The General Data Protection Regulation (GDPR) is a European regulation concerning data protection and privacy for all individuals within the European Economic Area. It was implemented in May 2018. You can find the entire regulation and other information on this website: https://ec.europa.eu/
Personal information we are collecting
Most commonly, we will collect any or all of the following:
- First name and surname;
- Personal and/or professional address;
- Personal and/or professional phone number;
- Personal and/or professional email address;
- Age and birth date;
- Bank account information and/or credit card information;
- Work history and title;
- Photograph, headshot;
- Information provided by cookies and similar technologies;
- Interest selections, proposed offers, and purchasing history;
- Communication permissions;
- Artist preferences and creative interest;
- Limited and publically available biographical information including personal interests, hobbies, charitable interests;
- Press clippings; and
- Information about your attendance at our events.
Why we are collecting personal information
We will only collect and use your personal information when the law allows us to do so, in the following cases.
- When it is necessary for our legitimate interest: when your interests and fundamental rights do not override those interests, we collect your personal information to provide you with the best experience of our gallery, to administer, support, improve and obtain feedback on the gallery, the content of our website and our services. We also use your personal information to communicate with you, in order for example to inform you about new shows, special events and gallery updates. We may use images and footage of you for the purpose of photographing and filming our exhibitions and event or in order to keep you, our staff and artworks on our premises secured.
- With your consent: we will use your personal information with your consent, if you have agreed to being added in our database to follow the latest news concerning the gallery or an artist you have interests in.
- Where we need to perform contract with you: we use your information when we need to perform a contract we are entering into or have entered into with you, to send you the goods you have bought, an invoice, or to collect payments.
- Where we need to comply with a legal or regulatory obligation: we may also collect your information in order to comply with the relevant laws or regulatory obligations, such as know-your-customers and anti-money laundering requirements, payment of taxation and customs duties, requirements of the police, courts, regulators or other law enforcement authorities.
How do we collect personal information
Most of the time, we obtain, collect and update information about you via direct contact with you, whether face to face, over the telephone, on a paper form, by email or automatically online as you interact with our website. We collect information via our website by using cookies and other similar technologies. Your image may also be collected by the gallery if you attend any of our events.
We may also collect information about you from third party who refers you to us, or by using external sources, such as newspaper, exhibition catalogues, public auction results, including your use of our social media channel.
How do we keep the information safe
We use appropriate technical and organisational measures to protect the security and integrity of all personal information collected.
We store information in a number of places depending on our requirements to access and use it, and use a variety of security technologies and procedures to protect personal information for unauthorised access or disclosure.
Although we have modern security systems and procedures in place, we cannot guarantee the complete security of personal information held in our system. Despite our best effort, no information is entirely safe from unauthorised intrusion, access or manipulation during transmission.
Who can see the information we have collected
Your personal information will be processed by the Gallery that initially received it and may be transferred internally to other galleries in the group. We have a data transfer agreement with our branches outside of the European Union.
We work with third parties in the provision of some of our services (such as banks, shipping companies, insurers, warehouses, experts who help us with artwork, photographers, professional advisers, regulatory bodies, event venues, art fairs, caterers, and marketing fulfilment and distribution) and it might be necessary for us to share your personal information with them in order for them to be able to provide those services. We require all third parties to respect the security of all personal information and to treat it in accordance with the law and encourage them to meet the requirements of GDPR.
On request, and when relevant, we will provide you details of which third parties we work with. We will also discuss any specific security question you may have regarding your personal information.
Please note that if we sell an artwork to you, we may share the invoice with the artist who made it for their provenance records. We may also need to disclose certain information to appropriate agencies and regulatory authorities to conduct anti money laundering and trade sanctions check and to assist with fraud and crime prevention and detection.
How long do we keep the information
We will retain your personal information for as long as is necessary to provide the relevant services, and to maintain business records. We are required by law to keep information about financial transactions for the current financial year plus an additional time depending on the jurisdiction.
We may store your personal information on our database for reference and to record any preferences that you have shared with us. The information may be used to answer queries, resolve problems, provide improved or new services, respect your rights under GDPR or any other applicable data privacy regulation, for any data retention required by regulations or for keeping an archive of artists, exhibitions and events. This means that we may keep the information after you have ceased any relationship with us.
In some circumstances we may anonymise your personal information for research or statistical purposes in which case we may use the anonymised information indefinitely without further notice to you.
Pursuant to GDPR, EU residents have the legal right to request access to their personal information (commonly known as a “subject access request”). If you exercise this right and we process personal information about you, we are required to provide you with a description and copy of any personal information we may have and tell you why we are processing it.
You also have the right to have your personal information rectified or deleted, to object to its processing, or to have its processing restricted. You may also request the transfer of any of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a commonly used, machine-readable formation.
You will always have the right to opt out of receiving promotional emails and other types of marketing or sales communication from us by clicking on the “unsubscribe” link included at the bottom of each email we sent you, and you will still have the possibility to opt in at a later date.
If you wish to access, verify, update, modify or delete your personal information you may contact us directly at email@example.com.
Should you want to exercise your right to access your personal information, we may request specific information from you to help us confirm your identity. This is a security measure to ensure that no personal information is disclosed to any person who has no right to receive it.
Changes to this policy
Any change we make to our policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any update or change to our policy.
If you have any queries, comments, or complaints in relation with this private policy or the way we are processing your data, please contact us at firstname.lastname@example.org.
We try to respond to all legitimate requests within one month. However, it may take longer if your request is particularly complex or if you have made several requests.
This policy was last updated on 22 October 2018.