Privacy Policy

1 Privacy Policy

1.1 This Privacy Policy (“Policy”) explains how we handle the information you give us where we are acting as a data controller of your personal data. “We”, “our” or “us” means BHL Art Group Ltd., whose principal place of business in the United Kingdom is 11 Catherine Place, London, SW1E 6DX.

1.2 In this Policy

“Data Protection Legislation” means the UK General Data Protection Regulation and the Data Protection Act 2018; together with all other applicable legislation relating to privacy or data protection; and where we use the terms “personal data”, “data subject”, “controller”, “processor” and “process” (and its derivatives), such terms shall have the meanings given to them in the Data Protection Legislation.

1.3 Using your Information

1.3.1 We may collect and process information relating to you or other relevant individuals, in order to provide our services to you or when you visit our website or if you sign up for any initiatives we may invite you to subscribe to. We shall process any information we collect in accordance with Data Protection Legislation and the provisions of this Policy.

1.4 Your Information

1.4.1 This “information” includes personal data, which means information that can be used to identify you as an individual, including (but not limited to) the following types of personal information:

(a) contact information, such as an individual’s home or work address and contact details (including mobile telephone number);

(b) relationship information, such as your date of birth, marital/civil partnership status, details of dependents and next of kin;

(c ) employment status;

(d) information about an individual’s professional qualifications;

(e) transaction information, such as bank account details, national insurance number and tax details;

(f) copies of your passport or any similar documents used to verify your identity and for other client due diligence checks (please note that your identification data may be passed to and processed by specialist third party entities who conduct legal identity checks for anti – money laundering purposes on our behalf. For more information, see “Providing your personal data to others” below.)

(h) other information about an individual that you or the relevant individual disclose(s) to us when communicating with us;

(i) details of any complaints or concerns raised by you or a relevant individual;

(j) information we obtain from the goods and services we provide you with, including the date, amount and currency of any payments which are made to us or for the purpose of any transactions you make, details of any art works you own or would like to own and their possible value;

(k) information we collect when you or other relevant individuals communicate with us, or when you apply for our products or services, or any other time you or they contact us; and

(l) information we obtain from third parties, such as information that we obtain when verifying details supplied by you.

1.4.2 We do not anticipate processing any special categories of personal data about you or other relevant individuals (such as information about racial or ethnic origin, criminal or alleged criminal offences or health and lifestyle).

1.4.3 Personal Data of Children – Our services and website are aimed at persons over the age of 18.

1.5 Our Use of Your Information1.5.1 We may collect, record and use information about you and other relevant individuals, and the business you conduct with us in physical and electronic form and will hold, use and otherwise process the data in accordance with the Data Protection Legislation and as set out in this Policy. This may include sharing this information with third parties and transferring it abroad. More information about sharing and transferring such information is set out below.

1.5.2 We may process any information we hold about you and other relevant individuals for a number of business purposes. Such uses of this information and the legal basis for each are set out below:

(a) Operations: to provide any service to you or to administer and operate our business or our website, including to monitor and analyse your dealings with or through us, to enable us to carry out statistical and other analysis, to follow up with you after you request information to see if we can provide any further assistance, to check your instructions to us and to review or generate any contracts or payment related documentation. The legal basis for this processing is our legitimate interests, namely the proper administration of services, business and website;

(b) Security and legal compliance: to confirm your identity and carry out background checks, including as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes, or otherwise to comply with our legal and regulatory obligations. The legal basis for this processing is our legitimate interests, namely the protection of our services, business and website, and the protection of others and prevention of fraud;

(c ) Record keeping: creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with the law and this policy;

(d) Relationships: managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, social media, post, fax and/or telephone, providing support services and complaint handling, monitoring and analysing any communications between you or a third party and us, to assess and improve our services to you, as well as for training and quality purposes. The legal basis for this processing is our legitimate interests, namely business communications, the maintenance of our relationships, enabling the use of our services and the proper administration of our services, business and website;

(e) Insurance and risk management – obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.

(f) Legal claims – establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights or protection of your legal rights or the legal rights of others.

(g) Legal compliance and vital interests – compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

(h) Consent – if instructed to do so by you or where you give us your consent to the use and/or processing involved. The legal basis for this processing is your express consent; and

(i) Marketing – to bring to your attention (in person or by post, email or telephone) information about additional services offered by us and/or our affiliates, which may be of interest to you, or other relevant individuals, or to improve the relevance of marketing messages we may send you unless you indicate at any time that you, do not wish us to do so. The legal basis for this processing is your express consent.

1.6.2 In relation to any processing of special categories of personal data, we will generally rely on obtaining specific consent in order to process such information, although it may be necessary for us to use certain information in order to comply with our legal obligations. Where you or other relevant individuals have consented to our processing of such information (including special categories of personal data) you or they may withdraw such consent at any time, by contacting us using the contact details in Section 7 below. Please note, however, that in certain circumstances it may be still lawful for us to continue processing this information even where consent has been withdrawn, if one of the other legal bases described above is applicable.

 

 

2 Information sharing

2.1 Sharing Your Information with Others

2.1.1 We keep all client information confidential. However, in order to be able to service our clients’ needs to the best of our ability, we may share any information you provide to us with specialist consultants, counterparties and support service or data providers, wherever located. If you, or other relevant individuals have provided information to other companies related to the Group, those entities may also share that information with us. We will ensure that if we share such information with third parties, any such disclosure is at all times in compliance with Data Protection Legislation.

2.1.2 The recipients, or categories of recipients, of your information, or information relating to other relevant individuals, may be:

(a) our specialist consultants for the purposes of providing our services, such as carrying out valuations, and who are bound by the same confidentiality obligations as us;

(b) bankers in relation to processing payment for services or transactions;

(c ) any revenue service or tax authority including to HMRC, if obliged to do so under applicable regulations.

(d) our or your professional advisers (including, but not limited to, insurers, accountants, lawyers or tax advisers);

(e) UK and overseas regulators and authorities in connection with their duties (such as crime prevention);

(f) fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. Where we are legally required to check an individual’s identity, we may use specialist third party entities to do this on our behalf and we will ensure that they use secure technology to keep your personal data safe. Please contact us if you would like any further information on this. .We and fraud prevention agencies may also enable law enforcement agencies to access and use your information to detect, investigate and prevent crime;

(g) anyone to whom we may transfer our rights and/or obligations under our terms of business.

2.1.3 If we, or a fraud prevention agency, determine that you or other relevant individuals pose a fraud or money laundering risk:

(a) we may refuse to provide the services you have requested, or we may stop providing existing services to you; and

(b) a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services to you or them.

2.2 Sharing Third Party Information With Us

If any information which you or other relevant individuals provide to us relates to any third party, by providing us with such information you or they confirm that you or they have obtained any necessary permissions from such persons to the reasonable use of their information in accordance with this Policy, or are otherwise permitted to give us this information on their behalf.

3 Transferring Your Information Outside The UK

3.1 Information about you or other relevant individuals in our possession may be transferred to other countries for any of the purposes described in this Policy, including our transmission of such information to our specialist consultants, advisers, administrators, service providers and agents. If any such information (including special categories of personal data) belongs to anyone other than you, by providing us with such information you confirm that you have obtained any necessary permissions from such persons to the reasonable use of their information for such purposes in accordance with the following provisions, or are otherwise permitted to give us this information on their behalf.

3.2 You and they understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information it holds and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.

3.3 When we, or our permitted third parties, transfer information, we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the UK. We or they may require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where:

3.3.1 the transfer is to a country deemed to provide adequate protection of your information by the UK; or

3.3.2 you or other relevant individuals have consented to the transfer.

3.4 If we transfer your information outside the UK in other circumstances (for example because we have to provide such information by law), we will use best endeavours to put in place appropriate safeguards to ensure that your information remains adequately protected.

4 Your Rights in Relation To Your Information

4.1 General Rights

4.1.1 You have a number of rights concerning the way that we use your information including:

(a)        the right to access – you can ask for copies of your personal data;

(b)        the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;

(c )        the right to erasure – you can ask us to erase your personal data;

(d)        the right to restrict processing – you can ask us to restrict the processing of your personal data;

(e)        the right to object to processing – you can object to the processing of your personal data;

(f)        the right to data portability – you can ask that we transfer your personal data to another organisation or to you;

(g)        the right to complain to a supervisory authority – you can complain about our processing of your personal data; and

(h)        the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.

These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://edpb.europa.eu/our-work-tools/general-guidance/gdpr-guidelines-recommendations-best-practices_en and https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.

4.2 Access to and Updating Your Information

4.2.1 Any request for access to or a copy of your personal data must be in writing to us using the contact details below in section 7. We will respond within one month in compliance with Data Protection Legislation.

4.2.2 We aim to ensure that the information we hold about you or other relevant individuals is accurate at all times. To assist us in ensuring that such information is up to date, please let us know if the personal details of you or other relevant individuals changes by contacting us using the contact details in section 6. We will correct any incorrect or incomplete information and will stop processing personal data, or erase it, where there is no legal reason for us to continue to hold or use that information.

5 Retaining Your Information

5.1 We will only keep the information we collect about you or other relevant individuals on our systems or with third parties for as long as we have a relationship with you, as required for the purposes set out above or to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate and up-to-date and still required.

5.2 If you cease to use our services or otherwise end your relationship with us, or you decide not to go ahead with receiving our services or dealing with us, we may still keep your information for a period of time that enables us to maintain business records to comply with legal and regulatory requirements, preserve records of transactions and deal with any complaints or claims in relation to our services.

5.3 We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.

We will store your personal data on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.

You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

 

6 Cookies used by our service providers

6.1 Our service providers may use cookies and those cookies may be stored on your computer when you visit our website.

6.2. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a)        https://support.google.com/chrome/answer/95647 (Chrome);

(b)        https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop (Firefox);

(c )       https://help.opera.com/en/latest/security-and-privacy/ (Opera);

(d)        https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

(e)        https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and

(f)        https://support.microsoft.com/en-gb/help/4468242/microsoft-edge-browsing-data-and-privacy (Edge).

6.3.      The primary way in which we may gather information about the use of our website is through Google Analytics. You can find out more about Google’s use of information by visiting https://www.google.com/policies/privacy/partners/ and you can review Google’s privacy policy at https://policies.google.com/privacy.

 

7 Contacting Us

7.1 If you wish to exercise any of the rights relating to your information set out above, or if you have any questions or comments about data protection, or you wish to raise a complaint about how we are using your information you can contact us using the following details, or any other details notified to you from time to time: BHL Art Group Ltd., 11 Catherine Place, London SW1E 6DX. info@bhlargtgroup.com, T: +44 (0)20 3915 1890.

7.2 If you have any concerns about our use of your, you also have the right to make a complaint to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.

7.3 We may make changes to this Policy and how we use your information in the future. If we do this, we will publish an updated version of this Policy on our website. Please check this page occasionally to ensure that you are happy with any changes to this Policy.