i 161 Table of Contents 163 170

Strauss & co - 8 - 11 November 2020

162 own risk of the user and Strauss & Co will not be held liable for any resultant misuse of personal information. 5.  RESPONSIBILITIES OF THE USER  5.1.  Each user remains responsible for maintaining the confidentiality of his username, password, credit card details and any other security information provided to or chosen by the user.  5.2  Strauss & Co encourages users to: (i) use strong account passwords for the website; (ii) not share ac- count login details with any person; and (iii) change their passwords on a regular basis.  5.3.  The user remains responsible for restricting access to the user’s computer or other electronic device, but shall be liable for any purchases made or bids placed using his details, regardless of whether a third party had gained access to such user’s computer or other electronic device or username, password and other security information without his permission.  5.4.  This privacy policy is subject to change from time to time and it is the responsibility of the user to ensure that he or she is up-to-date with these provisions when making use of the website.  5.5.  Where changes to this privacy policy will have a fundamental impact on the nature of the processing or a substantial impact on the user, Strauss & Co will provide a reasonable notice to enable a user to exercise the user’s privacy rights.This includes such instances where the user is located in the European Economic Area (‘ EEA’ ) and wishes to object to the processing of personal information. 6.  LINKS TO THIRD PARTY WEBSITES  6.1.  Occasionally Strauss & Co may include links to third party websites.  6.2.  The personal information that users provide to Strauss & Co will not be transmitted to these third party websites.These third party sites may however collect personal information of users in accordance with their separate and independent privacy policies and Strauss & Co therefore has no responsibility or liability for the content of these linked sites and/or any activities conducted by the user on such sites.  6.3.  Nonetheless, Strauss & Co seeks to protect the integrity of its site and welcomes any feedback about these third party sites, which feedback can be e-mailed to info@straussart.co.za . 7.  PERSONAL INFORMATION TRANSFERS  7.1.  Strauss & Co shall only transfer a users’personal infor- mation to entities from countries which have lower levels of data protection than the exporting country (‘ countries without equivalent protection’ ), or allow users’personal information to be accessed by entities in countries without equivalent protection, if the exporting entity has received assurances that the personal information will be adequately protected by the importing entity and when the consent of the relevant user has been obtained.Where the personal information of EEA residents is transferred outside of the EEA, Strauss & and Co shall ensure that the neces- sary safeguards and contractual mechanisms are in place to protect users’personal information.  7.2.  The personal information that is obtained from users when registering for online auctions will be held on servers located in the United States of America and the United Kingdom. Strauss & Co shall procure that any third party whose servers host users’ personal information is under a legal obligation to comply with the requirements of the GDPR and the EU-US Privacy Shield (which replaced the Safe Harbour provisions), to the extent applicable, when conducting any processing activities or transfer of personal information. 8.   RETENTION OF PERSONAL INFORMATION  8.1.  Strauss & Co may retain the personal information of users for as long as is necessary to render its services, maintain business records, comply with the South Af- rica’s Financial Intelligence Centre Act, 2001 (‘ FICA’ ), tax and legal requirements.The retention of personal information also serves to protect and defend Strauss & Co against potential legal claims.  8.2.  For purposes of Strauss & Co’s research and record- keeping of the ownership of art objects, to assist with checks on the validity of works, provenance and title, Strauss & Co will keep the personal information of users for as long as the record is relevant to the legitimate interests of Strauss & Co. 9.  ADDITIONAL REQUIREMENTS UNDER THE GDPR The GDRP is a regulation in European Union law, which deals with data protection and privacy for all individuals within the EEA. It also addresses the export of personal data outside of the EEA. In order to meet the privacy require- ments of the GDPR, Strauss & Co provides the following additional information to users.  9.1.   The entity that is responsible for the personal information of a user As provided in clause 2.1 of the privacy policy, if a user transacts in an auction with Strauss & Co or pro- vides personal information as part of the registration process, then Strauss & Co will be the data controller of that personal information.  9.2.   The legal basis on which Strauss & Co relies to process personal information In clause 3 of the privacy policy it is specifically recorded what lawful basis Strauss & Co relies on when processing the different types of personal information of users. For compliance with the provisions of the GDPR, Strauss & Co provides additional clarifications regarding the lawful basis for its processing activities: 9.2.1.   Consent : In certain instances, Strauss & Co processes personal information with the explicit consent of users. 9.2.2.   Performance of a contract : Strauss & Co may process users’personal information when it needs to do this to fulfil a contract with a user, for example, for billing or shipping purposes. 9.2.3.   Legal obligation :There are legal requirements that Strauss & Co has to comply with, for example, in the case of FICA, as provided in clause 8.1 of the privacy policy. if there is a legal requirement for a user to provide personal information for any such purpose, Strauss & Co will make this clear at the time and will also explain to users what the consequences will be if the user does not provide the requisite personal information. For example, if the user cannot submit the necessary information to register for an auction, then Strauss & Co will not be able to process a bid at such auction. 9.2.4.   Legitimate interests : Strauss & Co processes per- sonal information when it is in its legitimate interests to do this. Examples of such legitimate interests include: (i) the security of its auctions; (ii) obtaining insights on the preferences of users; (iii) maintaining accurate records; and (iv) ensuring that its website operates efficiently. Adequate safeguards are put in place to ensure that a users’privacy is protected and that Strauss & Co’s legitimate interests are not overridden by a users’ interests or fundamental rights and freedoms. 10.  USERS’ RIGHTS  10.1. Users residing in the EEA have the legal right to make a ‘subject access request’to Strauss & Co to obtain access to their personal information and the reasons for processing such personal information.  10.2. For any further copies of personal information being requested by the user, Strauss & Co may charge a reasonable fee based on administrative costs.  10.3. Users may, in addition to subject access requests, ask Strauss & Co that that their personal information kept by Strauss & Co is: (i) rectified if the information is inaccurate or out of date; (ii) erased; or (iii) restricted in terms of its usage.  10.4.  If a user has provided Strauss & Co with personal information and the grounds for processing such information are either contractual in nature or based on consent, the user has the right to be provided with the personal information in a structured, commonly used and machine readable format for transmitting it to another data controller. The same right would be available to the user where the processing of Strauss & Co is carried out by automated means.  10.5.  A user also has a right to object to instances of processing in the following cases, namely: 10.5.1.   Direct marketing : A user has, in accordance with the GDPR, the right to object to direct marketing at any time. 10.5.2.   Legitimate interests :Where Strauss & Co pro- cesses personal information because of legitimate interests, a user has a right to object to this.  10.6.  If Strauss & Co has asked for consent to process per- sonal information, a user may at any time withdraw such consent.This will not affect the lawfulness of Strauss & Co’s processing of the personal informa- tion prior to a user’s withdrawal.  10.7.  These rights of users may be limited in some situations, for example, where Strauss & Co can demonstrate that there is a legal requirement to process the user’s personal information.  10.8.  If a user would like to discuss or exercise any of these rights, they are entitled to contact Strauss & Co. Users are also encouraged to contact Strauss & Co to update or correct personal information if it changes or if it is inaccurate.  10.9.  If a query or compliant remains unresolved with Strauss & Co, a user may file a complaint with the relevant data protection authority. 11.  AUTOMATIC DECISION-MAKING  11.1.  The manner in which Strauss & Co analyses personal information for advertising and risk assessments may entail profiling. In this regard, Strauss & Co may process personal information by using software that is capable of assessing a user’s personal aspects and predict risks.  11.2.  Strauss & Co may use the personal information it collects, for example, purchase and bidding infor- mation, to deduce the interests of a user. Strauss & Co may employ such information for automated decisions about the content and suggestions presented to users on its website.  11.3.  Strauss & Co may use automated tools to flag suspicious activities on its website.This may be the case where there are multiple logins from different locations within a short span of time.These automated activities will not, in themselves, have legal or similar effects for a user. 12.  COOKIES  12.1  When a user visits the website, Strauss & Co will place cookies on the computer or other electronic device of the user.The cookies that are utilised by Strauss & Co can be classified into the following categories: 12.1.1   Functionality :These cookies allow the website to remember information that was provided by a user when previously accessing the website.These cookies provide more personal features to a user’s experience. 12.1.2   Performance :These cookies collect information about how visitors use the website. Information identifying a visitor is not collected by these cookies. The only information that is obtained by Strauss & Co is aggregated and anonymous.The reason for collecting such information is to improve the manner in which the website operates. 12.1.3   Essential :These cookies are integral to enable a user to navigate the website. Certain features on the website will not work properly if a user does not agree to the deployment of the cookies. Strauss & Co may in such instance be unable to provide services to a user unless the user accepts the use of such cookies.  12.2  Strauss & Co may partner with third parties to deliver more relevant advertisements to users and to obtain web statistics.The third parties may use cookies and other tracking mechanisms to monitor a user’s visit to the website and other webpages. By monitoring such activities, the third party assists advertisers to provide users with content that is more relevant.  12.3  The cookies do not store personally identifiable information of users and Strauss & Co only uses trusted advertising partners who have their own separate privacy policies in place. for any reason whatsoever, without the user’s consent, except where such information exchange is necessary for the express purpose of making available the purchased product or service to the user for collection by the buyer and processing the transaction, which is necessary for the performance of a contract; 3.3.3.   To send periodic emails or text messages : Any email address or mobile telephone number provided by the user may be used to send such user personal information and updates pertaining to any bid placed by him or any lot sold to the user, which is necessary for the performance of a contract; 3.3.4.   To send marketing updates :Where the user has consented to receiving periodic marketing updates, company news, and/or related product or service information, any personal information collected may also be used for these purposes, which is in pursuit of the legitimate interests of Strauss & Co; and 3.3.5.   Automatically stored information : IP addresses, cookies, usernames and passwords and other related security content, products viewed, purchases made and purchase history, pages visited, links opened and similar information may be stored automatically by theWebsite or Strauss & Co information technology systems.The storage of such information is for the legitimate interests of Strauss & Co. 4.  SECURITY OF INFORMATION  4.1.  Strauss & Co is committed to protecting the personal information of users and securing its information technology systems. Strauss & Co considers the confidentiality of users’personal information to be important and industry-standard security measures are utilised to safeguard personal information from manipulation, destruction or access by unauthorised persons and to prevent unauthorised disclosure.  4.2  Strauss & Co continually enhances its security measures as new technology is made available and in response to newly discovered threats.  4.3  A variety of security measures are used to maintain the safety of the personal information when a bid is placed or a lot is purchased or personal information is entered, stored, recalled or accessed.These measures include electronic firewalls and various other protec- tion measures that involve virus scanning, installation of security patches, vulnerability testing, backup and recovery planning, employee training, security audits, etcetera.  4.4.  All supplied sensitive personal information including, but not limited to, personal particulars, credit card or EFT details are transmitted via Secure Socket Layer (‘ SSL ’) technology and then encrypted into the database of Strauss & Co’s payment provider. Such information will only be accessible by the authorised personnel with special access rights to such systems, and such individuals are required to keep the information confidential.  4.5.  After a transaction has been concluded on the website, the user’s purchase information, such as credit card or electronic file transfer (‘ EFT ’) details will not be stored on Strauss & Co’s servers.  4. 6.  Strauss & Co does not send e-mails to users asking them to provide it with their account or other infor- mation or e-mails inviting users to link to its website and shall not be liable for any loss suffered by any person relating to such fraudulent e-mails sent by third parties or other related fraudulent practices by third parties such as the unauthorised use of Strauss & Co’s brand names, marks goodwill and reputation in an attempt to mislead people into thinking that it is, or is associated with, Strauss & Co. Strauss & Co may, however, from time to time send e-mails requesting a user to provide credit card details in respect of subscription payments or purchases made, which e-mail shall specifically indicate that it is in relation to subscription payments or a specified purchase.  4.7  Fraudsters may send invoices to users purporting to originate from Strauss & Co or make other requests for payment. If a user ever has any reason to doubt the authenticity of an invoice with the name of Strauss & Co on it or any payment communication, a user should enquire if the request is authorised and ask Strauss & Co to confirm if it is a valid invoice.  4.8  Any transmission of personal information is at the 1 OCTOBER 2020

RkJQdWJsaXNoZXIy NzIyMzE=