The following gives a simple overview of how and why we collect, process, and store personal data when you visit our website or enter in any other business relationship with us. When we collect, process, and store such data we are committed to comply with the EU General Data Protection Regulation (GDPR / DSGVO) and the German Federal Data Protection Law (BDSG).
1. Notice concerning the party responsible for this website
Kunst-Auktionshaus Martin Wendl
2. The Collection and storage of personal data as well as the kind of processing and reasons behind it
a) When visiting our website
When you visit our website www.auktionshaus-wendl.de, the browser of your devise will automatically transmit information to the server of our website. The website provider automatically collects and stores such information that your browser transmits to us in "server log files". These are:
- IP address of the requesting device
- Date and time of the server request
- Host name of the accessing computer
- Browser type and browser version
- The operating system used and possibly the name of your access provider.
This data as stated above are processed for the following purposes:
- In order to ensure the smooth connection to the website,
- In order to ensure the comfortable use of the website,
- In order to evaluate the security and stability of the as well as
- For further administrative purposes.
The processing of above data for above reasons is done in the interest of a uniform, smooth and pleasent experience of our websites. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. We do not in any case use said data to draw conclusions on your specific person or personality.
Furthermore, when you visit our website we collect cookies and use certein analytic tools. More detailed information can be found in points 4 and 5 of this Data Protection Policy.
b) When using our Newsletter services
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties. We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) DSGVO. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the "unsubscribe" link in the newsletter, via the unsubscribe link in the newsletter section on our website or by sending us an email to email@example.com. The data processed before we receive your request may still be legally processed. The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
If you do not want your usage of the newsletter to be analyzed by SendinBlue and Google Analytics, you will have to unsubscribe from the newsletter. For this purpose, we provide a link in every newsletter we send. You can also unsubscribe from the newsletter directly on our website.
Data analysis by SendinBlue
We use SendinBlue to analyze our newsletter campaigns. This allows us to determine if a newsletter message has been opened and which links you click on. We can thus find out how often various links are clicked. In addition, we can see if certain actions take place after clicking on said links (conversion rate). We can thus determine whether the clicking of a link in a newsletter has led to a live-bidding registration, for example. SendinBlue also allows us to classify newsletter recipients into different categories (clustering). For example, newsletter recipients can be subdivided according to gender, personal preference (e.g. interested in fine art or decorative art), or customer relationship (e.g. existing or potential customer). This allows us to adapt the newsletters to the respective target groups. For detailed information on the functions of SendinBlue, see the following link: https://de.sendinblue.com/features/.
Legal basis: Data processing is based on Art. 6 (1) (a) DSGVO. You may revoke your consent at any time. The data processed before we receive your request may still be legally processed.
Storage duration: The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted from our servers and those of SendinBlue. Data we have stored for other purposes (e.g. email addresses for the members area) remains unaffected. We have entered into a data processing agreement with SendinBlue, in which we require SendinBlue to protect the data of our customers and not to disclose said data to third parties.
c) When using our contact form
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission. We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
3. Sharing of data with third parties
We do not transfer or share your data with third parties for any other reasons than the following. We only pass your personal data on to third parties, if and when:
- You have given your consent according to Art. 6 (1) (a) DSGVO,
- According to Art. 6 (1) (f) DSGVO, this is necessary for the purposes of the legitimate interests pursued by us, the controller, or by a third party and those interests are not assumed to be overridden by the interests or fundamental rights and freedom of you,
- This is necessary for compliance with a legal obligation to which we are subject according to Art. 6 (1) (c) DSGVO, or
- This is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, according to Art. 6 (1) (b) DSGVO.
5. Analytics and advertising
The following tracking and analytical activities are used by us on the basis of legitimate interests pursuant of Art. 6 (1) (f) DSGVO. With their implementation we aim to achieve the smooth running and constant optimization of our website and services. We also use such tracking methods in order to statistically capture and analyse our website and services in order to improve them for you, the users. Those are legitimate interests according to the mentioned regulation. The different reasons behind and kinds of processed data will be described below.
(1) Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics creates anonymised user profiles and uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising. The information generated by the cookie about your use of this website, such as
- Browser type/ version,
- Operating system used,
- Referrer URL (of the website visited previously),
- Host name of the accessing computer (IP address),
- Time of the server request,
is usually transmitted to a Google server in the USA and stored there. This information is used in order to analyse the use of our website, to gather reports on website activities and to provide further website-related services for the purpose of market analysis and the optimization of the websites. This information may be shared with third parties as far as this happens on a legal incentive and those third parties are processing said data on the basis of a contractual processing service.
IP anonymization: We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
Browser plugin & opt-out cookie: You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. This cookie will only be active in the currently used browser. If you use another browser or delete cookies in the browser where you enabled this one, you must set the opt-out cookie again.
Objecting to the collection of data: You can prevent the collection of your data by Google Analytics by clicking on the following link. An optout-cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.
More information about the use of data in connection with Google Analytics can be found via the following link: https://support.google.com/analytics/answer/6004245?hl=en.
Outsourced data processing
We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics. Demographic data collection by Google Analytics. This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".
Google Analytics Remarketing
(2) Google Adwords and Google Conversion Tracking
6. Social Media & Plugins
a) Facebook und Instagram
On our website, we do not use the social plugins of Facebook and Instagram, however we do link to their websites via small images of theri logo. By clicking on those logos, our business page on the respecive social media platform is opened. The use of those social media platforms is completely optional and subject to the privacy policies of those providers. The responsibility to provide the safe usability of those platforms according to data protection laws lies also with those providers. Nevertheless, we would like to inform you that Facebook and Instagram can connect your profile to your activity should you follow thos links and access our profiles with them while still being logged on to yours. If you would like to avoid this, you must log out of your facebook an instagram profiles before following those links to our profiles on those platforms. The visit and use of Facebook and Instagram is subject to their respective privacy policies:
Our website uses the "embedding" / "framing" features with the enabled "privacy advance mode" by YouTube, which is operated by Google: YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you click on any of those YouTube videos, a connection to the YouTube servers will be established. YouTube uses various cookiss and stores data such as your IP address and user behaviour on our website as well as YouTube. The YouTube server will also be informed about which websites you have visited. If you are logged in to you YouTube account, you are making it possible for YouTube to directly associate your user behaviour with your profile. You can prevent this from happening by logging out of your YouTube and Google profiles. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. Further information about YouTube's handling of user data can be found in the data protection declaration of YouTube at https://www.google.de/intl/de/policies/privacy.
c) Google Web Fonts
d) Google Maps
This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.
7. Your rights as a user
You have the right:
- To be informed about your personal data that is processed by us, according to Art. 15 DSGVO. You can request information on the purpose of our data processing, the categories of processed personal data, the categories of receipients that such personal data will be shared with, the envisioned time of storing such data, the existence of your right to have such data corrected/rectified, erased, its processing limited by you and to revoke your agreement for personal data to be processed altogether, as well as the right to complain, to get informed about the origin of your data in case they were not obtained from you, as well as the right to be informed about automated decision-making processes including profiling and to ask for expressive details on such processes.
- To rectification according to Art. 16 DSGVO. You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. This also encompasses the completion of incomplete personal data, including by the means of providing a supplementary statement;
- To erasure ('right to be forgotten') of your personal data stored by us, according to Art. 17 DSGVO, as long as the date is not processed on the grounds of the practice of the right to free speach and information, the fulfilment of a legal obligation, for reasons of public interest or to assert, practice, or defend legal claims;
- To restriction of processing according to Art. 18 DSGVO. You have the right to obtain the restriction of processing when the accuracy of the personal data is contested by you, the processing is unlawful but you oppose the erasure of the personal data, when we do not longer need said data but you reject their erasure in order to use them for the purpose of exercising or defending legal claims, or when you have practiced your right to object the processing of you personal data according to Art. 21 DSGVO;
- To data portability pursuant of Art. 20 DSGVO. You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller;
- To revoke your agreement for us to process your data according to Art. 7 Abs. 3 DSGVO. To this effect we will not be able to continue using your data for said mode of data processing in the future, and
- To lodge a complaint with a supervisory authority pursuant of Art. 77 DSGVO. If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
8. Right to object
If the processing of your personal data is done on the basis of our legitimate interests pursuant of Art. 6 (1) (f) DSGVO, you have the right to object to the processing of said data according to Art. 21 DSGVO, as long as there are legitimate reasons on the ground of your specific personal situation or if the objection is based on the objection of direct advertising and promotional emails. In the case of the latter, you have a general right to object, which we will comply with without the need of further explaination. If you would like to practive said rights to object, you may do so by writing an email to firstname.lastname@example.org.
9. Data security
On our websites, we implemented the commonly-used SSL-method (Secure Socket Layer) in connection to the highest respective encription layer that is supported by your browser. Usually, this encompasses a 256 Bit encription. If your browser cannot support said 256 Bit subscription, we are using 128-Bit v3 technology instead. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties. Furthermore, we use appropriate technical and organizational safety measurements in order to protect your data against coincidental and deliberate manipulation, partial or complete loss, destruction and damage, as well as the unauthorized access of third parties. Wir bedienen uns im Übrigen geeigneter technischer und organisatorischer Sicherheitsmaßnahmen, um Ihre Daten gegen zufällige oder vorsätzliche Manipulationen, teilweisen oder vollständigen Verlust, Zerstörung oder gegen den unbefugten Zugriff Dritter zu schützen. We are constantly aiming to improve our security measurements in accordance to technological developments according to Art. 32 DSGVO.
10. Validity and changes to this data protection policy
This is the currently valid version of our data protection policy, effective 23rd May 2018. It might be necessary to implement changes to this policy as we constantly aim to improve and further develope our websites and services as well as for reasons of new regulations and legislation being released. An up-to-date version of our data policy will always be accessible on our website via www.auktionshaus-wendl.de>Contact Us>Data Protection Policy. You may access and print a version of this policy at any time. Should we release a new version with any significant changes, we will inform our newsletter subscribers via email and give notice to our users on our website.
11. Website content/access points by other providers
As part of our online appearance, we connect to the online auction portal "lot-tissimo". Our online auction catalogues are hosted by:
Auction Technology Group Germany GmbH
You may recognize those pages when the attribute "katalog" is displayed before our usual URL name, example: https://katalog.auktionshauswendl.de. When accessing pages of those online catalogues, your browser will establish a direct connection to the lot-tissimo.com server. Their server can access and store your IP for statistical purposes without this data being associated to any identifiable person. You can find lot-tissimo.com's data policy here: https://www.lot-tissimo.com/de/t/datenschutz-20180215/. When you register on our website, this registration is hosted by lot-tissimo.com and will create an account on their website and server. While a lot-tissimo.com account is necessary in order to bid through lot-tissimo bidding forms and online LIVE-bidding, you may bid with us without such a registration by sending us a commission bid via e-mail or letter, signing up for telephone bidding, or by bidding in person on the day of the auction. For above-mentioned registration as well as all lot-tissimo services, the general terms & conditions as well as data policies of Auction Technology Group Germany GmbH (www.lot-tissimo.com) apply.
12. Joining our auctions via third-party auction portals
Apart from to lot-tissimo.com, we also upload our auction catalogues to the-saleroom.com (Auction Technology Group, 65 Southwark Street, London, SE1 0HR, United Kingdom), invaluable.com (Invaluable, LLC ("Invaluable") is a Delaware Limited Liability Company based in 38 Everett Street, Suite 101, Boston, MA 02134) and veryimportantlot.com ("Very Important Lot", Valery Kardanov, An der Wurt 21, 28865 Lilienthal, Germany). Those online auction portals or auction aggregators also offer the possibility to register with them, to leave bids with them on lots in our catalogues and to follow our sales live via video and audio streaming. To register with any of those portals and/or to bid in our sales through them is a purely optional activity and an additional service that is subject to the data protection policies as well as terms & conditions of Auction Technology Group, Invaluable Inc. and "Very Important Lot" (Mr Kardanov), respectively. Those portals can be considered contractual partners to us but are not part of the legal person of Kunst-Auktionshaus Martin Wendl e.K. If and when you sign up to or register with lot-tissimo.com, the-saleroom.com, invaluable.com, or veryimportantlot.com we will collect, process, and store your data only for the verification and realization of the bidding process, pre-contractual as well as contractual obligations, and purposes stated in this data protection policy. You are not obligated to register with any of the mentioned portals - you may always visit us personally or contact us directly via phone, email, telefax or letter and participate in our auctions either in person, via written commission bids, or telephone bidding. We do not transfer any personal data of our bidders not registered with those portals to those platforms as we only work with the data that our bidders themselves have provided the platforms with.
13. Data processing for the purposes of bidding with us via online portals and when processing commission bids or any other form of auction participation
Whenever you participate in our auctions as a vendor or a bidder, we need to ask you for some personal data:
- E-mail address (This is optional when leaving your bids in handwritten form or by letter or telefax, but the provision of an email address enables us to get in touch quickly and to send you a PDF invoice should you be successful at auction.),
- Catalogue number(s) of the item(s) you wish to bid on (only bidder),
- Your maximum bid(s) for said item(s). (only bidder)
We will collect, process, and store this personal data as well as information on your previous bids/purchases/consignments with us in order to provide a quick, smooth, and safe transactional experience and purchase for both you and us. We will collect, store, and process your personal data in accordance to the General Data Protection Regulation (GDPR/DSGVO) and the Bundesdatenschutzgesetz (BDSG, German Federal Data Protection Law):
On the basis of your consent (pursuant of Art. 6 (1) (a) DSGVO)
The data is processed with the consent to be done so for a specific purpose. You can always revoke your consent with effect for the future. You may also revoke consent given before the implementation of the GDPR/ DSGVO on 25th May 2018. Data processing that has happened before the time of your revokal will remain unaffected by the revokal. Example: A newsletter was sent.
To perform obligations prior to entering into a contract (pursuant of Art. 6 (1) (b) DSGVO)
Data will be processed with the purpose of fulfilling necessary steps prior to a contractual business-relationship as well as to perform contractual obligations.
In compliance with legal obligations (pursuant of Art. 6 (1) (c) DSGVO) or in the public interest (gem. Art. 6 (1) (e) DSGVO)
Data processing is necessary for compliance with a legal obligation to which we as the controllers are subject or for the performance of a task carried out in the public interest (e.g. compliance with legal storage periods, proof of compliance with legal duties to inform).
When balancing interests (pursuant of Art. 6 (1) (f) DSGVO)
Data processing is necessary for the purpose of the legitimate interests pursued by us as a controller or by a third party. It might be necessary to process data after the fulfilment of a specific contract. Our legitimate interest might be the reason for the further processing of such data as song as your fundamental interests, rights, and freedom are not overriding our interests. As an example, our legitimate interest might be the pursuit of legal claims, the defence against liability claims, and the prevention of criminal offences.
Within our company, access to your data is granted to personal that needs to access said data in order to comply with contractual or legal obligations and that are authorised to do so. To fulfil our contractual obligations toward you, access to your data is only granted to those personnel / groups of people that are entitled on the basis of legal or organizational reasons (e.g. authorities, postal and shipping services). Those data processors are contractually obligated by us to comply with the regulations of the GDPR/DSGVOand BDSG. We will not transmit your data to a third party country (outside of the EU), except if you have specifically asked us to do so and this is necessary to do in order to fulfil our contractual obligations toward you (e.g.: you have asked us to send your lots to a country outside of the EU and we need to place your non-EU address visibly on the label on the outside of the parcel or transmit it to a non-EU shipper).
To process the personal data you have entrusted us with we do NOT use automated individual decision-making software (including profiling), pursuant of Art. 22 DSGVO.
We will process your personal data for the amount of time necessary to fullfil all contractual obligations and generally as long as we are in a contractual relationship to you. Once our contractual relationship has finished, we will store and process your data in order to comply with statutory storage obligations or on the basis of our own legitimate interest. Once all statutory storage obligations have finished and/or our legitimate interests have ceased, we will delete your personal data. According to the German regulations of BGB, HGB, GWG, AO such statutory storage obligations last between 2 and 30 years.
Information about your rights: Please see section 7.
Effective as of 13th June 2018.