Privacy Policy

Privacy Policy & Data Protection Information

Last updated: 12 December 2025

This Privacy Policy explains how ARTPIQ GmbH (“ARTPIQ”, “we”, “us”, “our”) collects and uses personal data when you visit our website www.artpiq.net

, purchase or rent artworks, use our services, interact with us on social media, or otherwise communicate with us.

We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable German data protection laws.

By using our website and services, you acknowledge that you have read this Privacy Policy.

1. Controller and Contact Details

The controller under Article 4(7) GDPR is:

ARTPIQ GmbH
Rheinallee 25
40549 Düsseldorf
Germany

Email: info@artpiq.net


Phone: +49 172 587 3336

If you have questions about this Privacy Policy or about data protection at ARTPIQ, you can contact us at any time using the above details.

We have not appointed a Data Protection Officer. If this changes, we will update this Privacy Policy with the relevant contact details.

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • (including any sub‑pages);

  • online purchases and rentals of artworks and related services;

  • opening and use of customer accounts and memberships;

  • newsletter subscriptions and other marketing communications;

  • participation in events, exhibitions and advisory services;

  • communication with us via email, contact forms or social media.

This Privacy Policy does not apply to third‑party websites, services or social media platforms that you may access via links from our website.

3. Legal Bases for Processing

We process personal data on the following legal bases under Article 6(1) GDPR:

  • Performance of a contract or steps prior to entering into a contract (Art. 6(1)(b) GDPR),
    e.g. when you place an order, rent artworks or create an account.

  • Compliance with a legal obligation (Art. 6(1)(c) GDPR),
    e.g. tax and commercial law retention obligations.

  • Legitimate interests (Art. 6(1)(f) GDPR),
    e.g. to operate and secure our website, answer enquiries or prevent fraud.

  • Consent (Art. 6(1)(a) GDPR),
    e.g. for newsletters, non‑essential cookies and certain analytics/marketing tools.

Where we rely on consent, you may withdraw it at any time with effect for the future (see section 10).

4. Categories of Personal Data, Purposes and Legal Bases

4.1 When you visit our website

Data categories

  • IP address, date and time of the request;

  • URL, referrer URL, pages viewed, access status/HTTP status code;

  • browser type and version, operating system, device information;

  • basic location information (e.g. country/city based on IP, if configured);

  • cookie identifiers and similar technologies (see section 5).

Purposes

  • to display the website and ensure technical delivery;

  • to maintain IT security and server stability;

  • to detect and prevent abuse;

  • to measure reach and improve our content (where analytics and marketing tools are used).

Legal bases

  • For technically necessary data processing and security: legitimate interests (Art. 6(1)(f) GDPR).

  • For analytics / marketing cookies or tools: your consent (Art. 6(1)(a) GDPR), collected via our cookie banner.

4.2 Customer accounts and memberships

Data categories

  • Identification and contact details: first and last name, address, email address, phone number;

  • login data: username, password (hashed), account settings;

  • membership details: membership type, status, starting date, preferences;

  • communication history relating to your account or membership.

Purposes

  • to create and manage your customer account or membership;

  • to provide access to account features and membership benefits;

  • to communicate with you about your account, membership or changes to our terms.

Legal basis

  • Performance of a contract / pre‑contractual steps (Art. 6(1)(b) GDPR).

If you do not provide the data marked as mandatory during registration, we cannot create an account or membership for you.

4.3 Purchases and rentals of artworks

Data categories

  • Identification and contact details (see above);

  • order details: artworks ordered or rented, prices, order date, payment status;

  • payment information (e.g. payment method, masked card data or transaction IDs – detailed card data are usually processed directly by the payment service provider);

  • delivery and billing address, shipping information, logistics data;

  • communication related to your order or rental (support requests, returns etc.).

Purposes

  • to process and fulfil your orders and rentals;

  • to provide customer support and handle returns, refunds and complaints;

  • to manage our accounting and comply with statutory retention obligations;

  • to prevent and investigate fraud or abuse.

Legal bases

  • Performance of a contract / pre‑contractual steps (Art. 6(1)(b) GDPR);

  • Compliance with legal obligations, particularly under commercial and tax law (Art. 6(1)(c) GDPR);

  • Legitimate interests in preventing fraud and abuse (Art. 6(1)(f) GDPR).

4.4 Newsletter and marketing communications

If you sign up for our newsletter or agree to receive marketing from us, we process:

Data categories

  • email address and, if provided, name and title;

  • marketing preferences and consent information (time, source, etc.);

  • statistics such as email opens and clicks (if enabled) to understand which content is most relevant.

Purposes

  • to send you newsletters, invitations to events, recommendations and information about our artists, exhibitions, artworks, rentals and services;

  • to measure and analyse the effectiveness of our campaigns.

Legal basis

  • Consent (Art. 6(1)(a) GDPR).

You may unsubscribe at any time, e.g. by using the “unsubscribe” link in our emails or by contacting us directly.

Where permitted by law, we may also send existing customers marketing emails for similar products or services based on our legitimate interests (Art. 6(1)(f) GDPR). In such cases you can object at any time (see section 10).

4.5 Contact requests, advisory services, events

When you contact us via email, contact form, phone or social media, or when you take part in advisory services, events, exhibitions or similar activities, we process:

Data categories

  • contact details (name, email, phone number, address);

  • the content of your enquiry or message, including any attachments;

  • event‑ or project‑related data (e.g. event registrations, advisory notes, preferences).

Purposes

  • to respond to and manage your request;

  • to provide advisory services and manage event participation;

  • to maintain business relationships with collectors, artists and partners.

Legal bases

  • Legitimate interests in answering enquiries and maintaining relationships (Art. 6(1)(f) GDPR);

  • Performance of a contract / pre‑contractual steps where your request relates to an existing or intended contract (Art. 6(1)(b) GDPR).

4.6 Data we receive from third parties

We may receive personal data from third parties, for example:

  • logistics and shipping providers (delivery status);

  • payment service providers (confirmation of payment status);

  • marketing or social media platforms (where you interact with our content);

  • publicly available sources (e.g. professional profiles, company websites).

We use such data only for the purposes for which it was provided to us (e.g. to complete your order, respond to your enquiries or reach potential business partners) and in accordance with Articles 13 and 14 GDPR.

5. Cookies and Similar Technologies

We use cookies and similar technologies (e.g. pixels, local storage) on our website. Cookies are small text files that are stored on your device.

5.1 Types of cookies we use

  • Strictly necessary cookies – required for the basic functioning of the site
    (e.g. to remember your shopping cart, login sessions, cookie preferences, security).

  • Functional cookies – help us remember your preferences and improve usability
    (e.g. language settings, saved forms).

  • Analytics cookies – help us understand how visitors use our site
    (e.g. which pages are visited most frequently, how users navigate).

  • Marketing / targeting cookies – used to deliver personalised content or adverts and to measure the effectiveness of campaigns (e.g. Google Ads, Meta Pixel).

5.2 Cookie consent and settings

When you first visit our website, we display a cookie banner where you can choose whether to allow non‑essential cookies (analytics and marketing). You can change or withdraw your consent at any time via the cookie settings on our website, where available, or by adjusting your browser settings.

  • Strictly necessary cookies are processed based on our legitimate interests in providing a secure and functional website (Art. 6(1)(f) GDPR) and/or performance of a contract (Art. 6(1)(b) GDPR).

  • Analytics and marketing cookies are used only with your consent (Art. 6(1)(a) GDPR).

You can also configure your browser to block cookies, to notify you when cookies are set, or to delete cookies automatically when you close your browser. Please note that disabling certain cookies may affect the functionality of the website.

5.3 Third‑party cookies and tools

In connection with cookies and similar technologies, we use the following main third‑party tools and platforms, which may place cookies or pixels on your device:

  • Squarespace (website hosting and platform)
    Squarespace is used to host and operate our website. In doing so, Squarespace uses cookies and similar technologies to provide core website functions, security and essential analytics for platform operation.

  • Squarespace Email Marketing
    For newsletters and email campaigns, Squarespace’s email marketing tools may use cookies, web beacons and similar technologies to measure email opens, clicks and other interactions.

  • Google Ads and Google Merchant Center
    We use Google Ads and Google Merchant Center to display our products and ads on Google services and partner websites and to track conversions and campaign performance. For this purpose, Google may set cookies and use technologies such as conversion tags.

  • Meta Pixel and Meta marketing tools
    We use the Meta Pixel (e.g. for Facebook and Instagram) and related tools to understand how users interact with our site after seeing or clicking our ads and to show interest‑based advertising (custom audiences). This involves the use of cookies and pixels.

More detailed information about how these providers process personal data (including data transfers to third countries) can be found in section 6 of this Privacy Policy and in the providers’ own privacy policies.

6. Recipients and Categories of Recipients

We may share your personal data, to the extent necessary, with the following categories of recipients:

  • Service providers / processors (Art. 28 GDPR), such as:

    • hosting and IT service providers,

    • providers of shop systems and customer relationship management tools,

    • payment service providers,

    • logistics and shipping companies,

    • newsletter and email service providers,

    • marketing and analytics providers,

    • professional advisers (e.g. tax consultants or legal counsel).

  • Artists and business partners, if necessary for the performance of the contract (e.g. for commissioning, logistics or events).

  • Public authorities and courts where required by law or necessary to establish, exercise or defend legal claims.

Whenever we use processors, they are bound by contract to process personal data only on our instructions and under appropriate technical and organisational security measures.

We do not sell your personal data.

6.1 Squarespace (website hosting and platform)

Our website is hosted and operated using the services of Squarespace. In this context, Squarespace processes personal data such as IP addresses, device and browser data, pages visited and technical log files in order to provide our website, ensure security and perform analytics necessary for the operation of the platform.

  • Purpose: hosting, technical provision and security of our website, basic analytics.

  • Legal basis: our legitimate interests in providing a secure and functional website (Art. 6(1)(f) GDPR); where additional analytics or marketing cookies are used, your consent (Art. 6(1)(a) GDPR).

  • Role: processor under Art. 28 GDPR (to the extent Squarespace processes data on our behalf).

  • Data transfers: Squarespace may process data outside the EU/EEA (e.g. in the United States). Where this is the case, we rely on appropriate safeguards such as Standard Contractual Clauses and additional measures where necessary (see section 7).

6.2 Squarespace (email marketing / newsletters)

We use the email marketing tools provided by Squarespace (e.g. email campaigns) to send newsletters and other email communications to subscribers.

  • Data processed: email address, name (if provided), subscription status, consent information, and interaction with emails (opens, clicks) where tracking is enabled.

  • Purpose: managing mailing lists, sending newsletters and campaigns, and performance analysis.

  • Legal basis: your consent to receive newsletters (Art. 6(1)(a) GDPR); in individual cases, our legitimate interests in direct marketing to existing customers (Art. 6(1)(f) GDPR).

  • Role: processor under Art. 28 GDPR.

  • Data transfers: data may be processed outside the EU/EEA (e.g. in the United States) with appropriate safeguards (Standard Contractual Clauses and, where required, additional measures).

6.3 Google Merchant Center and Google Ads

We use Google Merchant Center and Google Ads to display our products and advertisements on Google services and partner websites and to measure and optimise the effectiveness of these campaigns.

Depending on your cookie and tracking settings, Google may process:

  • online identifiers (e.g. cookie IDs, advertising IDs),

  • IP address and device information,

  • pages viewed, actions on the site (e.g. visits to product pages, purchases),

  • technical log data and approximate location data.

  • Purpose: online advertising, remarketing, conversion tracking, performance measurement and optimisation of our campaigns.

  • Legal basis: your consent for the use of marketing and analytics cookies / tags (Art. 6(1)(a) GDPR). In limited cases, where permitted by law, we may rely on legitimate interests (Art. 6(1)(f) GDPR).

  • Roles: Google typically acts as an independent controller; in certain measurement products there may be a joint controllership under Art. 26 GDPR.

  • Data transfers: data may be processed by Google outside the EU/EEA (especially in the United States). We rely on the applicable safeguards provided by Google, such as Standard Contractual Clauses and additional technical and organisational measures (see section 7).

You can manage your preferences via our cookie banner and through your browser and Google account settings.

6.4 Meta (Meta Pixel and marketing)

We use the Meta Pixel and related tools of Meta Platforms (for example for Facebook and Instagram) to analyse how users interact with our website after seeing or clicking on our ads and to show interest‑based advertising (“custom audiences”).

Depending on your settings and consent, Meta may process:

  • information about your visit to our website (pages visited, actions such as viewing content or purchases),

  • online identifiers (e.g. cookies, advertising IDs),

  • device and browser information,

  • hashed email address or other identifiers, where used for audience building.

  • Purpose: conversion tracking, audience measurement, interest‑based advertising, optimisation of our Meta campaigns.

  • Legal basis: your consent to the use of the Meta Pixel and related marketing tools (Art. 6(1)(a) GDPR).

  • Roles: For certain processing operations (e.g. measurement and targeting), Meta and we may act as joint controllers within the meaning of Art. 26 GDPR. In all other respects, Meta processes data as an independent controller. The essential elements of any joint controllership arrangement are made available by Meta.

  • Data transfers: data may be processed outside the EU/EEA (in particular in the United States). Meta relies on appropriate safeguards such as Standard Contractual Clauses; we configure the tools to minimise data where possible (see section 7).

You can withdraw your consent at any time via our cookie settings and also control personalised advertising in your Meta account and device settings.

7. International Data Transfers

Some service providers may be located outside the European Union (EU) and the European Economic Area (EEA) or may process data outside these territories (e.g. cloud providers, analytics or marketing tools such as Squarespace, Google and Meta). Where this is the case, we ensure that an adequate level of data protection is provided before any transfer takes place, in particular by:

  • an adequacy decision of the European Commission under Article 45 GDPR, or

  • appropriate safeguards under Article 46 GDPR, such as Standard Contractual Clauses approved by the European Commission, and, where necessary, additional technical and organisational measures.

You can request a copy of the relevant safeguards by contacting us.

8. Retention Periods

We store personal data only for as long as necessary for the purposes described in this Privacy Policy, including to meet legal, accounting or reporting obligations.

In particular:

  • Contractual and financial data relating to purchases or rentals are generally kept for up to 10 years in accordance with statutory retention periods under German commercial and tax law.

  • Customer account data is stored for as long as the account exists. If you request deletion, we will delete or anonymise the data, unless legal retention obligations require longer storage.

  • Newsletter and marketing data is stored until you withdraw your consent or object to processing, plus a limited period to document that we respected your request.

  • Server logs and security‑related data are usually stored for a short period (typically up to 30 days) and then deleted or anonymised, unless longer storage is required for security or evidence purposes.

Where exact retention periods cannot be specified, we apply criteria such as the length of our business relationship, statutory limitation periods and risk considerations.

9. Obligation to Provide Data

You are not legally required to provide personal data when using our website for purely informational purposes. However, when you wish to enter into a contract with us (for example, to purchase or rent artworks or create an account), some data is required to conclude and perform the contract. Without this data, we may not be able to provide the requested services.

If the provision of data is based on consent, you are free to decide whether to grant or withhold consent. However, certain features (e.g. newsletter, some analytics or marketing features) may then not be available.

10. Your Rights Under the GDPR

Under the GDPR, you have the following rights with respect to your personal data:

  1. Right of access (Art. 15 GDPR): you can request confirmation as to whether we process your data and receive information and a copy of that data.

  2. Right to rectification (Art. 16 GDPR): you can request correction of inaccurate or incomplete data.

  3. Right to erasure (Art. 17 GDPR): you can request deletion of your data under certain conditions, for example if it is no longer needed for the purposes for which it was collected or you withdraw your consent.

  4. Right to restriction of processing (Art. 18 GDPR): you can request that we restrict processing of your data under certain conditions.

  5. Right to data portability (Art. 20 GDPR): you can request to receive the data you provided to us in a structured, commonly used and machine‑readable format, and to transmit that data to another controller where processing is based on consent or contract and carried out by automated means.

  6. Right to object (Art. 21 GDPR):

    • You can object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests (Art. 6(1)(f) GDPR). We will then stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests or the processing serves to establish, exercise or defend legal claims.

    • You can object at any time to the processing of your data for direct marketing purposes. In that case we will no longer process your data for such purposes.

  7. Right to withdraw consent (Art. 7(3) GDPR): where processing is based on your consent, you may withdraw it at any time with effect for the future. The lawfulness of processing before the withdrawal remains unaffected.

  8. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): you have the right to complain to a data protection supervisory authority if you consider that our processing of your personal data infringes the GDPR. You may contact the supervisory authority at your habitual residence, your place of work or our registered office.

For ARTPIQ GmbH, the competent supervisory authority is in particular:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein‑Westfalen (LDI NRW)
P.O. Box 20 04 44
40102 Düsseldorf
Germany
Tel.: +49 211 38424‑0
Email: poststelle@ldi.nrw.de


Website: https://www.ldi.nrw.de

To exercise your rights, please contact us using the details in section 1. We may need to verify your identity to process your request.

11. Automated Decision‑Making and Profiling

We do not use your personal data for automated decision‑making, including profiling, that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR.

If this changes in the future, we will inform you separately and update this Privacy Policy accordingly.

12. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include, for example:

  • encryption of data in transit (TLS/HTTPS);

  • access controls and authentication;

  • regular security updates and backups;

  • internal policies and staff training.

However, please note that transmission of data over the internet (e.g. email communication) may be subject to security vulnerabilities. No method of transmission or storage is 100% secure.

13. Children’s Privacy

Our website and services are not directed at children under the age of 16, and we do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us so that we can delete this information where required.

14. Links to Other Websites

Our website may contain links to third‑party websites, services or social media platforms. We have no control over these external websites and are not responsible for their content or privacy practices. We recommend that you review the privacy policies of any external sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our processing activities or in applicable law. The latest version will always be available at www.artpiq.net

under “Privacy”.

If changes are material, we may inform you by email or through a notice on our website.