Scope

This Privacy Notice describes how Vastari Group Limited ("Vastari", "we", "us", "our") handle your personal data when using Vastari.com or any related Vastari websites, sub-domains, websites where this Privacy Notice appears at the in the footer of the page, tools, applications, and services (together the "Site" and/or the "Service"). Some Vastari branded websites or websites we operate may be governed by separate privacy notices. The notice that applies on any of our domains or sub-domains is always the notice that appears in the link from the footer of each website.

Our legal status under UK data protection law is that of a controller and in this capacity we will securely store and process your personal data which you have provided to us. Controller (formerly known as a data controller) is a legal term used in the GDPR and Data Protection Act 2018 to signify the person who controls what to do with any given personal data. As controller we have registered with the Information Commissioner's Office and our registration number is ZA226270.


Collection

You can browse our Site without telling us who you are or disclosing any personal data directly (please see our Cookie Notice for more information on data collected automatically).

Depending on how you use our Site, we may collect the following information which may contain personal data:

  • full name, email address, phone number, physical contact information, type of objects owned, and (depending on the service used) sometimes financial information, such as credit card or bank account numbers;
  • transactional information based on your activities on the Site (such as applying, searching, and registering on our Site);
  • community discussions, chats, dispute resolution, correspondence through our Site, and correspondence sent to us;
  • other information from your interaction with our Site, including services, content and advertising (such as device ID, computer and connection information, statistics on page views, traffic to and from the Site, ad data, IP address and standard web log information);
  • additional information we ask you to submit to authenticate yourself or if we believe you are violating site policies (for example, we may ask you to send us an ID or bill to verify your address, or to answer additional questions online to help verify your identity or ownership of an item you list);
  • information from other companies, such as demographic and navigation data;
  • other supplemental information from third parties (for example, if you incur a debt to Vastari, we will generally conduct a credit check by obtaining additional information about you from a credit bureau, as permitted by law); and
  • information that we can infer and derive from our observations of your use of the Site.

Use

In accordance with data protection laws, we will only process your personal data where we have a lawful basis for doing so. In respect of your personal data, these bases are: (i) where it is necessary to provide services to you under the performance of the contract we have with you; (ii) where we are required to do so in accordance with legal or regulatory obligations; (iii) where you have given your consent; and, (iv) where it is in our legitimate interests to process your personal data provided that none of these prejudice your own rights, freedoms and interests.

The following are a list of the purposes for which we process your personal data, and the lawful basis on which we carry out such processing:


Purpose

Lawful Basis

Provide the services you request and collect fees for such services

Necessary for the performance of a contract

Allow you to connect and network with others in the exhibition industry (only where you choose to do so)

Necessary for the performance of a contract

Provide you with customer support

Necessary for the performance of a contract

Provide troubleshooting services

Necessary for the performance of a contract

Respond to communications from you and resolve any disputes

Consent (implied by you contacting us)

Prevent, detect, investigate and report any potentially illegal activity (including fraud)

Necessary to comply with legal obligation

Investigate and enforce our legal rights (including under our User Agreement) and defend ourselves legally

Our legitimate interests to protect ourselves and our rights legally

Analyse, measure and customise our Site (including the arrangement of content and appropriateness of advertisements)

Our legitimate interests to ensure our site is as user-friendly and effective as possible

We send B2B communications about our products and services and those of our corporate family with which businesses may be interested

Our legitimate interests to send information which may be of interest to a business (and you may opt-out at any time as described below)

We send B2C marketing communications about our services and those of our corporate family, including emails and promotional offers

Consent (and you may opt-out at any time as described below)

Send your service messages which are critical to the Site

Necessary for the performance of a contract

Contact you regarding market research and your use of the Site

Our legitimate interests to ensure our Site is as effective and enjoyable as possible

Compare information for accuracy, and verify it with third parties (such as LinkedIn and Facebook) to ensure individuals are who they say they are

Necessary for the performance of a contract

Combine your personal data with information we collect from other companies and use it to improve and personalize our Service (including our content and advertising)

Our legitimate interests to notify you of services and content which you may be interested in


Cookies (and similar technologies)

Cookies: those that are necessary for the operation of our websites and mobile applications, including allowing you to interact with our websites and mobile applications and to recall selections as you move between pages

Necessary for the performance of the contract

Cookies: those that analyse your use of our websites and monitor our web audience so we can continue to analyse and improve our website and services

Legitimate interest

Cookies: used to link you to your social media account

Consent

Cookies: those that are used for third party marketing

Consent


We may also process your personal data for other uses which are compatible with the purposes as set out above or as described from time to time when we collect the personal data.

Our primary purpose in collecting personal data to provide you with a safe, smooth, efficient, and customized experience.


Marketing

We don't sell or rent your personal data to third parties for their marketing purposes without your explicit consent.

We may send marketing materials to you by email, messaging via the Vastari Site, chatbots or telephone calls as described above. If you don't wish to receive marketing communications from us or participate in our ad-customization programs, simply indicate your preference by emailing team@vastari.com. You can also unsubscribe for marketing communications via any marketing communication sent to you, using the link provided within the correspondence.


Registration and sharing through third-party services.

We may offer single sign-on services that allow you to use third party log-in credentials to sign into the Site. With your permission, Vastari may also transfer to the Site profile information contained in your third-party profile, including but not limited to your collection management system or website. Vastari may also, for your use, enable you to import information about who you are connected to, as well as enable you to share information with those third-party sites. If you wish to discontinue such sharing, you will be able to do so through your settings page.


Our Disclosure of Your Information

We may disclose personal data in certain circumstances set out in this paragraph. We will disclose your personal data where required to respond to legal requirements, enforce our policies, respond to claims that a listing or other content violates the rights of others, or protect anyone's rights, property, or safety. Such information in each case will be disclosed in accordance with applicable laws and regulations.

We may also share your personal data with:

  • Service providers (processors) who process your personal data on our behalf to help with our business operations. These processors will include those who conduct fraud investigations and assist in the successful functioning of the Site. We will ensure that a written agreement is in place to ensure that your personal data is adequately protected and that processors only process your personal data in accordance with our instructions.
  • Other third parties to whom you explicitly ask us to send your information (or about whom you are otherwise explicitly notified and consent to when using a specific service).
  • Law enforcement, governmental agencies, or authorized third-parties, in response to a verified request relating to a criminal investigation or alleged illegal activity or any other activity that may expose us, you, or any other Vastari user to legal liability. In such events, we will only disclose personal data relevant to the investigation.
  • Without limiting the above, in an effort to respect your privacy and our ability to keep the community free from bad actors, we will not otherwise disclose your personal data to law enforcement, other government officials, or other third parties without a subpoena, court order or substantially similar legal procedure, except when we believe in good faith that the disclosure of information is necessary to prevent imminent physical harm or financial loss or to report suspected illegal activity.
  • Other business entities, should we plan to merge with or be acquired by that business entity.
  • Our professional advisors where necessary for advice related to disclosures listed above or any other purpose set out in this Privacy Notice.

We do not transfer your personal data outside of the EU (including the UK). If this were to change we would ensure that adequate measures were put in place to ensure the security of your personal data, such as standard contractual clauses or ensuring that the recipient has certified under Privacy Shield (if US based). We will also update this Privacy Notice to reflect the transfer. We may be required to transfer personal data on a one-off basis and if this is the case we will ensure that such transfer is always in accordance with data protection laws.

We will introduce optimizers in the US and Singapore via Microsoft Azure which will allow faster access for those based in those regions. If we implement these we will not transfer information to Azure which can identify an individual but to be secure we will ensure adequate safeguards are in place to ensure all data is treated as securely as personal data.


Anonymised Data

We may aggregate and/or anonymised information we hold about you with that of other users of the Site such that the aggregated/anonymised data no longer contains personal data. We may disclose such aggregated/anonymised data with third parties.


Information You Share on the Site

Your User ID is displayed throughout the Site (and so possibly also available to the public) and is connected to all of your Site activity. Other people can see your comments and any other items you have deemed visible. Notices sent to other community members about suspicious activity and policy violations on our Site refer to User IDs and specific items. So if you associate your name with your User ID, the people to whom you have revealed your name will be able to personally identify your Site activities. We therefore recommend that you select a User ID that does not personally identify you.

If you access our Site from a shared computer or a computer in an internet cafe, certain information about you, such as your User ID, activity or reminders from the Site, may also be visible to other individuals who use the computer after you.


Using Information from the Site

The Site enables you to share personal data to complete transactions, organise exhibitions and facilitate interactions. We encourage you to disclose your privacy practices and respect the privacy of other users. We cannot guarantee the privacy or security of your personal data and therefore we encourage you to evaluate the privacy and security policies of your correspondents before entering into a transaction and choosing to share your information. To help protect your privacy, we allow only limited access to other users' contact, shipping and financial information which are necessary in order to facilitate transactions which you have requested. When users are involved in a transaction, they may have access to each other's name, User ID, email address and other contact and shipping information. In all cases, you must give other users a chance to remove themselves from your database and a chance to review what information you have collected about them.


Your use of user information

You agree to use user information only for:

  • Site transaction-related purposes that are not unsolicited commercial messages;
  • Using services offered through the Site (such as exhibitions, loans, shipping, insurance and authentications), or
  • Other purposes that a user expressly chooses.

No Spam, Spyware or Spoofing

We and our users do not tolerate spam. Make sure to set your communication preferences on the Site so we communicate with you as you prefer. You are not licensed to add other Site users, even a user who has purchased an item from you, to your mailing list (email or physical mail) without their express consent. To report Site-related spam or spoof emails to Vastari, please forward the email to spam@vastari.com. You may not use our communication tools to send spam or otherwise send content that would violate our User Agreement. We automatically scan and may manually filter messages to check for spam, viruses, phishing attacks and other malicious activity or illegal or prohibited content, but we do not permanently store messages sent through these tools. If you send an email to an email address that is not registered in our community (via Refer-a-Friend or other tools), we do not permanently store that email or use that email address for any marketing purpose. We do not rent or sell these email addresses.


Account Protection

Your password is the key to your account. Use unique numbers, letters, and special characters, and do not disclose your Site password to anyone. You are responsible for all actions taken in the name of your account. If you lose control of your password, you may lose substantial control over your personal data and may be subject to legally binding actions taken on your behalf. Therefore, if your password has been compromised for any reason, you should immediately notify Vastari and change your password.


Managing Your Personal Data

You can see, review and change most of your personal data by signing on to the Site and checking your Account page . You must promptly update your personal data if it changes or is inaccurate. Once you make a public posting, you may not be able to change or remove it. Upon your request, we will close your account and remove your personal data from view as soon as reasonably possible, based on your account activity and in accordance with applicable law.


Retaining Your Personal Data

We will retain your personal data for the period necessary for us to provide you with our Services and to comply with our legal obligations. If you retain an account with us then we will retain your personal data. Once your account is closed we will aim to delete your personal data within 90 days but we may need to retain some information where there are ongoing matters, such as fees owed, disputes and investigations.


Your Rights

You have the following rights in relation to your personal data. To exercise these rights please contact us by emailing team@vastari.com. To ensure the security of your personal data, we may ask you for valid proof of identity and once we’ve received it, we will provide our response within one month. If your request is unusually complex and likely to take longer than a month, we will let you know as soon as we can and tell you how long we think it will take. If we deem your request to be manifestly unfounded or excessive we may require an administration charge or may refuse the request altogether.

Please note that the below rights are not absolute and there may be circumstances where we are unable to comply with your request (whether in whole or in part).


Access:

You are entitled to confirmation that we process your personal data and a copy of such personal data.


Rectification:

If you believe the personal data we hold on you is incorrect, you have the right for this to be rectified. You may also update your personal data through your account page.


Erasure:

You can request us to erase your personal data where there is no compelling reason to continue processing.


Restriction:

You may request a restriction on the processing we undertake on your personal data. This will only apply where we have no lawful basis to process your personal data, your personal data is inaccurate or to comply with an objection request (see below).


Objection:

You may object to our processing of your personal data where our processing is carried out in accordance with the legitimate interests lawful basis. Please note, however, that should we determine that our interests are so compelling as to override your objection we may continue to process your personal data.


You may also object to receiving direct marketing at any time.


Portability:

You have the right to receive some of your personal data in machine readable format. This right extends to you being able to request that such data is sent to a third party controller.


Withdraw Consent:

Where the lawful basis we rely on to process your personal data is consent you have the right to withdraw this consent.


Your right to complain to a supervisory authority:

Further information about your rights can also be obtained from your national data protection regulator – in the UK the Information Commissioner’s Office (https://ico.org.uk). If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with your national data protection regulator, although we would ask that you contact us in the first instance.


Your right to be informed:

This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions you may have about our use of your personal data.


Security

Your information is stored on our servers. We treat data as an asset that must be protected and we use appropriate technical measures (including tools, encryption, passwords, physical security, etc.) to protect your personal data against unauthorized access and disclosure. However, as you probably know, third parties may unlawfully intercept or access transmissions or private communications, and other users may abuse or misuse your personal data that they collect from the Site. Therefore, although we work very hard to protect your privacy, we cannot guarantee its security.


Third Parties

Except as otherwise expressly included in this Privacy Notice, this document addresses only the use and disclosure of personal data we collect from you. If you disclose your personal data to others, whether they are institutions, experts or any other registered user on our Site or other sites throughout the Internet, different rules may apply to their use or disclosure of the information you disclose to them. Vastari does not control the privacy notices of third parties, and you are subject to the privacy notices of those third parties where applicable. We encourage you to ask questions before you disclose your personal data to others.


General

We may amend this Privacy Notice at any time by posting the amended terms on this Site. All amended terms automatically take effect 30 days after they are initially posted on the Site.

In addition, we will notify you through the Vastari Messaging system on our Site.

your questions are not answered via email, you may write to us at: Vastari.com, Vastari Group Ltd, Unit 2, 12-18 Hoxton Street, London N1 6NG, United Kingdom.


Privacy Notice last updated: 12 June 2019