This privacy statement aims to give you a clear view of what personal data we collect and how we use it, our dedication to protecting it and your rights and options to control your personal information and protect your privacy.
In this policy, “we,” “us,” and “our” means [The Ravestijn Gallery B.V.] (trading as The Ravestijn Gallery), a company registered in the Netherlands at Westerdok 824, 1013 BV Amsterdam, and “you” means the individual (to whom the information relates).
When does this privacy statement apply?
This privacy statement is applicable to our processing of all personal data of our prospective customers, artists, contacts suppliers and business partners and other individuals on whom the Ravestijn Gallery holds personal information. This privacy statement does not address the processing of personal data of our employees.
What is personal data?
We consider all information that relates to you and identifies you personally, either alone or in combination with other information available to us as personal data.
What categories of personal data do we collect?
We collect your personal data through a variety of sources, such as when you visit our exhibits, buy from us, sign up for our newsletter or simply browse our websites. We collect the following information: name, contact details and other identifying information
When you purchase art or other products from us, we may record any of the following: your name, title, function (if you’re a corporate buyer), contact details. Your contact details may include your address, telephone number and email address.
Information about your visits to our events and exhibits, websites or other digital media
When you visit our website, we may register your IP address, browser type, operating system, referring website web-browsing behaviour. When you visit or register for one of our events such as fairs or exhibits, we may register your attendance and interest in these events.
Your communication with us
When you send us an email or chat with us online or communicate with us via online apps such as Skype for Business or GoToMeeting, we register your written communication with us. When you call us, our customer support may register your questions, queries or complaints in our database.
Information you choose to share with us
You may choose to share information with us, for example when you visit us at an art fair or one of our events or leave a comment for us on Twitter or LinkedIn or fill out a customer survey via our website.
Information in relation to social media
We also collect personal data through cookies and similar technologies. Cookies are small files of information stored on your equipment which save and retrieve information about your visit to this website – for example, how you entered our site, date and time of visit, location information, IP addresses, how you navigated through the site, and what information was of interest to you.
Who is responsible for your personal data?
The Ravestijn Gallery is responsible for the processing of all personal data that fall within the scope of this privacy statement. We may share your personal data with third parties, but if we do, we will remain responsible for your personal data.
For what purposes do we use your Personal Data?
The Ravestijn Gallery may use your data for various purposes, all of which have been set-out below. Each purpose for which we process personal data must have a legal basis in the law. These legal bases are listed with the descriptions of the purposes for processing below.
Some information we collect based on your consent. If you do not allow us to collect all the information we request, we may not be able to deliver all our products and services effectively.
To provide you with our products and services we collect, use, hold and disclose personal information to provide you with the products and services that you have purchased from us. This includes personal data that are required to:
- answer any queries you might have and communicate with you;
- facilitate invoicing and obtain payment;
- deliver customer services;
- register complaints.
Legal basis for processing this data: If you have procured products or services, we will use personal information to perform the contract you have with us, answer your questions and provide you with the best experience possible.
To send you our newsletter
When you sign up for our newsletter we will send you regular updates on our products and events which may be relevant for you. You have the right to unsubscribe at any time from our newsletter by using the “unsubscribe” button at the bottom of each newsletter.
Legal basis for processing this data: We process this personal information based on your consent if you have subscribed to our newsletter, or for our legitimate business purposes to communicate with our existing customers about our products and services.
To send you personalised marketing messages
When you have visited our website, signed up for our newsletter or shared your contact details with us during an event, we may send direct marketing communications to you using email or social media. We ask for your consent, where required by applicable law to send our personalised marketing communications.
Legal basis for processing this data: We process this personal information for our legitimate business purposes, to send you relevant information about our products and services, events and Privacy Valley news that might be of interest to you.
For the development and improvement of our products and services
We use aggregated personal data to analyse customer behaviour and to adjust our products and services accordingly to ensure that it is relevant to our customers. We may also process your personal data to compile analytics reports. This means that we analyse how often you read our newsletters, how often you visit our website or apps, which pages you click on and what goods you view through our website or apps to understand which products and services you like. We also test the level of satisfaction of our customers, using surveys. We use your responses to such surveys for quality assessments and to improve your customer experience.
Legal basis for processing this data: We process this personal information for our legitimate business purposes, which includes the ability to enhance, modify, personalise or otherwise improve our services and communications towards our customers, to better understand how people interact directly with us (through our communications or our websites) and determine the effectiveness of promotional campaigns or advertising.
To comply with the law
We process your personal data to comply with laws and regulations. We may for example have to gather and disclose personal data where tax or business conduct related obligations apply and disclose your personal data to government institutions or supervisory authorities.
Legal basis for processing this data: We process this personal information based on a legal obligation to gather and disclose such personal information.
When you interact with us directly
If you contact our Customer Service (or vice versa), we will use personal information such as your order information and contact history to process your request and provide you with the best service possible.
Legal basis for processing this data: We will process your personal information in this way if it is necessary for the performance of a contract with us or if it is required for us to comply with any legal obligations.
For the assessment and acceptance of a business partner
When a prospective business partner gets in contact with us, we may process your personal data for assessment and acceptance purposes, for example to confirm and verify your identity and screening against publicly available government registers.
For the conclusion and execution of agreements with business partners
We process personal data of our business partners for administrative purposes such as sending invoices and making payments. We also use these personal data to deliver or receive and administer products or services. We will process these personal data to further execute our agreement, including for the delivery of customer services.
For business process execution
We process your personal data in the performance and organisation of our business. This includes general management, order management and management of our assets. We also process your personal data for internal management purposes such as periodic audits, implementing business controls and managing and using customer, supplier and business partner directories. Also, we process your personal data for finance and accounting, archiving and insurance purposes, legal and business consulting and in the context of dispute resolution.
Who has access to your personal data?
Ravestijn Gallery employees are authorised to access personal data only to the extent necessary to serve the applicable purpose and to perform their jobs. In addition, the following third parties may have access to your personal data, where relevant, for the provisioning of their products or services to us or to you:
banks payment system operators and credit card companies, for the fulfilment of payments, as identified while you undertake your payment;
technology service providers as well as our office automation, IT suppliers hosting our CRM database and websites;
parties who support us in our marketing activities, such as digital agencies, mailing houses, statistical research partners, and Google;
authorised representatives who sell products and services on our behalf as identified by the party you buy the products and services from;
debt collectors; regulatory bodies, government agencies and law enforcement bodies;
our financial advisors, legal advisors and auditors; and
other third parties with whom we are required by law to share the personal data.
We may also disclose your personal information to other third parties where:
you have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
we are otherwise permitted or legally required to disclose the information.
Transfer outside the EU
In general, we store and process your personal information solely in the European Union. In specific extraordinary events we may need to transfer your personal information outside of the European Economic Area ("EEA") to a country is not regarded under European Law as providing the same level of data protection as the country in which you normally use our services. This may for example be the case in the event of an international purchase or other business dealing outside the EEA.
In those events we will take the required contractual, technical and organisational measures to ensure that your personal data are only processed to the extent that such processing is necessary or within the scope of the consent we have received from you. We will ensure that third parties will only process your personal data in accordance with applicable (local) law.
The use of your personal data by data processors
When a third party processes your personal data for or on behalf of us, for example if we use a cloud hosting service or a marketing agency, we will enter into an agreement with such third party to agree on appropriate conditions subject to which the processing of personal data is allowed. In this agreement we include obligations to ensure that your personal data are processed by the data processor solely to provide services to us.
How is your personal data secured?
We have taken adequate safeguards to ensure the confidentiality and security of your personal data. We have implemented appropriate technical, physical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access as well as all other forms of unlawful processing (including, but not limited to, unnecessary collection) or further processing. Examples are access restrictions, password policies and secure cloud servers.
How long do we retain your personal data?
Your rights regarding your personal data
At any time, you have the right to:
request access to or a copy of any personal data which we hold about you;
rectification of your personal data, if you consider that the information we are holding is inaccurate;
ask us to delete your personal data, if you consider that we do not have the right to hold it;
withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
ask us to stop or start sending you marketing messages as described above in the marketing section;
restrict processing of your personal data;
data portability (moving some of your personal data elsewhere) in certain circumstances;
object to your personal data being processed in certain circumstances; and
not be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data.
If you wish to exercise these rights or you have any questions regarding the processing of your personal data please send us an e-mail to: firstname.lastname@example.org or write to us at: Westerdok 824, 1013 BV, Amsterdam, the Netherlands.
We are very committed to working with you to always obtain a fair resolution of any complaint or concern you might have in relation to our processing of your personal data. If however, you feel that we have not been able to assist you adequately and do not comply with applicable privacy rules you have the right to lodge a complaint with the data protection authority using their website: https://autoriteitpersoonsgegevens.nl/nl/zelfdoen/privacyrechten/klacht-indienen-bij-de-ap.
This Privacy Statement was last amended May 2018.