Vienna, 8.5.2020

1. Information on the treatment of personal data
   pursuant to the European Regulation 2016/679

1. General information

Artemide Kunstauktionen GmbH, in the persons of the Sole Director and its employees, partners and co-owners of the processing of personal data, undertakes to protect and respect privacy, to protect personal data, guaranteeing compliance with the principles prescribed by the Regulation (EU ) 2016/679.

Dear customer, with this document, we indicate how and for what purposes we process your personal data, in relation to establishing/continning a contractual relationship with Artemide Kunstauktionen GmbH

2. Identity and contact details of the data controller

The Data Controller of your personal data is Artemide Kunstauktionen GmbH (hereinafter also the "Owner"), in the persons of the sole director and of the employees employed. The owner is based in Eslinggasse 5, A1010 Vienna - Austria. It can be contacted by email at the following address: info@artemideauktionen.at.

3. Purpose and legal basis of the processing

Your personal data is processed by Artemide Kunstauktionen GmbH to:

1. fulfill tax and accounting obligations, such as invoicing .
2. purposes related to the mutual obligations deriving from the contractual relationship, and thus may be processed for contractual and / or pre-contractual needs and requirements and also for operational and internal management needs (for example sales agreements and auction results).
3. fulfill Know Your Customer (KYO) forms
4. ascertain, exercise or defend a right in court, based on the legitimate interest of the Owner.
5. send communications for advertising purposes such as, by way of example and not limited to, emails or printed publications

Processing is necessary for the Data Controller to fulfill his contractual and legal obligations. The provision of personal data and information is mandatory for what is required by legal and contractual obligations; therefore, any refusal to supply them, in whole or in part, would make it impossible for the Data Controller to establish / continue the professional relationship.

4. Nature of the data

The Data Controller, in fulfillment of its contractual and legal obligations, processes the following types of data:

1. Personal identification and contact data, such as, but not limited to, personal identification numbers, name and surname, e-mail addresses, telephone numbers.
2. Personal data and information collected as part of customer due diligence activities, such as, but not limited to, the copy of an identification document of the legal representative, the identification data of the beneficial owners as well as judicial and political information.
3. Information relating to the payment of the alienated or purchased goods, such as IBAN coordinates and billing information.

5. Data retention period

Your data and information are kept by the Data Controller for the entire contractual relationship and also subsequently within the prescribed limits provided for by the tax, administrative and accounting laws in force in Austria. The data and information collected or processed in the context of customer due diligence are kept in compliance with the limitations provided for by law.

6. Transfer of data to third countries / international organizations

Your data and information will not be transferred to third countries or international organizations, except in cases where this is required to fulfill legal, contractual obligations or to ascertain, defend or exercise a right in court.

7. Processing methods and categories of recipients

The Data Controller processes your data and information, using paper, magnetic, electronic and telematic media, guaranteeing the security and confidentiality, as well as the accuracy, updating and relevance of the data with respect to the purposes indicated. The data and information may also be subject to processing by internal and external subjects, who will be authorized to process them by virtue of written documents containing the correct instructions to guarantee data protection. Personal data are stored in the Data Controller's physical and IT archives in the European Union. As part of the contractual relationship and the purposes of the processing and legal obligations, the data and information are communicated to external data processors, who carry out the processing:

1. Banks and credit institutions, in order to carry out financial transactions (eg bank transfer).
2. Public offices of the EU, which receive data for institutional purposes.
3. Single Court, Guarantor Authority for the protection of personal data, Police in order to exercise, defend or ascertain a right in court.
4. Dea Moneta s.r.l. (Republic of San Marino), which manages the online auction software system.

In any case, personal data and information are not subject to disclosure.

8. Applicable principles and recognized rights

The data processing is carried out on the basis of principles of correctness, lawfulness and transparency and protection of confidentiality and rights recognized to you.

The European citizen has the possibility to assert the rights recognized by the Regulation (EU) 2016/679, such as the right to request access to their personal data, the right to data portability and the rectification or cancellation of the same or the limitation of the treatment that concerns him or the right to oppose the treatment, including the right to propose a report and complaint to the Supervisory Authority.