This notice tells you how we look after your personal data when you visit our website at https://aspreybugatti.com/(Website), including when you register on our Website to purchase NFTs. It sets out what information we collect about you, what we use it for, whom we share it with, explains your rights and what to do if you have any concerns about your personal data. We may sometimes need to update this notice, to reflect any changes to the way our Website is provided or to comply with new legal requirements. We will notify you of any important changes before they take effect.
Last updated: [01/01/22][SL1]
1. Who we are and other important information
We are Asprey London Limited, a company registered in England and Wales with company number 1004355 whose registered address is 36 Bruton Street, Mayfair, London, W1J 6QX, United Kingdom (we/us/our). Our VAT number is GB 238 48 31 46.
For all visitors to our Website, we are the controller of your information (which means we decide what information we collect and how it is used). We are registered with the Information Commissioner’s Office (ICO), the UK regulator for data protection matters, under number ZB139801.
If you have any questions about this privacy notice or the way that we use information, please contact us at info@asprey,studio
2. The information we collect about you
Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we may collect from you below[SL2] :
· Identity Data – first name and last name;
· Contact Data – email address, telephone number and home address, which we will collect if you request us to send the artwork linked to your NFT to your home address;
· Profile Data – username and password;
· Financial Data –crypto wallet addresses (Metamask) and transaction records;
· Communication Data – any correspondence between you and us, including connections or other communications made on social media channels;
· Technical Data - internet protocol (IP) address, browser type and version, time zone setting and generic location, browser plug-in types and versions, operating system and platform on the devices you use to access our Website;
· Usage Data - information about your visit to our Website including the clickstream to, through and from our site, information you viewed or searched on Website, page response times, download errors, length of visits, page interaction;
· Feedback – information and responses you provide about our Website;
· Client relationship data – information about whether you are an existing owner of a Bugatti or an existing client of Asprey; and
· Marketing Data – your marketing preferences data, for example if you wish to unsubscribe from receiving emails from us. If at any time you wish to unsubscribe from emails you receive from us, you may click the unsubscribe link in the footer of the email.
3. How we use your information
We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications which organisations can rely on. The most relevant of these to us are where we use your personal data to:
· fulfil our contract with you;
· pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy);
· comply with a legal obligation that we have; and
· do something for which you have given your consent.
The table below sets out the lawful basis we rely on when we use your personal data. If we intend to use your personal data for a new reason that is not listed in the table, we will update our privacy notice.
Providing our Website to you
Contract (when you accept our Terms and Conditions)
Providing you our NFT Platform (as set out in our NFT Platform Terms and Conditions)
Contract (when you register on our Website)
Keeping you informed about the NFT drops
Contract (when you register on our Website)
Verifying you have enough funds available in your crypto wallet to mint an NFT and completing the blockchain transaction
Contract (necessary to enable you to mint an NFT on our Website)
Enabling you to mint an NFT on our Website
Asking you to provide feedback about our Website and/or Platform
Consent (feedback is always optional)
Providing insight on how our Website are being used
Legitimate interest (necessary to improve and
optimise our Website)
Administering and protecting our Website
Legitimate interests (necessary to provide our
Website, monitor and improve our
Website security and prevent fraud)
Handling requests for technical support and other queries
Legitimate interests (necessary to provide our
Website to you and ensure the
proper functioning of our Website)
Defending against legal claims
Legitimate interests (to protect our business and
defend ourselves against legal claims)
Notifying you about changes to our privacy notice
Legal obligation (necessary to comply with our
obligations under data protection law)
We may anonymise the personal data we collect (so it can no longer identify you) and then combine it with other anonymous information so that it becomes aggregated data, for example statistical or demographic data. Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.
4. Who we share your information with
We share (or may share) your personal data with[SL3] :
· Our personnel: our employees (or other types of workers) who have contracts containing confidentiality and data protection obligations;
· Our supply chain: other organisations that help us provide our Website and services related to the NFTs. We ensure these organisations only have access to the information required to provide the support we use them for, and have a contract with them that contains confidentiality and data protection obligations;
· Regulatory authorities: such as HM Revenue & Customs;
· Strategic partners: such as hosting services providers;
· Our professional advisers: such as our accountants or legal advisors where we require specialist advice to help us conduct our business; and
· Any actual or potential buyer of our business.
If we were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.
5. Where your information is located or transferred to
We will only transfer information outside of the UK where we have a valid legal mechanism in place (to make sure that your personal data is guaranteed a level of protection, regardless of where in the world it is located, e.g. by using contracts approved by the European Commission or UK Secretary of State).
If you access our Website whilst abroad then your personal data may be stored on servers located in the same country as you are.
6. How we keep your information safe
We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:
· access controls and user authentication
· internal IT and network security
· regular testing and review of our security measures
· staff policies and training
· incident and breach reporting processes
· business continuity and disaster recovery processes[SL4]
If there is an incident which has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law). Where we act as the processor for the affected personal data, we will notify the controller and support them with investigating and responding to the incident.
If you notice any unusual activity on the Website, please contact us at firstname.lastname@example.org
7. How long we keep your information
Where we act as the controller, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
To decide how long to keep personal data (also known as a retention period), we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using aggregated data instead), and any applicable legal requirements (e.g. minimum accounting records for HM Revenue & Customs).
We may keep Identity Data, Contact Data, Financial Data and certain Communications Data for up to six years after the end of our contractual relationship with you. If you browse our Website, we keep personal data collected through our analytics tools for only for as long as necessary to fulfil the purposes we collected it for. If you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you.
8. Your legal rights
You have specific legal rights in relation to your personal data.
It is usually free for you exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once).
We can decide not to take any action in relation to a request where we have been unable to confirm your identity, (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens, we will always inform you in writing.
We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we will forward your request to the relevant controller and await their instruction before we take any action.
Your legal rights in respect of your personal data include:
· Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it;
· Correction: You can ask us to correct your personal data if it is inaccurate or incomplete;
· Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it. If we think there is a good reason to keep the information you have asked us to delete, we will let you know and explain our decision;
· Restriction: You can ask us to restrict how we use your personal data;
· Objection: You can object to us using your personal data. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision;
· Portability: You can ask us to send you an electronic copy of your personal data; and
· Complaints: If you are unhappy with the way we collect and use your personal data, we would prefer to attempt to resolve the issue directly first, so you can contact us at the email address below. If we are unable to resolve the issue, you can complain to the ICO or another relevant supervisory body.
If you wish to make any of the right requests listed above, you can reach us at email@example.com [SL5]
Cookies are not harmful to your devices (like a virus or malicious code), but some individuals prefer not to share their information (for example, to avoid targeted advertising).
· implement or change the Website in real life in order to optimise the user experience;
· track how visitors use our Website;
· indicate visitors general location for the purposes of setting the appropriate currency for displaying prices and for online shopping;
· record whether you have seen specific messages we display on our Website;
· remember and keep you signed into our Website; and
· capture and analyse information such as number of your views and shares.
The cookies [SL6] we use are:
What it does
How long it lasts
This cookie is installed by Google Analytics.
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user.
Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit.
Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit.
Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie.
Vimeo uses this cookie to save the user's preferences when playing embedded videos from Vimeo.
Vimeo sets this cookie which is essential for the website to play video functionality.
This cookie is set by Vimeo and contains data on the visitor's video-content preferences, so that the website remembers parameters such as preferred volume or video quality.
You can choose to decline cookies but if you turn off necessary cookies, some pages and functions on our Website may not work properly.
You can also manage cookies through your browser settings or device settings.
You can also delete cookies directly with the relevant third parties (for example, you can disable Google Analytics on their website).
[SL1]Please insert date of upload to site. [SL1]
[SL2]Do you collect any other personal data? Is there any data that we have mentioned that you do not collect (particularly those highlighted)?
[SL3]Will any of the personal data be shared with Bugatti?
[SL4]Do you have these security measures in place? If not, which security measures do you have / are you planning to implement?
It might be worth explaining in more detail how you ensure that you keep the wallet address safe and secure.
[SL5]Please confirm that this is the correct contact email.
[SL6]We have listed the below based on a search via cookieserve.com
Are you planning to use any other cookies on your website?
Founded in England in 1781, Asprey has long been considered the pinnacle of luxury. Offering unique products, very often bespoke commissions completed in its famed workshops, Asprey caters to the most demanding and prestigious clients in the world, including royalty, heads of state and international connoisseurs.
Please enter your email below to subscribe.
© Copyright 2022 Asprey London Limited. All Rights Reserved