Privacy

1.1

We are GBE Deutschland GmbH & Co. KG; our registered office is at Waidmarkt 11, 50676 Cologne, Germany  ("GordonBrothers", "we", "our" or "us"). 

1.2 

 

As a leading advisory and investment firm we process personal data about our potential clients, our clients and former clients, customers of our clients, client personnel and our subcontractors.  This Privacy Notice explains why we process your personal data, what we do with your personal data, how we look after your personal data and what your rights are over your personal data.  It was last updated in September 2018, and it supersedes our previous privacy notices.

1.3   

We are usually a Controller of your personal data which means that we are responsible for it.  Sometimes we are a Processor of your personal data in relation to the services that we provide to our clients. 

1.4   

This website may include links to third party websites, plug-ins or applications which may allow third parties to collect or share your personal data.  We are not responsible for their use of your personal data and cannot control it. 

2.   

OUR COLLECTION OF PERSONAL DATA

2.1   

When we refer to "personal data" we mean information about an individual from which that person can be identified.  This means that information about an organisation is not personal data. 

   

The personal data we collect as Controller 

2.2   

When you visit our website http://www.gordonbrothers.de/ we collect technology information about you, including your internet protocol address, your URL, your operating system and browser type, your login data, time zone settings and location, information on the pages you visit and how long you visit each page. 

2.3   

If you are a director, shareholder or key personnel at one of our existing or potential clients, we may collect personal contact information such as your full name, job title, profession, postal address, contact telephone numbers and email address.  We also collect your identification information such as a copy of your passport or driving licence.  

2.4   

If you are an individual and a business contact of ours, we collect your personal contact information and marketing information about you including your preferences in receiving marketing from us as well as your communication preferences. 

2.5   

If you are one of our suppliers or subcontractors, we process personal contact information about you in order to facilitate the services you provide.

   

The personal data we collect as Processor  

2.6   

If you are an individual and you purchase plant and machinery at an auction where we act as agent, we are a Processor on behalf of our client, and we collect your: 

 
2.6.1    

Personal contact information

    2.6.2   

Payment information such as your credit card and debit card numbers and expiration dates and your billing address.

    2.6.3   

Transaction information in connection with the services we provide to you, including your account details with us, the payments you make to us, the services and products you obtain and have obtained from us in the past. 

 
2.6.4    

Tax information in connection with our invoicing.

2.7   

Where we assist with the auctioning of plant and machinery for our clients, we may act as a Processor on our clients' behalf to process personal data that remains on the plant and machinery.  This is typically personal contact information

2.8   

Due to the nature of our services, we are sometimes provided with personal data about the customers of our clients (for example, if we acquire a business that you are a customer of we may also acquire its customer list).  If you are an individual and a customer of one of our clients, we may collect your personal contact information and marketing information.

   

Other Types Data 

2.9   

Special Category Data – as well as personal data, there are "special categories of personal data" which is information about an individual's race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.  We do not process any special categories of personal data about you, nor do we process information relating to criminal convictions or offences. 

2.10   

Aggregated Data – we may process statistical data about you, such as your browsing activities and use of our Website.  This is aggregated data, and it is not usually classified as personal data because it does not reveal your identity to us.  If we link aggregated data to your personal information it will be treated as personal data in line with this Privacy Notice. 

2.11   

Children – our services and our website are not intended for use by children and we do not knowingly process personal data relating to children. 

3.   

HOW WE COLLECT YOUR DATA

3.1 

We collect personal data about you from a number of different sources depending on who you are and what personal data it is.  For example, we collect personal data:

    3.1.1   

From you directly when you correspond with us by post, phone, email, through social media, or otherwise. 

 
3.1.2   

From third parties:

        3.1.2.1   

We get auction data and data about auction customers from GAP Toolbox and GAP Office systems provided by the auction site www.bidspotter.com which is owned by Auction Technology Group (the trading name of Metropress Limited with registered in England with company number 01010311).  

        3.1.2.2   

When we provide services to an organisation that you work for or are a director or shareholder of, we may get your personal data from that organisation.  

   
  3.1.2.3  

When we provide business recovery services we may collect your personal data if you are a customer of our client.

   
 
  3.1.2.4   

When we provide auctioning services, we may collect personal data from the owners of plant and machinery that are being auctioned if the personal data is not erased from the plant and machinery before it is transferred to us. 

 
3.1.3    

From your device when you access our website.

3.2   

We try to be sure that the personal data we hold about you is accurate, and so please get in touch with us if your personal data changes so we can update our records.  You can contact us using the details provided below. 

4.   

OUR USE OF YOUR PERSONAL DATA 

   

Why we collect your personal data

4.1   

We will only use your information where we have a lawful basis to do so.  We set out below how we plan to use your personal data and the lawful basis that we rely on.

Purpose

Types of Data Processed

Lawful Basis of Processing

To contact you

Personal Contact Information

 

Necessary for our legitimate interests (for running our business, when acting as agent for our clients, to provide services to our clients, to keep our records updated, to help prevent or detect crime, to recover debts due to us and to provide you with the services you have requested)

Necessary to comply with our legal obligations

Verifying your identity and know-your-client checks, preventing or detecting money laundering or fraud, and conducting credit reference checks

Personal Contact Information

Identification Information

Necessary for our legitimate interests (to help prevent and detect crime, fraud and money laundering, to verify your identity and to comply with our regulatory requirements)

Necessary to comply with our legal obligations

To manage our relationship with you including dealing with any questions or complaints you may have and to recover debts

Personal Contact Information

 

Tax Information

 

Transaction information

 

Payment information

Marketing Information

Performance of a contract, or the potential performance of a contract, with you

Necessary for our legitimate interests (to provide you with the services you have requested, to fulfil our role as agent for our client, to respond to any questions or complaints, for running our business, and to keep our records updated)

Necessary to comply with our legal obligations

To advertise new products or services that we believe may be of interest to you

 

 

Personal Contact Information

Transaction Information

Marketing Information

Technology Information

Necessary for our legitimate interests (to develop and grow our business, to study how customers use our website and services, to inform our marketing strategy)

Consent in relation to direct marketing communications and our deployment of non-essential cookies

To administer and protect our business and our website (for example, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

Personal Contact Information

Payment Information

Transaction Information

Technology Information

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

Necessary to comply with our legal obligations

To carry out internal training and to improve our product and service offering

Personal Contact Details

Technology Information

Transaction Information

Payment Information

 

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

Necessary to comply with our legal obligations

To comply with our internal corporate governance rules and our legal and regulatory obligations

Personal Contact Details

Identification Information

Technology Information

Transaction Information

Payment Information

Performance of a contract, or the potential performance of a contract, with you

Necessary to comply with our legal obligations

We act as a Processor to provide services to, and on behalf of, our client. For example:

  • In relation to our auction services, to erase your personal data if it remains on plant and machinery that our client is putting up for auction
  • To advertise new products or services to you that our client believes may be of interest to you
  • To assist our client to manage its customer data where it is involved in a retail acquisition

Personal Contact Information

 

Tax Information

 

Transaction information

 

Payment information

Marketing Information

Necessary for our legitimate interests (for the running of our business to provide our services to our client)

           
4.2   

Sometimes we process your personal data for more than one lawful basis depending on the particular purpose for which we are using your data.  If we need to process your personal data for a different purpose that is not compatible with the original purpose we will let you know. 

4.3   

Where we need to process your personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you.  This means that we may not be able to provide you with the information or services you require.  We will let you know if this is the case at the time. 

4.4   

We may process your personal data for a different purpose than that which is listed above, and without your consent, where it is necessary for us to comply with our legal obligations. 

   

Cookies 

4.5  

Our website may automatically collect data, including personal data, about how you use our services in order to help us improve future functionality.  You can find out more about the cookies we use by reading our cookie policy. 

   

Who we share your personal data with

4.6   

We may share your personal data with the following third parties for the purposes set out in the table above: 

    4.6.1   

Where we provide services relating to the auctioning of plant and machinery, we instruct suppliers based in the UK, to remove all data (including personal data) from the plant and machinery before it is auctioned. 

    4.6.2  

Our subcontractors who help us to provide our services, such as our IT and system administration services and our database service providers.  For example, we use Salesforce Marketing Cloud to provide us with marketing support services.  Salesforce Marketing Cloud is based in London. 

    4.6.3   

Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.  Alternatively, we may seek to acquire other businesses or merge with them.  If a change happens to our business, the new owners may use your personal data in the same way as set out in this Privacy Notice. 

    4.6.4   

Our professional advisers, such as our auditors and our solicitors. 

4.7   

These third parties are required to respect the security of your personal data and treat it in accordance with the law.  

   

International transfers of your personal data

4.8   

We operate from London but we were incorporated in the State of Delaware USA, and our registered office is in Boston Massachusetts.  This means that your personal data may be transferred within Gordon Brothers both inside and outside of the EEA.   

4.9   

We may also share your personal data with third parties that are based outside of the European Economic Area (EEA).  

4.10   

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

    4.10.1   

We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. 

    4.10.2   

We may use specific contracts approved by the European Commission which give personal data the same protection it has in EEA. 

    4.10.3   

Where we use providers based in the USA we may transfer your data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data as is provided in the EEA. 

5.   

ADDITIONAL PROCESSING INFORMATION 

   

How we keep your personal data secure 

5.1   

We take the security of your data very seriously.  We have implemented a number of reasonable and necessary security measures in order to try and prevent unauthorised access.  If we become aware of a data breach we will notify the Information Commissioner's Office.  If we believe the data breach is serious we may notify you in accordance with our legal requirements. 

   

How long we keep your personal data for 

5.2   

We store your personal data for different periods of time depending upon the purposes for which we collected it; we do not store your personal data for longer than is necessary to fulfil these purposes.  We retain your personal data throughout our relationship with you, and usually for up to 10 years after our final communication with you.  Please be aware we may need to retain your personal data for longer in order to comply with our legal, regulatory and accounting obligations. 

5.3   

We take into consideration a number of factors when we determine the appropriate retention periods for your personal data, including what personal data we are processing, the risk of harm from any unauthorised disclosure, why we are processing your personal data and whether we can achieve this outcome by other means without having to process it.

5.4   

Sometimes we remove identifying information from your personal data so it is anonymised.  When we do this, the information can no longer be associated with you and we can process it indefinitely without further notice to you.  In certain circumstances you may be able to ask to delete this data. 

5.5   

For further information about how long we retain your personal data, please contact us using the details below. 

   

Your rights over your personal data 

5.6   

You have the following rights over your personal data: 

    5.6.1   

To ask us for details of the personal data we hold and process about you (this is usually called a subject access request). 

    5.6.2   

To ask that any inaccurate information we hold about you is corrected.

    5.6.3   

To ask that we delete personal data we hold about you  

    5.6.4   

To ask that we stop using your personal data for certain purposes.

    5.6.5   

To ask that we do not make decisions about you using completely automated means. 

    5.6.6   

To withdraw your consent.

    5.6.7  

To ask that we give you the personal data we hold about you, or (where technically feasible) that we give this personal data to a third party chosen by you, in a commonly-used machine-readable format. 

5.7   

These rights are not available to everyone all the time.  Some are subject to exemptions, and so we may not always be able, or required, to comply with your request to exercise these rights.  Further details about your rights can be found on the Information Commissioner's website: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/

5.8   

To exercise any of the above rights, please contact us using the details below and provide us with as much information as you can so we can respond as soon as we can.  We may ask you to provide proof of identity (for example, your passport or driving licence) before we fully respond as we have to be sure we are giving the correct personal data to the correct individual. 

5.9   

We usually respond to data subject requests within one month, but it can take longer if your request is particularly complex or if you have made a number of requests.  You will not usually have to pay a fee, but we reserve the right to charge a fee if your request if clearly unfounded, repetitive or excessive; alternatively we may refuse to comply with your request.

   

Who you can contact about our processing of your personal data  

5.10   

If you have questions about our processing of your personal data please contact us by email: info-eur@gordonbrothers.com

5.11    If you are not happy with how we process your personal data, you have the right to complain to the Information Commissioner's Office with its head office at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.  Further details can be found at: www.ico.org.uk