Heni Group Privacy Notice
1. This Privacy Notice and your rights
1.1. This Privacy Notice describes how the HENI Group of businesses process personally identifiable information (“Personal Data”) in accordance with the EU General Data Protection Regulation (“GDPR”).
1.2. The HENI Group businesses to which this Privacy Notice applies (“we”, “us”, “our”) are:
· Prudence Cuming Associates Ltd, which is the Data Controller of Personal Data relating to that business (please contact [email protected]); and
· Pierce Protocols Ltd, which is the Data Controller of Personal Data collected and processed through all other websites, products and services provided within the Heni Group (unless a group company has its own privacy notice). Please contact [email protected]);
1.3. To review the relevant privacy notices of any other group company or affiliated entities in the HENI Group of businesses please review the relevant website or contact us for further information.
1.4. By visiting any HENI Group website or when completing any customer or client registration process with us and/or placing an order on our websites, you agree to be bound by the terms of this Privacy Notice, which also includes our Cookies Policy (see below).
1.5. This Privacy Notice also applies more generally to and provides information for the benefit of a wider range of individuals on whom we process Personal Data, whether or not such individuals are our customers and clients, contacts, suppliers, contractors, or visitors to our websites or premises
1.6. The GDPR generally provides individuals with rights in relation to the processing of their Personal Data. These include rights to information relating to such processing, to access to such Personal Data, to object to the processing, to rectify, erase, restrict and to port such Personal Data. You can seek to exercise any of these rights or make any other enquiry about our use of your Personal Data by contacting us at any time using the relevant Data Controller email address(es) above.
1.7. Our aim always is to process Personal Data fairly, lawfully and transparently. However, if you are unhappy with the information provided in this Privacy Notice or have any broader questions or concerns please email the relevant Data Controller email address(es) above. If you remain dissatisfied you may raise your unresolved issues directly with the Information Commissioner’s Office (who can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or via ico.org.uk).
2. Personal Data we may collect from you
2.1. When you want to register with or make purchases through any HENI Group website, we will ask you to input and we will collect Personal Data from you (such as your name, e-mail address, billing address, delivery address, telephone number, product selections, and payment information). This includes when you subscribe to receive newsletters or notifications, post comments on our websites or contact us using the ‘contact’ form on our websites.
2.2. We may also collect information about where you are on the internet (e.g. the URL you came from, IP address, domain types like .co.uk and .com), your browser type, the country and telephone area code where your computer is located and the pages of our website that were viewed during your visit. We may collect this information even if you do not register with us.
2.3. More generally, and subject to this Privacy Notice, we may also obtain Personal Data when you meet with us or correspond with us by email, post, telephone or any other method.
2.4. Personal Data about you may also be collected from publicly available records or from other sources, including other affiliates of the HENI Group of businesses.
2.5. We may also obtain Personal Data about you when we use video cameras and aerial UAVs for the purpose of creating video footage and photos relating to artworks. For example, whilst filming on location, members of the public may be captured in images/video footage. Any member of the public whose image is captured would be very distant and it is unlikely that they will be recognisable. In the event they are recognisable, we would blur them out of any edited footage.
2.6. We may also collect information about you including your age, gender, location, occupation, educational background, your reading and other interests and your usage of our service including the content you read.
3. Security of your Personal Data
3.1. We will treat all your Personal Data as confidential and will only disclose it to third parties outside the HENI Group in accordance with this Privacy Notice. We will keep Personal Data secure and fully comply with all applicable UK data protection and consumer legislation from time to time in place.
3.2. The HENI Group will retain Personal Data for at least the length of time required for the specific purposes for which it is processed, as set out in this Privacy Notice, and for such additional periods as are required by law or in order to ensure best practice (including effective back-up systems).
3.3. We will take all reasonable care, in so far as it is in our power to do so, to keep your Personal Data, and the details of your orders and payments secure, but in the absence of proven negligence on our part we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any Personal Data we process on your behalf.
4. Processing and disclosure of your Personal Data
4.1. The HENI Group will process your Personal Data for the following purposes or as otherwise set out in this Privacy Notice, on the basis that such processing is in our and/or your legitimate interests:
· for the purposes of negotiating or performing any contracts entered into between you, or some company to which you are affiliated, and any HENI Group business;
· to address any correspondence, comments or enquires made by you;
· to allow you to participate in interactive features on our websites, should you choose to do so;
· to email you with HENI Group invites, newsletters and/or suggestions about products, services or content that may be of interest to you, where we have a legitimate interest to do so in compliance with data protection and privacy law and/or where you provided your consent. However, you may stop such notifications at any time by contacting our customer services team by emailing the relevant Data Controller email address(es) above using the word “unsubscribe” in the subject line or otherwise by opting out of the particular email in the manner described;
· for the effective management of the HENI Group of businesses in accordance with our legitimate interests, such as in group structuring and management, engaging suppliers, generating surveys and statistics, measuring performance and website usage, implementing service improvement and marketing plans, etc;
· disclosing your Personal Data to third parties outside the HENI Group of businesses for the purposes stated above, including on your behalf or in order to enforce or apply our Terms and Conditions, or to protect the rights, property, or safety of HENI Group businesses and our personnel, customers, or others. This may include exchanging information with other organisations for the purposes of fraud protection and credit risk reduction; and
· disclosing your Personal Data to any HENI Group business or affiliate, which means our subsidiaries, any ultimate holding company and its subsidiaries, or any affiliated person or business. In the event that the relevant Data Controller, as identified above, or its assets, are acquired by a third party, Personal Data held by us may also be one of the transferred assets.
· for the purpose of creating video footage and photos of artworks.
· disclosing your Personal Data to third parties outside the HENI Group of businesses for provenance and/or authentication purposes in relation to artworks sold on any Heni Group website.
· disclosing your Personal Data to third parties outside the HENI Group who need it to do work for us. These recipients may include third party companies and individuals who provide services on our behalf, such as operating our websites, fulfilling orders for books or other products placed on our websites or organising events on our behalf.
4.2. The HENI Group may also process your Personal Data, including disclosing such Personal Data to third parties, as required by virtue of any legal, regulatory or other
obligation. For example, the HENI Group of businesses will from time to time be required to disclose Personal Data to external law firms, accountants and auditors, insurance brokers and underwriters.
4.3. The HENI Group will process Personal Data in the course of receiving payments from our clients and customers, and when making payments to such persons and to other third parties. The payment methods used will include bank transfers (which will require account names, numbers and sort codes, and possibly other information) and debit or credit card transactions (though note that we do not retain card information and payments via card will be processed securely in accordance with the Payment Card Industry Data Security Standard (PCI DSS) to protect sensitive cardholder data by a payment services provider in accordance with paragraph 17 of this Policy).
4.4. Financial transactions through all HENI Group websites will be handled through a payment services provider, for example Stripe or PayPal, with which you will deal directly. You can review the Stripe Privacy Notice at stripe.com. PayPal Privacy Notice at paypal.com. We shall share Personal Data with such payment services providers only to the extent necessary for the purposes of processing payments, and dealing with complaints and queries relating to such payments.
5. Where we store and transfer your Personal Data
5.1. The Personal Data which HENI collect from you and which we process for the purposes set out above may be transferred outside the European Economic Area (“EEA”) where appropriate and necessary in accordance with our legitimate interests. Personal Data may also be processed by HENI Group staff, or for one of our suppliers or agents, operating outside the EEA. Such persons or entities maybe engaged in, among other things, the fulfilment of your orders, the processing of your payment details or the provision of support services.
5.2. If and when making such transfers outside the EEA we will take all steps reasonably necessary to ensure that your Personal Data is managed securely and in accordance with this Privacy Notice and relevant data protection law.
6. Cookies Policy
6.2. Cookies are small files that are stored on your computer or internet-enabled portable device by the websites you visit. They are used to make websites work and to improve their efficiency, as well as to provide website usage information to the website owner. Cookies contain information such as the time that the current visit occurred, whether the visitor has been to the website before and what site referred the visitor to the web page.
6.4. Google Analytics: we use this web analytics tool to anonymously track usage statistics to help us improve the user experience of our site. Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our website. Google Analytics collects information anonymously; it reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
7. Variations to this Privacy Notice
7.1. We may vary the terms of this Privacy Notice from time-to-time. Please check this webpage regularly to ensure you are familiar with the current version as your Personal Data is subject to the Privacy Notice in effect at the time when you provided that information.
7.2. This Privacy Notice will be governed by and construed in accordance with English law, and any disputes relating to this notice shall be subject to the exclusive jurisdiction of the courts of England.