This policy applies to information held about all our contacts and all other persons about whom MDG Fine Arts Ltd holds information, meaning any personal information about yourself that we collect, use, share and store. In compliance with GDPR – legislation, MDG Fine Arts Ltd is committed to protecting your privacy and maintaining the security of any personal information received from you. In particular, we would like to reassure you that we will not sell, rent or trade personal data with other businesses for marketing purposes.
What we collect
– Your contact information such as your name, address, email address and telephone number
– Only if required, your payment details / financial data i.e. your bank name, account number and sort code
– Any other information about yourself that you share with us
– Information in relation to your purchase of artworks or use of our services
How we collect information about you
– Information you give to us in person or by corresponding with us by phone, e-mail or otherwise
– Contacting us throughout our website
– When you reach us for any of our art advisory or interior design services
What we do with the information we gather
We use your information to:
– Provide you with information about our services as requested;
– Carry out our obligations arising from any agreements entered between you and us;
– Keep you informed regarding anything related to our business and services that we think you may find interesting;
– Communicate with you;
– Administer our site and for internal operations, including data analysis, research, statistical and survey purposes;
– Comply with legal and regulatory obligations;
– For security reasons and to check your identity.
How do we protect your personal data?
All reasonable measures have been undertaken to securely protect your personal data by the following means:
– Digital Our server, PC terminals, accounts software, database, and Wi-Fi network are all password protected. Desktops are normally screen-locked when users are away from their workstations
– Cyber security. Remote access to our server is password Access is restricted to MDG Fine Arts data processors as well as our IT support. Devices such as mobile phones and tablets which access the mail server remotely are also pin-protected. Regular backups of the server are stored to the Cloud and monitored remotely by our IT consultant
Legal basis for processing
Our processing of your personal information is necessary:
– For the performance of contracts to which you will be a party to and in order to take steps at your request prior to you entering into those contracts;
– For the purposes of legitimate interests pursued by us;
– In order to comply with a legal obligation to which we are subject.
Where do we send your personal data and why?
Your personal data may normally be sent to the following Third Parties for the following reasons only:
– Freight Forwarders/Shipping Agents/Customs Agents to assist with the fulfillment of a contract of sale;
– Other collection or delivery premises (e.g. conservators, auction houses, fabricators) to assist with the fulfilment of a contract of sale;
– Our accountant for taxation purposes.
As expressly set out in this policy we will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
How long will we keep your information?
We will only keep the information we collect about you for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us periodically reviewing our files to check that information is accurate, up-to-date and still required.
Where we are permitted to send you direct communications, we may retain your contact information necessary for this purpose, for as long as you do not unsubscribe from receiving the same from us.
At any time, you have the right:
– To request access to or a copy of any personal data which we hold about you
– To rectification of your personal data, if you consider that the information we are holding is inaccurate
– To ask us to delete your personal data, if you consider that we do not have the right to hold it
– To withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent)
– To restrict processing of your personal data
– To data portability (moving some of your personal data elsewhere) in certain circumstances
– To object to your personal data being processed in certain circumstances
To not be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data
Any request from you to get access to or to obtain a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period of time. We will comply with our legal obligations about your rights as a data subject. We aim to ensure that the information we hold about you is accurate at all times.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Actions in the event of a data breach:
A data breach is defined as a breach in security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
If you discover a data breach emanating from us which involves your personal data, please inform us as soon as possible. If we discover a breach involving your personal data, we are required to inform you within 72 hours of discovering the data breach.