Data protection policy, guidelines and terms
Context and overview
iValuer needs to gather and use certain information about individuals.
These can include customers, suppliers, business contacts, employees and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored to meet the company’s data protection standards — and to comply with the law.
Why this policy exists
This data protection policy ensures iValuer:
Complies with data protection law and follow good practice
Protects the rights of staff, customers and partners
Is open about how it stores and processes individuals’ data
Protects itself from the risks of a data breach
Data protection law
The Data Protection Act 1998 describes how organisations — including iValuer— must collect, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other materials.
To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
The Data Protection Act is underpinned by eight important principles. These say that personal data must:
Be processed fairly and lawfully
Be obtained only for specific, lawful purposes
Be adequate, relevant and not excessive
Be accurate and kept up to date
Not be held for any longer than necessary
Processed in accordance with the rights of data subjects
Be protected in appropriate ways
Not be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection
People, risks and responsibilities
This policy applies to:
All branches of iValuer
All staff and volunteers of iValuer
All contractors, suppliers and other people working on behalf of iValuer
It applies to all data that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 1998. This can include:
Names of individuals
…plus any other information relating to individuals
Data protection risks
This policy helps to protect iValuer from some very real data security risks, including:
Breaches of confidentiality. For instance, information being given out inappropriately.
Failing to offer choice. For instance, all individuals should be free to choose how the company uses data relating to them.
Reputational damage. For instance, the company could suffer if hackers successfully gained access to sensitive data.
Everyone who works for or with iValuer has some responsibility for ensuring data is collected, stored and handled appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
However, these people have key areas of responsibility:
The board of directors is ultimately responsible for ensuring that iValuer meets its legal obligations.
The data protection manager is responsible for:
Keeping the board updated about data protection responsibilities, risks and issues.
Reviewing all data protection procedures and related policies, in line with an agreed schedule.
Arranging data protection training and advice for the people covered by this policy.
Handling data protection questions from staff and anyone else covered by this policy.
Dealing with requests from individuals to see the data iValuer holds about them (also called ‘subject access requests’).
Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.
The IT Manager is responsible for:
Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
Performing regular checks and scans to ensure security hardware and software is functioning properly.
Evaluating any third-party services the company is considering using to store or process data. For instance, cloud computing services.
The marketing manageris responsible for:
Approving any data protection statements attached to communications such as emails and letters.
Addressing any data protection queries from journalists or media outlets like newspapers.
Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.
General staff guidelines
The only people able to access data covered by this policy should be those who need it for their work.
Data should not be shared informally. When access to confidential information is required, employees can request it from their line managers.
iValuer will provide training to all employees to help them understand their responsibilities when handling data.
Employees should keep all data secure, by taking sensible precautions and following the guidelines below.
In particular, strong passwords must be used and they should never be shared.
Personal data should not be disclosed to unauthorised people, either within the company or externally.
Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
Employees should request help from their line manager or the data protection officer if they are unsure about any aspect of data protection.
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the IT manager or data controller.
When data is stored on paper, it should be kept in a secure place where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
When not required, the paper or files should be kept in a locked drawer or filing cabinet.
Employees should make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
Data should be protected by strong passwords that are changed regularly and never shared between employees.
If data is stored on removable media (like a CD or DVD), these should be kept locked away securely when not being used.
Data should only be stored on designated drives and servers, and should only be uploaded to an approved cloud computing services.
Servers containing personal data should be sited in a secure location, away from general office space.
Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures.
Data should never be saved directly to laptops or other mobile devices like tablets or smart phones.
All servers and computers containing data should be protected by approved security software and a firewall.
Personal data is of no value to iValuer unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:
When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
Data must be encrypted before being transferred electronically. The IT manager can explain how to send data to authorised external contacts.
Personal data should never be transferred outside of the European Economic Area.
Employees should not save copies of personal data to their own computers. Always access and update the central copy of any data.
The law requires iValuer to take reasonable steps to ensure data is kept accurate and up to date.
The more important it is that the personal data is accurate, the greater the effort [company name] should put into ensuring its accuracy.
It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
Staff should take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.
iValuer will make it easy for data subjects to update the information iValuer holds about them. For instance, via the company website.
Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it should be removed from the database.
It is the marketing manager’s responsibility to ensure marketing databases are checked against industry suppression files every six months.
Subject access requests
All individuals who are the subject of personal data held by iValuer are entitled to:
Ask what information the company holds about them and why.
Ask how to gain access to it.
Be informed how to keep it up to date.
Be informed how the company is meeting its data protection obligations.
If an individual contacts the company requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email, addressed to the data controller at [email address]. The data controller can supply a standard request form, although individuals do not have to use this.
Individuals will be charged £10 per subject access request. The data controller will aim to provide the relevant data within 14 days.
The data controller will always verify the identity of anyone making a subject access request before handing over any information.
Disclosing data for other reasons
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, iValuer will disclose requested data. However, the data controller will ensure the request is legitimate, seeking assistance from the board and from the company’s legal advisers where necessary.
iValuer aims to ensure that individuals are aware that their data is being processed, and that they understand:
How the data is being used
How to exercise their rights
To these ends, the company can offer a privacy statement, setting out how data relating to individuals is used by the company. This is available on request.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. NOTE this may prevent you from taking full advantage of the website as it will NOT work correctly.
Terms and Conditions
Terms used in this this agreement shall have the following meaning
“The Parties” are:
“iValuer” means iValuer Ltd at Unit 8a Middleton Street, Norwich, NR18 0AD
“Client” is the person who has submitted photographs of the object to be valued
“Auction” is the auction house to which the photographs are submitted for valuation
“Valuation” electronic high and low estimated sale value of the object which in the opinion of the Partner and based only upon the photographs and any related information provided by the Client to iValuer could be achieved on the sale of the object without reserve on the open market at an international auction. It excludes all expenses, commissions and taxes that may be due on the sale of the object.
“Date of Agreement” the date that the photographs and related information is received by iValuer.
“Date of Valuation” is the date the Valuation is sent by iValuer to the Client
“Business Day” excludes Saturday and Sunday and all Public and Bank Holidays in England.
“The Price” payable by the Client to iValuer shall be in accordance with the price list published on iValuer’s website at the time the request for valuation is received.
2.1 The Client agrees that by submitting the images of the object to be valued and related information, the Client: accepts of the Conditions of Business as set out here; and grants iValuer a global non-exclusive, constant, royalty-free licence on all the material provided.
3.1 This Agreement contains the entire Terms and Conditions. No other documentation, correspondence or any other form of communication shall form any part of the Agreement unless otherwise formally agreed by both Parties.
4.1 iValuer agrees to provide to the Client the valuation for the object obtained by it from an Auction, based on the photographs and any related information submitted by the Client. Ivaluer reserves the right to refuse to offer a valuation.
4.2 iValuer aims to use reasonable endeavours to provide the Valuation to the Client within five Business Days after iValuer has received the Client’s request provided you have submitted all relevant information. If this period of five Business Days is exceeded, the Client shall not be entitled to a refund.
5.1 Neither iValuer nor Auctions give any warranty or guarantee in the Valuation in respect of an object's expected price, functionality, authenticity, provenance, origin, attribution, condition, age or date.
5.2 The Valuation shall not be used by any other person, or disclosed to any third party non-professional, reproduced or published in any form without the Auction's prior written consent. The Client shall indemnify and keep indemnified indefinitely iValuer, and its servants, employees and owner against all liabilities and expenses incurred by them as a result of any breach of the above commitment by Client or arising from related claims by other parties in connection with the Valuation.
5.3 The Valuation may not be used for official or formal purposes such as (without limitation) in legal proceedings, insolvency or bankruptcy proceedings, divorces cases, for insurance purposes, or anything such like unless specifically requested by the Client and agreed to between the Parties after the Valuation has been received and with formal hand written consent from the Auction.
5.4 iValuer maintains its right to nullify or withdraw any Valuation at any time. Valuations are valid for no longer than 30 days.
CLIENT'S OBLIGATIONS AND ACKNOWLEDGEMENTS
6.1 The Client shall pay the Price (if relevant) for the Valuation to iValuer prior to receiving a valuation. The Client must instruct the Auction to pay iValuer the agreed sums within 30 days of the item being sold.
6.2 The Client confirms to iValuer that he is the owner of the object or is lawfully authorised by the owner to have the object valued by iValuer.
6.3 The Client confirms and maintains that each object submitted for valuation is not constrained by any third party interests, restrictions or claims of any kind.
6.4 The Client warrants that all material provided is owned by the Client or the Client has the lawful right to use such material and provide it to iValuer. The Client indemnifies the Company fully with complete respect to any breach of this warrant.
6.5 The Client shall provide current clear and accurate photos of the object to be valued and will in no way disguise any aspect of the object that may affect the potential valuation. In addition the Client must provide complete, relevant and accurate information relating to the object, including where known without limitation any issues relating to authenticity, the location of the object, provenance, condition, condition issues, previous sales history and any other related information, in the possession or knowledge of the Client.
6.6 The Client acknowledges the following statement.
6.6.1 The Valuation is an estimate that is a matter of reasonable opinion. It is very likely that opinions in this respect will differ. There is no guarantee offered of the valuation given.
6.6.2 iValuer shall not be liable for any deficiency in the Valuation as a consequence of circumstances affecting the value of an object not known or predictable at the time the valuation is given. All valuations given are considered unverified until the item in question has been appraised in person by the person who offered the initial valuation.
6.6.3 Unless otherwise stated in a hand written document, the Valuation only reflects an estimate, the predicted characteristics of the object being valued and does not reflect the circumstances of the object in question.
6.6.4 iValuer receives an introductory commission on items consigned and sold at auction.
6.6.4 Nothing in these Terms and Conditions shall exclude or limit iValuer’s liability for: death or personal injury caused by negligence (as such term is defined by the Unfair Contract Terms Act 1977); or fraud; or misrepresentation as to a fundamental matter; or any liability which cannot be excluded or limited under applicable law.
TERMINATION OF THE AGREEMENT
7.1 Should the Client breach a clause of this Agreement:
7.1.1 the Agreement shall be terminated with immediate effect and any Valuation shall become invalid.
7.1.2 the Client shall remain liable to pay to iValuer the Price at the conclusion of a sale based on a Valuation provided by iValuer, in accordance with clause 6.1.
7.1.3 Where the Client obtains the Valuation in connection with any illegal purpose, in commission of a criminal offence or any other unlawful activity the Agreement shall be terminated with immediate effect and the Client shall not be entitled to a refund on the price paid for the Valuation; permission to rely upon the Valuation shall be revoked and the Client shall pay to iValuer an amount equal to any liability, expenses and costs arising in connection with the Client's unlawful activity. There shall be no further liability of the Company to the Client from the date of termination of the Agreement.
RIGHTS OF THIRD PARTIES
8.1 No person who is not a party to the Agreement shall have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of the Agreement.
9.1 In the event that any part of the Agreement should be held to be unenforceable for any reason, that term shall be deemed to be not part of the Agreement, the remaining portions of the Agreement shall remain in full force and effect.
GOVERNING LAW AND JURISDICTION
10.1 The Agreement shall be construed in accordance with English law. In the event of disputes hereunder, the parties hereto submit to the exclusive jurisdiction of the English courts.
11.1 All Notices are to be served on iValuer by email at firstname.lastname@example.org.. Evidence of delivery of communication is to be evidenced by a ‘read receipt’ of the email. All other communications may also be sent to iValuer at Unit 8a Middleton Street, Norwich, NR18 0AD.
What personal information do we collect from the people that visit our website or app?
When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number, credit or debit card information, or other details to help you with your experience.
When do we collect information?
We collect information from you when you register on our site, place an order, subscribe to a newsletter, respond to a survey, fill out a form, Open a Support Ticket or enter information on our site.
Provide us with feedback on our products or services
How do we use your information?
We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
• To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
• To improve our website in order to better serve you.
• To allow us to better service you in responding to your customer service requests.
• To administer a contest, promotion, survey or other site feature.
• To quickly process your transactions.
• To ask for ratings and reviews of services or products
• To follow up with them after correspondence (live chat, email or phone inquiries)
How do we protect your information?
We do not use vulnerability scanning and/or scanning to PCI standards.
We do collect credit card information, but did not know PCI compliant scans are now required.
We do not use Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
Do we use 'cookies'?
• Help remember and process the items in the shopping cart.
• Understand and save user's preferences for future visits.
• Keep track of advertisements.
• Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, Some of the features that make your site experience more efficient may not function properly. It won't affect the user's experience that make your site experience more efficient and may not function properly.
Do we disclose the information we collect to Third-Parties?
We sell,trade, or otherwise transfer to outside parties your name, address,city,town, any form or online contact identifier email, name of chat account etc., screen name or user names, phone number, SSN, cookie number, ip address device serial #, unique device identifier, photo, video or audio file of child, others
All personal information given.
We engage in this practice because,:
We share this information with auction houses upon the customer's expression of interest in selling their item. This is to notify the auction house of which items they can expect to be consigned and prepare accordingly. It also allows the to have all of the necessary information for the customer when the time comes to sell.
Personally Identifiable Information.
Occasionally, at our discretion, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users.
We use Google AdSense Advertising on our website.
We have implemented the following:
• Remarketing with Google AdSense
• Google Display Network Impression Reporting
• Demographics and Interests Reporting
• DoubleClick Platform Integration
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add on.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
Users can visit our site anonymously.
Can change your personal information:
• By logging in to your account
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It's also important to note that we allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
We do not specifically market to children under the age of 13 years old.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify you via email
Within one month
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
• Send information, respond to inquiries, and/or other requests or questions
• Process orders and to send information and updates pertaining to orders.
• Send you additional information related to your product and/or service
• Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM, we agree to the following:
• Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.
If at any time you would like to unsubscribe from receiving future emails, you can email us at
and we will promptly remove you from ALL correspondence.
Valuations and services
We reserve the right to use the information given in any of our advertising. We retain all rights in this regard. All valuations and services offered are undertaken by third parties. Information given to iValuer will be shared with third parties. All valuations or services undertaken are the opinion of the third party and in no way reflect the opinions of iValuer. All valuations and services come under the terms and conditions of the third party.