GDPR Compliance Report and Impact Assessment – Clarke and Simpson Auctions Limited

At the Auction Centre we have two GDPR relevant systems, as follows: –

  1. Global Auction Platform (GAP) Toolbox and Office
  2. CCTV

We have considered appropriate compliance with GDPR in relation to each system, as follows:-

  1. Global Auction Platform Toolbox and Office.

We hold the data required in this system for running our auctions business.  All of those on the database are people who have attended our site or made contact with us as potential or actual customers.  There are reasonable levels of security in place.  All marketing sent out (above and beyond invoices and notifications relating to items purchased or sold) has an unsubscribe facility and every endeavour is made to keep data up to date.  It is normal for there to be a desire to have longevity of registration on databases such as this.

We have spoken to GAP and they have confirmed that both they as a firm and the software is GDPR compliant.

We have considered that it is in our legitimate interests to process the data on GAP for marketing purposes in order to promote our business, in addition to processing in order to perform contracts for our auction business.  We consider this is necessary, and a reasonable expectation of our customers, with a low risk of data breach, particularly given the clients’ right to unsubscribe.

  1. CCTV

CCTV is in operation across our site for monitoring and security purposes and all data is retained for some 30 days as part of this.  It is necessary to retain data for this period due to the time period over which some lots are held on-site.  We make it clear by using appropriate signage that CCTV is in place for these purposes.

We have considered that the use of CCTV is a proportionate legitimate interest for our security purposes.