided that we base the processing of your personal data on a weighing of interests. This is the case, if the processing is not necessary in particular for the fulfilment of a contract with you, which is explained by us in the following description of the functions. Should you file an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we continue the processing; if the processing does not serve the assertion, exercise or defence of legal claims.
(3) You can of course object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us about your advertising objection by using the following contact data: email@example.com.
6 Automated decisions including profiling
You have the right not to be subject to any decision based solely on automated processing, including profiling, or to have any legal effect on you or similarly to have any significant adverse effect on you. There is no automated decision-making on the basis of the personal data collected.
Special forms of use by the website
7 Collection of access data and log files
We create server log files on the basis of our legitimate interests in the sense of Art. 6 Sect. 1 lit. f GDPR. The following data will be collected: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (previously visited page), IP address and requesting provider.
For security reasons, the log file information is stored for a maximum of 7 days and then deleted. Data, the further storage of which is necessary for evidence purposes (e.g. in cases of misuse), are excluded from deletion until the respective incident has been finally clarified.
8 Use of our web shop
(1) If you want to order in our webshop, we need personal data for the order processing. The required mandatory information is marked, all other information is voluntary. We process the data provided by you in order to process your order. For this purpose we may pass on your payment data to our house bank. The legal basis for this is Art. 6 Sect. 1 lit. b GDPR.
You have the possibility to create a customer account with which we can store the data you provide for later purchases. These data are stored revocably when the account is opened and can be deleted by you at any time in the customer area.
We may also process the information you provide to inform you about other interesting products in our portfolio or to send you technical information by e-mail.
(2) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after the transaction has been completed, we restrict the processing, i.e. your data will only be used to comply with legal obligations.
(3) To prevent unauthorized access by third parties to your personal data, in particular financial data, the order process is encrypted using TLS technology.
(1) We send newsletters, e-mails and other electronic notifications with advertising information only with the consent of the recipient. The declaration of consent lists the goods and services advertised.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration we will send you an e-mail to the given e-mail address in which we will ask you to confirm that you wish to receive the newsletter. This is to ensure that you are actually the owner of the email address you entered. In addition, any misuse of your personal data can be identified this way. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the dates of registration and confirmation.
(3) To send the newsletter you only need to enter your e-mail address. All other information is voluntary and will be used to personalise the newsletter. After your confirmation we save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 Sect. 1 S. 1 lit. a GDPR.
(4) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can withdraw your consent by clicking on the link provided in every newsletter e-mail, by sending an e-mail to firstname.lastname@example.org or by sending a message to the contact details given in the imprint. After unsubscribing from the newsletter, it can take up to 7 days for technical reasons to ensure that you do not receive another automated newsletter.
Newsletter – AM2
The newsletter is sent by LuTED Soft GmbH, Technologiepark 24, 22946 Trittau, Germany. For further information on data processing by LuTED Soft GmbH, please contact the service provider directly. The shipping service provider will be informed on the basis of our legitimate interests according to Art. 6 Sect. 1 lit. f. GDPR and an order processing contract in accordance with Art. 28 Sect. 3 S. 1 GDPR.
The dispatch service provider can use the data of the recipients in pseudonymous form, i.e. without allocation to a user, e.g. to optimise or improve its own service, e.g. for technical optimisation of the dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass the data on to third parties.
10 Use of Google Analytics
(2) The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
(4) This website uses Google Analytics with the extension "_anonymizelp()". This means that IP addresses are further processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you is linked to a person, this is excluded immediately and the personal data is deleted immediately.
(5) Google Analytics uses the following cookies for analysis:
a) _ga: This cookie is used to analyse your user behaviour. You can be distinguished from other users by means of randomly generated data. Thus, this cookie is not used to identify individuals and expires after two years.
b) _gid: This cookie is used to analyse your user behaviour. You can be distinguished from other users by means of randomly generated data. Thus, this cookie is not used to identify individuals and expires after 24 hours.
c) _gat: This cookie is used to analyze the request rate/number. It contains the ID of the linked "Google Analytics" accounts, but is not used to identify individuals and expires after one minute.
(6) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Sect. 1 S. 1 lit. f GDPR.
(8) This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under "My data", "Personal info".
11 Google Tag Manager
12 Integration of Youtube videos
(1) We have included YouTube videos on our website which are stored on www.YouTube.com and can be played directly from our website.
(2) When you visit our website, the information that you have visited the relevant page is transmitted to YouTube. In addition, the information referred to in Art. 3 of this statement will be provided. It does not matter whether you are logged in to a user account provided by YouTube. If you are logged in to Google, this data will be assigned directly to your account. If you wish to prevent this assignment, you must log out before clicking on the button. YouTube creates a user profile with your data and uses it for advertising purposes, for market research and/or for the demand-oriented design of its website. You can object to the creation of these user profiles, in which case you must contact YouTube directly.
Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Famework.
13 Integration of Google Maps
(1) We have included Google Maps on this website. This allows you to use interactive maps directly on our website.
(2) When you visit our website, the information that you have visited the relevant page is transmitted to Google. In addition, the data referred to in Art. 3 of this statement will be transmitted. It does not matter whether you are logged in to a user account provided by Google. If you are logged in to Google, this data is assigned directly to your account. If you want to prevent this assignment, you must log out before clicking on the button. Google uses your data to create a user profile and uses it for advertising purposes, market research and/or to tailor its website to meet your needs. You may object to the creation of these user profiles, in which case you must contact Google directly.
(3) Further information on the purpose and scope of the data collection and its processing by the plug-in provider can be found in the provider's data protection declarations. There you will also find further information on your rights in this regard and setting options to protect your privacy: policies.google.com/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.
14 Online presences in social media
(1) We maintain various online presences in social media networks. By operating these pages, we pursue the interest of drawing attention to our company, our products and services and of making contact with visitors to the site. When you visit our site, your personal data is collected by the provider. Even if you are not registered with or logged into the network, the provider may collect and store your IP address and other identifiers. We have no influence on which data is collected by the provider and we do not have full access to the collected data. We can only see the information you publish.
(2) Your user data will also be processed for market research and advertising purposes. This allows user profiles to be created from your user behaviour, which can be used, for example, to display targeted advertisements outside the platform. For this purpose, your usage behaviour is stored, for example, in cookies on your terminal device.
(3) Should you wish to make use of your rights (e.g. right to information or your right to correction or deletion), you should in this case contact the provider directly, as only he has full access to your account and your data. In this context, however, we are happy to offer you our help if you have any questions or problems.
(4) This site is operated on the basis of our legitimate interests, i.e. interest in the secure and efficient provision, analysis and optimisation of our online services, as well as a modern opportunity for interaction for and with our users and visitors in accordance with Art. 6 Sect. 1 lit. f. GDPR.
(5) Further information on the purpose and scope of data collection and its processing by the provider can be found in the following data protection declarations of these providers. There you will also find further information on your rights in this regard and setting options to protect your privacy.
a) Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), Facebook pages based on a joint processing agreement for personal data - privacy statement: www.facebook.com/about/privacy/, Opt-Out: www.facebook.com/about/privacy/=ads and www.youronlinechoices.com, Facebook has submitted to the EU-US Privacy Shield, www.privacyshield.gov/participant.
b) Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) - privacy statement / opt-out: instagram.com/about/legal/privacy/.
c) Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) - privacy statement / opt-out: about.pinterest.com/de/privacy-policy.
15 Processing of personal data by the person responsible for the online application procedure
We process the applicants' personal data in accordance with the legal requirements for the purpose of handling the application procedure and implementing pre-contractual measures within the terms of Art. 6 Sect. 1 lit. b. GDPR Art. 6 Sect. 1 lit. f. DSGVO. By submitting an application on our recruiting page, you express your interest in taking up employment with us. In this context, you provide us with personal data which we use and store exclusively for the purpose of your job search/application.
In particular, the following data will be collected:
You also have the opportunity to upload meaningful documents such as a cover letter, your CV and certificates. This may contain other personal data such as date of birth, address, etc.
Only authorized employees from the personnel area or employees involved in the application procedure have access to your data.
Personal data is stored exclusively for the purpose of filling the vacant position for which you have applied.
Your data will be stored for a period of six months after the end of the application procedure. As a rule, this is done in order to fulfil legal obligations or to ward off any claims arising from statutory regulations. We are then obliged to delete or anonymise your data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (e.g. proportion of women or men in applications, number of applications per period, etc.).
In addition, we reserve the right to store your data for inclusion in our "Talent Pool" for 6 months after completion of the application process in order to identify any other interesting positions for you. This also applies, for example, to applications for apprenticeships or internships. By accepting the data protection declaration, you consent to any further storage of your data and its inclusion in our "Talent Pool". If you do not wish to be included in our Talent Pool, please let us know by sending a short e-mail to email@example.com You can revoke your consent at any time.
If you receive an offer of employment with us as part of the application process and accept it, we will store the personal data collected as part of the application process for at least the duration of the employment relationship.
Definitions of terms
Anonymisation is the modification of personal data in such a way that the individual details of personal or factual circumstances can no longer be attributed to a specific or identifiable natural person, or can only be attributed to such a person with a disproportionate amount of time, expense and labour.
According to Art. 4 No. 8 GDPR, a processor is "a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller".
A person whose personal data is collected, processed or used.
Natural persons are individuals, families and other groups of people with a personal sphere. Sole traders - whether entered in the commercial register or not - are also included.
Legal entities are corporations and registered associations as well as partnerships.
Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person (data subject).
This includes all the information that says something about a person. This information does not necessarily have to refer to a specific person (e.g. the name or a photo of the person concerned), it is sufficient that a reference can be made to the person in question. "The phone number on the display tells us who the caller is. An e-mail address often tells us the name and employer of the sender without us already having personal contact with him or her".
Pseudonymisation means „the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person“.
„Factual circumstances“ are statements about facts that relate to the data subject and, for example, make him or her identifiable. This includes information on income, assets, contractual relationships and the extent of Internet use.
Sensitive categories of personal data
Art. 9 GDPR states: “Processing of personal data revealing racial or eth- nic origin, political opinions, religious or philo- sophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural per- son, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited“.
Processing refers to the storage, modification, transmission, blocking and deletion of personal data.
Collection means the collection of data about data subjects.
Use means any use of personal data that is not regulated under "Processing".
Deletion means everything from making personal data unrecognisable to "destroying" it.
Proof of identity may be, for example, an identity card, passport or driving licence, etc. To ensure that only the data necessary to prove your identity (first and last name, address if applicable) are transmitted, you are required to make other data, e.g. photo, information on your nationality, place of birth, size, eye colour, sex, the number and expiry date of the document and your signature in the copy before transmission unrecognizable.
If you need proof of your identity from VAN HAM Kunstauktionen GmbH & Co. KG, Hitzelerstraße 2, 50968 Cologne, VAN HAM is responsible for processing your personal data. VAN HAM has appointed Markus Weuthen, EU-CON Beraterforum GmbH, as data protection officer.
If you submit proof of identity that does not contain the necessary information, your name, address and date of birth will be processed. If you do not make the information that is not required unrecognisable, then, for example, use your passport or ID card photo to transmit so-called biometric data to VAN HAM, which allows clear identification (e.g. based on your face shape), references to your ethical origin and possibly to your religion or health. In such a case, your consent also refers to this information.
The legal basis for processing your personal data, in particular, if applicable, your biometric data, is your consent pursuant to Art 6 para. 1 lit. a) DS-GMO, which you can revoke at any time without giving reasons.
Only VAN HAM employees have access to your personal data. VAN HAM itself employs external service providers for the maintenance of its information technology, who may have access to your personal data within the scope of their activities. Your personal data will be stored on our VAN HAM servers at Hitzelerstraße 2, 50968 Cologne.
VAN HAM does not use your personal data for automated decision making. VAN HAM will not create profiles from your personal data.
Your data will only be processed by VAN HAM within the territory of the European Union.
If you send your proof of identity to VAN HAM, it will be kept for a period of two years; your declaration of consent also refers to this retention period. Your personal data will be deleted if you have revoked your consent for processing or if the personal data are no longer required to fulfil the purpose for which they were processed. If you object to the processing of your proof of identity, it will be deleted within one week after receipt of the objection and will not be used again.
You can revoke your consent at any time without giving reasons with effect for the future by e-mail to firstname.lastname@example.org You can contact VAN HAM either in writing or by e-mail to email@example.com to exercise the following rights:
I have read and understood this declaration of consent to the processing of personal data and agree; if I do not obscure the biometric data on the copy of my proof of identity, my consent expressly refers to the processing of biometric data.
As of May 2018