Artscapy Privacy Policy
Effective Date: July 09, 2025
1. Introduction
At Artscapy, your privacy is a top priority. We are committed to safeguarding your personal data and ensuring transparency in how we collect, use, and share it. This Privacy Policy explains how we process your personal data in line with:
- The UK General Data Protection Regulation (UK GDPR)
- The Data Protection Act 2018
- The Money Laundering Regulations 2017 (as amended)
- Any applicable regulatory requirements from the FCA and other authorities
Please read this Privacy Policy carefully to understand how we treat your personal data.
2. Who We Are
Company Name: Artscapy Limited
Company Number: 12918699
Registered Address: 36 Fifth Avenue, Hampshire, England, Havant, PO9 2PL
Data Protection Officer: Emilia Gyoerk (Email: emilia@artscapy.com)
Artscapy is a digital platform that brings the art world together to explore, connect, and transact. We conduct ID verification (IDV), anti-money laundering (AML) checks as part of our compliance obligations, which include data information collection from our users in the different services we provide.
3. What Personal Data We Collect
We may collect and process the following data:
Information you provide directly:
- Full name, date of birth, age
- Address, nationality
- Email, phone number
- Copies of identity documents (e.g. passport, driver’s licence for IDV and AML purposes)
- Payment information
- Art account preferences or transaction data
- Source of funds or wealth (for AML purposes)
Information we collect automatically:
- IP address, device data, browser type
- Login and access times
- Website usage data, interaction logs
Special categories of data (where applicable):
- Biometric data for identity verification (for AML purposes)
4. How We Collect Your Data
We collect your personal data:
- Through your interactions on www.artscapy.com
- When you register, subscribe, or purchase/sell artworks
- When using Art Account services
- Through third-party IDV and AML screening services
- From communications by email, phone, or surveys
5. Legal Bases for Processing
We process your data based on:
- Legal Obligation – AML/CFT compliance under UK Money Laundering Regulations
- Contractual Necessity – Delivering services you've requested
- Legitimate Interests – To provide, improve, and secure our services
- Consent – Where required (e.g., marketing, biometric ID verification)
6. How We Use Your Data
We use your data to:
- Verify identity and conduct AML/CFT checks
- Deliver Art Account and trading services
- Fulfil contractual obligations
- Process transactions and payments
- Detect and prevent fraud and financial crime
- Personalise your user experience
- Communicate with you about platform activity
- Send marketing communications (with consent)
- Analyse platform usage for development and security
7. Cookies
We use cookies to:
- Distinguish users
- Improve platform functionality and performance
- Deliver personalised content and marketing
See our Cookie Policy for full details.
8. Sharing Your Data
We share data only where necessary and lawful, including with:
- IDV/AML providers (e.g. Northrow)
- Payment processors (e.g., Stripe, PayPal)
- Hosting and IT providers (e.g., AWS, UNA)
- Business partners (e.g., galleries, dealers)
- Mailchimp (for communications)
- Regulatory authorities (e.g., HMRC, FCA, NCA)
Data transfers outside the UK are protected by adequacy decisions or Standard Contractual Clauses (SCCs).
9. Data Security
We implement strong safeguards to protect your data, including:
- Encrypted storage and transmission
- Secure server infrastructure (e.g., AWS)
- Access control policies
- Staff training and confidentiality obligations
10. International Transfers
Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place:
- Transfers only to countries with adequate protection
- Use of ICO-approved SCCs when applicable
11. Data Retention
We retain your data for as long as necessary:
- At least 5 years after the end of the business relationship (AML obligation)
- Longer if required for legal, tax, or regulatory reasons
- Retention periods consider the data type, purpose, and legal requirements
12. Your Rights
You have rights under UK GDPR, including to:
- Access your data (Subject Access Request – SAR)
- Rectify incorrect or incomplete data
- Erase your data (when no longer needed or consent is withdrawn)
- Object to or restrict processing
- Withdraw consent (where applicable)
- Request data portability
- Lodge a complaint with the Information Commissioner's Office (ICO)
Contact: https://ico.org.uk/concerns/
13. Automated Processing
We do not use automated decision-making or profiling. Any ID or fraud checks are conducted with human oversight.
14. External Links
Our site may contain links to third-party websites. We are not responsible for the privacy practices or content of such sites. Please review their policies independently.
15. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted on this page and, where appropriate, communicated to you by email.
16. Contact Us
If you have any questions about this policy or your data:
Email: info@artscapy.com
Data Protection Officer: Emilia Gyoerk (emilia@artscapy.com)