Hargesheimer Kunstauktionen

This section sets out the shipping conditions applicable to items purchased through the platform.

Shipping of items purchased through the platform is handled exclusively by the respective seller. EMME ART does not arrange shipping and does not act as a carrier or transport service provider.

The seller is solely responsible for organizing the shipment, determining delivery timeframes and conditions, and contracting the relevant transport service. Any matters related to shipping — including delivery times, tracking, delays, loss, or damage — must be addressed directly between the buyer and the seller.

Specific shipping terms will be communicated to the buyer during the checkout process or directly by the seller after payment confirmation.

Hargesheimer
Kunstauktionen Düsseldorf GmbH
Friedrich-Ebert-Straße 11+12
40210 Düsseldorf
Germany

Tel.: +49 (0) 211 – 30 200 10
Fax: +49 (0) 211 – 30 200 119

E-Mail: [email protected]

Tax ID number: 133 5832 1587
Tax office: Düsseldorf-Mitte
Local Court / Commercial Register: Düsseldorf
Commercial Register number: HRB 57157

Managing Director:
Michael González

---

This Privacy Policy has been drafted in order to comply with the duty of transparency regarding the processing of personal data that Hargesheimer Kunstauktionen Düsseldorf GmbH (hereinafter, “Hargesheimer” or the “Data Controller”) may carry out in its capacity as data controller on the website https://kunstauktionen-duesseldorf.de/en/ , in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”).

The following information describes the personal data processing activities carried out by the Data Controller on the Website, which is intended for the purchase and sale of high-value works and objects through the following main modalities: Digital Auctions and the Online Store.
Who Is Responsible for Processing Your Personal Data?

Data Controller:
Hargesheimer Kunstauktionen Düsseldorf GmbH
Registered office: Friedrich-Ebert-Strasse 11–12, 40210 Düsseldorf, Germany
Tax number (Steuernummer): 133/5832/1587
Email: [email protected]

Below, we provide detailed information on the personal data processing activities that may be carried out by the Data Controller.
For What Purposes and on What Legal Basis Do We Process Your Personal Data?

The personal data collected will be processed by the Data Controller for the purposes and on the legal bases set out below:

Creation of a user account on the Website:
Your identification and contact data will be processed to manage your registration on the Website, enabling you to create your user account, access your profile, view your invoices, and carry out purchases and bids, with such processing being based on the performance of the contractual relationship.

Purchase of products through Digital Auctions and the Online Store:
Your identification, contact, and order-related data will be processed to manage the order and the purchase carried out, as well as to monitor the commercial relationship, with such processing being based on the performance of the contractual relationship.

Payment for products / pre-reservation:
Your identification, financial, and order-related data will be processed to carry out the transaction and payment, as well as to issue invoices, with such processing being based on the performance of the contractual relationship.

KYC verification:
Your identification and financial data will be processed in order to comply with applicable legal obligations in relation to anti-money laundering regulations, with such processing being based on compliance with a legal obligation.

Delivery or collection of products:
Your identification, contact, and order-related data will be processed to ensure the proper delivery or collection of the product purchased or awarded at auction through the Website, with such processing being based on the performance of the contractual relationship.

Management of the right of withdrawal and returns:
Your identification, contact, and return-related order data will be processed to manage and execute the return of purchased products, with such processing being based on the performance of the contractual relationship.

Dispute and incident management:
Your identification, contact, and order-related data may be processed to manage any breach of the General Terms and Conditions for Buyers or any other identified breach, as well as to handle disputes or litigation, with such processing being based on the performance of the contractual relationship.

Website quality management:
Data relating to your contributions to the Website will be processed in order to collect, assess and, where applicable, publish your reviews or opinions regarding requested products, as well as to identify fraudulent or inaccurate listings and conduct satisfaction surveys, all for the purpose of evaluating and improving the Website and the services offered, with such processing being based on the Data Controller’s legitimate interest.

Business prospecting directed at existing customers:
Your identification and contact data will be processed to send you commercial communications relating to products or services similar to those previously contracted through the Website, unless you have objected to such processing, with such processing being based on the Data Controller’s legitimate interest.

Business prospecting directed at prospective customers:
Identification and contact data will be processed to send you marketing communications regarding the Website and the products offered through it, with such processing being based on your consent.

Website navigation personalization and statistical analysis:
Connection and browsing data will be processed in order to generate aggregated reports for statistical and analytical purposes and to compile statistics regarding the use of the Website, with such processing being based on the Data Controller’s legitimate interest.

Website management and improvement:
Your data will be processed to ensure the security of the Website and to carry out maintenance, support, and development activities, with such processing being based on the Data Controller’s legitimate interest.

Responding to requests for the exercise of data protection rights:
Where you exercise any of your data protection rights, your identification and contact data will be processed in order to respond to your request, with such processing being based on compliance with a legal obligation.
What Categories of Personal Data Are Collected and Used?

The Data Controller collects and uses the following categories of personal data in order to carry out the purposes described above:

Identification data: First name, last name, date of birth, user number.

Contact data: Email address, postal address, telephone number.

Banking and financial data: Payment method, bank account number, billing address, and data related to the KYC verification process.

Order data: Order number, date and time of the order, order status, products ordered, order value, delivery address and delivery method.

Return-related data: Date and time of the return request, returned products, reasons for the return, refunded amount.

Business relationship data: Order history, order frequency, requests (inquiries, complaints, claims, etc.), and interactions with the Data Controller.

User-generated content: Reviews or opinions relating to requested products and your experience as a buyer or user.

Connection and browsing data: Date and time of access, IP address, device type, browser, operating system, system configuration data, and pages viewed.

Some of this personal data is mandatory and some is optional in order to use all the services offered through the Website. Mandatory data is indicated in the relevant data collection forms. If you do not provide the required data, the Data Controller will not be able to process your request.
How Long Do We Keep Personal Data?

Personal data will be retained by the Data Controller for the period necessary to fulfil the purposes for which it was collected or until the user requests to unsubscribe as a registered user.

Once the applicable retention period has expired, the data will be duly blocked for the statutory limitation period for potential legal claims, and subsequently deleted once such period has elapsed.
With Whom Will Personal Data Be Shared?

Personal data will only be disclosed to third parties where there is a legal obligation applicable to the Data Controller or where such disclosure is necessary for the performance of contractual obligations.

Personal data may be disclosed to competent public authorities and bodies and, where applicable, to law enforcement authorities, in accordance with applicable legislation and in fulfilment of a legal obligation.

In addition, personal data may be shared, in accordance with applicable law and for the performance of the contractual relationship, with group companies for administrative or operational purposes, with sellers, with payment service providers for payment processing, and with logistics or delivery service providers for delivery purposes.

The Data Controller may also transfer personal data within its business group for administrative or operational purposes, always in accordance with applicable agreements and with full respect for data protection legislation.

The Data Controller applies strict criteria when selecting service providers and undertakes to enter into the corresponding data processing agreements with them, ensuring that such providers comply with applicable data protection regulations and process personal data solely in accordance with the Data Controller’s instructions.
International Transfers

In order to fulfil the purposes described above, the Data Controller may use service providers located outside the European Economic Area (EEA) or in countries that do not offer an adequate level of data protection.

In such cases, the Data Controller ensures that appropriate safeguards are in place in accordance with the GDPR, including, where applicable, binding corporate rules or the execution of the standard contractual clauses approved by the European Commission.
Exercise of Rights

Your personal data will be treated with strict confidentiality by the Data Controller. In accordance with applicable data protection legislation, you have the following rights:

Right of access: To obtain confirmation as to whether your personal data is being processed and, where applicable, access to such data and related information.

Right of rectification: To request the correction of inaccurate personal data or the completion of incomplete data.

Right to withdraw consent: To withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to such withdrawal.

Right to object: To object, in whole or in part, to the processing of your personal data under certain circumstances.

Right to data portability: To receive your personal data in a structured, commonly used and machine-readable format and transmit it to another controller, where legally applicable.

Right to erasure: To request the deletion of your personal data where the legal requirements are met.

Right to restriction of processing: To request the limitation of processing in certain circumstances, such as when the accuracy of your data is contested.

You may exercise your rights at any time and free of charge by contacting the Data Controller or its authorized partner at.

Where necessary to verify your identity, you may be asked to provide additional documentation.

If you believe that your rights have been infringed, you may lodge a complaint with the competent supervisory authority. In Germany, this authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), with registered office at Kavalleriestraße 2–4, 40213 Düsseldorf (Germany), via its website https://www.ldi.nrw.de.
Security Measures

The Data Controller has implemented appropriate technical and organizational measures to ensure the security of personal data and to prevent unauthorized access, alteration, loss, or disclosure, although absolute security cannot be guaranteed.

All personnel involved in the processing of personal data are committed to confidentiality and to complying with applicable data protection legislation.
Changes to the Privacy Policy

The Data Controller reserves the right to amend this Privacy Policy at any time in order to comply with applicable legal requirements. Any changes will be published on the Website so that users may review them at any time.

---

This section sets out the conditions governing returns and refunds in connection with purchases made through the platform.

Returns and refunds are handled directly between the buyer and the seller, in accordance with the seller’s policies and applicable law.

Where the buyer qualifies as a consumer, the statutory right of withdrawal may be exercised within the applicable legal timeframe, except where legally excluded. Specific return conditions, including deadlines and return shipping costs, are determined by the seller and should be reviewed prior to purchase.

Once a return has been accepted and the item received, the refund will be authorized by the seller and processed via the relevant payment provider.