Privacy policy
1. Name and Contact Details of the Controller
This privacy information applies to data processing by: Controller: Kunstauktionshaus Georg Rehm Organisation von Auktionen GmbH Managing Director: Christoph Neureuther Provinostraße 52 86153 Augsburg, Germany Tel.: +49 (0)821/55 10 01 Fax: +49 (0)821/55 67 58 E-mail: info@auktionshaus-rehm.de Website: app.auktionshaus-rehm.de
2. Collection and Storage of Personal Data as well as Type and Purpose of Their Use
a) When visiting the website When you access our website app.auktionshaus-rehm.de, your browser automatically transmits certain technical information (e.g. IP address, date and time of access, browser type, and possibly operating system). This data is processed solely to ensure the secure and stable operation of the site and is not combined with other data sources. The legal basis is Art. 6(1)(f) GDPR. b) When registering and using the platform When you register on our platform, we process the data you provide (first name, last name, email address, phone number, address, company name, password) to create your user account and provide access to our services. We use session cookies and JSON Web Tokens (JWT) to manage authentication securely. Your session data (such as name, email, user ID, and account-related attributes) is stored temporarily and encrypted. The legal basis is Art. 6(1)(b) GDPR. c) Subscribing to our newsletter If you subscribe to our newsletter, we use your email address to send you updates about auctions and company news. The processing is based on your consent pursuant to Art. 6(1)(a) GDPR. You can revoke your consent at any time. All data is stored in our system (Ninox) and will not be shared with third parties unless legally required or necessary for contractual purposes.
3. Disclosure of Data
Your personal data will not be transferred to third parties for purposes other than those listed below. We will only share your personal data with third parties if: - You have given your express consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, - The disclosure is necessary pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data, - In the event that there is a legal obligation for disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, or - This is legally permissible and necessary pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.
4. Cookies
Our website uses only technically necessary cookies to enable essential functions such as login and session management. These cookies do not contain personal data, are used solely for the functionality of the website, and are deleted after the session ends. No statistical analysis or data sharing with third parties takes place. The legal basis for processing is Art. 6(1)(f) GDPR. Most browsers accept cookies automatically. However, you can configure your browser to prevent cookies from being stored. Please note that some functions of the website may not work properly without cookies.
5. Analytics Tools
We use Umami (https://umami.is/docs), a privacy-focused, open-source analytics tool. Umami does not use cookies and does not collect any personal data. It provides anonymous, aggregated statistics about website usage, which helps us understand general user behavior without compromising privacy. Umami is fully GDPR and PECR compliant. The legal basis for using this tool is our legitimate interest pursuant to Art. 6(1)(f) GDPR in optimizing our website's performance and usability.
6. Integration of Google Maps
Our website includes an embedded Google Maps map via an iFrame to make it easier for you to locate our company. Google Maps is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page that contains the embedded map, information about your use of our website (e.g. your IP address) is transmitted to Google servers and stored there. This may also involve transmission to Google LLC servers in the USA. This data processing is based on Art. 6 (1) lit. f GDPR. Our legitimate interest lies in presenting our location in an appealing way and making it easier to find. Further information on the handling of user data can be found in Google's privacy policy: https://www.google.com/intl/en/policies/privacy/
7. Data Subject Rights
You have the right: to request information pursuant to Art. 15 GDPR about your personal data processed by us. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if not collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about its details; to request the correction of inaccurate or incomplete personal data stored by us without undue delay pursuant to Art. 16 GDPR; to request the deletion of your personal data stored by us pursuant to Art. 17 GDPR, unless the processing is necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims; to request the restriction of the processing of your personal data pursuant to Art. 18 GDPR, if you contest the accuracy of the data, the processing is unlawful but you oppose its erasure, we no longer need the data but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing pursuant to Art. 21 GDPR; to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transmission to another controller pursuant to Art. 20 GDPR; to withdraw your consent at any time pursuant to Art. 7(3) GDPR. As a result, we may no longer continue the data processing based on this consent in the future; and to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you may contact the supervisory authority of your habitual residence or place of work or our company headquarters.
8. Right to Object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided there are reasons arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. If you wish to exercise your right of withdrawal or objection, simply send an e-mail to info@auktionshaus-rehm.de.
9. Data Security
We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
10. Encryption
We use the widespread SSL (Secure Socket Layer) procedure during your website visit, in conjunction with the highest encryption level supported by your browser. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we instead use 128-bit v3 technology. You can recognize whether a single page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar or to the left of the URL bar in your browser.
11. Updates and Changes to this Privacy Policy
This privacy policy is currently valid and has the status as of July 2025. Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy.