WHO WE ARE
The Tree Art Gallery Ltd (“we”/ “us”) is a company registered in England and Wales with company number 13686490 and having its registered office at The Drive, Whittington, Worcester, Worcestershire, England, WR5 2RQ, United Kingdom. By accessing the website at www.thetreeartgallery.com (the “Website”), you acknowledge and consent to the information collection and use practices by us in our capacity as data controller as described below. Please read this Privacy Notice carefully and contact us if you have questions or concerns at email@example.com or write to us at our above registered address.
Personal data means data relating to natural persons who can be identified or who are identifiable, directly from the data in question or who can be indirectly identified from that data in combination with other data (“Personal Data”).
We set out below the categories of Personal Data that we may process:
- “Contact Data” includes data such as your delivery address, billing address, email address and telephone numbers;
- “Financial Data” means data relating to your payment (such as credit or debit card number, bank account information, purchase amount, date of purchase, payment method and in some cases, information about your purchases);
- “Identity Data” includes first name, last name, maiden name, username or similar identifier; and
- “Technical Data” includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using.
Most of the Personal Data we process is provided directly by you or made available when you access or use the Website. We set out below some examples of how you may provide Personal Data to us:
- submitting information to the Website by filling in forms and sending enquiries (for example, if you enquire about a price of an artwork or when you consign an artwork to us);
- contacting us by phone, mail, e-mail, social media or otherwise;
- information related to your attendance of, and interest in, our events; and
We may use your Personal Data for the following purposes and reasons:
- Contract: We may process your Identity Data, Contact Data and Financial Data that you provide when you enquire about or purchase an artwork from us or consign an artwork to us. We process this Personal Data to enable us to carry out the pre-contract and contractual relationship between you and us.
- Consent: When you subscribe to the newsletter and enable us to send it to you on a monthly basis, we may process your Contact Data and Identity Data. You have the right to withdraw consent at any time, simply click the link provided in the newsletter or contact us in writing.
- Legitimate Interests:
- We may also process additional data that you submit to us (for example, requests for customer support and technical assistance) and Technical Data that we automatically collect using cookies, server logs and other similar technologies.
- We may process the Personal Data of a previous client or artist with whom we have worked to personalise emails, send updates about us and the material changes in the Privacy Notice, or for other purposes permitted by law.
- We may provide you with information about artworks or exhibitions we feel may interest you. If you are an existing client, we will only contact you by electronic means with information about artworks similar to those which were the subject of a previous sale to you or consignment by you.
Where we rely on our legitimate business interests to process these categories of Personal Data about you, we will balance our legitimate interests against your interests and rights (for example, responding to inquiries, improving the Website, and enabling network and information security).
- Legal Obligation: We may process your Personal Data to comply with our legal obligations or making disclosures to government, regulatory or other public bodies where in our reasonable opinion the disclosure is appropriate and permitted by law. This includes legal obligations with respect to Anti-Money Laundering (“AML”) requirements if applicable as set out under Clause 4 of this Privacy Notice.
We may also collect Personal Data to perform other functions that are not listed above, which will either be described to you when the Personal Data is collected or it may be collected if you have granted your consent for a particular purpose.
SENSITIVE PERSONAL DATA
For certain transactions, we may be required to fulfil some AML obligations for regulatory purposes and we may collect Personal Data about you through direct interaction, such as requesting copies of passports, proof of address and other information or through third parties/ publicly available sources, for example when we need to conduct background checks. These obligations may also require us to process more sensitive categories of Personal Data which require greater protection because it is more sensitive (“Sensitive Personal Data”). Sensitive Personal Data may include identifiers from the following categories of data:
- “Criminal Offence Data” is Personal Data relating to criminal convictions and offences or related security measures and may include a wide range of information about criminal activity, allegations, investigations and proceedings; and
- “Special Category Data” includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
We will process your Sensitive Personal Data in accordance with the lawful basis set out below and the additional conditions and safeguards set out in Schedule 1 of the Data Protection Act 2018.
We use third-party platforms to support communications. We are not responsible for their privacy practices and you are encouraged to read their privacy notices. The third-party platforms currently used are set out below, but may change from time to time:
- Art Logic Media Ltd (“Art Logic”): A website and database integration, CRM and built-in sales management. We use Art Logic to host the Website, manage inventory, for invoicing and accounting, and to manage marketing and event lists. Please read Art Logic’s privacy notice here to understand how they process your Personal Data, particularly your Identity Data, Contact Data and Technical Data. We may also store your Personal Data, including your Sensitive Personal Data processed pursuant to Clause 4 of this Privacy Notice, on Art Logic’s CRM database which is subject to the storage safeguards and security measures outlined in Clause 7 of this Privacy Notice.
- Google Analytics: A web analytics service that provides statistics and basic analytical tools to track and report website traffic for marketing and search engine optimisation purposes. We use Google Analytics to keep track of how the Website is performing. Please read Google Analytics’ privacy notice hereto understand how they process your Personal Data in, particularly your Technical Data.
- ArtAML Limited (“ArtAML”): An anti-money laundering (AML) software designed for art market participants. We use ArtAML to perform AML checks and risk assessments on clients. Please read ArtAML’s privacy notice here to understand how they process your Personal Data, particularly your Sensitive Personal Data.
We will not share your Personal Data with third parties other than as necessary for the purposes outlined above and only with third party service providers that provide business, professional or technical support functions on our behalf or as required by law.
Your Personal Data may be transferred outside the UK. For example, this may be in relation to an international sale or where we are sharing information with our third party service providers who operate outside the UK. We only transfer your Personal Data outside of the UK where we are satisfied that the transfer is in accordance with applicable data protection and privacy laws.
STORAGE AND RETENTION
We are strongly committed to protecting your Personal Data and we take reasonable and appropriate steps to protect your Personal Data from unauthorised access, loss, misuse, alteration or corruption. As set out above, we use Art Logic as our CRM system, to store Personal Data on clients and artists. It has many built-in security features, such as 256 bit encryption, and implements best practice procedures to prevent unauthorised access to best safeguard your Personal Data. Art Logic’s safeguards and security measures can be accessed here. In addition, we have also put in place physical, electronic, and organisational procedures to safeguard and secure the Personal Data you provide to us, including industry-standard access controls such as secure passwords and multi factor authentication.
We take reasonable steps to ensure that the Personal Data we hold about you is as accurate and complete as is necessary to carry out the relevant purposes described in this Privacy Notice and we will retain your Personal Data for so long as is reasonably necessary for us to fulfil the relevant purposes described in this Privacy Notice, unless a longer retention period is required or permitted by law (for example for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements or in the event of a complaint or where there is a prospect of litigation).
We will then securely dispose of your Personal Data that we hold by permanently deleting it and any back-up files. Personal Data shared with third party service providers is stored and deleted according to their privacy notices.
Please be aware that no electronic transmission or storage of Personal Data can be guaranteed to be 100% secure. We cannot and do not warrant the security of any Personal Data that you transmit, and all such transmissions are done at your own risk.
Under the Data Protection Act 2018, you have rights including:
- Right of Access: To ask for copies of your Personal Data.
- Right to Rectification: To ask to rectify inaccurate/incomplete Personal Data.
- Right to Erasure: To ask for your Personal Data to be erased in certain circumstances.
- Right to Restriction of Processing: To ask to restrict the processing of your Personal Data in certain circumstances.
- Your right to Object to Processing: To object to the processing of your Personal Data in certain circumstances.
- Your right to Data Portability: To ask that your Personal Data be transferred to another organisation, or to you, in certain circumstances.
For more information or to exercise your data protection rights regarding our processing, please contact us in writing. We will try to respond to all legitimate requests within one month.
If you are unhappy with any aspect of how we handle your Personal Data you can make a complaint to the Information Commissioner’s Office (ICO) here.
CHANGES TO THE PRIVACY NOTICE
This Privacy Notice may be updated from time to time. All amendments will take effect immediately upon posting of the updated Privacy Notice on this Website. If the changes are material, we will post a notice on the Website before the changes go into effect. We encourage you to periodically review this Privacy Notice to stay informed about how we are helping to protect your Personal Data.
This version of the Privacy Notice was last updated on 10 December 2021.