Somlo Antiques Ltd (the Company), takes the security and privacy of data seriously and is committed to complying with its legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security. Our use of your personal data is subject to your instructions, the GDPR and other relevant UK and EU legislation.

For the purposes of the above legislation, the data controller is Somlo Antiques Ltd of registered office, C/O William Evans and Partners, 20 Harcourt Street, London, W1H 4HG, Data Protection Registration Number ZA4484095

Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share information about you. It also explains your rights in relation to your information and how to contact us or supervisory authorities in the event you have a complaint.

• This website is not intended for children and we do not knowingly collect or store any personal information relating to minors, aged 16 years or under.
• By completing our enquiry form we will collect you name, email address and telephone number, we may also collect this information if you telephone us directly.
• To process any order we may collect name, address, delivery address, billing address, email, telephone numbers, bank account details, credit card information and transaction details about payments to and from you.

We will collect the above information to allow us to meet our contractual obligations to you in the purchase or a product, answer the enquiry you have made or under our legitimate interest, recover debts due to us.
We may also process your personal information to meet any legal obligations placed upon us.

We have appointed a data protection representative who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact our “Data Protection Representative” using the details set out below.

Name: Paul Symons
Email: mail@somlo.com
Telephone: 0207 499 6526
Address: Somlo Antiques Ltd, 35-36 Burlington Arcade, London W1J 0QB

We hope that our data protection representative can resolve any query or concern you raise about our use of your information. However, if you feel that we have failed to address your concerns appropriately, you can contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.

This privacy notice aims to give you information on how the Company collects and processes your personal data through your use of this website, including any data you may provide by using our enquiry form, by telephone, email or post.

This privacy notice aims to give you information on how the Company collects and processes your personal data through your use of this website, including any data you may provide by using our enquiry form, by telephone, email or post.

When processing your data, the Company will comply with the following data protection principles when processing information:

• we will process personal information lawfully, fairly and in a transparent manner;
• we will collect personal information for specified, explicit and legitimate purposes only, and will not process it in a way that is incompatible with those legitimate purposes;
• we will only process the personal information that is adequate, relevant and necessary for the relevant purposes;
• we will keep accurate and up to date personal information, and take reasonable steps to ensure that inaccurate personal information is deleted or corrected without delay;
• we will keep personal information in a form which permits identification of data subjects (you) for no longer than is necessary for the purposes for which the information is processed; and
• we will take appropriate technical and organisational measures to ensure that personal information is kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.

The Company will process your personal data in accordance with legal obligations.
‘Processing’ means any operation which is performed on personal data such as:

• collection, recording, organisation, structuring or storage;
• adaption or alteration;
• retrieval, consultation or use;
• disclosure by transmission, dissemination or otherwise making available;
• alignment or combination; and
• restriction, destruction or erasure.
This includes processing personal data which forms part of a filing system and any automated processing.

The Company processes information about you ‘data subjects’ for the specific purpose of answering your enquiries. If you are a customer, we may also keep personal information about you to allow us to complete the transaction, and to meet our legal obligations.

We will not retain your data for longer than necessary for the purposes set out in this policy.
We generally keep your personal data so that we can:

• respond to any questions, complaints or claims made by you or on your behalf;
• show that we treated you fairly;
• keep records required by law;
• prevent fraud;
• comply with our regulatory requirements.

When it is no longer necessary to retain your personal data, we will delete securely in accordance to our Data Retention Policy. A copy of this can be requested from the data protection representative using the details above.

In summary your data will be retained as follows:

• Enquiries will be retained for 12 months.
• Customer information – for 7years or as required to meet our legal obligations

Information may be held at our offices and third-party agencies, service providers, representatives and agents. We have security measures in place to ensure that there is appropriate security for information we hold including both physical and electronic records.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our data protection manager.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We routinely share personal data with:
• relevant personnel within our Company;
• external service suppliers, representatives and agents that we use to make our business more efficient (i.e. our technology, system and software providers).

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.

They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions. We also impose contractual obligations on service providers relating to ensure they can only use your personal data to provide services to us and to you.

We do not send your personal data outside the European Economic Area. If this changes you will be notified of this and the protections, which are in place to protect the security of your data, will be explained.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may disclose your data to enforce our contractual rights against you or to defend legal claims. We may also disclose your data to protect our rights, property and safety, or the rights, property and safety of others or to prevent fraud.
We will not share your personal data with any other third party unless you instruct us to.

Under the legislation you may be entitled to the listed rights in certain circumstances as listed below.
The right to be informed about the collection and use of your personal data.

The right to access (Subject Access Request) to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. If you wish to exercise this right:

• you will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
• we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
• we try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected. In certain circumstances we may refuse a request for correction.

Request erasure of your personal information. In certain circumstances you have the right to have ask for some but not all of the information we hold and process to be erased (the right to be forgotten). This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation, which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your personal information to another party.

Rights in relation to automated decision making and profiling: You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

If you want to exercise any of the above-mentioned rights, please contact the data protection representative using the contact details included above. We will respond to your request within one calendar month.

Any changes to this privacy policy will be published here.
This Policy was last updated on 17th August 2018



The Collection