When you use our website or interact with us in any other way (using “our services”), you are trusting us with your personal data. We treat our responsibilities in relation to personal data very seriously, and comply with the European Union’s General Data Protection Regulation (the “GDPR”), as well as privacy laws in non-EU countries in which we operate. A reference to we, us or our is a reference to AirAuctioneer Pty Ltd and each of its related bodies corporate.
What is personal data
Personal data refers to any information that relates to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Information which has been transformed so that it can no longer be related to an individual, such as anonymised or aggregated browsing data, is not considered to be personal data and is outside the scope of this policy.
What personal data we collect and how it is collected
What personal data we collect depends on whether you are using our services as a casual visitor, bidder or auctioneer, and on how you interact with us.
Some of this personal data, such as a way to identify you, is necessary to enter into our User Agreement. The provision of all other personal data is voluntary, but may be necessary in order to use our services, such as bidding, or to conclude a transaction.
Whenever you use our site, we automatically collect personal data relating to your browsing activity that is transmitted to us by your device. This includes your IP address and the details of the device and software you are using.
If you register an account on our site, we will collect your name, email address, and sometimes a password. We collect this information either directly from you, via a form on our site, or by you granting us access to information held in a social media account. You may change the name and email address associated with your account at any time by visiting your profile page.
If you create auction content on our site (i.e. auction pages and auction items), you will typically create introductory content on the auction page describing the purpose of the auction, the auction terms and conditions and other related information. Each auction item will typically include a description of the item, which may be written by you or copied from another source. The auction page and individual items will typically include several images uploaded by you. Subject to our User Agreement, you may include whatever information and images you choose, and this may include any type of personal data. This information is collected via forms in the auction administration section of our site.
If you create auction content, we ask you to identify the legal entity on whose behalf the auction is being conducted, and you may provide additional contact details including a name and email address.
If you contact us by email or using a contact form, we will automatically collect your name, email address and IP address. You may choose to provide us with additional personal data in the content of your message.
If you contact us by other means, e.g. through social media or other online support channels, or by telephone or other offline channels, you may provide us with personal data in the content of your communications.
How and why we use your personal data
We use your location and device data to vary the content which is shown to you. We do this in order to provide you with a personalised browsing experience and information relevant to you. For example, we may translate content into a different language based on your location, or allow you to pay for an AirAuctioneer account in your local currency.
We use your email address to relate you to your user account on our site. This allows us to provide you with information about your past activity on the site, such as your bidding history and auction content you have created.
It also allows us to provide you with personalised notifications if these are enabled on your account.
If you make a bid, the name associated with your account is published on our site. We do this so that other bidders know who is making bids on an item. You can change your display name for an alias if you do not wish your real name to be published, by visiting the Profile page within “My account” on our site.
We will send you an email when you make a bid on an auction item and when someone bids against you. We may also send a summary of your bidding status close to and following expiry of any auction where you have made a bid. We do this because we believe that bidders find these notifications useful. If you do not wish to receive these emails, you can disable them on the Notifications page within “My account” on our site.
We will publish the information you include within your auction page content when you toggle the auction status to “live”, and we will publish the information for each individual item when you toggle its status to “enabled”. If you have included personal data within your auction content, it is published without restriction. Published auction content is visible to anyone who has the URL of the auction page or any item within the auction, or a link to either of these things. Links may be shared by email, social media or other websites without your control. You may restrict access to an auction using a password, but even then, users may share the password. You should assume that all information you publish is available for anyone to see. We recommend, therefore, that you include only the minimum necessary amount of personal data in your auction content.
Some auction items require detailed personal data to be disclosed in order for the winning bidder to take advantage of the item. For example, with an auction item offering a dog-walking service, the winning bidder will usually need the contact details of the person who will do the dog-walking. You should use the “winner”s instructions” field in the auction item administration pages to provide this type of information. The winner’s instructions are sent to the winning bidder by email and are only visible on the site to the winning bidder when they are logged in.
Personal data you provide in respect of the legal entity on whose behalf the auction is being conducted, and any additional contact information you provide, is made public on the auction page when its status is toggled to “live”, so that bidders may know with whom they are dealing when they commit to buy an item and how to make contact with the auction administrator.
If you create auction content, you can elect to receive email notifications about bidding activity on your auction items. We offer this because we believe that auction administrators find these notifications useful. If you don not wish to receive these emails, you can disable them on the Notifications page within “My account” on our site.
We will use your email address to send you confirmation of payment when you buy and auction item, when a bidder wins an item in one of your auctions, when you make or receive a donation, and when you pay for an account upgrade. We do this because we believe these communications to be important to you in the context of your account with us.
We may use your name and email address in order to contact you in the context of account management, e.g. to advise you that your paid account is coming due for renewal, to troubleshoot problems with your account, or to advise of a completed upgrade or downgrade. We do this in the context of providing good customer service and ensuring that you don’t inadvertently lose access to paid account features.
We may use your personal data to respond to any enquiries you make to us by email, via social media or through online or offline support channels. We will do this with the aim of providing good customer service.
We may use your personal data to contact you in the context of detecting, preventing, mitigating and investigation fraudulent or illegal activities. If we do this, it will be for the purpose of protecting our users and our legitimate business interests.
The legal basis for us processing your personal data
The legal basis for us processing your personal data depends on the type of data concerned and the ways in which you use our services. The three legal bases we rely on are as follows.
If you make bids on an auction item or create your own auction content, we may need to process your personal data in the context of a contract with us or with the seller or buyer of an auction item. You may be a party to such a contract at the time of processing, or you may intend to enter into such a contract in the future. In particular, when you bid for an item, you are committing to purchase that item if you are the winning bidder. Providing your email address allows the auctioneer to contact you in order to complete the sale.
We may use your personal data for our legitimate interests, where we consider that these are not overridden by your rights, and which you have the right to object to as explained below. These interests are: analysing user behaviour in order to improve our services; performing administrative and operational tasks such as training staff, risk management, developing and marketing products and services, undertaking planning, research and statistical analysis, and systems development and testing; and verifying identity, preventing or investigating any fraud or crime, or any suspected fraud or crime.
Our role and that of our partners
Data protection rules distinguish between the data controller and the data processor, with different obligations applying to each. When we collect personal data from you, the data controller is AirAuctioneer Pty Ltd of 6/1 Chifley Square, Sydney NSW 2000, Australia, which is responsible for the collection, use, disclosure, retention and protection of your personal data.
Our cloud hosting service provider, Pantheon Systems, Inc., acts as the data processor when we process your personal data. Our contract with Pantheon includes clauses covering data processing which ensure compliance with applicable data protection laws, including the GDPR. Pantheon may engage other partners for certain aspects of their operations, including the operation of datacentres, and these other partners must also comply with applicable data protection laws.
Sharing your personal data with others
We respect the confidentiality of personal data and will not sell, share or otherwise disclose your personal data to other parties except in certain limited circumstances, as follows.
Displaying your bidder nickname
When you bid on an auction item, your bidder nickname is made public on our site. We recommend that you use an alias rather than your real name, to protect your privacy.
Sharing your details with the auctioneer of items you bid on or make an enquiry about
When you bid on an auction item, we provide the auctioneer of that item with your bidder nickname and email address, so that they can contact you to complete the sale in the event that you are the winning bidder.
When you submit an enquiry about an auction using the contact form on the auction page, your message is sent to the auctioneer by email. We include your bidder nickname and email address in the message we send, so that the auctioneer can respond to your enquiry personally.
Our service providers
We use third party service providers for various aspects of our operations including cloud hosting, card processing, data storage, email delivery and analytics. Our use of these services involves us transferring your personal data to the service provider. We carefully select our service providers from respected leaders in their fields, and our contracts with them include data protection clauses which provide equivalent levels of privacy protection to our own policies.
If you choose to upgrade to a paid account, or if you pay for an auction item you have won using a credit or debit card, we will ask you to enter your card details on our site. This information is not sent to our servers, but instead it is sent securely to our card processing service provider, Stripe, Inc., using industry-standard security protocols. Stripe subsequently sends us information regarding your payment method, but this has been anonymised so that the card details can no longer be identified.
On the card payment form, we may offer you the ability to store your card details for future use. If you take this option, your card details are stored by Stripe and not by us.
In order to obtain professional advice
We may disclose your personal data to obtain professional advice, for example, from lawyers or financial advisors.
In connection with the sale of our business
If we enter into negotiations to sell our business to a third party, we may disclose your personal data to potential acquirors and their advisors. Upon completing such a sale, your personal data may be transferred to the acquiror so that they may continue the business as a going concern.To comply with a legal obligation We may disclose your personal data if required to do so by law or in response to a request from law enforcement or another regulatory authority. We may disclose your personal data to enforce our agreements with you or to protect the rights, property or safety of AirAuctioneer, our users or others. This includes sharing personal data with other organisations for fraud prevention purposes.
How you can control your personal data
Data protection laws give you a range of rights in connection with our processing of your personal data. In this context, you can ask us to send you a copy of your personal data, and you can ask that we correct errors or delete the data. You can ask us to restrict the processing of your data and you have the right to object against the legal basis on which we process your data. You may also ask us to transmit your personal data to another company.
To exercise any of these rights, please contact us using the details below.
Data storage and retention
Your personal data will typically be stored by, or at the direction of, one or more of our service providers. Written data submitted using a form on our website will usually be stored by our cloud hosting service provider, Pantheon Systems, Inc. or at their direction with their own data storage providers. Personal data submitted by email will be stored by our email service provider, Google LLC, and it may also be stored in mailboxes on our computers and other devices. Personal data submitted in image form will be stored by our data storage provider, Amazon Web Services, Inc., and your email address may be stored by our email delivery service provider, SendGrid, Inc., or at their direction. Personal data collected automatically during your browsing activity will be stored by our analytics providers, Google, Inc. and New Relic, Inc.
We will retain your personal data for as long as is necessary for the purposes for which it is processed. These periods vary depending on the nature of the data and your interactions with us. You can cancel your AirAuctioneer account at any time by contacting us using the contact details below, and we will delete your personal data from our systems.
After it is no longer necessary for us to retain your personal data, we will dispose of it in a secure manner.
We may transfer, store or process your personal data outside your home country, including transfer out the European Economic Area (the “EEA”) if you are an EEA citizen.
The laws in some countries may not provide as much legal protection for your personal data as those in your home country.
By providing us with your personal data, you agree to this transfer, storing or processing. Where we use service providers outside the EEA, we rely on approved data transfer mechanisms (for example, the EU Standard Contractual Clauses and the EU-US Privacy Shield) to ensure that your personal data is adequately safeguarded in the recipient country.
Overseas organisations may be required to disclose information we share with them under an applicable foreign law.
Transmission of data over the internet is not completely secure. We will do our best to protect your personal data, but we cannot guarantee its security and there is a risk that your data may be unintentionally disclosed to third parties.
We protect your personal data using technical and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure and alteration. The safeguards we use are firewalls, data encryption, physical access controls and information access authorisation controls.
We will treat very seriously any complaint about your privacy or our processing of your personal data. If you have any complaint, please contact us using the details below. We will aim to resolve any complaint as quickly and fairly as possible.
Changes to this policy
Mail: AirAuctioneer Pty Ltd, 6/1 Chifley Square, Sydney NSW 2000, Australia.