The Stand is committed to safeguarding your privacy. In this policy we explain how we will handle your personal data.
Personal data is information, alone or combined, that allows us to identify you. We collect personal data about you from a number of sources and use it only for our business purposes, in accordance with data protection law. Please refer to the more detailed descriptions of how we do this, below.
This policy applies where we are acting as a data controller with respect to your personal data; in other words, where we determine the purposes and means of the processing of that personal data.
It covers information that you give us when you consign a work of art to us, visit our website, request information or sign up for any of our social media, online publications or newsletters.
In this policy, “we”, “us” and “our” refer to The Stand Initiative Limited, doing business as “The Stand”.
We are registered in England and Wales under registration number 13338491, and our registered office is at Eighth Floor, 6, New Street Square, London, EC4A 3AQ.
You can contact us by post, to the postal address given above; or by email to email@example.com.
The personal data that we collect
We set out below the general categories of personal data that we process:
Contact data. For example, your name, email address, telephone number and postal address. The source of the contact data is you and/or Invaluable.
Relationship data. For example, your name, your contact details and information contained in or relating to communications between us and you. The source of the relationship data is you.
Gallery/Artist/ Works of art interest. For example, if you express interest in an artist or gallery, including such things as price points, styles, forms, we may keep this information which is provided by you.
Transaction data. For example, your name, your contact details, your wire transfer details and the transaction details. The source of the transaction data is you, Invaluable and/or our payment services provider, Stripe.
Charitable data. For example, records of which charities are chosen by our consignors for the donations made out of sale proceeds.
Communication data. For example, details of the contents of the communications that we send to each other.
(Please note that we do not process your identification data, for example, your government issued ID card or identify documents. This identification data is passed by you directly to artpassID, who conduct legal identity checks for anti – money laundering on our behalf. For more information, see “Providing your personal data to others” below.)
Purposes of processing and legal bases
We explain below the purposes for which we may process personal data and the legal bases of the processing.
Operations – operating our business, operating our website, the processing and fulfilment of auction purchases including charitable donations, providing our services, generating payment-related documentation and credit control. The legal basis for this processing is our legitimate interests, namely the proper administration of our website, services and business.
Publications – publishing consignor personal data on our website and auction marketing materials. The legal basis for this processing is our legitimate interests, namely the publication of marketing content to promote our auctions and the performance of the consignor contract between you and us.
Relationships and communications – managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, social media, post, fax and/or telephone, providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely business communications, the maintenance of our relationships, enabling the use of our services, and the proper administration of our website, services and business.
Direct marketing – creating, targeting and sending direct marketing communications by email, social media, SMS, post and/or fax and making contact by telephone for marketing-related purposes. The legal basis for this processing is your express consent (if you are an individual) or our legitimate business interests (if you are representing a company).
Research and analysis – researching and analysing the use of our website and services, as well as researching and analysing other interactions with our business. The legal basis for this processing is our legitimate interests, namely monitoring, supporting, improving and securing our website, services and business generally.
Record keeping – creating and maintaining our databases, back-up copies of our databases and our business records generally. The legal basis for this processing is our legitimate interests, namely ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with the law and this policy.
Security – security and the prevention of fraud and other criminal activity such as money laundering. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others.
Insurance and risk management – obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
Legal claims – establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
Legal compliance and vital interests – compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.
Providing your personal data to others
In the course of providing our services, we do have to sometimes share your personal data. We explain why and to whom below:
Insurers and/or professional advisers – obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, such as legal, tax or accounting advice.
Hosting service providers – our website database is stored on the servers of our hosting services providers, based in the UK.
Business partners and vendors – working on our behalf to provide services such as mailings, secure payment processing, fraud and anti- money laundering, digital marketing and data storage.
Consignors – If you are a Winning bidder, we will supply your contact data to the consignor to facilitate the delivery of your purchase.
Charities – If you are a consignor, we may provide your details to the charities your sale will support.
In addition to the specific disclosures described above, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
International transfers of your personal data
Stripe (the payment processor used by Invaluable) is situated in the USA. Stripe uses one or more of the following mechanisms: EU Standard Contractual Clauses with a data recipient outside the EEA or the UK or verification that the recipient has implemented Binding Corporate Rules.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
Retaining and deleting personal data
We keep your personal data for as long as we have a relationship with you. Once our relationship has come to an end, we will keep your personal data for a period of time that enables us to maintain business records to comply with legal and regulatory requirements, preserve records of transactions and deal with any complaints in relation to our services.
Security of personal data
We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.
We will store your personal data on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.
You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
Your principal rights under data protection law are:
(a) the right to access – you can ask for copies of your personal data;
(b) the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
(c) the right to erasure – you can ask us to erase your personal data;
(d) the right to restrict processing – you can ask us to restrict the processing of your personal data;
(e) the right to object to processing – you can object to the processing of your personal data;
(f) the right to data portability – you can ask that we transfer your personal data to another organisation or to you;
(g) the right to complain to a supervisory authority – you can complain about our processing of your personal data; and
(h) the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.
These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://edpb.europa.eu/our-work-tools/general-guidance/gdpr-guidelines-recommendations-best-practices_en and https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.
Third party websites
Our website includes hyperlinks to, and details of, third party websites. In general we have no control over, and are not responsible for, the privacy policies and practices of third parties.
Personal data of children
Our website and services are targeted at persons over the age of 18.
If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.
Please let us know if the personal information that we hold about you needs to be corrected or updated.
Cookies used by our service providers
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647 (Chrome);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
Data protection registration
We are registered as a data controller with the UK Information Commissioner’s Office.