Privacy Policy

Wavebid Privacy Policy

Introduction to Wavebid Wavebid LLC (“Company”, “we”, “us”, “our”) is a Software-as-a-Service (SaaS) company that provides data management tools (“service”) to the auction and related industries. Our service integrates with other software providers including bidding platforms, marketing websites, credit card processors and others. Personal information is never shared with any third party without our Client’s express permission. Except as disclosed in our privacy policy we do not rent, trade, sell or otherwise share personal information with third-parties without permission to do so.

This Privacy Policy informs you of our policies regarding the collection, storage, use, and disclosure of personal information when using wavebid.com and service and the choices you have associated with that data. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible from https://www.wavebid.com/content/terms.html.

Definitions “Client” - direct customer of Wavebid LLC; e.g. auction houses/auctioneers, bidding platform partners “Customer” - customer of our Client; auction houses of our partners, buyers and sellers of auction houses/auctioneers “Service” - website and software we provide to Client “Personal Data” - information relating to an identified or identifiable natural person (“Data Subject”) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical identity of that natural person. We do not process sensitive personal information such as physiological, genetic, mental, economic, cultural or social identity. “Cookies” - small files stored on a user’s computer, sent to your browser from a website and stored on your device “Data Controller” - entity that determines the purpose, conditions and means of the processing of personal data. For the limited, specific purpose of Client personal data, we are the Data Controller and Processor. Client is typically the Data Controller for Customer. “Data Processor” - entity that stores and processes personal information on behalf of and according to instruction from the Data Controller. We are the Data Processor for Customer.

Information We Process Our prospective Client is a person or entity we solicit for a business relationship. We collect personal information from Client necessary to set up and maintain their user account.

Client collects from and enters personal information of Customer, the auction participants, using our service. To understand how that personal information is collected and entered please refer to the privacy policy Client has provided or contact Client directly to ask about your personal circumstances.

Personal Data Client using our service may be asked to provide:

  • First name and last name
  • Phone number
  • Address, City, State, Province, ZIP/Postal code, Country
  • Email address
  • Date of Birth (DOB)
Customer may be asked to provide to Client:
  • First name and last name
  • Phone number
  • Address, City, State, Province, ZIP/Postal code, Country
  • Email address
  • Additional information identified in Client Privacy Policy

Usage Data We may also process information about how the service is accessed and used ("Usage Data") by Client. The data may include information such as the computer's Internet Protocol (IP) address, the pages of our service visited, the time and date of the visit, unique device identifiers and other diagnostic data.

Tracking Data The use of cookies in our service is very narrowly limited to some selections and preferences on some pages. For example, we store which columns in a report you selected to be displayed. No personal information is stored or transmitted via a cookie.

Use of Data Provided We collect and process data to enable the services we provide to auction related services. Personal information of Customer is stored and processed solely for our Client use of the software and services we provide at their direction. Any personal information processed, from individuals in the EU, is used by Client for their purposes to operate and utilize our software and services. We do not use the data to contact Customer nor for sales or marketing purposes.

Client data is used to maintain our accounts and records and to support and manage our services. The information we process is to provide a continually improving service and to correspond with Client about our services and the activities on our site. We may use Client personal information to contact them with newsletters, marketing or promotional materials and other information that may be of interest.

Client data we collect and process may be used for any of these purposes:

  • To notify Client about changes to our service
  • To gather information for analysis so that we can improve our service
  • To monitor the usage of our service
  • To provide news, special offers and general information about other goods, services and events we offer that are similar to those already purchased or inquired about unless you have opted not to receive such information
  • To provide and maintain our service
  • To allow use of interactive features of our service when Client chooses to do so
  • To provide Client support; detect, prevent and address technical issues

Legal Basis for processing personal information For Customer located in the European Economic Area (EEA), the legal basis for Company to process the personal information described in this Privacy Policy may do so because:

  • We entered into a contract with Client and are processing the data to fulfill our contractual obligations
  • The contract with Client provides authorization for us to do so
  • The processing is in our legitimate interests and it is not overridden by your rights

Retention of Data Company will retain personal information of Customer only for as long as is necessary for the purposes set out in this Privacy Policy, according to and at the direction of Client.

We will retain the personal information to the extent necessary to comply with our legal obligations, for example, if we are required to retain that data to comply with applicable laws, resolve disputes, and enforce our legal agreements and policies. We store personal information of Client for eight (8) years after our relationship has been discontinued. We retain usage data for internal analysis purposes and is generally retained for a shorter period of time to improve the functionality of our service.

Transfer of Data Personal information of Customer in the European Union may be stored and processed inside or outside the European Union. Whenever possible, for Customer of our EU Client, data is stored and processed on servers within the European Union in the United Kingdom.

Personal information may be transferred and processed on servers in the United States for EU Customer of a non-EU Client. Company has implemented appropriate safeguards, at or above industry recognized standards, to protect the personal information, wherever it is processed.

Disclosure of Data

Business Transaction If Company is involved in a merger, acquisition or asset sale, personal information may be transferred. We will provide notice to Client before personal information is transferred and becomes subject to a different Privacy Policy.

Legal Requirements We may disclose an individual’s personal information in the good faith belief that such action is necessary to:

  • Comply with a legal obligation. Under certain circumstances, we may be required to disclose personal information if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
  • Protect and defend the rights or property of Company
  • Investigate and enforce violations of our Terms and Conditions, protect our rights or resolve disputes between users of the service.
  • Prevent or investigate possible wrongdoing in connection with the service
  • Protect the personal safety of users of the service or the public
  • Protect against legal liability

Your Data Protection Rights If you are located in or a resident of the European Economic Area (EEA), you have certain data protection rights. We take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal information.

A Client who wishes to be informed what personal information we hold about you and if you want it changed, the Company service provides methods for you to edit certain information directly in the application. If you want your information removed from our systems, please email us at: privacymatters@wavebid.com (US) or privacymatters@wavebid.io (EU).

If you are a Customer, please refer to the Client Privacy Policy and contact them according to their instructions.

In certain circumstances, those in the EU have the following data protection rights:

1. The right to be informed

2. The right to access, update or to delete the information we have on you.
 
3. The right of rectification. Client may access, update or request deletion of your personal information directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.

4. The right to object. You have the right to object to our processing of your personal information.

5. The right of restriction. You have the right to request that we restrict the

processing of your personal information. 6. The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format. 7. The right to withdraw consent. You also have the right to withdraw your

consent at any time where we relied on your consent to process your personal information. 8. Rights related to automated decision-making and profiling. You have a right

not to be subject to automated decision-making when those decision have a legal (or other significant effect) on you. You are not entitled to this right when the automated processing is necessary for us to perform our obligations under a contract, it is permitted by law or if you have given your explicit consent.

All requests related to these rights must be sent to us in writing to our mailing address listed below. We will comply with such requests as soon as possible up to one month unless an agreement is reached to extend the length of time due to the volume or complexity of the request. Please note that we may ask you to verify your identity before responding to such requests.

Third Party Service Providers and Links to Other Sites We may employ third party service provider companies and individuals to facilitate the use of our service, to provide the service on our behalf or to assist us in analyzing how our service is used.

These third parties have access to personal information only to perform these services on our behalf and are obligated not to disclose or use it for any other purpose. Software includes links and integrations to 3rd-party websites, including auction bidding platforms, credit card processors, marketing websites and social media. Company uses remarketing services to advertise on third party websites after you visited our service.

We and our third-party vendors may use cookies or equivalent technology to inform, optimize and serve ads based on your past visits to our service. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services associated with our company.

Consent of Data Subject and Children’s Privacy A Client using our service agrees to the processing and use of information in accordance with this policy, our terms and conditions and our contract with you. The service may only be used by individuals who can form legally binding contracts under applicable law and therefore are not available to persons under the age of 18. If you utilize individuals under the age of 18 to enter non-personal information using our service, it must be done with guardian approval. Knowingly collecting and entering personal information of those under 18 is prohibited.

Security of Data The security of personal information is important to us. We use industry standard methods to protect the data stored and transferred but cannot guarantee its absolute security. We take reasonable steps to protect the information we store, process and transfer. These measures may include:

  • Secure locations for our data storage and processing facilities
  • Access controls to hardware and software including firewalls
  • Employ access management to grant or deny authorization to secure systems
  • Regular backup and encrypt data we hold
  • Database security measures: external credentials, identifiers and passwords are secured and encrypted when stored and transferred
  • Data encryption at multiple levels
  • Database level encryption on EU servers
  • Data transferred from Client partners are done using secure protocols
  • Data transferred to payment processors is compliant with Payment Card Industry Data Security Standard (PCI DSS)
  • Deleting your data is done securely

Data Breaches A security breach occurs when the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal information transmitted, stored or otherwise processed. In the event there is a breach of personal information and is likely to result in a risk to the rights and freedoms of individuals, we will notify Client and the Information Commissioner’s Office (ICO) within 72 hours of first having become aware of the breach.

Limited Employees A limited number of employees have access to view personal information of our Client and Customer for Client support purposes. Access is controlled by user identification and passwords. Each have signed confidentiality and non-disclosure agreements, are trained in and follow the strict terms of confidentiality and use of personal information.

Complaints and Disputes Company commits to resolve complaints about the processing of your personal information. Those in the EU with inquiries or complaints regarding our Privacy Policy should first contact us directly at privacymatters@wavebid.com.

We have registered with JAMS, an alternative dispute resolution (ADR) provider located in the United States. Any inquiry or complaint not responded to by us in a timely manner or addressed to your satisfaction, please visit https://www.jamsadr.com/eu-us-privacy-shield for further information or to register a complaint. This service is provided at no cost to you.

If there is still no satisfaction, you may submit a complaint with the Data Protection Authority (DPA) in your country of residence in the EU. Additional information may be found at https://www.privacyshield.gov.

Changes to this Privacy Policy We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via a prominent notice on our website, prior to the change becoming effective and update the “last revised date" at the end of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us If you have any questions about this Privacy Policy or to submit a complaint, please contact us by email at: privacymatters@wavebid.com (US) or privacymatters@wavebid.io (EU).

Wavebid LLC Attn: Privacy Matters 3555 Farnam Street, Suite 1105, Omaha, NE 68131

Revisions/Updates This Privacy Policy was last revised 22-October-2018