Disclosure requirement under Article 13 of the GDPR*
(*the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC)
Who is the controller of your personal data?
The controller of your personal data is Desa Unicum S.A. with the registered office in Warsaw at Piękna 1A (hereinafter referred to as "We", "Desa", or "Company") running the Desa Unicum Auction House and the website located at the following URL: www.desa.pl.
Contact regarding the processing of your personal data by Desa
In order to provide information regarding the processing of your personal data by Desa, you can contact us by letter, e-mail, and telephone, our contact details are provided below:
Phone no.: +48 22 163 66 00
fax +48 22 163 67 99
How did we receive your data?
We received the data from you upon concluding a commission contract, concluding a gallery sales contract, concluding a contract for conservation services, or contract for providing other services, submitting the item for valuation, via the contact form, during personal or online registration for our auctions, or you provided them to us by e-mail.
For what purpose and on what legal grounds do we process your personal data?
Processing your personal data is necessary to perform the contract concluded with you, including:
- performance of contracts for sale, conservation services, framing, or commissioned sale;
- handling complaints if you submit a complaint;
- handling requests that you send to us (e.g. via the contact form);
- contacting you, included in cases related to the performance of contracts, making and receiving payments.
In addition, the law requires us to process your data for:
- tax and accounting purposes;
- keeping a record book of monuments accepted or offered for sale;
- counteracting money laundering and terrorist financing.
Your data is also processed by Desa in pursuance of our legitimate interest, for the purposes indicated below:
- conducting marketing activities towards you, including conducting direct marketing regarding goods and services offered by Desa;
- contacting you, including for purposes related to authorized marketing activities, through available communication channels, in particular and upon your consent - via e-mail and telephone;
- handling your requests, in particular, the requests sent to the Customer Service Center and via the contact form in the cases when they are not directly related to the performance of the contract;
- debt collection; conducting legal proceedings, arbitration and mediation proceedings;
- storing data for archiving purposes and accountability (proving that we act in compliance with the obligation arising from applicable law).
Our website desa.pl applies Google Ads features, such as remarketing or conversion tracking, we use the consent of our customers from the European Economic Area and the United Kingdom for cookies or personal data for personalized advertisements (in the case of remarketing).
If you give your consent, we process your personal data in order to save data in cookies and collect data from websites.
You can withdraw your consent to the processing of personal data in any manner, at any time. We shall process your personal data until you withdraw your consent or until our duty to process your data, imposed on Desa by generally applicable law, expires.
Do you need to provide us your personal data?
For the purposes of performing the obligations arising from the contract concluded between you and us, as well as to comply with the requirements of generally applicable law, it is necessary that you provide the following personal data:
- name and surname;
- home address or address for correspondence;
- Identification number PESEL or the number of your identity document;
- e-mail address;
- phone number;
- bank account number.
If for some reason you do not provide your personal data (not including your bank account number), unfortunately we will not be able to conclude a contract with you.
If required by law, we may require you to provide other data necessary e.g. for accounting or tax purposes. Apart from these cases, providing your data is voluntary.
What are your rights related to the processing of personal data by Desa
You have the following rights related to the processing of personal data:
- the right to withdraw consent to data processing,
- the right of access to your personal data,
- the right to demand rectification of your personal data,
- the right to demand erasure of your personal data,
- the right to demand restriction of processing of your personal data,
- the right to object to the processing of your personal data resulting from your particular situation - cases in which we process your data in pursuance of our legitimate interest,
- the right to data portability, that is to receive from your us the personal data you provided in a commonly used structured machine-readable format. You can send this data to another data controller or request that we send your data to another data controller. However, we shall send the data only if it is technically possible. The right to data portability applies only to the data which is processed on the basis of the contract concluded with you and upon your consent,
If you wish to exercise the above rights, contact us via the form available on the website www.desa.pl or at the reception desk at our headquarters.
You can exercise these rights in the following cases:
- regarding the request for data rectification: you noticed that your data is incorrect or incomplete;
- regarding the erasure of your data: the Company no longer needs your data for the original reason we collected or used it for; you have withdrawn your consent to data processing; have objected to the use of your data; your data have been used unlawfully; we have a legal obligation to erase your data or the data was collected from you as a child for an online service;
- regarding the request to restrict data processing: you have noticed that your data is incorrect - you can request to restrict the processing of your data for a period that allows us to check whether your data is correct; your data have been used unlawfully, but you do not want your data to be erased; we no longer need your data, but you may need it to the defending or seeking legal claims; or you exercise your right to object to data processing - pending determining whether our legitimate grounds override the grounds for your objection;
- regarding your request to transmit your data: the processing of your data takes place upon your consent or on the basis of the contract concluded with you, as well as when data processing takes place automatically.
You have the right to submit a complaint regarding the processing of your personal data by us to the supervisory body, which is the Inspector General for the Protection of Personal Data (address: Generalny Inspektor Ochrony Danych Osobowych, Stawki 2, 00-193 Warszawa).
In what situations can you object to the processing of your data by Desa?
You have the right to object to the processing of your personal data in the following cases:
- the processing of your personal data is carried out on the basis of a legitimate interest or for statistical purposes and the objection is justified by your particular situation,
- your personal data is processed for the purposes of direct marketing, including profiling.
Remember that you can exercise your right to object from 25 May 2018.
With whom do we share your personal data?
We share your personal data with entities supporting us in bookkeeping, running the website, IT systems, and providing consulting and auditing services. Entities authorized to process your personal data perform their tasks on the basis of a contract concluded with us and only in accordance with our instructions. The contracts for data processing concluded by us contain contractual clauses approved by the European Commission. In addition, we have the right to share your personal data with public authorities involved in countering fraud and abuse.
For how long do we store your personal data?
We store your personal data for the duration of the contract concluded with you and after its termination for:
- seeking legal claims in connection with the performance of the contract,
- performing duties resulting from legal provisions, including, in particular, for tax and accounting purposes,
- preventing abuse and fraud,
- statistical and archiving purposes,
a maximum of 10 years from the date of contract termination or for the period specified by law that requires us to process your data.
We store your personal data for marketing purposes for the duration of the contract or until you object to such processing, whichever occurs first.
Do we transfer your data to countries outside the European Economic Area?
Your personal data are transferred outside the European Economic Area to Google LLC based on appropriate legal safeguards, that is contractual clauses for the protection of personal data, approved by the European Commission.
Do we process your personal data automatically (including profiling) in a way that affects your rights
Your personal data will be processed in an automated manner, without the use of automated profiling. It shall not have any legal effects on you or materially affect your legal situation.
Withdrawing consent to the processing of personal data
Dear Sir or Madam,
you have the right to withdraw your consent to the processing of your personal data or exercise your other rights in connection with the processing of personal data at any time. For this purpose, please download the form below, print it, fill in, and sign it, and send it back by e-mail to: firstname.lastname@example.org or by post to the following address: DESA Unicum S.A., Piękna 1A, 00-477 Warszawa