Privacy Policy Facebook Page Van Ham
Responsible for data processing
Person responsible for the processing of personal data within the terms of the EU General Data Protection Regulation (GDPR):
Person responsible for the processing of personal data within the terms of the EU General Data Protection Regulation (GDPR):
Van Ham Kunstauktionen GmbH & Co. KG
Hitzelerstr. 2
50968 Cologne
GERMANY
+49 (221) 92 58 62-0
info@van-ham.com
Data Protection Officer
exkulpa gmbh
Waldfeuchter Str. 266
52525 Heinsberg
GERMANY
Telephone: +49 (2452) 99 33 11
Email: datenschutz@van-ham.com
General information
This Data Protection Declaration meets the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. It includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting a website. Information for which we cannot (or can only with a disproportionate effort) establish a reference to your person, e.g. by anonymization, is not personal data. The processing of personal data (e.g., collection, retrieval, use, storage, or transmission) always requires a legal justification and a defined purpose.
Stored personal data will be deleted as soon as the purpose of its processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Apart from this, in individual cases we will store your personal data for the purpose of asserting, exercising, or defending legal claims and in the event of existing statutory storage obligations.
Information according to Art. 13 GDPR
This information is directed at customers, interested parties, suppliers, and employees. We process your personal data for the following purposes:
Categories of recipients of personal data
Within our company, employees only have access to the data that they absolutely need to fulfil their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected service providers who have been commissioned in accordance with data protection regulations and who are based within the EEA. If service providers commissioned by us are given access to personal data during the performance of their services, these service providers have entered into controller processor agreements with us in accordance with Art. 28 (3) GDPR.
Duration of data storage
The data we process will be stored for the duration of the existence and execution of the contractual relationship and in compliance with statutory storage periods. These are, in particular, commercial and tax storage obligations according to the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular storage and documentation periods are up to ten years. If no contractual relationship is established, we process the data only for as long as the specific purpose requires.
Your data subject rights
As a data subject, you have the following rights with regard to the personal data concerning you:
Of course, you can also object to the processing of your personal data for advertising purposes at any time. Please address your objection to this to our address or email address given in the company information section.
If you have any questions regarding data protection, please contact us via email to the address provided in the company information section.
Data processing in accordance with the Money Laundering Prevention Act
According to Sec. 2 (1) GwG (Geldwäschepreventionsgesetz = Money Laundering Prevention Act) we are obliged to comply with measures to prevent money laundering and the financing of terrorism. The legally required measures include the identification of contractual partners (Sec. 11 GwG) if a certain transaction amount is exceeded. Under certain circumstances we are also obliged to report suspicious transactions or transaction intentions (Secs. 27 et seq. GwG). Within the scope of the mandatory identification and/or reporting, we collect personal data and, if necessary, forward it to the Central Office for Financial Transaction Investigations (FIU). The legal basis for data collection and disclosure is Art. 6 (1c) GDPR in conjunction with the respective legal provisions of the GwG. Unless other legal provisions on recording and storage obligations provide for a longer period in individual cases, we are obliged to store the data for five years. After the retention period has expired, the data will be destroyed in accordance with data protection regulations without the need for a separate request to do so.
Proof of identity may be, for example, an identity card or passport, etc.
Person responsible
If you send your proof of identity to VAN HAM Kunstauktionen GmbH & Co. KG, Hitzelerstrasse 2, 50968 Cologne, Germany, then VAN HAM is responsible for processing your personal data. You can reach our data protection officer at the contact details given above.
Legal basis for processing
The legal basis for processing your personal data, in particular your biometric data, if applicable, is your consent pursuant to Art. 6 (1a) GDPR, which you can revoke at any time without giving reasons.
Consignees
Only VAN HAM employees have access to your personal data. VAN HAM itself employs external service providers for the maintenance of its information technology, who may be given access to your personal data within the scope of their activities. Your personal data will be stored on our VAN HAM servers at Hitzelerstrasse 2, 50968 Cologne, Germany.
Cookies
Cookies are small text files. While you visit our website they are sent to your browser, where they are then stored. As an alternative to the use of cookies, information can also be stored locally in your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies allow us to perform various analyses, enabling us, for example, to recognize your browser when you revisit our website or to transmit various information to us (nonessential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g., country and language settings). If third parties process information via cookies, they collect the information directly from your browser. Cookies do not cause any damage to your device. They cannot execute programs or contain viruses.
We provide information about the respective services for which we use cookies in the individual processing procedures. You can find detailed information about the cookies used in the cookie settings or in the Consent Manager of this website.
Your rights
Under the conditions of the legal provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:
Data processing in detail
In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data, and the respective storage periods. An automated decision in individual cases, including profiling, does not occur.
Website provision
When you access and use our website, we collect your personal data which your browser automatically transmits to our server. The following information is stored temporarily in a so-called log file:
Our website is not hosted by us but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for the purpose of providing the website.
The host is employed for the purpose of fulfilling contractual obligations to our potential and existing customers (Art. 6 (1b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offerings by a professional provider (Art. 6 (1f) GDPR).
We employ the following host:
Bergnet GmbH
Feilenhauerstrasse 6
51789 Lindlar
GERMANY
Contact form
Type and scope of processing
If you send us inquiries (e.g., via contact form, email, or phone), we store all data resulting from this (e.g., name, email address, subject of inquiry, etc.). We need this data to process your inquiry and to be able to answer follow-up questions. We do not pass on this data without your consent.
Purpose and legal basis
The processing of this data is performed according to Art. 6 (1b) GDPR if your request is related to the execution of a contract or is necessary for the performance of precontractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1f) GDPR) or on your consent (Art. 6 (1a) GDPR) if you have given it beforehand.
Storage period
The data you have entered in the contact form will remain with us until you request us to delete it, you revoke your consent to store it, or the purpose for storing the data no longer applies (e.g., after we have completed processing your inquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
Contact form for job applicants
Type and scope of processing
On our website, you have the option of submitting an application to us (e.g., by email, post, or via online application form).
Purpose and legal basis
We process the personal data of applicants in accordance with the legal requirements for the purpose of handling the application process and carrying out precontractual measures within the context of Art. 6 (1b) GDPR and Sec. 26 Federal Data Protection Act according to German law (initiation of an employment relationship) and – if you have given your consent – Art. 6 (1a) GDPR. The consent may be withdrawn at any time. Your personal data will only be passed on within our company to persons involved in processing your application.
If the application is successful, the data you submitted will be stored in our data processing systems on the basis of Sec. 26 Federal Data Protection Act and Art. 6 (1b) GDPR for the purpose of implementing the employment relationship.
Storage period
Your data will be stored for a period of six months beyond the end of the application process. This is generally done to fulfil legal obligations or to defend against any claims arising from legal regulations. Subsequently, we are required to delete or anonymize your data. In such case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, proportion of women or men in applications, number of applications per period, etc.).
If it is evident that the data will be required after the six-month period has expired (e.g., due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage no longer applies.
Inclusion in the pool of applicants
As part of the application process, we offer applicants the opportunity to be included in our “talent pool” for a period of 12 months on the basis of consent within the terms of Art. 6 (1a) GDPR.
The application documents in the talent pool will be processed solely in the context of future job postings and employee searches, and will be destroyed at the latest after the deadline expires. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application process, and that they can revoke this consent for the future at any time.
If you receive an offer of employment with us during the application process and you accept this offer, we will store the personal data collected as part of the application process for at least the duration of the employment relationship.
Newsletter
On this website we offer you our newsletter. If you would like to subscribe, we need your email address and other data that proves that this is in fact your email address and that you agree to subscribing to the newsletter. Beyond that, no personal data is collected unless you provide it voluntarily (e.g., name, telephone number, place of residence, etc.).
When processing the data you provide when registering for the newsletter, we rely exclusively on your consent according to Art. 6 (1a) GDPR as legal basis. You can revoke your consent to the future processing and storage of your personal data at any time (e.g., via the “Unsubscribe” link in the newsletter).
We store your personal data which you have provided for the purpose of receiving the newsletter until you unsubscribe from the newsletter with us or the service provider who distributes it. This does not apply to data of yours that we have stored for other purposes.
If you unsubscribe from the newsletter, your email address will be stored by us or the service provider in a blacklist for an indefinite period of time. This is done to prevent future mailings to you. The data from the blacklist will be used exclusively for this purpose and will not be merged with other data. This is not only in your interest, but also in our legitimate interest according to Art. 6 (1f) GDPR to fulfil our legal obligations when sending newsletters. You can object to the storage if your personal interests outweigh our legitimate interest.
MailerLite
This website uses MailerLite for sending newsletters. The provider is UAB “MailerLite”, J. Basanaviciaus 15, LT-03108 Vilnius, Lithuania.
MailerLite is a service that organizes and analyzes the sending of newsletters. Data that you enter to receive newsletters (e.g., your email address) is stored on MailerLite’s servers.
Data analysis by MailerLite
MailerLite offers the possibility to review the performance of our newsletter. We can determine whether a newsletter was opened, which links were clicked on, and which further actions were performed after opening/clicking on the newsletter, e.g., a purchase. With the help of MailerLite, we can thus analyze and evaluate our newsletter campaigns.
Furthermore, MailerLite offers the possibility to better adapt the newsletters to our target groups by dividing the newsletter recipients according to different categories, such as age, gender, or place of residence. If you are opposed to analysis by MailerLite, you can unsubscribe from the newsletter by clicking on a link. This link is available in every newsletter you receive.
You can get more information about MailerLite here:
https://www.mailerlite.com/features.
Legal basis
The processing of the data is based on your consent (Art. 6 (1a) GDPR). This consent can be withdrawn at any time. The legitimacy of the data processing operations already carried out remains unaffected by this.
The privacy policy of MailerLite can be found here:
https://www.mailerlite.com/legal/privacy-policy.
Storage period
Data that you provide to us for the purpose of sending the newsletter will be stored by us or the newsletter service provider. This applies until you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.
If you unsubscribe from our newsletter, we may store your email address in a blacklist. This way, we ensure that we do not send newsletters to people who have unsubscribed. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves your and our interest (Art. 6 (1f) GDPR) regarding compliance with the legal requirements when sending newsletters. The storage of your data in the blacklist is not limited in time. You have the right to object to the storage of data if your interest outweighs our legitimate interest.
Order processing
To ensure that personal data is processed according to our specifications and in compliance with the GDPR, we have concluded an order processing agreement (AVV) with the provider.
Registration of a user account
Type and scope of processing
For the use of certain areas of our website, you have the option to register for a user account. The information collected during registration via the required fields of the entry form is necessary for the provision of access to the user account. In addition, you may voluntarily provide additional information for supplementary (convenience) functions.
For the registration of a user account, your personal data will be disclosed exclusively in accordance with this Data Protection Declaration.
Purpose and legal basis
We process your data for the purpose of providing a user account to fulfil a contract with you according to Art. 6 (1b) GDPR.
Furthermore, the processing of additional voluntarily provided information for the purpose of providing further (comfort) functions is based on your consent according to Art. 6 (1a) GDPR. By deactivating the functions or by deleting the voluntary information in the user account, you can declare your revocation at any time with effect for the future according to Art. 7 (3) GDPR.
Storage period
We store your personal data in the context of providing the user account for as long as you are registered to our site. After deletion of the user account, your data will only continue to be stored if there are legal storage obligations (e.g., tax and commercial law).
Registration of a customer account
Processing of customer and contract data
We collect, process, and use your personal data only insofar as they are necessary for the establishment, modification, or execution of a legal transaction. This is done for the fulfilment of a contract or precontractual measures according to Art. 6 (1b) GDPR.
The collected customer data will be deleted after the completion of the assignment or the termination of the business relationship. Statutory storage periods remain unaffected.
When placing an order in our shop, we may initially collect the following data:
This data is collected
To prevent unauthorized access by third parties to your personal data, especially financial data, the ordering process is encrypted using TLS technology.
Data transmission upon contract conclusion for online shops, retailers, and shipping of goods
We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the handling of payments. A further transmission of the data does not take place or only if you have explicitly agreed to the transmission.
The basis for the data processing is the fulfilment of a contract or precontractual measures according to Art. 6 (1b) GDPR.
Credit checks
In the case of a purchase on invoice or any other method of payment for which we provide advance payment, we may carry out a credit check (scoring). For this purpose, we transmit your entered data (e.g., name, address, age, or bank details) to a credit agency. Based on this data, the probability of a payment default is determined. In the event of an excessive risk of nonpayment, we may refuse the payment method in question.
The basis for data processing is the fulfilment of a contract or precontractual measures according to Art. 6 (1b) GDPR, as well as the prevention of payment defaults (legitimate interest according to Art. 6 (1f) GDPR). If you have previously given your consent to your data being processed, this will be done solely on the basis of Art. 6 (1a) GDPR; the consent can be revoked at any time.
Payment services
We integrate third-party payment services on our website. When you make a purchase from us, your payment data (e.g., name, payment amount, account details, credit card number) is processed by the payment service provider for the purpose of payment processing. The respective contract and data protection provisions of the respective providers apply. The basis for the data processing is the fulfilment of a contract or precontractual measures according to Art. 6 (1b) GDPR as well as the interest in a payment process that is as smooth, convenient, and secure as possible (Art. 6 (1f) GDPR). If you have previously given your consent to your data being processed, this will be done solely on the basis of Art. 6 (1a) GDPR; the consent can be revoked at any time.
We use the following payment service providers:
Nexi GmbH, Helfmann-Park 7, 65760 Eschborn, Germany. For more information on data processing at Nexi, please go to https://www.nexi.de/de/legal-footer/datenschutzerklaerung .
Presence on social media platforms
Data processing by social networks
We operate publicly accessible profiles on social networks. The social networks we use can be found in detail below.
Social networks, such as Facebook, X, etc., can generally analyze your user behaviour extensively. By visiting our social media sites, the following data protection–relevant processing operations are triggered:
If you are logged into your social media account and visit our profile, the operator of said social media can track your visit. Independently of this, the operator may also process your data (e.g., IP address) under certain circumstances if you are not logged into your account or you do not have an account at all.
The operator summarizes this data in user profiles where your preferences and interests are stored. These profiles are used for the placement of personalized advertisements inside and outside the respective social media presence. If you have an account with the respective social network, the personalized advertisements may be displayed on all devices on which you are or were logged in.
Depending on the platform, further processing operations may be performed by the operators of the social media portals, over which we have no control. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Legal basis
Our social media sites are designed to ensure the widest possible presence for us on the Internet within the meaning of Art. 6 (1f) GDPR. The analysis processes initiated by the operators of the social networks may have different legal bases. These must be specified by the respective providers.
Responsible party and assertion of rights
When you visit one of our social media sites (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. Principally, you can assert your rights (information, correction, deletion, restriction of processing, data transferability, and complaint) both against us and against the operator of the respective social media portal (e.g., against Facebook).
Despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our possibilities are largely determined by the corporate policy of the respective provider.
Storage period
The data collected directly by us via our social media site will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage, or the purpose for storing the data no longer applies. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have no influence on the storage period of your data collected by the social networks. For details, please contact the operators of the social networks directly (e.g., in their data privacy statement, see below).
Facebook page
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data collected is also transferred to the USA and other countries.
We have entered into a Joint Processing Agreement (Controller Addendum) with Facebook which specifies for which data processing operations we or Facebook are responsible. You can view this agreement by clicking on the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings independently in your user account. To do so, click on the following link to log in: https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, please go to: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
More information on data processing by Facebook can be found at https://www.facebook.com/about/privacy/.
Instagram page
We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, please go to: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 und https://de-de.facebook.com/help/566994660333381.
For details on their handling of your personal data, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.
LinkedIn page
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to disable the LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. For details, please go to: https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.
For details on their handling of your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
YouTube
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=de.
We have a profile on Pinterest. The operator is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. For details on their handling of your personal data, please refer to Pinterest’s privacy policy: https://policy.pinterest.com/de/privacy-policy.
January 2024
Call us at +49 (221) 92 58 62-0or write to us. We will process your request promptly and get back to you as soon as possible. If you would like us to call you back, please specify a time slot within our business hours (Mon-Fri 10 a.m. to 5 p.m.).