Privacy Information
“Auctions” of Dorotheum GmbH & Co KG
Date: 17.07.2024
Subject: Data Protection Information (Auctions) for www.dorotheum.com
1 | Processing activity | Auctions division |
2 | Responsible entity | Dorotheum GmbH & Co KG Palais Dorotheum Dorotheergasse 17, 1010 Vienna FN 213974 v (HG Vienna) e-mail: client.services@dorotheum.at |
3a | Purposes of data processing:
|
|
3b | Purposes of data processing:
|
|
3c | Purposes of data processing
|
|
4 | Legal basis for data processing |
|
5 | Description of our (predominant) legitimate interests for direct marketing purposes, including the associated profiling: | We also process personal customer data (but not those of children or special categories of personal data within the meaning of Art. 9 GDPR ["sensitive data"]) in order to use them as information sources regarding our services and for direct advertising for (further) services. We process personal data relating to persons with whom we have been in personal contact (e.g. at auctions, events, trade fairs, invitations, etc. ...) through exchanging business cards, for the purpose of establishing contact, for the establishment of a contact database and for customer acquisition. Data derived from business cards may be supplemented with data from public sources (e.g. company register, company website). We have a legitimate interest in the processing of personal data for the purpose of direct marketing, including the associated profiling (Recital 47, last sentence of the GDPR). The customer data that we have at our disposal from the existing contractual relationships and for which the storage period is still valid will be processed. This does not extend the storage period. The primary goal of data processing is customer acquisition with the aim of re-establishing a (pre-)contractual relationship and securing customer loyalty. In doing so, we rely on the freedom of employment protected by conventional and constitutional law (Art. 6 StGG) and freedom of communication (in particular Art. 10 ECHR, which also protects advertising measures) and on the following rights:
|
6 | Objection to processing for direct marketing purposes, including the associated profiling (Art. 21 GDPR) | You may object to the use of your personal data for direct marketing purposes, including the associated profiling, at any time and without stating reasons. The objection means that we will no longer process your personal data for these purposes in the future. |
7 | Description of our (predominant) legitimate interests for purposes of data processing within the Group: | We are part of a group of companies. In order to fulfil our extensive obligations, we also make use of the services of affiliated companies. We have an predominant legitimate interest in this (Recital 48 of the GDPR). |
8 | Evaluation of personal aspects of the client ("profiling") | “Scoring”: For the purpose of optimal customer care, we store customer activities (e.g. submissions, complaints, etc.) so that we can take relevant and targeted measures to improve customer satisfaction and loyalty and customise our service.
“Profiling”: For the purpose of optimal customer service and customer information, we store the areas of interest (categories) selected by you in myDorotheum as well as the objects to be observed selected by you. We use these rated interests to automatically notify you by e-mail of upcoming auctions in which the items you have observed will be offered. If an item you have been watching has not been sold, we will inform you by e-mail after the auction. |
9 | Opposition to "profiling" | You may object to the use of your personal data for profiling purposes at any time and without stating reasons or deactivate the relevant areas of interest and search histories and the objects you have observed in myDorotheum. The objection or deactivation in myDorotheum means that we will no longer process your personal data for profiling purposes in the future. |
10 | Obligation to provide personal data | You must provide us with your personal data in order to enable us to fulfil the contract in accordance with our General Terms and Conditions for Auctions (www.dorotheum.com/de/c/agb-47/) and in compliance with the statutory provisions mentioned in section 3b. |
11 | Automated decision making | You are not subject to any automated decision that has any legal effect on you. |
12 | External recipients of your personal data within the Group |
|
13 | Categories of external commercial service providers to whom we transfer your personal data if required |
|
14 | Third country transfer | see paragraphs 20 to 24 |
15 | Storage period | We delete your personal data as soon as it is no longer required for the above-mentioned purposes. Personal data may be retained for the period during which claims can be asserted against our company, as well as for contractual documentation and proof of ownership. In addition, we store your personal data insofar as we are legally obliged to do so. Corresponding duties of proof and storage result, among other things, from the duties of care under the Cultural Property Return Act (§ 9 KGRG), which also provide for a storage duty of 30 years in order to make the cultural property and its contributor identifiable, including the purchase and sales prices, the Commercial Code, the Tax Code and the provisions of commercial law to prevent money laundering and terrorist financing. The storage periods are at least five and seven years respectively. |
16 | Your rights with respect to us: |
|
| Basis | Content: |
| Right to revoke consent under data protection law (Art. 7 para. 3 GDPR) | As a person affected by the processing of personal data, you have the right to revoke your consent to the processing of your personal data at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of consent up to the revocation. |
| Right to information (Art. 15 GDPR and Art. 4 (6) DSG) | You have the right to request information from us as to whether your personal data is being processed, provided that the provision of this information would not endanger business or commercial interests of the responsible person or third party.
Your right of access includes the following information:
|
| Right to rectification of data (Art. 16 GDPR) | You have the right to demand the immediate correction of your incorrect personal data or its completion. |
| Right to data deletion (Art. 17 GDPR) | You have the right to demand that your personal data be deleted immediately, if the reasons stated in Art. 17 para. 1 GDPR are fulfilled. |
| Right to limit data processing (Art. 18 GDPR) | You have the right to demand that the processing of your personal data be restricted if the reasons stated in Art. 18 para. 1 GDPR are fulfilled. |
| Right to data transferability (Art. 20 GDPR) | You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format, provided that the legal requirements are met. |
| Right of opposition (Art. 21) | You have the right to object at any time to the processing of your personal data for the purpose of direct marketing, including the associated profiling. |
17 | Right of appeal (Art. 77 GDPR and Section 24 DSG) | You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the GDPR or the DSG. |
18 | Supervisory authority | Austrian Data Protection Authority Barichgasse 40-42, 1030 Vienna Phone: +43 1 52 152-0 E-mail: dsb@dsb.gv.at |
19 | Auction Newsletter | The dispatch of our auction newsletter takes place on the basis of consent given by you.
Registration for our auction newsletter takes place using the double opt-in procedure. After registering, you will receive an e-mail asking you to confirm your registration. You agree to the analysis of the auction newsletter by individual measurement, storage and evaluation of opening rates and click rates in recipient profiles for the purpose of designing future auction newsletters according to the interests of our readers.
Consent can be revoked with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.
You can unsubscribe from the auction newsletter by clicking the unsubscribe link at the end of each auction newsletter. If you have subscribed to other Dorotheum-Juwelier, Dorotheum-Pfand or Dorotheum-Galerie newsletters, the cancellation of your subscription from the auction newsletter will not affect the newsletters you have subscribed to in other Dorotheum areas. You must cancel these separately in each case.
The data you provide us with for the purpose of subscribing to the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remains unaffected by this.
After you unsubscribe from our newsletter, your e-mail address may be stored by us or our external service provider in a blacklist to prevent future mailings. The personal data from the blacklist will only be used for this purpose and will not be merged with other personal data. This serves both your interest and ours in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR). Storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
For the dispatch of our auction newsletter we commission an external service provider. The latter has undertaken to comply with the applicable data protection provisions vis-à-vis us. |
20 | myDorotheum | Registration for myDorotheum takes place using the double opt-in procedure. After registration you will receive an e-mail asking you to confirm your registration. This confirmation e-mail is used to check whether the owner of the e-mail address as the person concerned has authorised the receipt of automated notifications. The personal data transferred to us when you register for myDorotheum is determined by the input mask used for this purpose. |
21 | Contact us via our website www.dorotheum.com | Due to legal requirements, our website contains information that enables us to be contacted electronically quickly and enables you to communicate directly - including by electronic means - with our company. If you contact us by e-mail or via a contact form, the personal data you provide will be stored automatically. Such personal data transmitted to us by you on a voluntary basis will be stored by us for the purpose of processing or contacting you. This personal data will not be passed on to third parties. |
21a | Privacy policy regarding the use of Cookieman on www.dorotheum.com | If you have given your consent, our website uses Cookieman's consent technology to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document these in compliance with data protection regulations. The provider of this technology is d-mind GmbH, Mörikestraße 69, 70199 Stuttgart, Germany (hereinafter referred to as "Cookieman").
Cookieman is hosted as a cookie banner and consent tool the TYPO3 template "Cookieman" on our servers, so that no connection to the servers of the provider of Cookieman is established. Cookieman stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data thus collected is stored until you request us to delete it, or delete the Cookieman cookie yourself, or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.
Cookieman is used to obtain the legally required consent for the use of cookies. The legal basis for data processing is § 165 para. 3 TKG in conjunction with Art. 6 para. 1 lit. c GDPR. |
22 | Privacy policy regarding the use of Google Analytics on www.dorotheum.com | If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
We use Google Analytics as part of our own server-side solution to generate aggregated and anonymous statistical reports on the reach of our website and to measure the success of our advertising campaigns, i.e. the total number of users who have responded to our adverts. These aggregated statistics include the advertising campaign that led a visitor to our website and the time a visitor spent on each page.
In the server-side solution, we use a de-identification mechanism on our server that automatically truncates IP addresses by the last digit, making it impossible to identify a specific European visitor by IP address alone. In addition, other identifiers from analytics providers are deleted and replaced with randomly generated numbers so that website visitors cannot be filtered out or re-identified by third-party providers. With the server-side solution we have implemented, we aim to ensure an optimal level of protection for the personal data we process.
Google is certified under the EU-U.S. Data Privacy Framework. The EU standard contractual clauses have also been agreed with Google, thus ensuring compliance with European data protection law. Details can be found here: privacy.google.com/businesses/controllerterms/mccs/.
Data processing in connection with Google Analytics incl. the extended feature "Google Signals" as well as any data transfer to the USA is based on your consent (Art. 6 para. 1 lit. a GDPR in conjunction with Art. 49 para. 1 lit. a GDPR) via the cookie banner. You can revoke your consent at any time with effect for the future by adjusting your preferences. If you do not wish to use "Google Signals", you can deactivate the "personalised advertising" option in your Google account settings.
During your visit to our website the following data will be recorded:
Google will use this information for the purpose of evaluating how you use the website, drafting reports on website activity for website operators and providing further services related to website activity and Internet usage.
We also use the technical extension "Google Signals", which enables cross-device tracking. This allows an individual website visitor to be assigned to different end devices. However, this only happens if the visitor has logged into a Google service when visiting the website and has also activated the "personalised advertising" option in their Google account settings. Even then, however, no personal data or user profiles are made available to us and remain anonymous to us.
If you do not wish to use "Google Signals", you can deactivate the "personalised advertising" option in your Google account settings.
Google Consent Mode
Unless you have consented to personalised tracking, non-personalised analysis is carried out without cookies in Google Consent Mode. The following data is processed:
-- functional information (e.g. headers added passively by the browser): - Timestamp - User agent - Reference URL
- Data that is available in aggregated form or is not personalised: - Indication of whether the current or a previous page in the user's navigation history on the website contains click-through information in the URL (e.g. GCLID/DCLID). - Boolean information about the consent status - Random number that is generated when the respective page is loaded
Google Consent Mode enables us to track the flow of visitors to our website (but not individual user behaviour).
Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google.
You can prevent the installation of cookies by selecting the appropriate setting of your browser software. However, it must be emphasised that in this case you may not be able to use the full functionality of this website.
You can also prevent Google from collecting and processing the data generated by the cookie concerning your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout
For more information about Google’s terms of use and privacy policy, please visit www.google.com/intl/de/policies/ and www.google.com/intl/de/policies/privacy/.
Dorotheum GmbH & Co KG uses Google Analytics to analyse website use, e.g. in the form of anonymous evaluations and graphics on page views and visits, as well as for remarketing, reports on impressions in the Google Display Network, integration of DoubleClick Campaign Manager and Google Analytics reports on performance according to demographic characteristics and interests.
Google Analytics stores cookies in your web browser for a period of two years from the point of your last visit. These cookies contain a randomly generated user ID that can be used to recognise you on future website visits.
The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remain stored in aggregated form for an indefinite period. |
23 | Privacy policy regarding the use of Google Double Click and remarketing at www.dorotheum.com | Our website dorotheum.com uses Google Double Click, an online advertising service of Google Inc. (“Google”). Google Double Click uses so-called cookies, text files that are stored on users’ computers, enabling an analysis of their use of the website. Google Double Click also uses so-called web beacons (invisible graphics). Web beacons make it possible to evaluate specific information, such as visitor traffic to the pages of our website. The information generated by cookies and web beacons about the use of this website (including users’ IP addresses) and delivery of advertising formats is transmitted to a Google server in the Unites States for storage. Google may forward this information to its contractual partners. Google will not, however, combine your IP address with any other data you have stored.
Furthermore, our website uses remarketing with Google Analytics for online advertising. This allows us to offer you personalised ads based on the interests you have shown on our website in appropriate advertising spaces on other websites. This includes the use of cookies by third parties, including Google. The combined use of first-party cookies (such as Google Analytics cookies) and third-party cookies (such as DoubleClick cookies) allows us to serve you ads based on your previous visits to this site and to optimise and evaluate your experience. With the help of remarketing, information about your surfing behaviour is collected and stored for marketing purposes in anonymous form (targeting/retargeting). This data is stored on your computer using cookies. Using an algorithm, targeted product recommendations can then be displayed as personalised advertising banners on other websites (so-called publishers). Under no circumstances can this data be used to identify you personally as a visitor to this website. The collected data will only be used to improve the advertising offer.
Users can prevent the installation of Google Double Click cookies in various ways:
a) by changing the settings on their browser software accordingly; b) by opting out of interest-based ads from Google; c) by opting out of interest-related ads from the advertisers that are part of the self-regulating campaign “About Ads”; d) by permanently opting out with a browser plug-in.
Deleting cookies in your browser settings will also delete the settings named under b) and c).
You can find more information about data protection and cookies with regard to advertisements through Google Double Click in Google’s privacy statement, especially under the following links:
www.google.de/policies/privacy/partners/ |
24 | Privacy policy regarding the use of Google Adwords | Our website dorotheum.com uses the web analysis service Google Adwords of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“ Google”). Google Adwords uses cookies for the purpose of targeting visitors via remarketing campaigns with online advertising at a later point in time in the Google advertising network. To serve remarketing ads, third parties such as Google use cookies based on a visit to this website. As a user, you have the option of deactivating the use of cookies by Google by accessing the page for deactivating Google at www.google.com/ads/preferences.
|
24a | Privacy policy regarding the use of Google Maps and Google Fonts on dorotheum.com | This website uses Google Maps API to visually display geographical information and Google Web Fonts to display the font on Google Maps. Google web fonts enable your browser to display a visually improved representation of the texts on Google Maps. When you access this website, your browser loads the required web fonts from a Google server into your browser cache, whereby information from your browser flows back to Google. When Google Maps is used, Google also collects, processes and utilises data about the use of the map functions by visitors.
You can find more information about data processing by Google in the Google data protection information. You can also change your personal data protection settings there in the data protection centre. Further information on Google Web Fonts can be found at developers.google.com/fonts/faq |
25 | Privacy policy regarding the use of Facebook Custom Audiences at www.dorotheum.com | If you have given your consent, this website uses Custom Audiences, a web analytics service of Meta Platforms Ireland Limited (formerly: Facebook Ireland Limited) ("Facebook"). Facebook Custom Audiences uses so-called tracking tools (such as Pixel, SDKs and APIs), which are implemented on the website dorotheum.com and the Dorotheum mobile app. Data concerning actions taken by users on the website dorotheum.com or the mobile Dorotheum app (“Event Data”) is transferred to a server of Facebook Inc. in the USA and saved there, in order to create custom audiences of people who have visited our website dorotheum.com (“custom audiences of dorotheum.com”) or to create custom audiences of people who have used our Dorotheum mobile app (“custom audiences of the Dorotheum mobile app”).
In connection with such audience targeting and optimisation, Facebook will: Use Event Data collected from our website dorotheum.com or mobile app for ads optimisation only after such Event Data has been aggregated with other data collected from other advertisers or otherwise collected on Facebook. Not allow other advertisers or third parties to target advertising solely on the basis of Event Data collected from our website dorotheum.com or mobile apps.
By clicking the button to “accept” the cookie banners and by visiting our website dorotheum.com, the user accepts the following conditions:
(a) third parties, including Facebook, may use cookies, web beacons, and similar technologies to collect or receive information from dorotheum.com and elsewhere on the internet and use that information to provide measurement services and target ads,
(b) users of our website dorotheum.com can opt-out of the collection and use of information for ad targeting, and
(c) users can access a mechanism for exercising such choice (e.g. www.aboutads.info/choicesor www.youronlinechoices.eu/). |
26 | Privacy policy regarding the use of sharing at www.dorotheum.com | Our website hosts share buttons for the social networks Twitter Inc, 795 Folsom St, Suite 600, San Francisco, CA 94107, USA, Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, YouTube, from YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, Instagram from Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. The share buttons can be recognised by their respective logo.
All share buttons are set up to comply with data protection regulations. Only when you click on the respective “Share Button” on our website (and only then) will a direct connection be established between your browser and the server of the operator of the respective social network. According to the operators of the aforementioned social networks, no personal and company-related data is collected from the social networks without a click on the respective share button. Such data, including the IP address, is only collected and processed for logged-in members. If you do not wish your visit to our website to be linked to your social network user account, please log out of that social network user account.
Within this context, we would like to point out that as the provider of the website we are not aware of the content of transmitted data or its use by social networks. You can find more information about the use of data by social networks in the privacy statements of the aforementioned social networks. |
27 | Embedded YouTube videos on www.dorotheum.com | We embed YouTube videos on our website. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. YouTube is informed which pages you visit. If you are logged into your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.
When a YouTube video is started, the provider uses cookies that collect information about user behaviour.
If you have deactivated the storage of cookies for the Google Ad programme, there will be no such cookies when watching YouTube videos. However, YouTube also stores non-personalised usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser.
Further information on data protection at "Youtube" can be found in the provider's privacy policy at: www.google.de/intl/de/policies/privacy/ |
27a | Embedded Vimeo videos on www.dorotheum.com | Plugins from the video portal Vimeo are used on our website. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA.
When you visit one of our pages with a Vimeo plugin, a connection to the Vimeo servers is established. This tells the Vimeo server which of our pages you have visited. Vimeo also receives your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transmitted to the Vimeo server in the USA.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account.
Further information on the handling of user data can be found in Vimeo's privacy policy at vimeo.com/privacy. |
28 | Privacy policy regarding the use of Sentry on www.dorotheum.com | We use Sentry, an error analysis service, on our website. This service is provided by Functional Software Inc, 45 Fremont Street, 8th Floor, San Francisco, California 94105, USA ("Sentry"). To ensure the technical stability of our services, Sentry is used to log system errors. The information generated by Sentry is usually transferred to a Sentry server in the USA and stored there. The data is stored for a maximum of 90 days after being analysed and then deleted. The data is processed on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit f GDPR. Insofar as data is transferred from Sentry to the USA, we would like to point out that Sentry is certified under the Data Privacy Framework and thus guarantees that all measures have been taken to comply with European data protection law. See also: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000YdenAAC&status=Active
The transfer of data to Sentry is therefore permitted in accordance with Art 45 GDPR.
We have concluded an order processing contract with Sentry in accordance with Art 28 GDPR for the performance of the error analysis. Sentry's terms of use and privacy policy can be found at: sentry.io/privacy/ |
29 | Privacy policy regarding the use of Akamai Content Delivery Network on www.dorotheum.com | On our website, we use the Content Delivery Network (CDN) of Akamai Technologies GmbH, Parkring 20, 85748 Garching Germany (Akamai) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f GDPR).
A CDN is a network of [globally] distributed servers that is able to deliver optimised content to the website user. For this purpose, the following personal data may be processed by Akmai in server log files:
Akamai is the recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR not to operate a content delivery network ourselves.
You have the right to object to the processing. Whether the objection is successful must be determined as part of a balancing of interests.
The processing of the data specified in this section is neither legally nor contractually required. The functionality of the website is not guaranteed without the processing.
Your personal data will be stored by Akamai for as long as is necessary for the purposes described. Further information on data protection can be found at www.akamai.com/de/legal/privacy-statement.
Further information on objection and removal options vis-à-vis Akamai can be found at: www.akamai.com/de/de/multimedia/documents/akamai/akamai-data-protection-addendum.pdf
Akamai has implemented compliance measures for international data transfers. These apply to all global activities where Akamai processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further information can be found at: www.akamai.com/us/en/multimedia/documents/akamai/akamai-pre-signed-eu-standard-contractual-clauses.pdf |