2. Legal obligations
2.1. We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the Data Protection Act 1998 and from 25 May 2018 the EU General Data Protection Regulation (2016/679).
3. Information we collect from you
3.1. We may collect the following information from you: first name(s) and last name, email address, postal address, phone number, IP address, location data and information regarding your use of our Site and purchases you have made from it.
3.2. Such personal information is referred to in this Policy as ‘Personal Data’.
3.3. If you choose not to provide Personal Data, we may not be able to comply with a request for information or provide you with our Services.
3.4. We may collect the information you give in various ways, for example, if you:
– fill in forms on our Site;
– place an order on our Site;
– correspond with us with queries, comments, complaints or problems regarding the Site;
– enter a competition, promotion or complete a survey; and
– browse our Site (please see ‘Cookies’ section below).
4. How we may use your Personal Data
4.1. We may use your Personal Data for the following purposes:
– Transactional purposes: to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you order or request from our Site;
– Direct marketing: to provide you, or permit any member of our group (see paragraph 5.1 below for further details), to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (email or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, we will contact you by electronic means only if you have consented to this. If you do not want us to use your Personal Data in this way, or to pass your details on to other members of our group for marketing purposes, please tick the relevant box situated on the form on which we collect your data (the order form or registration form);
– Website operation and improvement: to ensure that content from our Site is presented in the most effective manner for you and for your device, which may involve troubleshooting, data analysis, testing, research, statistical and survey purposes;
– Administration purposes: to administer our Site, for internal operations and to notify you about changes to our Service;
– Data combining: to assess and improve the effectiveness of the content of our electronic marketing emails, we may combine data on the emails you have been sent and whether you have clicked links within those emails.
5. Disclosure of Your Information
5.1. We will not sell or lease your personal information to third parties. We will not disclose Personal Data to third parties without you knowing about it. The exceptions are:
– For sales and marketing purposes only, any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, including our affiliated group of Hauser & Wirth and including companies under common ownership;
– Where we need assistance of third party data processors, acting under our instructions, who assist us in the performance of a contract we enter with you (e.g. payment processor, suppliers and sub-contractor);
– analytics and search engine providers that assist us in the improvement and optimization of our Site by analyzing how the Site is used and the path users take before making a purchase;
– in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
– if Hauser & Wirth AG or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets; and
– if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of and other agreements; or to protect our rights, property, or safety or that of our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
6. International transfers
6.2. We have also contracted with third party providers who may transfer your Personal Data to the United States, including:
– We use The Rocket Science Group LLC d/b/a Mailchimp (“Mailchimp“) to process newsletter subscriber data and to deliver some of our ecommerce services. When you sign up to receive newsletter updates from us, your Personal Data is transferred to and processed by Mailchimp; this includes the collection and storage of your Personal Data, and the transfer of it to certain sub-processors contracted by Mailchimp to perform certain critical services, such as helping Mailchimp prevent abuse; and
– We use Eventbrite, Inc.’s (“Eventbrite“) ticketing and registration platform to allow you to register for our events. When you visit Eventbrite to register or buy a ticket for one of our events, your Personal Data is transferred to and processed by Eventbrite; this includes the collection and storage of Personal Data.
6.3. Both Mailchimp and Eventbrite are signed up to the EU-US Privacy Shield Framework in the United States which means that it is committed to protecting Personal Data to standards that are equivalent to EU legal principles for data protection and we shall aim to ensure that your data is treated to the same security standards you would expect in your own country. For more information about this:
6.4. Any other transfers of your Personal Data for processing will either be subject to a European Commission approved contract, designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your Personal Data, or confirmation from the third party that they are signed up to the EU-US Privacy Shield Framework.
7.1 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
7.2. Rest assured we do everything possible to keep all personal information as secure as is humanly possible, but no method of transmission over the internet, or method of electronic storage, is 100% fail-safe. Although we do our best to protect your Personal Data and use industry standard procedures and security features to try to prevent any unauthorized access by a third party, we cannot guarantee the security of your data transmitted to our Site. When you enter sensitive information (such as credit card number) on our order forms, we encrypt that information using secure socket layer technology (SSL). You accept that any transmission of your Personal Data is done at your own risk.
8. Links to other websites
9.1. Like many websites, we use “cookies” to collect information. A cookie is a small data file that we transfer to your computer, laptop or mobile media device’s hard drive for record-keeping purposes.
9.2. We use session ID cookies to enable certain features of the Site, to better understand how you interact with the Site and to monitor aggregate usage by Hauser & Wirth users and web traffic routing on the Site.
9.3. We also make use of persistent cookies which stay on your computer, laptop or mobile media device after you have gone offline. Persistent cookies can be found in your browser’s cookies folder and remain there after you have gone offline.
9.4. We do not link the information we store in cookies to any personally identifiable information provided by users.
9.5. We may collect personal information about how you use the Site including traffic data, location data, weblogs, other communication data, and the resources that you access or use.
9.7. Please be aware that if you visit our Site after clicking a link on another website, you should note that we do not have any control over the cookies used by the operator of that website.
9.8. For more information on cookies please visit the Information Commissioner’s Office (ICO) cookies information page here.
10. Your rights
10.1. In accordance with your legal rights under applicable law, you can request information about the Personal Data that we hold about you, what we use that Personal Data for and who it may be disclosed to.
10.2. You can also request that we:
– correct Personal Data that we hold about you which is inaccurate or incomplete;
– erase your Personal Data for marketing purposes (see ‘Direct marketing’ above).
10.3. All of these requests may be forwarded on to a third party provider who is involved in the processing of your Personal Data.
10.4. If you would like to exercise any of the rights set out above, please write to our data protection contact at the email address in the ‘Contact’ section below. Where applicable law allows, we may request a fee to cover our administrative expenses in responding and may also require further information to verify your identity or locate the specific information you seek before we can respond in full.
10.5 If you wish to update your preferences or unsubscribe from newsletter communications, you can do so via the links found at the bottom of the relevant communication, or in the ‘Your Account’ area of the Site if you have created an account.
10.6. If you are not satisfied with our response or believe we are processing your Personal Data other than in accordance with applicable law you can complain to the Information Commissioner’s Office (ICO) in the United Kingdom.
11. Retention period
We will retain certain Personal Data in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which in the UK may be up to 6 years after a particular transaction). In respect of the holding of Personal Data for direct marketing purposes, we will retain this data for a limited period in line with recommendations of the ICO and other competent regulatory authorities.
If you have further queries or requests relating to how we use Personal Data, please email us email@example.com.