Updated January 2020
What types of information does the Site and the Application collect?
Our Processors collect and store information that you voluntarily provide to us as well as data related to your use of the Site and Application.
When you register with Us and use the Services, we ask that you provide your name, email address, user name and password. You can also choose to provide us with additional information, such as a contact phone number. All of the information listed in this paragraph is collectively referred to as your “Personal Data”. This Personal Data is necessary to provide you with the Application and we are processing this Personal Data in accordance with your request.
If you choose to purchase an item at auction, your payment information is processed by a third party payment processor. Please carefully read the section titled “Processing Payments for Auction Items” below. All payment information is necessary to process for the purpose of completing the transaction that you have requested with Us.
The Application can also provide you with push notifications of upcoming events, such as sales or auctions. You can opt out of receiving push notifications at any time by using the settings on your mobile device. You can stop all collection of information by the Application by uninstalling the Application. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network.
In addition, we automatically collect certain information and analytical data related to your use of the Site and Application (“Usage Information”). In the aggregate, this Usage Information is non-personally identifiable or anonymous information about you, including the date and time of your visit, the phone network associated with your mobile device, your mobile device’s operating system or platform, the type of mobile device you use, your mobile device’s unique device ID, location and the features of our Application you accessed (collectively “Aggregate Information”). This Aggregate Information is in no way associated with your Personal Data. Usage Information is necessary for the operation and optimization of the Site and the Application.
How do you use my information, and how long do you keep it?
We use collected information, including Personal Data, to make available and to improve our high standard of reliable services. We use such information to:
- respond to inquiries or service requests and monitor such responses;
- provide information about and market our products or services;
- enable transactions conducted between you and the Auction House using the Application;
- resolve problems; and
- manage the Site and Application and assess usage of the Services.
We will retain Personal Data for as long as you continue to use the Site and/or Application and as long as is necessary thereafter to meet our obligations to the Auction House or legal obligations. We will retain Aggregate Information for up to 24 months.
How do you share my information with others?
Invaluable hosts the Site and Application and provides the Services in connection with and on Our behalf, under our direct control. [[We do not sell or rent your Personal Data to third parties.]] We share your Individual Information and Usage Information with Invaluable for their business purposes, in order to fulfill their obligations to Us. Invaluable has their own privacy policies and you should consult them for information on how they use your information.
Processing Payments for Auction Items
Processors use third-party credit card processors to process payments for auction items that you choose to make through the Services. To make this possible, your name, billing address and order total are shared via secure (encrypted) means with our third-party payment processors for the sole purpose of completing your order. Please note that your credit card information (number, expiration date, security code) is stored by the third party payment processor and not us, nor Processors. We have entered into agreements (including data processing agreements for our users located in the European Economic Area) with our payment processors to protect and secure your information. If you would like information on our payment processors, please contact us at firstname.lastname@example.org.
We may disclose Personal Data to our third party service providers to provide you with the Services, including our third party payment processor. We share Aggregate Information with companies that provide public relations and marketing services for us. Such information will only be shared by us to customize, measure and improve our Site, Application and Services.
We may disclose information, including Personal Data, which we believe is appropriate to protect our rights, or to cooperate in investigations of fraud or other illegal or inappropriate activity or in response to a subpoena, court order or other comparable legal process. If a subpoena seeks information about an identified user or limited group of users, we’ll make reasonable business efforts, if permitted, to contact the user(s) before providing information to the party that requests it. We cannot guarantee that we will be able to contact the user(s) in all cases.
We may disclose Personal Data to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you) and may request identity verification before disclosing Personal Data in such a case.
We are not limited in our use of Aggregate Information that does not permit direct association with any specific individual, or non-identifiable aggregate information about our users (such as the number of users of our Services, the geographic distribution of our users, the amount of information located and/or removed, etc.).
How do I change, delete or access my Personal Data?
You may view, change, or access your Personal Data at any time by logging into the Services and changing your account information. If you’d like to delete your Individual Information that you have provided in connection with the Services, please contact us at email@example.com.
We collect certain information about your mobile device automatically, such as the type of mobile device you use, your mobile device’s unique device ID, the Internet Protocol (IP) address of your mobile device, your mobile device operating system, location, the type of mobile device Internet browser you use, and information about the way you use the Application. If you prefer, you can program your mobile device so that it does not store this information while utilizing the Applications. Certain Application features may only be available through the collection and use of this type of “cache data”. We may use cache data to assist in data collection and to track Application usage and trends to help us better serve you.
How do you protect my information?
The Processors have implemented industry standard information security practices including administrative, physical, and technical measures to protect your Personal Data from loss, misuse, or unauthorized access, disclosure, alteration, or destruction. The security of your account relies on your protection of your password and mobile device(s). You are responsible for maintaining the security of your password. You are solely responsible for any and all activities that occur under your account or on your mobile device. You may not share your password or Services account with anyone. We will never ask you to send your password or other sensitive information to us in an email, though we may ask you to enter this type of information on the Site or the Application interface. If you believe someone else has obtained access to your password, please change it immediately. If you believe that an unauthorized access has already occurred please report it immediately at firstname.lastname@example.org. You must promptly notify us if you become aware that any information provided by or submitted to in connection with the Services is lost, stolen, or used without permission.
If you have general concerns or questions regarding the security of information collected, processed or stored by the Site and/or Application, you can contact us at email@example.com.
Effective Date; Policy Changes
Each time you use the Services, the current version of the Policy will apply. Accordingly, when you use the Services, you should check the date of this Policy (which appears at the top of the Policy) and review any changes since the last version. Our business changes frequently and this Policy is subject to change from time to time. Unless stated otherwise, our current Policy applies to all information that we have about you. We will not materially change our policies and practices to make them less protective of Personal Data collected in the past without the consent of affected customers.
Notice to California Residents
California Civil Code Section 1798.83 permits customers who are California residents and who have provided us with “personal information” (as that term is defined in Section 1798.83) to request certain information about the disclosure of that information to third parties for their direct marketing purposes. If you are a California resident with questions regarding this, please contact us via email at firstname.lastname@example.org or by mail at: Winter Associates, Inc. 21 Cooke Street, Plainville, CT 06062.
For Users Located in the European Economic Area (EEA)
If you are located in the EEA, effective May 25, 2018, under the terms of the General Data Protection Regulations (the “GDPR”) you are entitled to certain information regarding your Personal Data and our legal basis for collecting and processing such Personal Data.
Pursuant to our agreement with Invaluable, We are the Data Controller as defined by the GDPR and Invaluable is the Processor as defined by the GDPR.
|Purpose||Examples of Personal Data
(please note that the list is not exhaustive)
|Legal grounds for processing|
|To provide you with requested services (for example, bidding, shipping, payment)||Name, contact details (including email address, postal address, telephone number)
Your payment card details
Records of your communications with use (including bidding instructions recorded in online bidding logs)
|Performance of a contract|
|To evidence our compliance with legal requirements||Details of your past transactions (including any tax paid or tax withheld) and/or shipments (including any permits obtained or duties paid)
Any information relating to a dispute or legal proceeding
|Compliance with a legal obligation|
|To provide you with details about upcoming auctions or other events from the Auction House||Your name, email address
Your marketing and communication preferences (in your Auction House account)
|To monitor the performance of our Site and Application and make your user experience better||Your IP address
Your browser type, device ID, and operating system
The resources your access on your Auction House account and the Services
The data obtained from cookies, web logs, and other similar technologies that monitor the use of our Site and Application
Rights of EEA residents
You may have rights of access, correction, or deletion of your Personal Data. You may access or correct Personal Data at any time through your account. If you’d like to delete your Individual Information that you have provided in connection with the Services, please contact us at email@example.com and we will forward your request to the Auction House. For all other data subject requests under EEA laws, we will cooperate with the Auction House as the controller of your Personal Data.
Is my Personal Data transferred out of the EEA?
The Processor is located in the United States and provide our Services from the United States, and as such, your Personal Data will be held in our servers located in the United States. The United States does not have the same data protection laws as in the EEA. The Processor have certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of your information transferred from any country in the EEA or Switzerland (as applicable) to the United States. To read Invaluable’s Privacy Shield statement [[click here]]. To learn more about the Privacy Shield program, and to view the Processor certification, please visit https://www.privacyshield.gov/list. In addition to Invaluable’s Privacy Shield certification, Invaluable provides the Services to Us as a data processor pursuant to instructions and a data processing agreement.
To contact us with your questions or comments regarding this Policy or the information collection and dissemination practices of the Application, please email us at: firstname.lastname@example.org or contact us by mail at: Winter Associates, Inc. 21 Cooke Street, Plainville, CT 06062.