Artoaart

Privacy Policy

Last Updated: January 2026

1. Introduction

This Privacy Policy explains how Artoaart ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit our website at artoaart.world (the "Website") or purchase our products.

We are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable data protection laws.

By using our Website or services, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our Website or services.

2. Data Controller Information

Company Name: Artoaart

Registered Address: Gateway House, 322 Regents Park Road, London N3 2LN, United Kingdom

Contact Email: assist@artoaart.world

Contact Phone: +44 20 8346 4000

We are the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us using the information provided above.

3. Information We Collect

3.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

  • Place an order for our products
  • Create an account on our Website
  • Subscribe to our newsletter or marketing communications
  • Contact us with inquiries or customer support requests
  • Participate in surveys, promotions, or contests
  • Leave reviews or testimonials

The types of personal information we may collect include:

  • Full name
  • Email address
  • Phone number
  • Billing and shipping address
  • Payment information (processed securely through third-party payment processors)
  • Order history and preferences
  • Communication preferences
  • Any other information you choose to provide

3.2 Information Collected Automatically

When you visit our Website, we automatically collect certain information about your device and browsing behavior, including:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Pages visited and time spent on pages
  • Referring website addresses
  • Date and time of visits
  • Clickstream data

This information is collected through cookies, web beacons, and similar tracking technologies. For more information about our use of cookies, please see our Cookies Policy.

3.3 Information from Third Parties

We may receive information about you from third-party sources, including:

  • Payment processors and financial institutions
  • Delivery and logistics partners
  • Marketing and analytics service providers
  • Social media platforms (if you interact with us through social media)
  • Publicly available sources

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Order Processing and Fulfillment

  • Processing and fulfilling your orders
  • Communicating with you about your orders
  • Arranging delivery and shipping
  • Processing payments and preventing fraud
  • Handling returns and refunds

Legal Basis: Performance of a contract, legitimate interests

4.2 Customer Service and Support

  • Responding to your inquiries and requests
  • Providing customer support
  • Resolving disputes and troubleshooting issues
  • Conducting customer satisfaction surveys

Legal Basis: Performance of a contract, legitimate interests, consent

4.3 Marketing and Communications

  • Sending promotional emails and newsletters (with your consent)
  • Informing you about new products, special offers, and updates
  • Conducting market research and analysis
  • Personalizing your experience on our Website

Legal Basis: Consent, legitimate interests

4.4 Website Improvement and Analytics

  • Analyzing Website usage and performance
  • Improving our Website functionality and user experience
  • Conducting research and development
  • Testing new features and services

Legal Basis: Legitimate interests, consent

4.5 Legal and Security Purposes

  • Complying with legal obligations and regulations
  • Protecting against fraud, security threats, and illegal activities
  • Enforcing our terms and conditions
  • Defending legal claims
  • Protecting the rights, property, and safety of our company, customers, and others

Legal Basis: Legal obligation, legitimate interests

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. However, we may share your information with the following categories of recipients:

5.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

  • Payment processing companies
  • Shipping and delivery services
  • Email and communication platforms
  • Web hosting and cloud storage providers
  • Marketing and analytics services
  • Customer relationship management (CRM) systems
  • IT support and security services

These service providers have access to your personal information only to perform specific tasks on our behalf and are obligated to protect your data and use it only for the purposes we specify.

5.2 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change and the choices you may have regarding your personal information.

5.3 Legal Requirements

We may disclose your personal information if required to do so by law or in response to:

  • Valid legal processes (such as subpoenas, court orders, or warrants)
  • Requests from government authorities or law enforcement agencies
  • Protection of our legal rights and interests
  • Investigation of potential violations of our terms and conditions
  • Detection, prevention, or addressing of fraud, security, or technical issues

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. International Data Transfers

Your personal information may be transferred to and processed in countries outside the United Kingdom and the European Economic Area (EEA) where data protection laws may differ from those in your jurisdiction.

When we transfer your personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules
  • Other legally approved transfer mechanisms

We take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Our retention periods are based on:

  • Order and transaction data: Retained for 7 years to comply with tax and accounting regulations
  • Customer account information: Retained until you request deletion or close your account, plus 30 days
  • Marketing communications: Retained until you unsubscribe or withdraw consent
  • Website analytics data: Typically retained for 26 months
  • Customer service records: Retained for 3 years after the last interaction
  • Legal and compliance records: Retained as required by applicable laws and regulations

When we no longer need your personal information, we will securely delete or anonymize it in accordance with our data retention and deletion policies.

8. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and UK data protection laws, you have the following rights regarding your personal data:

8.1 Right of Access

You have the right to request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.

8.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

8.3 Right to Erasure (Right to be Forgotten)

You have the right to request that we delete your personal information in certain circumstances, such as when:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent and there is no other legal basis for processing
  • You object to the processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

8.4 Right to Restriction of Processing

You have the right to request that we restrict the processing of your personal information in certain circumstances, such as when you contest the accuracy of the data or object to processing.

8.5 Right to Data Portability

You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

8.6 Right to Object

You have the right to object to the processing of your personal information based on legitimate interests or for direct marketing purposes. We will stop processing your data unless we have compelling legitimate grounds that override your interests.

8.7 Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

8.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state or UK where you reside, work, or where an alleged infringement of data protection law occurred.

UK Supervisory Authority:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Helpline: 0303 123 1113

8.9 Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: assist@artoaart.world
Phone: +44 20 8346 4000
Address: Gateway House, 322 Regents Park Road, London N3 2LN, United Kingdom

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

We may request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

9. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using SSL/TLS protocols (HTTPS)
  • Encryption of sensitive data at rest
  • Regular security assessments and vulnerability testing
  • Access controls and authentication mechanisms
  • Employee training on data protection and security practices
  • Secure data backup and disaster recovery procedures
  • Firewall protection and intrusion detection systems
  • Regular software updates and security patches

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continuously work to maintain and improve our security measures.

If we become aware of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, as required by law.

10. Children's Privacy

Our Website and services are not intended for children under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately. If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information from our systems.

11. Third-Party Links

Our Website may contain links to third-party websites, applications, or services that are not operated or controlled by us. This Privacy Policy does not apply to those third-party sites.

We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit before providing any personal information.

The inclusion of any link does not imply our endorsement of the linked site or service.

12. Marketing Communications

With your consent, we may send you marketing communications about our products, services, promotions, and news that may be of interest to you.

You can opt out of receiving marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email we send you
  • Contacting us directly at assist@artoaart.world
  • Updating your communication preferences in your account settings

Please note that even if you opt out of marketing communications, we may still send you transactional or administrative messages related to your orders, account, or our services.

13. Automated Decision-Making and Profiling

We may use automated decision-making and profiling techniques to:

  • Personalize your experience on our Website
  • Provide product recommendations
  • Detect and prevent fraud
  • Analyze customer behavior and preferences

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. If you wish to exercise this right, please contact us.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will update the "Last Updated" date at the top of this policy.

If we make material changes to this Privacy Policy, we will notify you by:

  • Posting a prominent notice on our Website
  • Sending you an email notification (if you have provided your email address)
  • Other appropriate means as required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal information.

Your continued use of our Website or services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Artoaart
Gateway House, 322 Regents Park Road
London N3 2LN, United Kingdom

Email: assist@artoaart.world
Phone: +44 20 8346 4000

We will make every effort to respond to your inquiry promptly and address any concerns you may have about your privacy and personal data.