Hashimoto Contemporary and its affiliated entities located inside and outside the EEA ("Hashimoto Contemporary", “the Gallery,” "we", "us" or "our") respects your privacy and seeks to protect your personal data.
Hashimoto Contemporary's Data Principles:
- We keep to a minimum the amount of information we hold about you.
- We use your data to respond to your enquiries and provide you with information that we believe you would like to receive about the Gallery, our artists, available artworks and our events (the lawful basis for this is “legitimate interest”).
- We also use your data to complete transactions with you on our website and also via our galleries and other affiliated businesses (the lawful basis for this is “contract”).
- We also use your data to communicate with you where you have signed up and opted in to receive information from us (the lawful basis for this is "consent").
- We only hold your data for as long as necessary.
- We apply appropriate security mechanisms to protect your personal data.
- Our legitimate business interests are balanced with your interests, rights and freedoms and your consent.
What information does Hashimoto Contemporary collect about me?
We may collect some (or all) of the following: your name, phone number, email address, IP address, information about you (for example, age, gender, socio-economic status), data provided by cookies and other similar technologies, functional data such as registration and system data, as well as additional usage data – for instance, your purchasing history, communication permissions, artist preferences and creative interests or information about your attendance at one of our events.
Why does Hashimoto Contemporary need my information?
We use your data to help us provide the best experience of our Gallery, which includes using data to improve (and, where possible, personalise) your experiences. We use your data to communicate with you, for example, informing you about new shows, events and gallery updates. We also use data to fulfil contracts, to send you the goods you have bought, invoices and to collect payments.
Can I opt-out of sharing my information with Hashimoto Contemporary?
Yes, you do not have to share your information with us that you do not want us to process and you may opt-out to receive communications from us at any time by contacting us at firstname.lastname@example.org. We will respect your rights under the GDPR in this regard.
How do I delete my personal data from Hashimoto Contemporary and what are the consequences?
You can email email@example.com to request that your data be deleted. However, please note, by deleting your personal data, you may impact your experience of the Gallery. We will not delete data which is needed to fulfill a contract until that contract is completed or unless we agree to terminate the contract. We will inform you if deleting your data will impact our ability to perform a contract in case this affects your decision.
How long does Hashimoto Contemporary keep my information?
We retain personal data for as long as necessary, to fulfill the transactions you have requested, or for other essential purposes (for example, complying with our legal obligations, resolving disputes and fulfilling our agreements).
How is information stored?
We are committed to protecting the security of your personal data. We store data in a number of places depending on our requirements to access and use it. We use a variety of security technologies and procedures to help protect your personal data from unauthorised access, use or disclosure. For example, we store the personal data you provide on cloud-based or computer systems that have limited access and are in controlled facilities. Where possible, we avoid storing paper records.
Is Hashimoto Contemporary using cookies to gather information?
If you have any questions about the use of your personal information, please email us at firstname.lastname@example.org.
What personal data do we hold and why?
When you contact us to make an enquiry, we will use your name and contact information to respond. We will then use this information to communicate with you in the future.
We may obtain, collect and update information about you via direct contact with you, from third parties who refer you to us or automatically via your engagement with Spoke Art, including your use of our social media channels.
On request, we can provide you with access to all information, including proprietary information, that we maintain about you (but not other users unless required to do so by law) including unique identifier information (for example, your customer number or password) and contact information (for example, your name, address and phone number). You can request this information by emailing us at email@example.com. We will correct inaccuracies on provision of the correct details or, where relevant, you can do this by changing your registered details online.
How we use your information
Hashimoto Contemporary collects and uses your information to administer, support, improve and obtain feedback on our Gallery and to improve your experiences.
The information we collect is used for internal review and to improve the content of our website and services. It is also used to notify users about updates about the Gallery. This information is not shared with other organisations for commercial purposes.
If you submit an employment application to us online through our website or otherwise, all of the information you submit may be used for any and all purposes ordinarily associated with processing an employment application.
If you do not want to receive emails from us in the future, please let us know by sending an email to firstname.lastname@example.org.
Who do we share your information with?
We work with third parties in the provision of some of our services and it may be necessary for us to share your information with them in order to provide those services.
On request, and when relevant, we will provide details of which third parties we work with. We will also discuss and agree on any specific security questions or requirements you may have during the provision of our services.
The third parties we work with are encouraged to meet the requirements of the GDPR. When we contract with third parties we enter into agreements that encourage GDPR compliance. For example, for marketing purposes we store your data with Mailchimp. We have entered into a contract with Mailchimp to comply with the GDPR. Your data may be stored in the cloud and we have entered into an agreement with Google in compliance with the GDPR.
If we sell an artwork to you, we share the invoice with the artist for their records.
We share your data internally and have a data transfer agreement in place that complies with EU law for sharing data from our branches in the EU to outside of the EU.
Exemptions to the above are where we are asked to provide information as a result of a court order or to recover monies due.
We do not share nor sell your personal data to anyone else.
How long do we store your data for?
We will store your personal information for as long as necessary.
We are required by law to keep information about financial transactions for the current financial year plus an additional six years.
We may store your information on our databases for reference and to record any preferences you have notified to us, for example in relation to your opt-in status to receive marketing communications. The information may be retained and used by Spoke Art to answer queries or resolve problems, provide improved and new services, to respect your rights under the GDPR and for any data retention requirements of the law. This means we may retain information after you cease interacting with Hashimoto Contemporary.
We store your information securely to prevent unauthorised use.
Your rights regarding our use of your personal data
You can review, edit or ask us to delete your personal data we hold by contacting us directly at email@example.com.
You will always have the right to opt out of receiving promotional emails and other types of marketing or sales communication from us.
If you opt out, you will also have the ability to opt back in at a later date.
If you wish to stop receiving marketing emails from us, please click on the “Unsubscribe” link included at the bottom of an email. We respect your choice, and we will stop sending you promotional emails once you unsubscribe. It may take up to two weeks to process your request. Alternatively, you can email us at firstname.lastname@example.org.
Contacting you via email alerts, notices and newsletters
Hashimoto Contemporary only sends marketing information to those persons the Gallery believes it has a legitimate business interest to contact. This means that, from time to time, we may send you email newsletters or other notifications in relation to the Gallery. If you wish to stop receiving some, or all, of our marketing communications, follow the instructions included in our emails or contact email@example.com.
If you supply us with your postal address or telephone number you may receive periodic mailings or calls from us with information on new products and services or upcoming events. If you do not wish to receive such updates, please let us know by emailing us at firstname.lastname@example.org.
Interception of email
Hashimoto Contemporary may intercept email addressed to individuals within Hashimoto Contemporary. The reasons we do this are related to the security of your data, to our security, to the security of our staff and others, for detection and prevention of crime and to identify correct recipients or to make sure mail is dealt with during staff absence. Spoke Art may reject, delay or remove content from emails which have a nature, content or attachments which may disrupt our systems or because they may pose security issues such as viruses.
We may also filter out emails which contain content which is considered offensive, unwanted or spam. In certain circumstances this may unfortunately result in "innocent" emails being affected. We do our best to reduce such occurrences.
Hashimoto Contemporary has developed and implemented strict policies and processes governing information technology and data user behaviour. These cover areas such as access control, authentication, audit, monitoring, alarms, data storage and back up, transmission standards and environment integrity.
We use reasonable endeavours to install and have appropriate security measures in place in our systems and facilities to protect against the loss, misuse or alteration of information that we have collected from you.
The GDPR allows you to request to see any information held about you, and to correct any inaccuracies.