Artscapy Privacy Policy

Effective Date: July 09, 2025

1. Introduction

At Artscapy, your privacy is a top priority. We are committed to safeguarding your personal data and ensuring transparency in how we collect, use, and share it. This Privacy Policy explains how we process your personal data in line with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The Money Laundering Regulations 2017 (as amended)
  • Any applicable regulatory requirements from the FCA and other authorities

Please read this Privacy Policy carefully to understand how we treat your personal data.

2. Who We Are

Company Name: Artscapy Limited

Company Number: 12918699

Registered Address: 36 Fifth Avenue, Hampshire, England, Havant, PO9 2PL

Data Protection Officer: Emilia Gyoerk (Email: emilia@artscapy.com)

Artscapy is a digital platform that brings the art world together to explore, connect, and transact. We conduct ID verification (IDV), anti-money laundering (AML) checks as part of our compliance obligations, which include data information collection from our users in the different services we provide.

3. What Personal Data We Collect

We may collect and process the following data:

Information you provide directly:

  • Full name, date of birth, age
  • Address, nationality
  • Email, phone number
  • Copies of identity documents (e.g. passport, driver’s licence for IDV and AML purposes)
  • Payment information
  • Art account preferences or transaction data
  • Source of funds or wealth (for AML purposes)

Information we collect automatically:

  • IP address, device data, browser type
  • Login and access times
  • Website usage data, interaction logs

Special categories of data (where applicable):

  • Biometric data for identity verification (for AML purposes)

4. How We Collect Your Data

We collect your personal data:

  • Through your interactions on www.artscapy.com
  • When you register, subscribe, or purchase/sell artworks
  • When using Art Account services
  • Through third-party IDV and AML screening services
  • From communications by email, phone, or surveys

5. Legal Bases for Processing

We process your data based on:

  • Legal Obligation – AML/CFT compliance under UK Money Laundering Regulations
  • Contractual Necessity – Delivering services you've requested
  • Legitimate Interests – To provide, improve, and secure our services
  • Consent – Where required (e.g., marketing, biometric ID verification)

6. How We Use Your Data

We use your data to:

  • Verify identity and conduct AML/CFT checks
  • Deliver Art Account and trading services
  • Fulfil contractual obligations
  • Process transactions and payments
  • Detect and prevent fraud and financial crime
  • Personalise your user experience
  • Communicate with you about platform activity
  • Send marketing communications (with consent)
  • Analyse platform usage for development and security

7. Cookies

We use cookies to:

  • Distinguish users
  • Improve platform functionality and performance
  • Deliver personalised content and marketing

See our Cookie Policy for full details.

8. Sharing Your Data

We share data only where necessary and lawful, including with:

  • IDV/AML providers (e.g. Northrow)
  • Payment processors (e.g., Stripe, PayPal)
  • Hosting and IT providers (e.g., AWS, UNA)
  • Business partners (e.g., galleries, dealers)
  • Mailchimp (for communications)
  • Regulatory authorities (e.g., HMRC, FCA, NCA)

Data transfers outside the UK are protected by adequacy decisions or Standard Contractual Clauses (SCCs).

9. Data Security

We implement strong safeguards to protect your data, including:

  • Encrypted storage and transmission
  • Secure server infrastructure (e.g., AWS)
  • Access control policies
  • Staff training and confidentiality obligations

10. International Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place:

  • Transfers only to countries with adequate protection
  • Use of ICO-approved SCCs when applicable

11. Data Retention

We retain your data for as long as necessary:

  • At least 5 years after the end of the business relationship (AML obligation)
  • Longer if required for legal, tax, or regulatory reasons
  • Retention periods consider the data type, purpose, and legal requirements

12. Your Rights

You have rights under UK GDPR, including to:

  • Access your data (Subject Access Request – SAR)
  • Rectify incorrect or incomplete data
  • Erase your data (when no longer needed or consent is withdrawn)
  • Object to or restrict processing
  • Withdraw consent (where applicable)
  • Request data portability
  • Lodge a complaint with the Information Commissioner's Office (ICO)

Contact: https://ico.org.uk/concerns/

13. Automated Processing

We do not use automated decision-making or profiling. Any ID or fraud checks are conducted with human oversight.

14. External Links

Our site may contain links to third-party websites. We are not responsible for the privacy practices or content of such sites. Please review their policies independently.

15. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page and, where appropriate, communicated to you by email.

16. Contact Us

If you have any questions about this policy or your data:

Email: info@artscapy.com

Data Protection Officer: Emilia Gyoerk (emilia@artscapy.com)

Artscapy

Close