Privacy policy
This Website is operated by Art Odyssey SAS AG (“Art Odyssey”, “we”,
“our” or “us”), a company incorporated under the laws of France
(registration number 953 902 947). Our address is 340 Rue Saint Honoré,
75001, Paris, France. ARTEX AG is the parent company of Art Odyssey and
is a company incorporated in the Principality of Liechtenstein with its
registered offices at Aeulestrasse 24, 9495 Triesen, under registration
number, FL-0002.641.606-1.
We understand that your privacy is important to you and that
you care about how your personal data is collected, stored and used. We
respect and value the privacy of everyone who visits this website,
www.artexplored.com (“Our Site”) and we will only collect and use
personal data in ways that are described here, and in a way that is
consistent with our obligations and your rights under the law.
We
are committed to implementing necessary measures for the
confidentiality, availability and integrity of the data.
Please
read this Privacy Policy carefully and ensure that you understand it.
Effective Date: July 7, 2023
1. Purpose
This Privacy Policy (“Policy”) applies only to your use of Our Site. Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
This Policy applies to ART ODYSSEY as a processor of personal data and ARTEX AG shall act as the controller for data protection purposes. We are committed to our responsibilities under the data protection laws, including the European General Data Protection Regulation (“GDPR”), and other applicable legal provisions on the protection and privacy of personal data and data security.
The purpose of this Policy is to provide information on the collection, storage and processing of your personal data by ART ODYSSEY and its Affiliates, and information on the rights you have under data protection legislation.
2. Defenitions
3. Application
This Policy applies to the way ART ODYSSEY collects and processes your personal data. Generally, personal data will be collected and processed by us in the way you have engaged with us. Therefore, the Policy applies to individuals who access, use, attend, and/or interact with our products, services, websites, events, digital properties, platforms, software, and application(s), including mobile application, to independent contractors or consultants whom we engage to perform and/or provide a service, and to subcontractors, vendors, suppliers, or service providers and to the personnel of the same.
4. Our Role
ART ODYSSEY is a processor of personal information in respect of the services provided unless stated otherwise. Your information may be shared and processed by another Affiliate where there may be overlap in services. Should you have any questions concerning your personal information in relation to the services provided, please contact:
Group Data Protection Officer
ART ODYSSEY SAS,
340 Rue Saint Honoré,
75001, Paris, France.
Email: [email protected]
5. What is Personal Data ?
Personal data is defined by the GDPR as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information, such as your name and contact details, but it also covers less obvious information, such as identification numbers, electronic location data, and other online identifiers.
6. Sources of Personal Information
We collect personal information about you (e.g., your access, use, and/or
interactions with us and our services) from certain third parties and other
sources.
Such data we obtain from you may include:
- through your interactions with us and our services;
- through signing up to use a service, request information or receive marketing or other communications from us (e.g., marketing emails, alerts, newsletters, etc.);
- through your system/device and use of our services;
- through cookies and similar technologies included in our services;
- when you apply for an advertised job or via a third-party recruiter who provides your resume or details;
- through your engagement with us as an independent contractor/consultant.
- collect personal information about you from third parties such as:
- the party or person(s) arranging for you to access our Services (e.g., your employer, subscriber, an organization, group, or association to which you belong or are associated with) in order to set up a user account or otherwise to access and/or use our services;
- partners and service providers who work with us in relation to our services;
- companies that provide content or information to be used in our services;
- public domain sources (e.g., sources available to the public and typically over the internet (e.g., websites available to the general public), available in or through widely distributed media, and from government databases, records, and systems (e.g., register of UBOs, NCA registries, local trade registries, sanctions list, etc.).
To the extent that any personal information is provided to us by a third party, other than the data subject, such third parties are also responsible for their own compliance with applicable data protection and privacy laws.
7. Types of Personal Information We Collect
Depending upon the Services you use or your interactions with us, on the relevant Service(s), the personal information we collect may include:
We do not collect any personal data relating to children.
With your permission and where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone, text message and post with information, news, and offers on our or products or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection laws and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.
Third Parties whose content appears on Our Site may use third-party Cookies. Please refer to the Cookie Policy for more information on controlling cookies. Please note that we do not control the activities of such third parties, nor the data that they collect and use themselves, and we advise you to check the privacy policies of any such third parties.
8. Purposes of Processing and Legal Basis
We and third-party service providers acting on our behalf, will, in particular, use your personal data for the purpose of performing contracts between you and us (Art. 6 (1) lit. b GDPR), complying with legal and regulatory obligations (Art. 6 (1) lit. c GDPR) and in certain individual cases to pursue other compelling legitimate interests of the Company (Art. 6 (1) lit. f GDPR).
If we want to process your personal data for specific purposes that are not covered by the purposes specified above, we will request your consent in accordance with the relevant statutory requirements (Art. 6 (1) lit. a GDPR).
The lawful basis we rely on for processing this information are:
In the limited circumstances where we process sensitive personal data, we normally do so where:
- necessary in relation to employee obligations;
- personal data is within the public domain;
- necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
- processing is necessary for reasons of substantial public interest, on the basis of applicable law.
9. Sharing Your Data
We will not share any of your personal data with any third parties for any purposes, subject to the following exception(s):
- If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy.
- In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
- We may share your personal data with Affiliates for outsourcing purposes. This includes the holding company and its subsidiaries.
- We may sometimes contract with the following third parties to supply certain products services.
If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
If any personal data is transferred outside of the EEA, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the EEA and under the Data Protection laws.
10. Retention of Your Personal Data
We will retain personal data for a reasonable period, considering legitimate business needs to capture and retain such information as required by our internal retention policies. Information will also be retained for a period necessary to comply with legal and regulatory or country-specific regulations and requirements and in accordance with our Document Retention Schedule. By using state-of-the-art security software and certified coding and encryption processes, our IT infrastructure complies with international security standards. In addition, we have taken additional, extensive security precautions and technical and organisational measures to protect your data from loss, unauthorised access or misuse.
11. Disclosure of Your Personal Data
We may use third-party service providers as well as associated group entities, which will receive access to your personal data to fulfil the tasks commissioned to them. Our partners are meticulously chosen and are obliged under Art. 28 GDPR to observe data protection standards. The service providers and associated group entities we may commission will process your personal data exclusively in accordance with our instructions and only to the extent required to perform the commissioned service. All employees of ART ODYSSEY and its Affiliates including the staff of the commissioned service providers have to treat your personal data confidentially.
Where personal data is transferred to non-EEA jurisdictions, stringent policies are implemented. See Non-EEA Transfers of Personal Data.
We might furthermore be obliged to pass your personal data to such other recipients as authorities to fulfil statutory reporting obligations.
12. Non-EEA Transfers of Personal Data
The ARTEX group has an international presence. Personal information may be transferred, accessed and stored globally as necessary for the uses stated above in accordance with this Policy, and in compliance with local regulations.
Personal Data may be transferred to or processed in locations outside of the European Economic Area (EEA), some of which have not been determined by the European Commission to have an adequate level of data protection. In that case, for personal data subject to European data protection laws, we take measures designed to provide the level of data protection required in the EU, including ensuring transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission or another adequate transfer mechanism. ART ODYSSEY and its Affiliates entities have entered into intragroup transfer agreements based on the Standard Contractual Clauses (where applicable), which allow for the processing and transfer of personal data and have a legitimate interest.
Where we receive requests to disclose personal data from law enforcement or regulators, we carefully validate these requests, including reviewing the legality of any order and challenging the order if there are grounds under the law to do so before any personal data is disclosed.
13. How and Where Do You Store or Transfer My Personal Data?
We will store your personal data within the European Economic Area (the “EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the EU GDPR and/or to equivalent standards by law. Transfers of personal data to the UK from the EEA are permitted without additional safeguards. We store some or all your personal data in countries outside of EEA. These are known as “third countries”. We will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within Lichtenstein and under the Data Protection Law as follows:
- We will only store or transfer personal data in or to countries that are deemed to provide an adequate level of protection for personal data.
- We will use specific approved contracts which ensure the same levels of personal data protection that apply under the DSG and DSV.
14. Summary of Cookies Policy
ART ODYSSEY owns and controls the www.artexplored.com website.
Our Site utilises no cookies. We use Plausible as our analytics. All the site measurement is carried out absolutely anonymously. Cookies are not used, and no personal data is collected. There are no persistent identifiers. No cross-site or cross-device tracking either. All visitor data is exclusively processed with servers owned and operated by European companies and it never leaves the EU.
Plausible is privacy-friendly analytics. All the site measurement is carried out absolutely anonymously. Cookies are not used and no personal data is collected. There are no persistent identifiers. No cross-site or cross-device tracking either. Your site data is not used for any other purposes. All visitor data is exclusively processed with servers owned and operated by European companies and it never leaves the EU.
15. Your Data Protection Rights
Under data protection law, you have the following rights:
- Your right to be informed about our collection and use of your personal data. This Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details below.
- Your right of access - You have the right to ask us for copies of your personal information.
- Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
- Your right to be forgotten – You have the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details below.
- Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent
- the accuracy of the personal data is contested;
- the processing is unlawful but you object to the erasure of the personal data; or
- we no longer require the personal data, but it is still required for the establishment, exercise or defense of a legal claim.
These rights are not absolute, and they do not always apply in all cases. For more information about our use of your personal data or exercising your rights as outlined above, please contact us.
16. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details
Data Protection Officer
340 Rue Saint Honoré,
75001, Paris,
France.
Email: [email protected]
17. How to Complain
If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected]
You can also complain to the French Data Protection Office - Commission Nationale de l’Informatique et des Libertés if you are unhappy with how we have used your data.
Commission nationale de l'informatique et des libertés
3 Place de Fontenoy
TSA 80715 75334 Paris CEDEX 07
France
Website: https://www.cnil.fr/en/particulier
Contact the helpline for legal information.
You can call from Monday,
Tuesday, Thursday and Friday from 10 a.m. to 12 p.m.:
+33 (0)1.53.73.22.22
18. Change to This Policy
We may occasionally update this Privacy Statement to reflect changes in our business or to comply with applicable law and regulations. We therefore advise you to review this statement regularly to ensure that you are updated with any changes. Any changes will be immediately posted on Our Site, and you will be deemed to have accepted the terms of the Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up to date.
This Privacy Policy was last updated on July 7, 2023.