Heritage Auctions Privacy Policy

• Who is responsible for your data?
• What personal information do we collect, when, and why?
• How does Heritage Auctions use your information?
• With whom does Heritage Auctions share your information?
• What are cookies, and how are they used?
• How do we ensure the protection of your personal information?
• How long will your personal data be retained?
• Reviewing and changing your information
• Do Not Track notice and disclosure
• How To Delete Your Personal Data and/or Your Account
• Questions, Concerns, and Complaints
• Glossary

Who is responsible for your data?

The controller is Heritage Auctions, in the U.S. of 2801 W. Airport Freeway, Dallas, TX, 75261-4127, United States.

If you access HA.com from the European Union, then the representative is Heritage Auctions UK Limited of 10 Hanover Street, London, Mayfair, W1S 1YQ, UK.

Your Data Rights and Verifying Your Identity

Your Data Rights: You may have certain data rights under state privacy laws, including to request information about the collection of your personal information, to access your personal information in a portable format, and to correct or delete your personal information. If you wish to do any of these things, please email us at Privacy@ha.com. Additionally, you may have the right to opt out of the processing of your personal data for targeted advertising. To do so, please email us at Privacy@ha.com.

In order to address any request, concern, or complaint from you concerning your personal information, Heritage Auctions must first verify your identity. We may rely on information already collected, such as your address or Multi-Factor Authentication (MFA) verification codes, in order to verify your identity. You understand that Heritage Auctions cannot discuss, disclose or take any action concerning your account or personal information without first verifying your identity, and that failure to complete the verification process waives all rights to have Heritage Auctions respond to or comply with any communication from you.

What personal information do we collect, when, and why?

When you visit Heritage Auctions Sites, we will not collect your name, address, telephone number or email address without your consent. We collect any and/or all of the following, and store the data at our operations centers, including but not limited to those in the United States. Consult the glossary found later in this policy to learn more about terms used in this section.

How does Heritage Auctions use your information?

Heritage Auctions researches our clients' usage patterns and demographics based on the information provided to us during their experiences on our website. We do this to better understand our clients' needs and enhance our service. This information is compiled and analyzed for internal use. While Heritage Auctions sometimes uses this information to show you personalized ads for other products or services offered by Heritage Auctions, our profiling or automated decision-making software is in-house, and we do not use any personal information to generate personalized ads by or on behalf of third parties. To exercise your right to opt out of personalized or targeted advertising, please contact us at Privacy@ha.com. We will process your request within 30 days of verifying your identity.

Registration qualifies a user as a Heritage Auctions client, and, regardless of any regulation to the contrary, the user agrees, until this consent is revoked in writing, that Heritage Auctions may from time to time contact the user concerning sale and purchase opportunities available through Heritage Auctions.

Heritage Auctions collects and stores any login information you create in order to allow you to access your account information and member features.

With whom does Heritage Auctions share your information?

All information is held in confidence by Heritage Auctions. Most of our services involve operation, at least in part, from persons, servers, and software operating in the United States, including storage of your personal information. Heritage Auctions has not sold any personal information within the past twelve months from the effective date of this disclosure. We do not trade, rent, or sell your information, including email addresses, to third parties, nor do we provide it for any third party's general commercial usage. Any information disseminated to parties external to Heritage Auctions is anonymous in nature — for example: the prices realized for a particular auction may include the price paid for a lot.

We may disclose your personal data with our service providers to ensure the proper functioning of your requested services and Heritage Auctions business operations (for example, we may transmit your credit card information to our bank for enhanced data security and authentication). Before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection, and our service providers will only use the information for purposes outlined in the “What personal information do we collect, when, and why?” section. Heritage operates global auctions, and we may disclose your personal data with our service providers who are located in a third country. For example, if you bid on an item that is located in a different country than your country of residence, Heritage may need to share your address with the third-party shipping carrier to deliver your winning lots. These companies may be located in, or use IT equipment located in, a country where the data protection laws are different to your country of residence. We require recipients of your personal information to provide a similar level of protection when transferring personal information out of your country of residence. We will only transfer your personal information to countries with equivalent levels of data protection and/or with appropriate safeguards in place to help ensure the same level of protection Heritage Auctions provides.

We reserve the right to share information, when we deem appropriate, with third parties that are acting on proper legal authority (e.g. subpoenas), including police and governmental agencies. We respond to credit references initiated by you or in the trade. In such instances, we generally will verify whether you are a known client, the length of time you may have done business with us, and whether your account is in good standing.

What are cookies, and how are they used?

The Internet browser you use to view our site allows a small file called a "cookie" to be saved on your device. This cookie enables our web server to recognize you as a first-time or repeat client, and may include information such as your Username, so you do not have to re-enter it every time you visit. We also use cookies to provide customized and personalized services to you, including:

• To remember information about you, so you don’t have to re-enter it;
• To keep you signed in;
• To help us understand how you are using our website so we can improve your experience;
• To help us personalize your experience on our website, such as remembering your preferences and settings;
• To determine if you have read communications from us.

Cookies do not allow us to know anything about your surfing habits on other websites. They simply tell us about your surfing habits on our website. Some of these cookies are erased when you close your internet browser, but some stay on your device so that they are in place when you come back to our website.

Some cookies are always on when you visit our website, and they cannot be turned off through our website. These are necessary cookies. Your browser does allow you to turn these cookies off, but it may affect how smoothly our website functions. Heritage Auctions does not guarantee the functionality of any services offered through its website if you do not allow these necessary cookies to operate.

We also use function, performance, and advertising cookies. While these cookies make your experience more enjoyable, as explained above, you may at any time reject these cookies and they will not collect or report any of your personal information. If you’d like to change your consent to certain cookies, please email us at Privacy@ha.com.

Third party cookies may also be used on Heritage Auctions’ website, if you select an option that connects to a third-party website. For example, if you select to share an auction lot on social media, the company operating the social media site may be activated. Heritage Auctions has no control over these third-party cookies, and while they can be turned off, you cannot do so through us. Heritage Auctions may allow certain third parties contracted by Heritage Auctions, such as analytics partners, advertising technology partners, and other partners, to use cookies and/or include web beacons on HA.com web pages for purposes related to those specific partner services. These cookies and web beacons do not include any Personally Identifiable Information (“PII”), other than your IP address, which may qualify as PII in your country of residence.

NOTE: Heritage Auctions operates under US law. At this time, no US court has ruled that an IP address is PII. Because Heritage Auctions operates worldwide, including countries that deem IP addresses to be PII, Heritage Auctions treats IP addresses as PII as it relates to our data gathering and usage activities and the data gathering and usage activities of our third-party partners. However, for those persons within the United States, Heritage Auctions does not consider IP address to be personally identifiable information, and do not waive any rights or defenses available under US law.

How do we ensure the protection of your personal information?

Heritage Auctions maintains reasonable physical, electronic, and procedural safeguards to protect the security and integrity of all personal information provided to us. Heritage Auctions limits access to personal information about you to those employees who we reasonably believe need to come into contact with that information to provide products or services to you in order to do their jobs.

In the interest of privacy and security, we automatically expire your session when a specific period goes by without activity. Heritage Auctions takes reasonable precautions—including administrative, technical, and physical measures—to safeguard your personal information against loss, theft, and misuse, as well as unauthorized access, disclosure, alteration, and destruction. In the event of a data protection breach, we report the breach to the supervisory authority for any country whose citizens may have been affected, within 72 hours of learning that personal information may have been breached.

How long will your personal data be retained?

We will retain your personal information for as long as necessary to fulfill the purposes outlined in the “What personal information do we collect, when, and why?” section and to satisfy any legal, accounting, regulatory, or reporting requirements.

Reviewing and changing your information

Heritage Auctions has safeguards in place to keep your personal information accurate, complete, and up-to-date for the purposes for which it is used. Naturally, you always have the right to access and correct the personal information you have provided. You can help us ensure that your contact information and preferences are accurate, complete, and up-to-date by going to your MyProfile page.

For any personally identifiable information that cannot be updated via your MyProfile page, please make a request to have it changed, if needed, using the contact information listed later in this policy.

To request a copy of all personal data we have collected about you, please email us at Privacy@ha.com. We will process your request within 30 days of verifying your identity. Please note that while the first copy of your personal data is provided free of charge, subsequent copies will only be provided with a fee. Any corrections to said personal data that does not appear on your MyProfile page may be sent to Privacy@ha.com.

Do Not Track notice and disclosure

Heritage Auctions does not currently respond to Web browser “do not track” signals and similar signals as providers of these signals do not currently operate according to common, industry-accepted standards. However, as stated earlier in this policy, your browser provides tools to allow you to change your privacy and security settings. For instructions, consult your browser’s Help menu.

Heritage Auctions does not knowingly allow other parties to collect personally identifiable information about an individual consumer’s online activities over time and across different websites when a consumer uses our websites and services.

For more information on Do Not Track, visit allaboutdnt.com.

How To Delete or Transfer Your Personal Data and/or Your Account

Regardless of where you are located, you have the right to withdraw consent and request the deletion of your personal data held by Heritage Auctions or, under certain circumstances, request that Heritage Auctions restrict or stop processing your personal data. To make such a request, please email us at Privacy@ha.com. We will process your request within 30 days of verifying your identity. You further have the right to instruct Heritage Auctions to transfer your personal data held by us to any third party of your choice, though we reserve the right to object or restrict any transfer that is infeasible, such as when the requested personal data includes information about others who have not consented to the transfer. To make such a request, please email us at Privacy@ha.com.

In certain circumstances, we may need to retain some of your personal data even after a deletion request, such as when required to comply with legal obligations, to prevent fraud, or to resolve ongoing disputes. If this applies, we will inform you of the specific reasons for retention and the duration for which the data will be kept.

Requesting deletion of your data will remove your account and any associated services or content. Please ensure you download or back up any important information before making your request. Heritage Auctions will not discriminate against any person who exercises their rights concerning their personal information.

Questions, Concerns, and Complaints

We have appointed a data protection officer (DPO), identified below, who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions, concerns, or complaints relating to the processing of your personal data, or requests to exercise your legal rights, please contact us at Privacy@ha.com, 866-835-3243, or write to us at the following address:

Brian Shipman
Heritage Auctions
PO Box 619999
Dallas, TX 75261-6199
214-528-3500

If you are located in Canada, you may contact our Canadian DPO:

Brian Shipman
Heritage Auctions
PO Box 619999
Dallas, TX 75261-6199
214-528-3500

If you are located in the European Union, you may contact our European DPO:

Jacco Sheper
Coöperatief U.A.
Energieweg 7
3401 MD
IJsselstein, The Netherlands
+31(0)30-606-3944

Should you believe Heritage Auctions was unable to verify your identity in error, or have any other complaints regarding Heritage Auctions’ handling of your personal data, you may appeal the decision by emailing us at Privacy@ha.com. All claims, disputes, or controversies in connection with, relating to, and/or arising out of this Privacy Policy or the collection, retention, sharing, or use of any personal data, any interpretation of this Privacy Policy or any amendments thereto, whether asserted in contract, tort, under the laws of any jurisdiction globally (collectively, “Claim”), shall be exclusively heard by, and the claimant (or respondent) and Auctioneer each consent to the Claim being presented in a confidential binding arbitration before a single arbitrator administrated by and conducted under the rules of, the American Arbitration Association or an association providing arbitration in the country of your residence. The arbitrator’s award may be enforced in any court of competent jurisdiction. A Claim is not subject to class certification.

You may raise a complaint with the relevant supervisory authority if you believe Heritage Auctions infringed applicable data privacy laws when processing your personal data. This right is without prejudice to any other administrative or judicial remedy you might have.

Glossary

• Data Controller: The person or entity who determines the purposes for which and the manner in which any personal data are, or are to be, processed.
• Legitimate Interests: Processing is necessary for our or a third party’s legitimate interests in carrying on, managing, and administering our respective businesses effectively and properly (except where our or the third party’s interests are overridden by your own interests, rights, and freedoms).
• Performance of a contract: A lawful basis where processing of data is necessary for the performance of a contract to which you are a party, or in order to take steps at your request to entering into a contract.
• Personal Data: Any data relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly. This can include names, email addresses, home address, credit applications, user account information, and correspondence to and from an individual.
• Processing: Any operation performed on personal data, such as collection, recording, storage and retrieval, use, combining it with other data, transmission, disclosure, or deletion.
• Public Interest: Processing is necessary for the performance of a task carried out in the public interest.
• Sale of Personal Data: The exchange of personal data for monetary consideration by the controller to a third party.

Privacy policy last updated on and effective as of January 1, 2026.