1. This Privacy Notice describes how the HENI Group of businesses process personally identifiable information (“Personal Data”) in accordance with data protection laws.
2. The HENI Group businesses to which this Privacy Notice applies (“we”,“us”,“our”) are:
• Prudence Cuming Associates Ltd, which is the Data Controller of Personal Data relating to that business (please contact [email protected]); and
• Heni Gmbh, which is the Data Controller of Personal Data relating to that business (please contact [email protected] ); and
• Pierce Protocols Ltd, which is the Data Controller of Personal Data collected and processed through all other websites, products and services provided within the Heni Group (unless a group company has its own privacy notice) (please contact [email protected]); To review the relevant privacy notices of any other group company or affiliated entities in the HENI Group of businesses please review the relevant website or contact us for further information.
3. By visiting any HENI Group website or when completing any customer or client registration process with us and/or placing an order on our websites, you agree to be bound by the terms of this Privacy Notice, which also includes our Cookies Policy (see below).
4. This Privacy Notice also applies more generally to and provides information for the benefit of a wider range of individuals on whom we process Personal Data, whether or not such individuals are our customers and clients, contacts, suppliers, contractors, or visitors to our websites or premises.
5. Data protection laws generally provide individuals with rights in relation to the processing of their Personal Data. These include rights to information relating to such processing, to access to such Personal Data, to object to the processing, to rectify, erase, restrict and to port such Personal Data. You can seek to exercise any of these rights or make any other enquiry about our use of your Personal Data by contacting us at any time using the relevant Data Controller email address(es) above.
6. Our aim always is to process Personal Data fairly, lawfully and transparently. However, if you are unhappy with the information provided in this Privacy Notice or have any broader questions or concerns please email the relevant Data Controller email address(es) above. If you remain dissatisfied you may raise your unresolved issues directly with the Information Commissioner’s Office (who can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or via ico.org.uk).
7. When you want to register with or make purchases through any HENI Group website, we will ask you to input and we will collect Personal Data from you (such as your name, e-mail address, billing address, delivery address, telephone number, product selections, and payment information). This includes when you subscribe to receive newsletters or notifications, post comments on our websites or contact us using the ‘contact’ form on our websites.
8. We may also collect information about where you are on the internet (e.g. the URL you came from, IP address, domain types like .co.uk and .com), your browser type, the country and telephone area code where your computer is located and the pages of our website that were viewed during your visit. We may collect this information even if you do not register with us.
9. More generally, and subject to this Privacy Notice, we may also obtain Personal Data when you meet with us or correspond with us by email, post, telephone or any other method.
10. Personal Data about you may also be collected from publicly available records or from other sources, including other affiliates of the HENI Group of businesses.
11. We may also obtain Personal Data about you when we use video cameras and aerial UAVs for the purpose of creating video footage and photos relating to artworks. For example, whilst filming on location, members of the public may be captured in images/video footage. Any member of the public whose image is captured would be very distant and it is unlikely that they will be recognisable. In the event they are recognisable, we would blur them out of any edited footage.
12. When you participate in our competitions, prize draws or surveys you may be asked to submit some basic information about yourself such as your name, address, email address and phone number and other Personal Data you provide as part of your entry.
13. We will treat all your Personal Data as confidential and will only disclose it to third parties outside the HENI Group in accordance with this Privacy Notice. We will keep Personal Data secure and fully comply with all applicable UK data protection and consumer legislation from time to time in place.
14. The HENI Group will retain Personal Data for at least the length of time required for the specific purposes for which it is processed, as set out in this Privacy Notice, and for such additional periods as are required by law or in order to ensure best practice (including effective back-up systems).
15. We will take all reasonable care, in so far as it is in our power to do so, to keep your Personal Data, and the details of your orders and payments secure, but in the absence of proven negligence on our part we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any Personal Data we process on your behalf.
16. The HENI Group will process your Personal Data for the following purposes or as otherwise set out in this Privacy Notice, on the basis that such processing is in our and/or your legitimate interests or where such processing is necessary in order to perform the contract we are about to enter into or have entered into with you:
• for the purposes of negotiating or performing any contracts entered into between you, or some company to which you are affiliated, and any HENI Group business;
• to address any correspondence, comments or enquires made by you;
• to allow you to participate in interactive features on our websites, should you choose to do so, and to provide the services you request;
• to email you with HENI Group invites, newsletters and/or suggestions about products, services or content that may be of interest to you, where we have a legitimate interest to do so in compliance with data protection and privacy law and/or where you provided your consent. However, you may stop such notifications at any time by contacting our customer services team by emailing the relevant Data Controller email address(es) above using the word “unsubscribe” in the subject line or otherwise by opting out of the particular email in the manner described;
• for the effective management of the HENI Group of businesses in accordance with our legitimate interests, such as in group structuring and management, engaging suppliers, generating surveys and statistics, measuring performance and website usage, implementing service improvement and marketing plans, etc;
• disclosing your Personal Data to third parties outside the HENI Group of businesses for the purposes stated above, including on your behalf or in order to enforce or apply our Terms and Conditions, or to protect the rights, property, or safety of HENI Group businesses and our personnel, customers, or others. This may include exchanging information with other organisations for the purposes of fraud protection and credit risk reduction; and
• disclosing your Personal Data to any HENI Group business or affiliate, which means our subsidiaries, any ultimate holding company and its subsidiaries, or any affiliated person or business. In the event that the relevant Data Controller, as identified above, or its assets, are acquired by a third party, Personal Data held by us may also be one of the transferred assets.
• to administer and protect our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, preventing automated crawling and spam and abuse of our Website);
• for the purpose of creating video footage and photos of artworks; .
• to enable you to participate in a prize draw, competition or to complete a survey and to enable the Heni Group to administer such prize draws, competitions and surveys.
• disclosing your Personal Data to third parties outside the HENI Group of businesses for the purposes stated above, including on your behalf or in order to enforce or apply our Terms and Conditions, or to protect the rights, property, or safety of HENI Group businesses and our personnel, customers, or others. This may include exchanging information with other organisations for the purposes of fraud protection and credit risk reduction; and
• disclosing your Personal Data to any HENI Group business or affiliate, which means our subsidiaries, any ultimate holding company and its subsidiaries, or any affiliated person or business. In the event that the relevant Data Controller, as identified above, or its assets, are acquired by a third party, Personal Data held by us may also be one of the transferred assets.
• disclosing your Personal Data to third parties outside the HENI Group of businesses for provenance and/or authentication purposes in relation to artworks sold on any Heni Group website.
• disclosing your Personal Data to third parties outside the HENI Group who need it to do work for us. These recipients may include third party companies and individuals who provide services on our behalf, such as operating our websites, enabling us to calculate shipping rates and to fulfil delivery of orders, fulfilling orders for books or other products placed on our websites or organising events on our behalf;
• disclosing your Personal Data to named third-party organisations for marketing purposes, where we have your consent to do so, for example, if you ticked the relevant opt-in box on our websites or when contacted. In these instances, we will supply your Personal Data to the specific organisation(s) only.
• disclosing your Personal Data (for example the surname and county in which you live) to third parties who contact us and ask us for details of the winner of any prize draw or competition held by the Heni Group for the purpose of verifying that a valid award took place. You will be given the opportunity to object to us making available such information before you take part in the applicable prize draw or competition. In such circumstances, we must still provide the information and winning entry to the Advertising Standards Authority in the UK on request.
17. The HENI Group may also process your Personal Data, including disclosing such Personal Data to third parties, as required by virtue of any legal, regulatory or other obligation. For example, the HENI Group of businesses will from time to time be required to disclose Personal Data to external law firms, accountants and auditors, insurance brokers and underwriters.
18. The HENI Group will process Personal Data in the course of receiving payments from our clients and customers, and when making payments to such persons and to other third parties. The payment methods used will include bank transfers (which will require account names, numbers and sort codes, and possibly other information) and debit or credit card transactions (though note that we do not retain card information and payments via card will be processed securely in accordance with the Payment Card Industry Data Security Standard (PCI DSS) to protect sensitive cardholder data by a payment services provider in accordance with paragraph 19 of this Policy).
19. Financial transactions through all HENI Group websites will be handled through a payment services provider, for example Stripe or PayPal, with which you will deal directly and will share Personal Data accordingly. You can review the Stripe Privacy Notice at stripe.com. PayPal Privacy Notice at paypal.com. We may also ask you to use Stripe (or other providers as identified to you) for the purposes of identity verification, customer due diligence and know your customer checks and screening. We shall share Personal Data with such payment services and customer due diligence providers only to the extent necessary for the purposes of processing orders, payments, and dealing with complaints and queries relating to such orders and payments.
20. The Personal Data which HENI collect from you and which we process for the purposes set out above may be transferred outside the European Economic Area (“EEA”) where appropriate and necessary in accordance with our legitimate interests. Personal Data may also be processed by HENI Group staff, or for one of our suppliers or agents, operating outside the EEA. Such persons or entities maybe engaged in, among other things, the fulfilment of your orders, the processing of your payment details or the provision of support services.
21. If and when making such transfers outside the EEA we will take all steps reasonably necessary to ensure that your Personal Data is managed securely and in accordance with this Privacy Notice and relevant data protection law.
22. By visiting and interacting with any HENI Group website to which this Privacy Notice applies, you are agreeing to our use of cookies in accordance with this policy and the relevant website Terms of Use.
23. Cookies are small files that are stored on your computer or internet-enabled portable device by the websites you visit. They are used to make websites work and to improve their efficiency, as well as to provide website usage information to the website owner. Cookies contain information such as the time that the current visit occurred, whether the visitor has been to the website before and what site referred the visitor to the web page.
24. HENI Group websites use cookies to distinguish you from other users of the site, in order to help us to improve your user experience. Some cookies are essential for the functionality of the website and allow features to work correctly. Other cookies may collect information about how visitors interact with our site, for instance to show which pages are viewed mostly frequently.
25. Google Analytics: we use this web analytics tool to anonymously track usage statistics to help us improve the user experience of our site. Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our website. Google Analytics collects information anonymously; it reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
26. Vimeo cookies: HENI Talks embed videos from the official Vimeo channel. This channel may set cookies on your computer when you use the Vimeo service or visit a webpage with a Vimeo video. Some of the cookies will only be used if you use certain features or select certain preferences and some cookies will always be used. For more information on Vimeo’s cookie policy visit:https://vimeo.com/cookie_policy.
27. Twitter cookies: HENI Talks also embed a Twitter feed on our press page to show the latest tweets between us and our viewers. If you click through to Twitter they may use both session cookies and persistent cookies to better understand how you interact with their service. For more information on Twitter’s cookie policy visit: https://twitter.com/en/privacy.
28. Google reCAPTCHA: we use Google reCAPTCHA on our website to check whether data entered on our website (such as on an application form and on purchase flows) has been entered by a human or by a bot. To do this, reCAPTCHA analyses the user’s behaviour on our website. This includes looking at how the user navigates through the website with their mouse, how they click between content, the time they take to fill in forms and the device they are using to load the website. From this data the tool generates a score of how likely the user is to be a bot. The data collected during the analysis will be forwarded to Google. For more information about Google reCAPTCHA and Google's privacy policy, please visit the following link: https://policies.google.com/privacy?hl=en-US
29. FingerprintJS: we use FingerprintJS on our website to prevent fraud, spam and account takeover. To do this, FingerprintJS combines many different pieces of information about a website visitor, known as signals, to generate an identifier or fingerprint that can be used to detect unusual behaviour. Examples of signals that could be collected include device operating system, browser version, preferred language, or screen resolution. This enables us to find duplicate and bot related applications and purchases on our website. For more information about FingerprintJS and FingerprintJS’s privacy policy, please visit the following link: https://dev.fingerprint.com/docs/privacy-policy
30. We may vary the terms of this Privacy Notice from time-to-time. Please check this webpage regularly to ensure you are familiar with the current version as your Personal Data is subject to the Privacy Notice in effect at the time when you provided that information.
31. This Privacy Notice will be governed by and construed in accordance with English law, and any disputes relating to this notice shall be subject to the exclusive jurisdiction of the courts of England.