HAUSER & WIRTH will function as the “controller” within the meaning of Article 4 number 7 of Regulation (EU) 2016/679, also known as the “General Data Protection Regulation” (“GDPR”).
II. Collection and storage of Personal Data; manner and purpose of their usage
1. Processing of data for usage of the Website
Whenever you access our Website through your browser, respectively via your mobile terminal device, we will collect only the Personal Data which your browser, respectively your mobile terminal device, automatically transmits to us so as to allow you to visit the Website and to ensure system stability and security. This may include, in particular:
• Your IP address;
• Your device’s identifier, i.e. the unique ID number of your terminal device;
• The content, date, and time of the access request;
• The time zone of the requesting computer, respectively of the mobile terminal device;
• The website from which the access request is being referred;
• The web page for which access is being requested;
• The http status code;
• The data volume transmitted;
• Your browser ID;
• Your operating system;
• The language and version of your browser software; as well as
• The Advertising Identifier (IDFA).
Processing this data will serve the following purposes:
• To establish a trouble-free connection to the Website;
• To display our goods and services;
• To ensure the usability of our Website;
• To analyze system stability and security; and
• To fulfill additional administrative objectives.
The legal basis for this processing of the Personal Data concerning you is Article 6 paragraph 1 sentence 1 lit. f) of the GDPR. Our legitimate interest in this context results from the aforementioned data processing purposes.
2. Data processing when the contact form is used
We give you the option of contacting us by means of the “Contact” form provided on the Website. To use this form, you must fill in your name and a valid email address. Processing these data serves our legitimate interest in providing proper answers to your contact inquiries and is therefore performed on the basis of Article 6 paragraph 1 sentence 1 lit. f) of the GDPR.
3. Data processing for purchasing our goods and using our services
If you wish to purchase our goods and use our services, you may be asked at various times to provide us with Personal Data such as the following:
• Your name;
• Your postal address;
• Your email address,
• Your telephone number or mobile phone number; and
• Your credit card information.
We will process the Personal Data concerning you for the following purposes, and said Personal Data are required for these purposes:
• To fulfill contractual obligations, respectively to perform pre-contractual measures, in accordance with Article 6 paragraph 1 sentence 1 lit. b) of the GDPR, i.e. so as to be able to transact your purchases, process your payments, provide you with customer service, correspond with you, handle claims asserted by you or us, assure the technical administration of our Website, and manage our customer data;
• To fulfill statutory requirements in accordance with Art 6 paragraph 1 sentence 1 lit. c) of the GDPR or to serve the public interest in accordance with Article 6 paragraph 1 sentence 1 lit. e) of the GDPR, i.e. so as to protect both you and us (including our affiliated companies) against fraud.
III. Forwarding data concerning you to processors and third parties
In order to process the data concerning you, we will make use of specialized external service providers, such as online-marketing providers, providers of automated marketing solutions, providers of web-analysis tools as well as IT-service providers. We carefully select these service providers and instruct them duly, they are bound by our instructions and are regularly monitored and checked.
In addition, we may transfer the Personal Data concerning you to third parties (suppliers, sub-contractors, shipping companies, the credit institutions we have contracted for payment settlement or other payment service providers) insofar as this is required for our contractual performance pursuant to Article 6 paragraph 1 sentence 1 lit. b) of the GDPR, respectively in order to pursue our legitimate interests pursuant to Article 6 paragraph 1 sentence 1 lit. f) of the GDPR.
Finally, we may also transfer your data to our affiliated companies, including Hauser & Wirth Menorca SL, Hauser & Wirth Gallery Ltd., Hauser & Wirth Inc., Hauser & Wirth AG and Hauser & Wirth Limited (“Affiliated Companies”), insofar as this is permitted to pursue our legitimate interests within the meaning of Article 6 paragraph 1 sentence 1 lit. f) of the GDPR. These interests specifically include: processing your order, delivering the ordered goods, processing of your payment details, the provision of support services and ensuring efficient business operations.
In all other respects, the Personal Data concerning you will not be transferred to third parties unless you have first granted your consent pursuant to Article 6 paragraph 1 sentence 1 lit. a) of the GDPR or if doing so is legally permissible within the meaning of Article 6 paragraph 1 sentence 1 lit. c) of the GDPR.
IV. Transfers of Personal Data to third countries
Insofar as we transmit Personal Data to countries located outside of the European Economic Area (“EEA”), we will ensure that the data recipient guarantees an adequate level of data protection within the meaning of Article 45 of the GDPR. If no adequacy decision is available, HAUSER & WIRTH will strive to ensure that the data recipient has put in place appropriate safeguards within the meaning of Article 46 of the GDPR and specifically utilizes the standard contractual clauses of the European Union for the transfer of data into non-EU third countries in their respectively current version.
When it comes to transferring data to the United States, HAUSER & WIRTH will strive to ensure that the data recipient enters into obligation to follow and observe the principles of the Privacy Shield Framework (i.e. principles setting forth minimum standards for the handling of Personal Data).
HAUSER & WIRTH utilizes so-called “cookies” on its Website, i.e. small files containing text information that are placed on your hard drive (“Cookies”) whenever you call up the Website. The Cookie will be used to store certain information about the specific terminal device you are using. This does not mean, however, that we will obtain direct knowledge of your identity in the process.
The data processed by the Cookies are required for the aforementioned purposes in order to allow us to pursue our legitimate interests and to allow third parties to purse their legitimate interests pursuant to Article 6 paragraph 1 sentence 1 lit. f) of the GDPR.
VI. Deployment of analytics and tracking technologies
We use the analytics and tracking technologies, respectively technologies offered by third-party-provider, described below; we do so on the basis of Article 6 paragraph 1 lit. f) of the GDPR for the following purposes (among others):
• To perform data analyses;
• To collect statistics on the use of our Website and to evaluate them so as to optimize our offering;
• To enhance and manage our offering on an ongoing basis;
• To optimize our advertising measures and quantify their success; and
• To provide you with advertising.
These are legitimate interests within the meaning of the aforementioned statutory provision.
1. Google Analytics
Google has been certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificate is available online for inspection under https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. However, your IP address will first be shortened on our Website by Google within Member States of the European Union or in other states signatory to the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be transferred to a Google server in the Unites States and shortened there.
Google will use this information on our behalf in order to analyze your usage of our Website, to compile reports on Website activities for us, and to provide us with other services relating to Website and internet usage. In certain cases, this information may also be transferred to third parties, insofar as this is mandated by the law or insofar as third parties have been commissioned with processing the data. Google will not merge your IP address with other data held by Google.
You can block the storage of the relevant Cookie in your browser by configuring your browser settings accordingly. Please be advised, however, that this may prevent you from using all the functions of our Website to their full extent.
In addition, you can prevent Google from recording the data generated by the Cookie regarding your usage of the Website (including your IP address) and from processing such data by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
For further information on data protection in connection with Google Analytics, please navigate to the “Help” section of Google Analytics via the following link: http://google.com/intl/de/analytics/privacyoverview.html.
2. Google AdWords Conversion Tracking
In order to collect statistics on the use of our Website and in order to optimize our Website for your benefit, we also use Google Conversion Tracking. This is a service offered by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). To this end, Google places a Cookie (see Section V of this Privacy Statement) on your computer whenever you reach our Website by way of a Google Ad. These Cookies become invalid after 30 days and cannot be used to identify you personally. If you visit one of our web pages and assuming the Cookie has not yet expired, both we and Google will be able to see that you clicked on the ad and that it referred you to our site. Each AdWords customer receives a different Cookie, so that the Cookies cannot be tracked across the websites of multiple AdWords customers.
Google will use this information on our behalf to generate visitor statistics for our Website. We will use these visitor statistics to determine the total number of users referred to us by AdWords advertisements and to optimize our AdWords advertising efforts accordingly. This information may also be transferred to third parties insofar as this is mandated by law or insofar as third parties process these data on a commissioned basis. Neither we nor any other advertising customers of Google AdWords will receive information from Google that allows you to be personally identified.
In the process, Google will place a Cookie on your computer (see Section V of this Privacy Statement) insofar as you use certain Google services or visit certain websites forming part of the Google content network. These Cookies cannot be used to identify you personally.
The information generated by the Cookie so placed on your computer concerning your usage of our Website (including your IP address) will be transferred to a Google server located in the United States and stored there. As explained above, Google has been certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificate is available online for inspection under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI. However, your IP address will first be shortened on our Website by Google within Member States of the European Union or in other states signatory to the Agreement on the European Economic Area (EEA). Only in exceptional cases will the full IP address be transferred to a Google server in the United States and shortened there.
You can prevent the storage of these Cookies in your browser by configuring your browser settings accordingly. Please be advised, however, that this may prevent you from using all the functions of our Website to their full extent.
Furthermore, you can object against interest-based advertising from Google. To do this, you must call up www.google.de/settings/ads from each of the internet browsers you use and then make the desired setting changes.
3. Google Tag Manager
We also use Google Tag Manager. This service allows website tags to be managed by way of a user interface. Tags are small code elements the purpose of which includes measuring traffic and visitor behavior. Google Tag Manager merely implements such tags. This does not cause any Cookies to be placed, meaning that no Personal Data will be recorded. Google Tag Manager triggers other tags which may themselves record data under certain circumstances. Google Tag Manager does not access these data, however. Once the deactivation function has been selected at the domain or Cookie level, it will remain in effect for all tracking tags implemented by Google Tag Manager.
VII. Use of social plug-ins
Our Website makes use of the so-called “social plug-ins” of social networks, e.g. Facebook, Instagram, YouTube, Twitter, WeChat and Sina Weibo (Facebook, Instagram, YouTube, Twitter, WeChat and Sina Weibo being collectively referred to hereinbelow as “Social Networks” and the corresponding plug-ins as “Plug-ins”). With these Plug-ins, we offer you the option to interact with the Social Networks and with other users, which allows us to improve our offering and to make it more appealing to you, while at the same time raising awareness of our enterprise. The legal basis for the use of social Plug-ins is Article 6 paragraph 1 sentence 1 lit. f) of the GDPR. Responsibility for ensuring data protection-compliant operations lies with the respective provider.
We use the Plug-ins of the Facebook network, such as the “Like” button. These Plug-ins are offered and operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”), and are clearly designated by the Facebook logo. In addition, we utilize Plug-ins of the Instagram service, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA (“Instagram”). These Plug-ins are designated by the Instagram logo. We also use the Plug-ins of the YouTube network, which is owned by Google Inc., San Bruno, California, USA (“YouTube”), whereby the YouTube logo serves as the designator. Our Website also features Plug-ins which are integrated, offered, and operated by the Twitter service owned by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”), these Plug-ins are designated by the Twitter logo or the suffix “Tweet.” We furthermore utilize the Plug-ins of the WeChat network, which is offered and operated (for users in the EEA) by Tencent International Service Europe B.V., a Dutch company with its registered office in 26.04 on the 26th floor of Amstelplein 54, 1096 BC Amsterdam, Netherlands, and (for users outside the EEA, Switzerland or the People’s Republic of China (excluding Taiwan, Hong Kong and Makau) Tencent International Service Pte. Ltd., a company based in Singapore at 10 Anson Road, #21-07 International Plaza, Singapore 079903 (“WeChat”); these Plug-ins are designated by the WeChat logo. Finally, we utilize the Plug-ins of the Sina Weibo network operated by Sina Corporation, 37F, Jin Mao Tower, 88 Century Boulevard, Pudong New District, Beijing NEJ 00000, China (“Sina Weibo”), which are designated by the Sina Weibo logo.
Whenever you access a web page of ours that contains this type of Plug-in, your browser will establish a direct connection to the server of the respective Social Network. The content of the Plug-in will be transferred directly to your browser from the corresponding Social Network and will be integrated into the Website without our being able to exercise any control over said content.
Regardless of whether you maintain a user account with a Social Network or whether you have logged on to the respective Social Network, web pages that contain Plug-ins from that Social Network will transfer information to the corresponding Social Network in the USA, Singapore or China, where this information will be stored. This will include the type and version of your operating system and browser, respectively, as well as your IP address and the domain name and/or date stamp, respectively time stamp, associated with your visit. Each time the web page is called up, the respective Social Network will deposit a Cookie containing an identifier that will remain valid for two years. Since your browser automatically co-transmits this Cookie each time a connection is established with a server, the corresponding Social Network fundamentally would be able to generate a profile of the online web pages called up by the user associated with the identifier. If you have logged on to the respective Social Network at the time, said Social Network will be able to match up the profile to the user account you maintain with that Social Network and thus to you personally. But even if you are not logged in to the respective Social Network when you use our Website, this will not preclude such a match-up from occurring, for example when you log in with the corresponding Social Network at some later time.
Whenever you interact with these Plug-ins, e.g. by activating the “Like” or “Tweet” button or by posting a comment, the corresponding information will be sent from your browser directly to the corresponding Social Network and stored there, without our being able to exert any influence in this regard. The information will also be published on the Social Network and will be displayed to your contacts on said network.
For Facebook: http://de-de.facebook.com/policy.php;
For Instagram: https://help.instagram.com/519522125107875?helpref=page_content;
For YouTube: https://policies.google.com/privacy?hl=de;
For Twitter: http://twitter.com/privacy;
For WeChat: https://www.wechat.com/en/privacy_policy.html; and
For Sina Weibo: https://www.whatsonweibo.com/privacy-policy/.
The above links will also guide you to additional information on your relevant rights and configuration options when it comes to protecting your privacy. Facebook/Instagram, YouTube/Google, and Twitter are certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificates are available online for inspection here:
For Facebook/Instagram: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC.
For YouTube/Google: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
For Twitter: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
If you, as the user of a Social Network, wish to prevent the corresponding Social Network from collecting information regarding you during your visit to our Website, you can log out of that Social Network when commencing your visit to the Website, erase the corresponding Social Network’s cookie (if one exists) from your browser, and select the “Block Third-Party Cookies” function on your browser. In this case, your browser will not transfer any Cookies to the servers in the event of embedded content of other providers. Note, however, that this configuration, besides blocking the Plug-ins, may also cause certain functions extending across webpages to become unavailable.
Subject to your consent, which can you can grant when registering on our Website, we will email you our newsletter regarding our goods and services or the goods and services of our Affiliated Companies, insofar as we believe they may be of interest to you.
You can object at any time against having data concerning you used for direct advertising purposes with effect for the future, and you can unsubscribe from the newsletter by clicking the corresponding link included in each newsletter email, or by emailing a corresponding declaration to: email@example.com.
We reserve the right to email you offers for goods and services also without your consent insofar as they are similar to ones you have already purchased. You have the right to object at any time against having your data processed for advertising purposes by emailing us a corresponding declaration at firstname.lastname@example.org, or by clicking on the corresponding link in our newsletter. This will not give rise to any costs other than the base rate of transmission costs.
The legal basis for processing your data for purposes of sending out newsletters is Article 6 paragraph 1 sentence 1 lit. a), respectively lit. f), of the GDPR.
For the purpose of sending you emails and our newsletter, we use the newsletter distribution platform MailChimp offered by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE # 5000, Atlanta, GA 30308, USA (“MailChimp”). To this end, the personal data concerning you are transmitted to MailChimp servers in the USA and will be stored there. MailChimp has been certified under the Privacy Shield Framework, meaning that an adequate level of data protection is in place in accordance with the corresponding Implementing Decision of the European Commission. The certificate is available online for inspection under: https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG.
MailChimp offers comprehensive opportunities to analyze how newsletters are opened and used. In order to evaluate user behavior, the emails sent out include so-called web beacons, respectively tracking pixels, which are one-pixel image files that are stored on our Website. In order to perform analyses, we and/or MailChimp will merge the data collected from you and the web beacons with your email address and an individual ID. The links sent in the newsletter also include this ID. We will use the data obtained in this way to create a user profile to allow us to customize the newsletter to your personal interests. In the process, we will capture the time at which you read our newsletters, on which links you click in the newsletters, and will deduce your personal interests from this conduct. We will merge these data with the actions you have taken on our Website. MailChimp can by its own admission also use this data to enhance or improve its own services, e.g. to technically enhance the dispatch procedure and display of the newsletter or for commercial purposes to be able to determine which countries the recipients are from. However, MailChimp will not use the data of our newsletter recipients to contact them itself or forward it to third parties.
IX. Duration of storage
We will store the Personal Data concerning you for as long as required to fulfill the respective storage purpose. Once this is no longer the case, we will erase your data unless we are bound to observe a longer retention period in accordance with Article 6 paragraph 1 sentence 1 lit. c) of the GDPR, namely on the basis of tax laws, commercial laws, or other statutory archiving/documentation obligations, or unless you have consented to an extended storage period in accordance with Article 6 paragraph 1 sentence 1 lit. a) of the GDPR.
X. Your rights
In accordance with Article 15 of the GDPR, you are entitled to obtain access at any time to any Personal Data of yours that are being stored by us. In particular, you may request information about any of following matters: the processing purposes involved; the categories of data regarding you being stored; the categories of recipients of such data; the planned storage period; the existence of a right to demand rectification, erasure, restriction of processing or a right to object; the existence of a right to lodge a complaint with a supervisory authority; the origin of your data, insofar as they were not obtained from you; as well as the existence of an automated decision-making process, including profiling; you also have the right to request explanatory details.
In addition, you can demand the rectification of incorrect data pursuant to Article 16 of the GDPR, as well as the erasure of Personal Data pursuant to Article 17 of the GDPR insofar as their processing is not required to exercise the right of freedom of expression and information, to fulfill a statutory obligation, to serve the public interest, or to assert, enforce or defend legal claims.
You furthermore have the right, pursuant to Article 18 of the GDPR, to demand that a block or restriction be placed on the processing of the Personal Data concerning you insofar as: their correctness is disputed by you; the processing is unlawful but you object to the erasure of the data; we no longer require the data but you still require it in order to assert, enforce or defend legal claims; or you have expressly objected against the data being processed pursuant to Article 21 of the GDPR.
Furthermore, you are entitled pursuant to Article 20 of the GDPR to obtain the Personal Data you have provided to us in a structured, commonly used, and machine-readable format, or to demand that such data be transmitted to some other authorized party.
Finally, insofar as the Personal Data concerning you are being processed on the basis of legitimate interests pursuant to Article 6 paragraph 1 sentence 1 lit. f) of the GDPR, you have the right, pursuant to Article 21 of the GDPR, to at any time object to having the Personal Data concerning you processed, on grounds relating to your particular situation or insofar as your objection specifically refers to processing for purposes of direct advertising. In the latter case, you will enjoy a fundamental right to object that will be honored by HAUSER & WIRTH without your having to state grounds in connection with a particular personal situation.
If you believe that our processing of the Personal Data concerning you is not consistent with applicable law, you may lodge a complaint with a competent supervisory authority pursuant to Article 77 of the GDPR.
If the processing of your data is based on a declaration of consent you have granted pursuant to Article 6 paragraph 1 lit. a) of the GDPR, you have the right to any time withdraw said consent with effect for the future.
XI. Data security
In the course of visits to our Website, we employ the widely-used SSL process in conjunction with the respectively highest level of encryption supported by your browser.
In all other respects, we take appropriate technical and organizational security measures in order to protect your data against manipulation, loss, destruction, and unauthorized access by third parties. Our security measures are kept consistently up-to-date based on the latest state of the technical art.
XII. Your contact for data protection matters
If you have questions about how the Personal Data concerning you is collected, processed or used, if you wish to obtain information regarding your data or to have them rectified, blocked or erased, or if you wish to withdraw your consent, please contact our Data Protection Officer at: email@example.com.
Privacy Addendum for California Residents
Effective Date: December 31st, 2019
Information We Collect
Our Website collects information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household, or device (“personal information”). Personal information does not include:
· Publicly available information from government records;
· Deidentified or aggregated consumer information; or
· Information excluded from the CCPA’s scope, like:
· health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
· personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
In particular, our Website has collected the following categories of personal information from its consumers within the last twelve (12) months:
Our Website obtains the categories of personal information listed above from the following categories of sources:
· Directly from you (for example, from forms you complete or products and services you purchase); and
· Indirectly from you (for example, from observing your actions on our Website).
Use of Personal Information
We may use, sell, or disclose the personal information we collect for one or more of the following purposes:
· To fulfill or meet the reason you provided the information. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery. We may also save your information to facilitate new product orders or process returns;
· To provide, support, personalize, and develop our Website, products, and services;
· To process your requests, purchases, transactions, and payments and prevent transactional fraud;
· To provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our responses;
· To personalize your Website experience;
· To help maintain the safety, security, and integrity of our Website, products and services, databases and other technology assets, and business;
· For testing, research, analysis, and product development, including to develop and improve our Website, products, and services;
· To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
· As described to you when collecting your personal information or as otherwise set forth in the CCPA; or
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information to a third party for a business purpose or sell your personal information, subject to your right to opt-out of those sales (see Personal Information Sales Opt-Out and Opt-In Rights section below). When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. The CCPA prohibits third parties who purchase the personal information we hold from reselling it unless you have received explicit notice and an opportunity to opt-out of further sales.
We share your personal information with the following categories of third parties:
· Service providers (such as marketing providers, IT-service providers, suppliers, subcontractors, and payment service providers);
· Affiliated Companies;
· Analytics Providers; and
· Social Networks.
Disclosures of Personal Information for a Business Purpose
In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:
· Category A: Identifiers;
· Category B: California Customer Records personal information categories;
· Category D: Commercial information;
· Category F: Internet or other similar network activity; and
· Category G: Geolocation data.
We disclose your personal information for a business purpose to the following categories of third parties:
· Service providers (including marketing providers, IT-service providers, suppliers, subcontractors, and payment service providers);
· Affiliated Companies;
· Analytics Providers; and
· Social Networks.
Sales of Personal Information
In the preceding twelve (12) months, we have sold (shared) the following categories of personal information with Analytics Providers:
· Category A: Identifiers;
· Category D: Commercial information;
· Category F: Internet or other similar network activity; and
· Category G: Geolocation data.
Your Rights and Choices
The CCPA provides consumers with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see the Exercising Access, Data Portability, and Deletion Rights section below), we will disclose to you:
· The categories of personal information we collected about you;
· The categories of sources for the personal information we collected about you;
· Our business or commercial purpose for collecting or selling that personal information;
· The categories of third parties with whom we share that personal information;
· The specific pieces of personal information we collected about you (also called a data portability request); and
· If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
· sales, identifying the personal information categories that each category of recipient purchased; and
· disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see the Exercising Access, Data Portability, and Deletion Rights section below), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you;
2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
3. Debug products to identify and repair errors that impair existing intended functionality;
4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
8. Comply with a legal obligation; or
9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
· Calling us at 1-866-897-9942;
· Emailing us at firstname.lastname@example.org or
· Visiting website account login to manage subscription preferences manually: https://www.hauserwirth.com/log-in
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
For instructions on exercising sale opt-out rights, see the Personal Information Sales Opt-Out and Opt-In Rights section below.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time, we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sales
We do not sell your personal information at any time.
We will not discriminate against you for exercising any of your CCPA rights.
Unless permitted by the CCPA, we will not:
· Deny you goods or services;
· Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
· Provide you a different level or quality of goods or services; or
· Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time. We do not currently provide any financial incentives.
Changes to Our Privacy Addendum
We reserve the right to amend this Addendum at our discretion and at any time. When we make changes to this Addendum, we will post the updated Addendum on the Website and update the Addendum’s effective date.
Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
Hauser & Wirth AG
Attn: Tim Jones, Data Protection Officer