Back to Home

Privacy Policy

Last updated: January 31, 2026

This Privacy Policy and Cookie Policy defines the purposes and principles of storing and accessing information on User devices through cookies, serving the implementation of services provided electronically by Articollect Sp. z o.o. with its registered office in Wrocław at ul. Grodzka 9, as requested by the User.

1. Definitions

Administrator means ARTICOLLECT Sp. z o.o. ul. Grodzka 9, PL 50-137 Wrocław, NIP 8992977416, REGON 526974623, which provides electronic services through the Service in the articollect.io domain and stores and gains access to information on User devices.

Cookies means computer data, in particular small text files, saved and stored on Users' end devices through which the User uses the Service's websites.

Administrator Cookies means cookies placed by the Administrator, related to the provision of electronic services by the Administrator through the Service.

External Cookies means cookies placed by the Administrator's partners through the Service's website.

Service means the website or application under which the Administrator operates an internet service, operating in the articollect.io domain.

Device means an electronic device through which the User gains access to the Service.

User means an entity for whom, in accordance with the Terms and Conditions and legal provisions, electronic services may be provided or with whom an Agreement for the provision of electronic services may be concluded.

2. Information and Personal Data Protection

The Administrator exercises particular care in protecting the privacy and data of Service users, in particular applies the principles set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR.

The Administrator guarantees all persons logging in, filling out contact forms and registering in the Service that data will be properly protected in accordance with Polish law and European Union law.

3. Purposes of Personal Data Processing

The Administrator processes Users' personal data for the following purposes: providing art authentication and cataloging services, managing user accounts and collections, communicating with users regarding service-related matters, fulfilling legal obligations incumbent on the Administrator, direct marketing of own products and services (with consent), conducting analyses and statistics to improve service quality, and ensuring security and protection against abuse.

4. Types of Personal Data Processed

Identification and Contact Data

We collect and process your name, email address, phone number, and business information including company name and position when provided.

Technical Data

This includes your IP address, device and browser information, service activity data, and cookies and similar technologies used during your interaction with our platform.

Artwork-Related Data

We process images of artworks uploaded by users, metadata about collections and artworks, provenance and authenticity information, and transactional and ownership data related to art pieces.

5. Legal Basis for Processing

The Administrator processes personal data based on the following legal grounds specified in GDPR:

  • Consent (Art. 6(1)(a) GDPR) - in cases of voluntary data provision or consent to marketing communications
  • Contract Performance (Art. 6(1)(b) GDPR) - for providing services and fulfilling contractual obligations
  • Legitimate Interest (Art. 6(1)(f) GDPR) - for analytical purposes, security, and service improvements
  • Legal Obligation (Art. 6(1)(c) GDPR) - to fulfill legal requirements

6. Data Retention Period

The Administrator retains personal data for the period necessary to achieve the purposes for which it was collected:

  • Account Data - retained until account deletion or 3 years from last activity
  • Transaction Data - kept for 10 years in accordance with tax regulations
  • Marketing Data - retained until consent withdrawal or 2 years of inactivity
  • Technical Logs - maintained for 12 months for security purposes

7. Personal Data Sharing

The Administrator may share personal data with:

  • Service Providers - companies providing technical services and support
  • Business Partners - museums, galleries, and authentication experts (with consent)
  • Legal Authorities - when required by law or to protect our rights
  • Business Transactions - mergers, acquisitions, or asset sales

The Administrator does not sell personal data to third parties for marketing purposes.

8. Data Transfers Outside EEA

Data may be transferred and processed in countries outside the European Economic Area (EEA). The Administrator ensures appropriate safeguards including Standard Contractual Clauses approved by the European Commission, adequacy decisions issued by the European Commission, and other appropriate safeguards required by GDPR.

9. Rights of Data Subjects

In accordance with GDPR, you have the following rights:

  • Right of Access (Art. 15 GDPR) - the right to obtain information about processed data
  • Right to Rectification (Art. 16 GDPR) - the right to correct inaccurate data
  • Right to Erasure (Art. 17 GDPR) - the right to request deletion of personal data
  • Right to Restrict Processing (Art. 18 GDPR) - the right to limit how data is used
  • Right to Data Portability (Art. 20 GDPR) - the right to receive data in a structured format
  • Right to Object (Art. 21 GDPR) - the right to object to processing based on legitimate interest
  • Right to Withdraw Consent - the right to withdraw consent for data processing

To exercise these rights, please contact the Administrator at hello@articollect.io. A response will be provided within 30 days.

10. Cookies

The Service uses cookies to ensure proper website functionality, content personalization, and traffic analysis. We distinguish the following types of cookies:

  • Essential Cookies - necessary for service functionality, including user account management and security
  • Analytical Cookies - used to analyze how the service is used and improve its functionality (Google Analytics)
  • Marketing Cookies - used for ad personalization and tracking marketing campaign effectiveness

Users can manage cookie settings through their web browser settings. Disabling certain cookies may affect service functionality.

11. Data Security

The Administrator implements appropriate technical and organizational measures to protect personal data, including data encryption during transmission and storage, regular security audits and updates, access controls and authentication measures, and employee training on data protection.

12. Children's Data

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental or guardian consent.

13. Data Protection Officer

For matters concerning personal data protection, you can contact our Data Protection Officer at: dpo@articollect.io

14. Supervisory Authority

You have the right to lodge a complaint with the supervisory authority:

Urząd Ochrony Danych Osobowych (UODO)

ul. Stawki 2, 00-193 Warszawa, Poland

Phone: +48 22 531 03 00

Website: uodo.gov.pl

15. Changes to Privacy Policy

The Administrator may periodically update this Privacy Policy. We will inform about significant changes by publishing a new version on our website and updating the "Last updated" date.

16. Contact

If you have questions regarding this Privacy Policy or data processing practices, please contact us:

Email: hello@articollect.io

Address: Articollect Sp. z o.o., ul. Grodzka 9, PL 50-137 Wrocław, Poland

Data Protection Officer: dpo@articollect.io

Privacy Policy | Articollect