Last updated 14.05.2018
Tattersalls Limited (“we/ our/ us”) are committed to safeguarding the privacy of our website visitors, app users and service users (“you/ your”).
This policy applies where we determine the purposes and means of the processing of that personal data (legally called a “data controller”). Please don’t give us anyone else’s data unless we prompt you to do so or you are authorised to do so because of a commercial role you undertake.
2. How we use your personal data
|Data Category||Purpose||Type of Data/Source||Lawful Basis for Processing|
|Data about your use of our website, app and services ("usage data").||Analysing the use of the website, app and services||IP address, mobile device identifier, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system.||Our legitimate interests, namely monitoring and improving our website and services.|
|Sale or purchase account data ("account data")||Operating our website and app, providing our services, ensuring the security of our website, app and services, maintaining back-ups of our databases and communicating with you.||Name, address, telephone numbers, email address, transaction history, financial details. The source of the account data is you.||The performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract; and Our legitimate business interests in ensuring the continuity of our services.|
|Information that you make available for publication, such as in sale catalogues and marketing materials ("publication data").||Administering and promoting our sales through our website, app and services.||Consignor’s (seller’s) name, contact and location and lot name and details. The source of the data is the seller business or individual.||The performance of a contract between you and us; and/or taking steps, at your request, to enter into such a contract; and Our legitimate business interests.|
|Information contained in any enquiry you submit to us regarding goods and/or services ("enquiry data").||Offering, marketing and selling relevant goods and/or services to you on your request.||Your name, enquiry details and contact details. The source of this data is you.||Your consent; and Our legitimate business interests|
|Auction or online shop transactions, that you enter into with us ("transaction data").||Conducting auction or online shop sales and purchases and keeping proper records of those transactions||Account details, your card details or other financial details and the transaction details.||The performance of a contract between you and us; and/or Taking steps, at your request, to enter into such a contract; and Our legitimate interests, namely the proper administration of our website and business.|
|Subscribing to our email notifications and/or newsletters ("notification data").||Sending you the relevant notifications and/or newsletters||Name, job title, email address. The source of this data is either you or it is publicly available information relating to your job or interest in bloodstock.||Consent; or The performance of a contract between you and us; and/or Taking steps, at your request, to enter into such a contract; and Our legitimate business interests.|
|Information contained in or relating to any communication that you send to us ("correspondence data").||Communicating with you and record-keeping.||Communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.||Our legitimate interests, namely the proper administration of our website and business and communications with users.|
|Surveillance data we collect during sales (“surveillance data”).||Security and record keeping.||CCTV footage from the sales room.||Consent (there are notices alerting visitors to the extent of the CCTV as you enter the filmed area); and Our legitimate business interests to provide a safe and secure sales environment.|
|Any of the data above||Where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure; or necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person||As above.||Our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.|
|Any of the data above||Obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice.||As above.||Our legitimate interests, namely the proper protection of our business against risks.|
3. Providing your personal data to others
We may disclose your personal data to:
Any member of our group of companies insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy;
Our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure;
Our overseas representatives identified in our sales catalogues insofar as reasonably necessary to promote upcoming sales to potential overseas buyers and sellers and to further our legitimate business interests;
Payment services providers, whom we use on our online shop and to take payments from you. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at https://www.paypal.com/en/webapps/mpp/ua/privacy-full ; https://www.shopify.com/legal/privacy; and https://lloydsbankcardnet.com/privacy/;
Ensure our compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4. International transfers of your personal data
The hosting facilities for our website are situated in the EU, but other IT service providers are located outside of the EU. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
We have overseas representatives in the EU and Australia, China, Japan, Malaysia, USA, South Africa and Argentina, each listed in the sales catalogues. Transfers to each of these countries will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
You acknowledge that personal data that you submit for publication through our website or catalogue may be available, via the internet or our paper catalogues, around the world. We cannot prevent the use (or misuse) of such personal data by others.
5. Retaining and deleting personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. It is not possible for us to specify in advance the periods for which your personal data will be retained. We determine the period of retention based on our legal, financial and business requirements or the period required to protect your vital interests or the vital interests of another natural person.
6. Security of personal data
We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data. We will store all your personal data on secure servers, personal computers and mobile devices, and in secure manual record-keeping systems.
Data relating to your financial transactions that is sent from your web browser to our web server, or from our web server to your web browser, will be protected using encryption technology.
You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You should ensure that your password is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our website confidential.
We may update this policy from time to time by publishing a new version on our website. Please check this page occasionally to ensure you are happy with any changes to this policy. The publication date of the latest version is noted at the top of the first page. We may notify you of significant changes to this policy by email.
8. Your rights
In this Section 8, we have summarised the rights that you have if you qualify for such rights under EU data protection law. The rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the Regulatory Authorities for a full explanation of these rights.
|Your Rights||What are they?||What will we do?|
|Access||To know whether or not we process your personal data and have access to that data.||Providing the rights of others are not affected, we will supply you a copy of your personal data free of charge. Additional copies may be subject to a reasonable fee.|
|Rectification||You have the right to have any inaccurate data personal data about you rectified and have any incomplete personal data about you completed.||When you communicate with us, we will check the data we have stored and rectify any errors when proof is provided.|
|Erasure||You have the right to erasure of your personal data when:
||We will erase the data as requested on validation of the claims, however data cannot be erased if processing is necessary for exercising the freedom of expression; for compliance; for legal obligation or to establish, exercise or defence against legal claims.|
|Restrict Processing||You have the right to restrict processing of your personal data in the same circumstances as described under ‘right to erasure’ where you oppose erasure or have objected to processing and the decision is pending.||Where processing is restricted, we will continue to store your personal data, but will only process it for legal claims, for the protection of another person’s rights or for reasons of public interest.|
|Object to Processing||
|Data Portability||You have the right to receive your data if we have processed it under your consent or as part of performing the contract with you (if carried out by automated means).||We will provide your data to you in a commonly used and machine-readable format. This right does not apply if it adversely affects the right of others.|
|Complain||You have the legal right to lodge a complaint to a supervisory authority responsible for your data protection.||We will be bound by the decision of the supervisory authority.|
|Withdraw Consent||You can withdraw consent at any time for processing of publication and notification data.||Contact us via the methods below in section 13 to exercise any of your rights in relation to personal data. Please note that we will attempt to reply within 14 days but during busy periods, it may take longer.|
9. Updating information
Please let us know if the personal information that we hold about you needs to be corrected or updated.
10. About cookies
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
11. Cookies that we use
12. Managing cookies
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
- https://support.google.com/chrome/answer/95647?hl=en (Chrome);
- https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
- http://www.opera.com/help/tutorials/security/cookies/ (Opera);
- https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
- https://support.apple.com/kb/PH21411 (Safari); and
- https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
13. Our details
This website is owned and operated by Tattersalls Limited. We are registered in England and Wales under registration number 00791113, and our registered office is at Terrace House, Newmarket, Suffolk, CB8 9BT.
You can contact us:
- by post, to the postal address given above;
- using our website contact form;
- by telephone, on the contact number published on our website from time to time; or
- by email, to email@example.com.
14. Data protection registration
We are registered as a data controller with the UK Information Commissioner's Office. Our data protection registration number is Z7216231.