- who we are;
- the information we collect and how we collect it;
- what we do with the information we collect;
- how we share and disclose user information with third parties;
- you GDPR Individual Rights;
- how you can access and update your information;
- how we protect information;
- collection of certain information by third parties through our Services;
- how to contact us;
This Policy sets out why we collect personal information about individuals and how we use that information. It explains the legal basis for this and the rights you have over the way your information is used. Some of this information will be collected via our website at http://bonhamscarsonline.com (“Site”).
Who We Are
Patina Classics Limited t/a Bonhams|Cars Online is the primary Data Controller for the purposes of EU Data Protection Legislation. Patina Classics Limited t/a Bonhams|Cars Online is a wholly owned subsidiary of Bonhams 1793 Limited so your personal data may be transferred and processed by other companies within the Bonhams group.
If you have any questions about this Policy or concerning your personal information, please contact [email protected]
What type of personal information do we collect?
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes your full name, preferred pronoun, date of birth, gender, username or similar identifier, identification and proof of address documents, the results of identification verification checks, the nature of your connection to an organisation if the consigning/buying is a corporate entity.
Contact Data includes billing address, delivery address, email address and telephone numbers, as well as details of any additional persons for whom copy correspondence is required.
Correspondence Data includes details of your correspondence with us (including bidding instructions recorded online or over the telephone, and any complaints you have made to our customer services team).
Image data includes photographs and video images (from CCTV footage).
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, products and services (including the data obtained from cookies, web logs and other similar technologies that monitor the use of the Site).
Marketing and Communications Preferences Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
How do we collect information?
We may collect information from you whenever you contact us or have any involvement with us for example when you:
- visit the Site.
- enquire about our activities or services.
- sign up to receive news about our activities.
- create or update a profile to bid in an auction.
- ask us to perform a valuation.
- post content onto our Site or social media sites.
- attend a meeting with us and provide us with information.
- take part in our events.
- contact us in any way including online, email, phone, SMS, social media or post.
Where do we collect information from?
We collect information:
- from you when you give it to us directly: you may provide your details when you ask us for information, attend our events, consign property, register for auctions, place bids or contact us for any other reason. Your information may be collected by an organisation we are working with, but we are still responsible for your information.
- from our parent company Bonhams 1793 Limited where the services we provide may be of relevance to you
- when it is available on social media: depending on your settings or the privacy policies applying for social media and messaging services you use, like Facebook, Instagram or Twitter, you might give us permission to access information from those accounts or services.
How do we use your information?
We will never sell or transfer any personally identifiable information to third parties without your consent. However, you agree that we may use your information:
- to enhance or improve our users’ experiences.
- to provide our Service to you and process transactions.
- to email you newsletters and correspondence.
- to understand how you use our App.
- to contact you and to respond to enquiries.
- to understand how you use our Site.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.
The Glossary contains more information about the legal grounds for processing.
|Purpose/Activity||Type of data as listed in our ‘What type of personal information do we collect’ section||Lawful basis for processing including legitimate interest|
|To register you as a new customer||Identity
|Performance of a contract with you.|
|To provide you with requested services,such as:
- bidding on auction items
- selling your items on our platform
Marketing & Communications
|Necessary for performance of a contract.
Necessary for our Legitimate Interests.
|To process and deliver the items you have successfully bid on.||Identity
|Performance of a contract with you.|
|To collect and recover money owed to us.||Transaction
Marketing & Communications
|Necessary for our legitimate interests (to recover debts due to us).|
|To manage our relationship with you, which will include:
- Changes to how we process your data.
- Changes to the terms or use of our services.
|Performance of a contract with you.
Necessary to comply with a legal obligation.
Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services).
|To evidence our compliance with legal requirements (for example, prevention of money-laundering, payment of taxation and customs duties, conducting customer identification for purposes of knowing our customers, and our obligation to make reasonable adjustments to accommodate a disability)||Identity
|Compliance with a legal obligation.|
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data||Identity
|Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise).
Necessary to comply with a legal obligation.
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||Technical
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).|
|To make suggestions and recommendations to you about goods or services that may be of interest to you and send you details about future auctions and other events||Identity
|Necessary for our legitimate interests – for customers who have previously requested or received services from us (to develop our products/services and grow our business).|
|To monitor your use of our services, provide staff training and improve your experience||Correspondence||Legitimate Interests.|
How do we keep your information safe?
We recognise and take seriously our responsibility to protect the personal data you entrust to Bonhams|Cars Online from loss or misuse.
Bonhams|Cars Online uses a variety of security technologies and organisational procedures to help protect your personal data. For example, we implement access controls, use firewalls and secure servers, and we encrypt data, such as financial information and other important data.
No data transmission over the internet can be guaranteed to be completely secure. So, whilst we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.
We understand the importance of keeping your personal information secure and take appropriate technical and physical steps to safeguard it.
We always ensure only authorised persons have access to your information, which means only our employees and contractors, and that everyone who has access is appropriately trained to manage your information.
Who has access to your information?
Your personal data will be processed by Bonhams|Cars Online and may also be transferred to and processed by other companies within the Bonhams group, for example, Bonhams 1793 Limited.
- Where it is necessary to enable us to provide you with the services you have requested, we will transfer your personal data to third parties (for example: we may transfer your data to our operators, shippers, warehouses, insurers, experts who help us authenticate or value property, event venues, caterers, catalogue and direct marketing fulfilment and distribution). These organisations will only use the information to carry out the instructed services. Please see International Transfers of Data below for more information.
- We do not transfer your personal data to third parties who wish to use it for their own marketing or other purposes.
- We may need to carry out anti-money laundering and trade sanction checks and for us to do so we may need to retain and disclose certain information about you to appropriate agencies. This is also to assist with fraud, crime prevention and detection.
- We will only disclose your personal data when we receive a request from a government or law enforcement authority to provide your data in two situations: when we are ordered to do so by a court; or after we have undertaken an internal review and conclude that the institution making the request has both complied with the correct procedure and has the right to seek disclosure.
Third parties who provide services for us, for example:
- Amazon Web Services
- Third parties in connection with restructuring or reorganisation of our operations, for example if we merge with another business. In such event, we will take steps to ensure your privacy rights will be protected by the third party.
International Transfers of Data
Owing to matters such as financial or technical considerations, the information you provide to us may be transferred to countries that do not have an ‘adequacy regulation’ from the UK, which are not subject to the same data protection regulations as apply in the UK. We meet our obligations under UK GDPR by ensuring that the information has equivalent protection as if it were being held under the UK Data Protection regime. We do this by ensuring that any third parties processing your data outside this regime either benefits from an adequacy determination for UK GDPR purposes and/or, where appropriate, we have entered into a data processing agreement which contains Standard Contractual Clauses approved by the ICO.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
How to keep your information up to date?
Please would you let us know if your contact details change. You can do so by contacting us at [email protected]
How long do we keep your information?
We will hold your personal information for as long as it is necessary for the relevant activity.
If you ask us to stop contacting you with marketing materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
Your right to object
We may from time to time send you communications regarding our services which you have expressed an interest in, or we feel may be of interest to you. You can opt out of receiving these marketing materials and communications at any time by using the unsubscribe link contained in all relevant communications to you or contacting us at [email protected]
You can also object to direct marketing at the time of creating an account with us.
You have the right to request details of the processing activities that we carry out with your personal information through making a subject access request. Such requests must be made in writing. If the request is 'manifestly unfounded or excessive', or further copies are requested, the data controller may charge a reasonable administration fee. To make a request, please contact us at [email protected]
You also have the following rights:
- the right to request rectification of information that is inaccurate or out of date.
- the right to erasure of your information (known as the “right to be forgotten”).
- the right to restrict the way in which we are dealing with and using your information; and
- the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”).
- rights in relation to automated decision making and profiling including profiling for marketing purposes.
These rights are subject to certain safeguards and limits or exemptions. To exercise any of these rights, you should contact us at :market_email
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found here.
Legal Grounds for Processing:
Legitimate Interests means the interest of our business, or the legitimate interest of a third party, in conducting and managing our respective business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by.
Performance of a Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Compliance with a Legal Obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Public Interest means that processing is necessary for the performance of a task carried out in the public interest.
Consent means you have given specific consent to the processing of your personal data.
This Policy was last updated in October 2021.
Patina Classics Limited t/a Bonhams|Cars Online