We have recently updated our Privacy Notice to clarify how we protect your personal information in keeping with the EU’s new General Data Protection Regulation (GDPR).
Our updated Privacy Notice provides more details on:
- the information that we collect
- how we use this information
- whom we share some of the information with and why we do so
- why we store, and why we retain the information
- how you can request that your information is updated, corrected, or deleted.
The new Privacy Notice will take effect for existing users on 25th May, 2018 and your continued use of the GAUK services on or after then will be viewed as your acceptance of the terms.
The Privacy Notice was last updated on 24th May, 2018.
Table of Contents
Changes to our Privacy Notice
- Who is the Personal Information collector
- What Personal Information we collect about you and how we collect it
- How we use the Personal Information
- How and with whom we share the Personal Information we collect
- How we store and secure the Personal Information we collect
- Information processing and transfers for EEA individuals
- International transfers of information
- For how long we store the Personal Information
- What rights do you, as the data subject, have
- How to access and update your Personal Information
- Our policy towards children
We may change this Privacy Notice from time to time. We will post any Privacy Notice changes on this page and, if the changes are significant, we will provide a more prominent notice by adding an announcement on the GAUK website or by sending you an email notification. We encourage you to review our Privacy Notice whenever you use the Services to stay informed about how we treat Personal Information and the ways you can help protect your privacy.
If you disagree with any changes to this Privacy Notice, you will need to stop using the Services and deactivate your account(s), as outlined below.
This Site may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy notice of every website you visit.
If you have any questions or concerns regarding this Privacy Notice, please send us a detailed message via our support pages and we will try to resolve your concerns.
Government Auctions UK LLC trading as GAUK Media (a company incorporated in Delaware and referred to as “we”, “us” or “our” in this privacy notice) is the data controller (Controller) and responsible for your Personal Information. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below. We collect and process Personal Information in accordance with applicable data protection law.
We gather various types of Personal Information from our users, as explained more fully below. We may use this Personal Information to personalize and improve our Services, to allow our users to set up a user account and profile, to contact users, to fulfill your requests for certain products and Services, to analyze how users utilize the Services, and as otherwise outlined in this Privacy Notice. We may share certain types of Personal Information with third parties, as described in section 4. It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.
Account information: We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for a subscription or make purchases through the Services. For example, we collect Personal Information such as your name, email address, browser information, and, in some cases, billing information, company name, and third-party account credentials (for example, your log-in credentials for Facebook or other third party sites). If you provide your third-party account credentials to us, you accept that some content and/or information in those accounts (“Third Party Account Information”) may be transmitted into your account with us if you authorize such transmissions, and that Third Party Account Information transmitted to our Services is covered by this Privacy Notice. You can choose not to provide us with certain information, but then you may not be able to register with us or to take advantage of some of our features. We may anonymize your Personal Information so that you cannot be individually identified, and provide that anonymous information to our partners.
Content you provide through our features: We collect and store content that you post, send, receive and share while using our Services’ features. This content includes any information about you that you may choose to provide. Examples of content we collect and store include: The comments you write, the product Collections you create, the messages, files and links you send to other users via our messaging feature.
Content you provide through our websites: We collect other content that you submit to websites owned or operated by us, which include social media or social networking websites operated by us. For example, you provide content to us when you provide feedback or when you participate in any interactive features, surveys, contests, promotions or events.
Information you provide through our support channels: The Services also include our customer support, where you may choose to submit information regarding a problem you are experiencing with the Services. Whether you contact our support via email, social media or support chat, speak to one of our representatives directly or otherwise engage with our support team, you may be asked to provide contact information, a description of the problem you are experiencing, and any other documentation, screenshots or information that would be helpful in resolving the issue.
Payment information: We collect payment and billing information when you register for certain paid Services. For example, we ask you to provide payment information, such as billing address and payment card details, which we collect via secure payment processing services.
Information needed to verify user identity for paying out the earnings: This type of information collection is limited to the users who earn money through the Services, either by selling their artwork or by participating in GAUK’s referral program. Before making the first payout to the Earner, we ask to provide the personal identification document to verify the identity of the Earner. We may store this Personal Information for a reasonable amount of time needed to process the verification. We delete the personal identification document within a reasonable amount of time after the verification is completed. When verifying Earners, we may ask for additional information, such as links to social media accounts or examples of work in progress to verify that contributing artists are selling their original artwork.
|When information is collected||Type of information|
|When you register||Email, Username, Password|
|When making transactions||Name, Address, Billing details, Company details|
|When communicating using the Services||Messages, Comments, File Attachments|
|When adjusting preference for your account||Payment methods, Notification settings, Filter settings|
|When we pay out the earnings for contributors and users of GAUK’s referral program||Personal Identification document, Links to social media accounts, Work in progress|
We do not collect any Special Categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offenses.
Your use of the Services: We keep track of certain information about you when you visit and interact with our Services. This information includes the visiting frequency, features you use; the search terms you enter, the links you click on, the products you purchase and/or download; the attachments you upload to the Services, and how you interact with the free and paid content available on the Services, or interact with other users of the Services.
Device and connection information: We collect information about your computer, phone, tablet, or other devices you use to access the Services. This device information includes your connection type and settings when you install, access, update, or use our Services. We also collect information through your device about your operating system, browser type, IP address, URLs of referring/exit pages, device identifiers, and crash data. We use your IP address and/or country preference to approximate your location to provide you with a better Service experience. How much of this information we collect depends on the type and settings of the device you use to access the Services.
The table below gives you an overview of the sources we receive information from. For more details about how we use this information, please see section 3.
|Tool and company||Type of information|
|Google Analytics by Google LLC., The United States of America||Visitor data, Page interaction, Commercial transactions, Traffic sources.|
|Stripe by Stripe Inc., The United States of America||Credit card token/key, Last four digits of the credit card number, Ratings for detecting fraudulent users.|
|Amazon Email Services||Information about email bounces, Information about spam filters, Click and open rates for emails.|
|Debugging software||Technical data for debugging errors that occur on the Services including: Browser, IP address, Operating system, Visited URL, Errors messages including values of variables. This will include any variable handled by the backend or frontend except sensitive data such as passwords and credit card numbers.|
|Facebook by Facebook Inc., The United States of America||When you choose to create an account with the Services using Facebook connect we will receive the email address and name from Facebook.|
Below we list the specific purposes for which we use the information about you.
3.a. How we use the Personal Information you provide to us and the Personal Information collected automatically when you use the Services
To provide the Services: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services. Your activity on the Services might be used to personalize and improve your experience with the Services. For example, the information about designers you follow may be used to send you tailored emails showcasing more content from those designers. You can always choose to opt out of these emails within the emails itself or in your notification settings.
For Research and Development: We are continually looking for ways to make our Services faster, more intuitive and more useful to you. We use collective learnings about how people use our Services to identify trends, usage, activity patterns and areas for improvement of the Services. For example, to improve the diversity and relevance of the content on our Services, we aggregate and analyze frequently used search terms that do not return any results.
To communicate with you about the Services: We use your contact information to send transactional communications via email and within the Services. Such communications include, but are not limited to, purchase confirmations and receipts, subscription reminders, messages from other users on the Services, questions and requests, customer support communications, and any technical notices, updates, security alerts, and administrative messages. We also send you communications as you onboard to the Services to help you become more proficient in using the Services. These communications are part of the Services and in most cases you cannot opt out of them. If an opt-out is available, you will find that option within the communication itself or in your notification settings.
To promote and drive the engagement with the Services: We use your contact information and information about your activity on the Services to send promotional communications, including by email, directly displayed in the Services, or by displaying GAUK ads on other companies’ websites and applications, as well as on platforms like Facebook and Google. The purpose of these communications is to drive engagement to the Services and increase the value you get from using the Services. These communications include but are not limited to, information about new features, offers, discounts, survey requests, newsletters, contests, and events we think may be of interest to you. You can choose to opt out of this type of communications at any time either within the communication itself or in your notification settings.
Customer service: We use your information to resolve technical issues you experience, to respond to your requests for assistance and to repair and improve the Services.
For security: We use information about you and your Services’ use to screen and verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of the Services’ terms.
To protect our legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
To automate decision-making: We use automated systems that analyze your information to customize search results, personalize ads or tailor features to how you use our Services. We analyze your information to detect abuse such as fraud, spam, malware, and illegal content. We may also combine information collected among our and third-party Services and across your devices for the purposes described above.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, with your permission, we may write down and publish user case stories to promote the Services.
|Tool||How we use the information|
|Google Analytics||To provide the Services: Improving user experience, Tracking business performance in order to maintain the Services. For Research and Development: Identifying trends, usage, and activity patterns.|
|Stripe||To provide the Services: Verification of billing details, Processing transactions. For security: Monitoring suspicious and fraudulent activity. For legal purposes: Protecting our and others’ legal rights, Legal claims, compliance, regulatory, and audit functions.|
|Paypal||To provide the Services: Verification of billing details, Processing transactions. For security: Monitoring suspicious and fraudulent activity. For legal purposes: Protecting our and others’ legal rights, Legal claims, compliance, regulatory, and audit functions.|
|Debugging software||To provide the Services: Improving user experience. For Research and Development: Identifying trends, usage, and activity patterns.|
|Sentry||For Research and Development: Identifying trends, usage and activity patterns. For customer service: Resolving technical issues experienced by the users, Repairing and improving the Services.|
|Pingdom||For Research and Development: Monitoring load times, file sizes, uptime.|
We neither rent nor sell your Personal Information in personally identifiable form to anyone. However, we MAY share your Personal Information with third parties as described below.
Occasionally we partner with advertisers and sponsors that we feel provide relevant and reputable products. We may allow advertisers and/or merchant partners (“Advertisers”) to choose the demographic information of users who will see their advertisements and/or promotional offers and you agree that we may provide any of the information we have collected from you in non-personally identifiable form to an Advertiser, in order for that Advertiser to select the appropriate audience for those advertisements and/or offers. For example, we might use the fact you are located in San Francisco to show you ads or offers for San Francisco businesses, but we will not tell such businesses who you are.
In certain situations, businesses or third party websites we’re affiliated with may sell items or provide services to you through the Services (either alone or jointly with us). You can recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service. One such service may include the ability for you to automatically transmit Third Party Account Information to your Services’ profile or to automatically transmit information in your Services’ profile to your third party account. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.
We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide products or services to you. Unless we tell you differently, our agents do not have any right and are not allowed to use the Personal Information we share with them beyond what is necessary to assist us.
Certain user profile information, including, without limitation, a user’s name, username, location, and any video or image content that such user has uploaded to the Services, may be displayed to other users to facilitate user interaction within the Services or address your request for Company’s Services. Your account privacy settings allow you to limit the other users who can see the Personal Information in your user profile and/or what information in your user profile is visible to others. Any content you upload to your public user profile, along with any Personal Information or content that you voluntarily disclose online in a manner other users can view (on discussion boards, in messages and chat areas, etc.) becomes publicly available, and can be collected and used by others. Your username may also be displayed to other users if and when you send messages or comments or upload images or videos through the Services and other users can contact you through messages and comments.
We may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that would be transferred. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information would be one of the assets transferred to or acquired by a third party.
We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or court order; enforce or apply our conditions of use and other agreements; or protect the rights, property, or safety of Company, our employees, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.
Except as set forth above, you will be notified or asked for consent when your Personal Information may be shared with third parties in a personally identifiable form and will be able to prevent the sharing of this information.
|Tool||Type of information||Why we share this information|
|Membership software Stripe & Paypal||When you register our system will collect: Email, Username, Password. When making transactions within the Services our system will collect: Name, Address, Billing details, Company details, IP address, Account balance from GAUK. Data about actions: Purchases of merchandise and services, Searches, Downloads, Favorites||To communicate about the Services: When onboarding new users, To market and promote the Services. For customer service: Providing help and assistance for the users, Resolving technical issues experienced by the users, Improving the Services.|
|Email address||To promote and drive engagement with the Services: Serving ads.|
|Stripe||Whether a user has been marked as fraudulent||For security: Handling fraudulent users and returning money to credit cards.|
|Amazon EMS||Email address||To communicate about the Services: Sending transactional emails. To promote and drive engagement with the Services: Sending promotional communications.|
|Sentry||All Personal Information except sensitive information such as password and credit card information.||To operate the Services: Debugging.|
We endeavor to protect the privacy of your account and other Personal Information we hold in our records and we have implemented what we consider to be appropriate security measures, but we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.
Sensitive information such as credit card details and password are stored in encrypted form. SSL is applied when transferring information and while you access the Services from a web browser.
As an individual in the EEA (European Economic Area), we collect and process information about you where we have legal bases for doing so under EU laws. We only collect and use the information when:
- We need it to provide you the Services, including operating the Services, provide customer support and personalize features as well as for safety and security processes.
- It serves a legitimate interest (which is not overridden by your data protection interests), such as for research and development, for marketing and promotion and to protect our legal rights and interests.
- You have given us consent to do so for a specific purpose.
- We need the information to comply with legal obligations.
If you have given consent to our use of your information for a specific purpose, you can change your mind at any time, but this will not affect any processing that has already taken place. You have the right to object to the use of your information, but this may mean that the Services are no longer available.
Our third-party service providers may be located outside EEA which means their processing of Personal Information will involve transferring of data outside the EEA. When data is transferred outside EEA we ensure protection using the following safeguards:
- We only transfer Personal Information to countries that have been deemed to provide an adequate level of protection of Personal Information by European Commission. Please see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en
Please contact us if you want further information on the specific mechanism used by us when transferring your Personal Information out of the EEA.
GAUK will process and store your Personal Information for as long as it is necessary and permitted under applicable data protection law. Your Personal Information will not be retained for longer than is necessary for the purposes for which the information is collected, or the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate period for storing your Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some cases, we may anonymize your Personal Information (making it no longer associated with you) for research and statistical purposes, in which case we may use this information indefinitely without further notice to you.
In some circumstances, you can ask us to erase your Personal Information. Please see section 9. below for further information.
According to applicable data protection law, you have the following rights with regards to GAUK:
The right of access: You have the right to obtain from us confirmation as to whether or not your Personal Information is being processed, and if this is the case, access to your Personal Information and other information such as the purpose of the processing, the categories of your Personal Information, the recipients or categories of recipients to whom your Personal Information has been or will be disclosed, your rights in relation to processing of your Personal Information, and the existence of automated decision-making. You have the right to obtain one copy of the Personal Information undergoing processing. For any further copies requested by you, we may charge you a reasonable fee based on administrative cost. If you would like one copy, please submit a written request to GAUK together with documentation showing that you are the person in question. You may independently in some cases be able to access some of the Personal Information you have provided to us. Please see section 10, “How to access and update your Personal Information” below.
The right to correction: You have the right to obtain from us without undue delay the correction of inaccurate or incomplete Personal Information concerning you. The accuracy of the new data you provide to us might need to be verified. We may use any aggregated data derived from or incorporating your Personal Information after you update it, but not in a manner that would identify you personally directly or indirectly. You may independently in some cases be able to correct some of the Personal Information you have provided to us. Please see section 10, “How to access and update your Personal Information” below.
The right to erasure: You have the right to obtain from us the erasure of Personal Information concerning you without undue delay, and we are obligated to erase your Personal Information without undue delay in certain situations:
- If you withdraw your consent to our processing of your Personal Information,
- Where the Personal Information collected is no longer necessary for the purposes for which we have been collecting or processing it,
- Where you have successfully exercised your right to object (see below),
- Where we may have processed your information unlawfully,
- Where we are required to erase your Personal Information to comply with local law
Please note, that we may not always be able to comply with your request of erasure for specific legal reasons. In this case, we outline the legal reasons to you, if applicable, at the time of your request.
The right to object: You have the right to object at any time to our processing of your Personal Information, which for instance is based on legitimate interest, on grounds relating to your situation, as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Information for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. Also, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. If you object to the processing, we shall no longer process your Personal Information unless we, for instance, can demonstrate compelling legitimate ground for the processing, which overrides your interests, rights, and freedoms or for the establishment, exercise or defense of legal claims.
The right to restriction: You have the right to obtain from us restriction of processing your Personal Information in certain situations:
- If you contest the accuracy of your Personal Information,
- If the processing of your Personal Information is unlawful,
- If we no longer need your Personal Information for the purposes of processing, but you need it for the establishment, exercise or defense of legal claims,
- If you have objected the processing of your Personal Information, as described above, and the verification whether our legitimate grounds override those of yours is pending.
The right to data portability: You have the right to receive your Personal Information in a structured, commonly used and machine-readable format and have the right to transmit that information to another third-party if the processing, for instance, is based on your consent or the processing is carried out by automated means.
The right to withdrawal of your consent: You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our special features. You have the right to withdraw your consent to our processing of your Personal Information at any time. If you wish to withdraw your consent, please contact us.
The right to complain: You have the right to lodge a complaint with a supervisory authority.
There are exceptions to these rights so that full access to your Personal Information may be denied, for example, if making the information available would adversely affect others. To make use of your rights described above, please contact us.
Through your account settings, you may be able to access, and, in some cases, edit or delete some of the Personal Information you’ve provided to us. The information you can view, update, and delete may change as the Services change. If you have any questions about your viewing, deleting or updating information we have on file about you, please contact us.
We do not knowingly collect or solicit Personal Information from anyone under the age of 16 or knowingly allow such persons to register for the Services (as that term is defined in our Terms of service). If you are under 16, please do not attempt to register for the Services or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 16 may provide any Personal Information to us or on the Services. If we learn that we have collected Personal Information from a child under age 16 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 16, please contact us.