Data protection consent for the processing of proof of identity

Privacy Policy

1. Data Protection Overview

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. The term “personal data” comprises all data, which allows you to be personally identified. Detailed information on the subject of data protection can be found in our privacy policy listed below this text.

Data Collection on this Website

Who is responsible for data collection on this website?

The data processing on this website is carried out by the website operator, whose contact information can be found in the imprint of this website.

How do we collect your data?

For one, your data is collected when you provide it to us. This is the case, for example, with information that you enter into a contact form.

Other data is collected by our IT systems either automatically or after you give your consent upon visiting the website. These are mainly technical data (e.g. Internet browser, operating system or time of the page visit). This data is collected automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure the error-free functioning of the website. Other data can be used to analyse your user behaviour.

What rights do you have in regards to your data?

You have the right to receive information free of charge about the origin, recipient and purpose of your stored personal data at any time. You also have the right to demand the correction or deletion of this data. If you have given your consent to data processing, you can revoke this consent for the future at any time. In addition, you have the right to demand, under certain circumstances, the restriction of the processing of your personal data. Furthermore, you have the right of appeal to the responsible supervisory authority.

You can contact us at any time at the address given in the imprint for this and other questions on the subject of data protection and privacy.

Analysis Tools and Tools from Third Parties

When you visit this website, your surfing behaviour can be statistically evaluated. This is mainly done with so-called analysis programs.

Detailed information on these analysis programs can be found in the following privacy policy.

2. Hosting and Content Delivery Networks (CDN)

External Hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated by a website.

We use a hosting service for the purpose of fulfilling our contract with potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of providing a secure, fast and efficient access to our online offer through a professional provider (Art. 6 para. 1 lit. f GDPR).

Our host will only process your data to the extent that is necessary to fulfil their performance obligations and will follow our instructions regarding this data.

Conclusion of a Contract for Order Processing

In order to guarantee processing compliant with our data protection policy, we have concluded a contract for order processing with our host.

Content Delivery Network

We use a so-called "Content Delivery Network" (CDN), offered by StackPath, LLC, 2021 McKinney Avenue, Suite 1100 Dallas, Texas 75201, USA. StackPath has submitted to the EU-US Privacy Shield, (https://www.privacyshield.gov/participant?id=a2zt0000000CbahAAC&status=Active).

A CDN allows us to quickly deliver certain contents, especially large media files. This is done via a network of regionally distributed servers connected through the Internet. The processing of user data is carried out solely for the above-mentioned purposes and serves to maintain the security and functionality of the CDN.

The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimisation of our online offer.

For further information, please refer to StackPath's privacy policy: www.stackpath.com/legal/privacy-statement.

3. General Notes and Mandatory Information

Privacy

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations as well as with this privacy policy.

When you use this website, various personal data is collected. Personal data is data with which you can be personally identified. This privacy policy explains what data we collect and what we use it for. It also explains how we do this and for what purpose.

We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can have security gaps. It is not possible to completely protect data from access by third parties.

Note on the Responsible Party

The person responsible for data processing on this website is

VAN HAM Kunstauktionen GmbH Co. KG
Hitzelerstr. 2
50968 Köln

Telefon: +49 (221) 92 58 62-0
E-Mail: info@van-ham.com

Responsible party is the natural or legal person who, alone or jointly with others, decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Statutory Data Protection Officer

We have appointed a data protection officer for our company.

EU-CON BeraterForum GmbH
Waldfeuchter Str. 266
52525 Heinsberg

Telefon: +49 2452 - 99 33 11
E-Mail: datenschutz@van-ham.com

Revoking Your Consent to Data Processing

Many data processing operations are only possible with your express consent. You can revoke previously given consent at any time. The legality of the data processing that took place up to the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Advertising (Art. 21 GDPR)

If data processing is carried out on the basis of Art. 6 para. 1 letter e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you file an objection, we will no longer process your personal data concerned, unless we can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims (objection pursuant to Art. 21 Par. 1 GDPR).

If your personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is connected with such direct marketing. If you object, your personal data will no longer be used for the purpose of direct marketing (objection under Art. 21 para. 2 GDPR).

Right to Appeal to the Responsible Supervisory Authority

In the case of violations of the GDPR, the persons concerned have a right of appeal to a supervisory authority, in particular in the member state of their habitual residence, place of work or place of the suspected violation. This right of appeal exists, unaffected by other administrative or judicial remedies.

Right to Data Portability

You have the right to have data, which we process automatically on the basis of your consent or in fulfilment of a contract, handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser search bar.

If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, Deletion and Correction

Within the framework of the applicable legal provisions, you have the right to obtain information free of charge at any time about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to correct or delete this data. For this purpose, as well as for further questions regarding personal data, you can contact us at any time at the address given in the imprint.

Right to Restriction of Processing

You have the right to request that the processing of your personal data be restricted. To do so, you can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:

  • If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the review, you have the right to demand the restriction of the processing of your personal data.
  • If the processing of your personal data was/is unlawful, you can demand the restriction of the data processing instead of deletion.
  • If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
  • If you have lodged an objection in accordance with Art. 21 Paragraph 1 GDPR, a deliberation must be held between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to demand the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.

4. Data Collection on this Website

Cookies

Our Internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are either temporarily stored on your device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for the processing of payment services).

Cookies have various functions. Many cookies are a technical necessity, as certain website functions would not work without them (e.g. the shopping basket function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.

Cookies that are required to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping basket function) or to optimise the website (e.g. cookies for measuring the web audience) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is given. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of services. If consent to the storage of cookies has been requested, the storage of the cookies in question will be carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR); the consent can be revoked at any time.

You can adjust your browser settings to be informed about the activation of cookies and allow cookies only in individual cases, exclude the acceptance of cookies for specific cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within this privacy policy and, if necessary, request your consent.

Cookie Consent with Cookiebot

Our website uses Cookie-Consent-Technology from Cookiebot to obtain your consent to the storage of certain cookies in your browser and to document these in a data protection-compliant manner. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereafter Cookiebot).

When you enter our website, a Cookiebot cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not passed on to the provider of Cookiebot.

The collected data is stored until you request us to delete it or until you delete the Cookiebot cookie itself or until the purpose for which the data is stored no longer applies. Mandatory legal retention periods remain unaffected. Details on data processing by Cookiebot can be found at www.cookiebot.com/de/privacy-policy/

The Cookiebot-Cookie-Consent-Technology is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 p. 1 lit. c GDPR.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system
  • Referrer URL
  • Hostname of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The collection of these data is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of their website - for this purpose the server log files must be recorded.

Contact Form

If you send us inquiries via our contact form, the details you enter into the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, in the case that your inquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), provided that the inquiry was made.

The data entered by you in the contact form will be stored by us until you request us to delete it, revoke your consent to its storage, or the purpose for which it was stored ceases to apply (e.g. after your inquiry has been processed). Mandatory legal provisions - in particular retention periods - remain unaffected.

Inquiry via E-mail, Telephone or Fax

If you contact us by e-mail, telephone or fax, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 para. 1 lit. b GDPR, in the case that your inquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), provided that the inquiry was made.

The data you send us via contact inquiries will be stored by us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. after your request has been processed). Mandatory legal provisions - in particular legal retention periods - remain unaffected.

Registering on this Website

You can register on this website in order to access additional features. The data you enter will only be used for the purpose of using the respective offer or service for which you have registered. The mandatory data requested during registration must be provided in full. Otherwise we will refuse the registration.

In the event of important changes, for example concerning the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you.

The data entered during registration is used for the purpose of implementing the user relationship established by the registration and, if applicable, for the initiation of further contracts (Art. 6 para. 1 lit. b GDPR).

The data entered during registration is stored by us for as long as you are registered on this website and is then deleted. Legal retention periods remain unaffected.

Use of the Member Area (Login Area)

We offer visitors the use of the member area on our website. You can register your access to this space by entering your email address, a password of your choice and your freely selectable user name. When choosing a user name, we recommend the use of a pseudonym. The provision of this data is obligatory, all other data can be provided voluntarily. We use the so-called double-opt-in procedure for registration, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained in a confirmation e-mail sent to you for this purpose. If you do not confirm within 12 months, your registration will be automatically deleted from our database.

The member account will be deleted by us if it has been inactive for five years. Before we delete your account, we will inform you in time.

5. Analysis-Tools and Advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page clicks, length of stay, operating system and the origin of the user. This data may be summarized by Google in a profile which is assigned to the respective user or his terminal device.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google on the use of this website is usually transferred to a Google server in the USA and stored there.

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both their website and their advertising. If the appropriate consent has been given (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

IP Anonymisation

We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the Internet. The IP address transmitted by your browser within the scope of Google Analytics is not combined with other data from Google.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

For more information on how Google Analytics handles user data, please refer to the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en.

Order Processing

We have concluded a contract with Google for order processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage Period

User and event related data stored at Google that is linked to cookies, user IDs (e.g., User ID) or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. Details can be found under the following link: https://support.google.com/analytics/answer/7667196?hl=en

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted advertisements can be played out on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). We as website operators can evaluate this data quantitatively, for example by analysing which search terms led to the display of our ads and how many ads led to corresponding clicks.

The use of Google Ads is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in marketing his service products as effectively as possible.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Conversion Tracking allows Google and us to see if the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they performed. We do not receive any information that can be used to personally identify the user. Google itself uses cookies or comparable recognition technologies for identification purposes.

The use of Google Conversion Tracking is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behaviour in order to optimise both his website and his advertising. If appropriate  consent has been given (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

More information on Google Conversion Tracking can be found in the Google Privacy Policy: https://policies.google.com/privacy?hl=en.

Facebook Pixel

This website measures conversion by using Facebook's visitor action pixels. This service is provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the United States and other third countries.

This service allows the behaviour of site visitors to be tracked after they have clicked on a Facebook advertisement in order to be redirected to the provider's website. This in turn allows us to evaluate the effectiveness of Facebook Ads for statistical and market research purposes and to optimise future advertising efforts.

The collected data is anonymous to us as the operator of this website. We cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook Privacy Policy. This allows Facebook to enable the placement of advertisements on pages of Facebook and outside of Facebook. This use of the data cannot be influenced by us as a site operator.

The use of Facebook pixels is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in effective advertising measures, including social media. If appropriate consent has been given (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

You can find further information on the protection of your privacy in the Facebook data protection information: https://de-de.facebook.com/about/privacy/.

You can also deactivate the remarketing function "Custom Audiences" in the settings for advertisements section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen . To do so, you must be logged in to Facebook.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

6. Newsletter

Newsletter­ Data

If you would like to receive the newsletter offered on the website, we will need an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. Further data will not be collected or only on a voluntary basis. We use these data exclusively for sending the requested information and do not pass them on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address as well as its use for sending the newsletter at any time, e.g. via the "unsubscribe" link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you have provided us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you have cancelled your subscription. Data that has been stored by us for other purposes remains unaffected.

After you have been removed from the newsletter distribution list, your e-mail address may be stored in a blacklist by us or the newsletter service provider to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

This website uses MailerLite to send newsletters. Provider is the MailerLite UAB Paupio g. 246, LT-11341 Vilnius. MailerLite is a service used to organize and analyse the sending of newsletters. The data you enter to subscribe to the newsletter (e.g. e-mail address) is stored on MailerLite's servers in the EU.

Our newsletters sent with MailerLite enable us to analyse the behaviour of the newsletter recipients. Among other things, we can analyse how many recipients opened the newsletter message and how often which link in the newsletter was clicked. Conversion tracking can also be used to analyse whether a previously defined action (e.g. purchase of a product on this website) took place after clicking on the link in the newsletter. For more information on data analysis by MailerLite newsletter, please visit: https://www.mailerlite.com/legal/privacy-policy.

The data processing is based on your consent (Art. 6 para. 1 lit. a D GDPR). You can revoke this consent at any time by unsubscribing to the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

If you do not want MailerLite to analyse your data, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe directly on the website.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected.

After you have been removed from the newsletter distribution list, your e-mail address may be stored in a blacklist by us or the newsletter service provider to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in compliance with the legal requirements when sending newsletters (legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

Conclusion of a Contract for Order Processing

We have concluded an agreement with the provider of MailerLite for order processing and fully implement the strict requirements of the German data protection authorities when using MailerLite.

7. Plugins and Tools

YouTube with Enhanced Privacy

This website integrates videos from YouTube. This site is operated by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in enhanced privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this site before they watch the video. However, the enhanced privacy mode does not necessarily preclude the sharing of information with YouTube partners. For example, YouTube connects to the Google DoubleClick network regardless of whether you are watching a video.

As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged in to your YouTube account, you allow YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video or use comparable recognition technologies (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to gather video statistics, improve the user experience and prevent fraud.

Once a YouTube video is launched, it may trigger other data processing operations over which we have no control.

YouTube is used in the interest of creating an attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. If appropriate consent has been given, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

Further information about data protection on YouTube can be found in their privacy policy at: https://policies.google.com/privacy?hl=en.

Google Web Fonts

This site uses so-called web fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers.

You can find more information on Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

Google Maps

This site uses the map service Google Maps via an API. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of creating an attractive presentation of our online offers and to make it easy to find the places we have indicated on the website. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR. If the appropriate consent has been given, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time.

More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.

8. eCommerce and Payment Providers

Processing of Data  (Customer and Contract Data)

We collect, process and use personal data only to the extent that they are necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data on the use of this website (usage data) only to the extent necessary to enable the service for the user or to charge the user for the use of the service.

The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.

You have the possibility to create a customer account, with which we can store the data you provide for future purchases. This data is stored revocably when the account is opened and can be deleted by you at any time in the customer area.

When ordering in our store, we may initially collect the following data:

  • Salutation, first name, last name,
  • a valid e-mail address,
  • Address,
  • Telephone number (fixed and/or mobile)

The collection of this data is carried out,

  • to be able to identify you as our customer;
  • to be able to process, fulfil and handle your order;
  • to correspond with you;
  • for invoicing;
  • to process any liability claims that may exist and to assert any claims against you;
  • to ensure the technical administration of our website;
  • to manage our customer data.

To prevent unauthorized access to your personal data by third parties, especially financial data, the ordering process is encrypted using TLS technology.

We will only pass on your personal data to third parties if they are service partners directly involved in the contract processing. In cases where your personal data is passed on to third parties, we strictly adhere to the principle of data minimization.

We use the following payment service providers for the fulfilment of contracts on the basis of Art. 6 Par. 1 lit. b. GDPR or on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR in order to offer our customers effective and secure payment options:

Concardis GmbH, Helfmann-Park 7, 65760 Eschborn. You can find more information about data processing at Concardis at https://www.concardis.com/datenschutz.

Under certain circumstances, we or the payment service provider may carry out a credit check. The payment service provider uses the result of the credit assessment of the statistical probability of payment default for the purpose of deciding whether to provide the respective payment method. The information on creditworthiness may contain probability values (so-called score values). If score values are included in the result of the credit assessment, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, address information is included in the calculation of the score values.

Data Transmission upon Contract Conclusion for Online Shops, Retailers and Shipping of Goods

We only transfer personal data to third parties if this is necessary for the execution of the contract, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with the handling of payments. A further transmission of the data is not carried out or only if you have expressly agreed to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 Para. 1 lit. b GDPR which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

9. Audio and Video Conferences

Data Processing

Among other things, we use online conference tools for communication with our customers. The tools we use are listed below in detail. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide/use for the use of the tools (e-mail address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, the start and end (time) of participation in the conference, the number of participants and other "contextual information" in connection with the communication process (metadata).

Furthermore, the provider of the tool processes all technical data required for handling online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker, and the type of connection.

If content is exchanged, uploaded or provided in any other way within the tool, it will also be stored on the servers of the tool providers. Such content includes, in particular, cloud recordings, chat/ instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.

Please note that we do not have full control over the data processing operations of the tools used. Our options are largely determined by the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools used, which we have listed below this text.

Purpose and Legal Basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 para. 1 sentence 1 lit. b GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest in the sense of Art. 6 para. 1 lit. f GDPR). Insofar as consent has been granted, the use of the tools in question shall be based on this consent; the consent may be revoked at any time with effect for the future.

Storage Period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for which the data was stored no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. Please contact the operators of the conference tools directly for details.

Used Conference Tools

We use the following conference tools:

TeamViewer

We use TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen. You can find more information on data processing in TeamViewer’s privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.

Conclusion of a Contract for Order Processing

We have signed a contract with the provider of TeamViewer for order processing and fully implement the strict requirements of the German data protection authorities when using TeamViewer.

10. Own Services

Handling of Applicant Data

We offer the opportunity of applying for a job with us (e.g. by e-mail, by post or via online application form). In the following we will inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your is in accordance with the applicable data protection laws and all other legal requirements and that your data is treated in strict confidence.

Scope and Purpose of Data Collection

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) to the extent that this is necessary to make a decision on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-neu under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Within our company, your personal data will only be passed on to persons involved in the processing of your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG-neu and Art. 6 para. 1 lit. b GDPR for the purpose of carrying out the employment relationship.

Storage Period of the Data

If we are unable to offer you a job, if you reject a job offer or withdraw your application, we reserve the right to keep the data you have submitted with us for up to 6 months from the end of the application procedure (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 letter f GDPR). Afterwards, the data will be deleted and the physical application documents destroyed. In particular, this storage serves evidence purposes in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an imminent or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.

A longer storage period can also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations prevent deletion.

Inclusion in the Applicant Pool

If we do not offer you a job, there may be the possibility to add you to our pool of applicants. If you are accepted, all documents and details from your application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.

Admission to the applicant pool is based solely on your express consent (Art. 6 para. 1 lit. a GDPR). Your consent is voluntary and has no relation to the current application procedure. The person concerned can revoke his/her consent at any time. In this case, the data will be irrevocably deleted from the pool of applicants, unless there are legal reasons for retention.

The data will be irrevocably deleted from the applicant pool no later than two years after consent has been granted.

11. Our Social Media Presence

Data Processing through Social Media Networks

We maintain publicly accessible profiles in social networks. You can find the social networks we use in detail below.

As a rule, social networks such as Facebook, Twitter, etc. can analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). A visit to our social media sites triggers numerous privacy-relevant processing operations. In detail:

If you are logged in to your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. Your personal data may also be collected even if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your end device or by detection of your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, advertising related to your interests can be displayed to you both inside and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing on the social media portals. Depending on the provider, further processing may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policy of the respective social media portals.

Legal Basis

Our social media appearances are designed to ensure the widest possible presence for us on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsible Party and Assertion of Rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. Principally, you can assert your rights (information, correction, deletion, restriction of processing, data transferability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing procedures of the social media portals. Our possibilities are largely determined by the corporate policy of the respective provider.

Storage Period

The data collected directly by us via our social media presence will be deleted from our systems as soon as the purpose for storing them no longer applies, you request us to delete them, revoke your consent to storage or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social Networks in Detail

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

We have a joint processing agreement (Controller Addendum) with Facebook. This agreement defines the data processing operations for which we or Facebook are responsible when you visit our Facebook page. You can view this agreement under the following link:https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

You can find more detailed information in Facebook’s privacy policy here: https://www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. You can find details on Instagram’s processing of personal data in their privacy policy here: https://help.instagram.com/519522125107875.

Pinterest

We have a profile on Pinterest. The provider is Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA („Pinterest“). You can find details on Pinterest’s processing of personal data in their privacy policy here: https://policy.pinterest.com/de/privacy-policy

12. Data Processing in Accordance with the Money Laundering Prevention Act (GwG)

According to § 2 para. 1 GwG (Geldwäschepreventionsgesetz = Money Laundering Prevention Act, hereafter “GWG”) we are obliged to comply with measures to prevent money laundering and the financing of terrorism. The legally required measures include the identification of contractual partners (§ 11 GwG) if a certain transaction amount is exceeded. Under certain circumstances we are also obliged to report suspicious transactions or transaction intentions (§§ 27 ff. GwG). Within the scope of the prescribed identification and / or reporting, we collect personal data and, if necessary, forward it to the Central Office for Financial Transaction Investigations (FIU). The legal basis for data collection and disclosure is Art. 6 para. 1 lit. c) GDPR in conjunction with the respective legal provisions of the GWG. Unless other legal provisions on recording and storage obligations provide for a longer period in individual cases, we are obliged to store the data for five years. After the retention period has expired, the data will be destroyed in accordance with data protection regulations without the need for a separate request to do so.

13. Duties to Provide Information According to Art. 13 GDPR

This information is directed at customers, interested parties, suppliers and employees. Your personal data will be processed by us for the following purposes:

  • To fulfil our contractual obligations to which we are committed to you (Art. 6 para. 1 lit. b GDPR).
  • To carry out pre-contractual obligations (Art. 6 para. 1 lit. b GDPR).
  • To answer inquiries (Art. 6 para. 1 lit. b GDPR).
  • If you have given us your consent to process your personal data for specific purposes (e.g. to receive our newsletter), data processing will take place on the basis of your consent (Art. 6 para. 1 lit. a GDPR).
  • To fulfil legal obligations to which our company is subject (Art. 6 para. 1 lit. c GDPR).
  • Insofar as necessary, we also process your data to protect our legitimate interests, in particular to assert legal claims and to defend ourselves in the event of legal disputes or to guarantee IT security, to consult and exchange data with credit agencies to determine creditworthiness and default risks, for direct advertising and market research insofar as you have not objected to the use of your data for this purpose, for measures for business management and the further development of services and products, for measures to optimize products and sales, for measures to control risks, to prevent or solve criminal offences (Art. 6 para. 1 lit. f GDPR).

Categories of Recipients of Personal Data

Within our company employees only have access to the data that they absolutely need to fulfil their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected service providers who have been commissioned in accordance with data protection regulations and who are based within the EEA. If service providers commissioned by us are given access to personal data during the performance of your services, these service providers have entered into contract processing agreements with us in accordance with Art. 28 Para. 3 GDPR.

Duration of Data Storage

The data processed by us will be stored for the duration of the existence and execution of the contractual relationship and in compliance with statutory retention periods. These are in particular commercial and tax storage obligations according to the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular storage and documentation periods are up to ten years. If no contractual relationship is established, we process the data only for as long as the specific purpose requires.

Your Data Subject Rights

As a data subject, you have the following rights with regard to the personal data concerning you:

  • The right to obtain information about the personal data we process about you.
  • Right to correction or deletion, if they are incorrect, not up to date or unlawfully collected by us.
  • The right to limit processing if complete deletion is not possible, e.g. because we have to comply with statutory storage obligations.
  • Right to object to processing if the data processing is based on a deliberation of interests (the so-called legitimate interest), as described above under "Purpose of processing". This is the case in particular if the processing is not necessary for the fulfilment of a contract with you. When asserting your right of objection, please explain the reasons why we should not process your data as we have done.

Of course, you can also object to the processing of your personal data for advertising purposes at any time. Please address your objection to this to our address given in the imprint or send us an e-mail to datenschutz@van-ham.com

  • Right of revocation if you have given us your consent to process your data. You can assert your revocation at any time without giving reasons to our company. Please contact datenschutz@van-ham.com for this purpose.
  • In addition, you have the right to complain to a data protection supervisory authority about the processing of your personal data by our company.

If you have any questions regarding data protection, please contact us by e-mail at datenschutz@van-ham.com.

Proof of Identity

Proof of identity may be, for example, an identity card, passport or driving licence, etc. 

Person in charge

If you need proof of your identity from VAN HAM Kunstauktionen GmbH & Co. KG, Hitzelerstraße 2, 50968 Cologne, VAN HAM is responsible for processing your personal data. VAN HAM has appointed Markus Weuthen, EU-CON Beraterforum GmbH, as data protection officer.

Legal basis of the processing

The legal basis for processing your personal data, in particular, if applicable, your biometric data, is your consent pursuant to Art 6 para. 1 lit. a) DS-GMO, which you can revoke at any time without giving reasons.

Consignees

Only VAN HAM employees have access to your personal data. VAN HAM itself employs external service providers for the maintenance of its information technology, who may have access to your personal data within the scope of their activities. Your personal data will be stored on our VAN HAM servers at Hitzelerstraße 2, 50968 Cologne.

Automated decision making and profiling

VAN HAM does not use your personal data for automated decision making. VAN HAM will not create profiles from your personal data.

Transmission of your data

Your data will only be processed by VAN HAM within the territory of the European Union.

Storage time

If you send your proof of identity to VAN HAM, it will be kept for a period of two years; your declaration of consent also refers to this retention period. Your personal data will be deleted if you have revoked your consent for processing or if the personal data are no longer required to fulfil the purpose for which they were processed. If you object to the processing of your proof of identity, it will be deleted within one week after receipt of the objection and will not be used again.

Your rights

You can revoke your consent at any time without giving reasons with effect for the future by e-mail to datenschutz@van-ham.com You can contact VAN HAM either in writing or by e-mail to datenschutz@van-ham.com to exercise the following rights:

  • Information about your data in order to check and verify them
  • Receipt of a copy of your personal data
  • Correction, deletion or limitation of processing, including the right to complete incomplete or false data by supplementary notification; if you request deletion of your data, you must state this clearly.
  • Right of objection to processing You may have your data provided in structured, standard and machine-readable format and transfer this data to another controller, provided that you have given your consent to the processing or the processing is based on a contract.
  • You also have a right of appeal to a supervisory authority in connection with the processing of your personal data.

I have read and understood this declaration of consent to the processing of personal data and agree; if I do not obscure the biometric data on the copy of my proof of identity, my consent expressly refers to the processing of biometric data.  

 

As of May 2018