MutualArt

Privacy Policy



We at MutualArt Holdings, Inc. ("MutualArt" "us", "we", or "our") recognize and respect the importance of maintaining the privacy of our customers. This Privacy Notice describes the types of information we collect from you when you visit our website ("Site") or use our mobile application ("App") and/or use our services ("Services"). This Privacy Notice also explains how we collect, process, transfer, store and disclose the information collected, as well as your ability to control certain uses of the collected information. "You" means any adult user of the Site, App, and/or Services, or any parent or guardian of any minor whom you allow to use the Site, App, and/or Services, and for whom you will be held strictly responsible.

If you are an individual located in the European Union (" EU Individual"), some additional terms and rights may apply to you, as detailed herein. MutualArt Holdings, Inc. is the data controller in respect of the processing activities outlined in this Privacy Notice. Our registered office is c/o Art Trading Services Limited 22-23 James Street London WC2E 8NS UK.

"Personal Data" means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law. This Privacy Notice details which Personal Data is collected by us in connection with provision of the Site and/or Services.

Privacy Notice Key Points

The key points listed below are presented in further detail throughout this Privacy Notice.

  • Personal Data We Collect, Uses and Legal Basis
  • Sharing the Personal Data We Collect
  • International Transfer
  • Security
  • Your Rights - How to Access and Limit Our Use of Certain Personal Data
  • Data Retention
  • Use of Cookies and Similar Technologies
  • Third-Party Applications and Services
  • Communications
  • Children
  • Changes to the Privacy Notice

Personal Data We Collect, Uses and Legal Basis

Depending on your usage, we collect different types of data and we and any of our third-party sub-contractors and service providers use the data we collect for different purposes, as specified below. It is your voluntary decision whether to provide us with certain Personal Data, but if you refuse to provide such Personal Data we may not be able to register you and/or provide you with the Services or part thereof.

> Registration Data – In order to use certain features of our Site or App or receive related Services you will be required to register and provide us with the following Personal Data: your name, email address, password, how you define yourself in the art world (collector, gallerist, student, artist, etc.) and any other details you decide to provide. If you register through a third-party login/account registration service, such as Facebook or Gmail, we also receive Personal Data about you as provided by such third-party service. Please check the third party's policies in order to understand what information we receive.

How we use this data : (1) to provide you with the Site, App, and/or Services and to respond to your inquiries and requests and to contact and communicate with you; and (2) to prevent fraud, protect the security of and address any problems with the Site and/or App, and to provide you with informational newsletters and promotional materials relating to our Site, App, and Services, including via email.

Legal Basis : (1) We process this Personal Data for the purpose of providing the Services to you, which is considered performance of a contract with you, including responding to your inquiries and requests and providing customer support. (2) When we process your Personal Data for the purposes of preventing fraud, protecting the security of and/or addressing problems with the Site, App, and Services and/or for the purpose of providing you with informational newsletters and promotional materials relating to our Services, such processing is based on our legitimate interests.

> Payment Data – If you make a purchase through the Site or App, we receive information related to such purchase, such as the last four (4) digits of your credit card number.

How we use this data : To process the payment for your purchase and for the purposes of fraud prevention.

Legal Basis : We process this Personal Data for the purpose of performance of a contract with you. Processing for the purposes of fraud prevention is based on our legitimate interest.

> Contact Information - When you request information from us, or contact us for any other reason, we will collect any data you provide, such as your email address and the content of your inquiry. When you sign up for newsletters or email lists, we collect your name and email address.

How we use this data : To respond to your request or inquiry, to provide you with newsletters and for retargeting purposes.

Legal Basis : We process this Personal Data based on performance of a contract when we respond to your inquiry and provide you with newsletters. Processing your Personal Data for retargeting purposes is based on our legitimate interests.

> Automatically Collected Data – When you visit the Site or use the App, whether as a registered or unregistered user, we automatically collect information about your computer or mobile device, including non-Personal Data such as your operating system, and Personal Data such as IP address, device ID, as well as your browsing history and any information regarding your viewing and purchase history on our Site or App. For more information about the cookies and similar technologies we use and how to adjust your preferences, please see the section "Cookies and Similar Technologies" below.

How we use this data : (1) to review usage and operations, including in an aggregated non-specific analytical manner, develop new products or services and improve current content, products, and Services; (2) to prevent fraud, protect the security of our Site, App, and Services, and address any problems with the Site, App, and/or Services; (3) to provide you with customized content, targeted offers, and advertising related to our products and Services or products and services of third parties, based on your usage history on the Site or App.

Legal Basis : We process this Personal Data for our legitimate interests to develop and improve our products and Services, review usage, perform analytics, prevent fraud, for our recordkeeping and protection of our legal rights and to market services. Additional information regarding direct marketing is provided below.

> Geo-location – Subject to your consent, when you use the App, we collect your (geo)location.

How we use this data : We use this information in order to provide you with the location-based Services through the App.

Legal Basis : We process this Personal Data based on your consent. You may withdraw your consent at any point by changing the settings of your mobile device.

Additional Uses

Statistical Information

By analyzing all of the information we receive, including all information concerning users we may compile statistical information across a variety of platforms and users ("Statistical Information"). Statistical Information helps us understand trends and customer needs so that new products and services can be considered and so that existing products and services can be tailored to customer desires. Statistical Information may be linked to Personal Data. We may share anonymous and aggregate Statistical Information with our partners, without restriction, on commercial terms that we can determine in our sole discretion.

Analytics

We and/or our service providers or subcontractors, use analytics tools (" Tools"), including "Google Analytics" to collect information about the use of the Site, App, and/or Services. Such Tools collect information such as how often users visit the Site or App, what pages they visit when they do so, and what other sites and mobile applications they used prior to visiting the Site or App. The Tools may collect certain Personal Data and may link such Personal Data to specific information stored in our customer database. We use the information we get from the Tools to improve our Site, App, and Services. Google's ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Service located at http://www.google.com/analytics/terms/us.html and the Google Privacy Policy located at http://www.google.com/policies/privacy/ .

Direct Marketing

As described above, we may use Personal Data to let you know about our products and Services that we believe will be of interest to you and, if you have consented, about products and services of third parties. We may contact you by email, post, or telephone or through other communication channels. In all cases, we will respect your preferences for how you would like us to manage marketing activity with respect to you. To protect privacy rights and to ensure you have control over how we manage marketing with you:

  • We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you.
  • At any time you can update or correct your personal profile within your account, or change your preferences for the way in which you would like us to communicate with you, including how you receive details of latest offers and/or receive the newsletters.
  • You can ask us to stop sending email marketing by following the "unsubscribe" link you will find on all the email marketing messages we send you. Alternatively, you can contact us at support@mutualart.com.
  • You can change the way your browser manages cookies by following the settings on your browser as explained below in our Cookie Policy. If our marketing activities are based upon your consent, you may withdraw this consent at any time.

We recommend you routinely review the privacy notices and preference settings that are available to you on any social media platforms as well as your preferences within your account with us.

Legal Uses

We may use your Personal Data as required or permitted by any applicable law, for example, to comply with audit and other legal requirements.

Sharing the Personal Data We Collect

We share your information, including Personal Data, as follows:

Affiliates

We share information, including your Personal Data, with our affiliated companies where this is necessary to provide you with our products and Services, and for the purpose of management of our business.

Service Providers, and Subcontractors

We also disclose information, including Personal Data we collect from and/or about you, to our trusted service providers and subcontractors, who have agreed to confidentiality restrictions and who use such information solely on our behalf in order to: (1) help us provide you with the Site, App, and/or Services; (2) aid in their understanding of how users are using our Site, App, and/or Services; (3) for the purpose of direct marketing (see above for more details).

Such service providers and subcontractors provide us with IT and system administration services, data backup, security, and storage services, data analysis.

Data Controllers

When you use our Site, App, and/or Services, we also disclose your Personal Data to additional third parties, such as business partners, which act as independent, separate controllers with respect to the collection of your Personal Data. The details and contact information of such controllers are as set forth below.

Controller

Contact Details

Paypal

Data Protection Officer - dpo@paypal.com

PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg.

Business Transfers

Your Personal Data may be disclosed as part of, or during negotiations of, any merger, sale of company assets or acquisition (including in cases of liquidation) in such case, your Personal Data shall continue being subject to the provisions of this Privacy Notice.

Law Enforcement Related Disclosure

We may share your Personal Data with third parties: (i) if we believe in good faith that disclosure is appropriate to protect our or a third party's rights, property or safety (including the enforcement of the Terms and this Privacy Notice); (ii) when required by law, regulation subpoena, court order or other law enforcement related issues, agencies and/or authorities; or (iii) as is necessary to comply with any legal and/or regulatory obligation.

Other Uses or Transfer of Your Personal Data

If you use our Site, App, and/or Services with or through a third-party service, site and/or mobile application, we may receive information (including Personal Data) about you from those third parties. Please note that when you use third-parties outside of our Site, App, and/or Services, their own terms and privacy policies will govern your use of those services.

International Transfer

We use subcontractors and service providers and have affiliates who are located in countries other than your own, such as the UK, the US, the British Virgin Islands, and Israel and send them information we receive (including Personal Data). We conduct such international transfers for the purposes described above. We will ensure that these third parties will be subject to written agreements ensuring the same level of privacy and data protection as set forth in this Privacy Notice, including appropriate remedies in the event of the violation of your data protection rights in such third country.

Whenever we transfer your Personal Data to third parties based outside of the European Economic Area ("EEA"), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in the EEA.
  • Where we use service providers based in the US, we may transfer Personal Data to them if they have been certified by the EU-US Privacy Shield, which requires them to provide similar protection to Personal Data shared between the EU and the US or any other arrangement which has been approved by the European Commission or other body having jurisdiction to approve such arrangement.

Please contact us at support@mutualart.com if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.

Security

We have implemented and maintain appropriate technical and organization security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to Personal Data appropriate to the nature of such data. The measures we take include:

Safeguards – The physical, electronic, and procedural safeguards we employ to protect your Personal Data include secure servers, firewalls, antivirus, and SSL encryption of data.

Access Control – We dedicate efforts for a proper management of system entries and limit access only to authorized personnel on a need to know basis of least privilege rules, and revoke access immediately after employee termination.

Personnel – We require new employees to sign non-disclosure agreements according to applicable law and industry customary practice.

Encryption – We encrypt the data in transit using secure HTTPS and other protocols.

Database Backup – Our databases are backed up on a periodic basis for certain data and are verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity, are tested regularly to ensure availability, and are accessible only by authorized personnel.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect user IDs and passwords, please take appropriate measures to protect this information.

Your Rights - How to Access and Limit Our Use of Certain Personal Data

Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to the Personal Data that we hold about you, as detailed below. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and, in any event, within the timescales provided by applicable data protection laws. We reserve the right to ask for reasonable evidence to verify your identity before we provide you with any information and/or comply with any of your requests, as detailed below:

  • Right of Access. You have a right to know what Personal Data we collect about you and, in some cases, to have such Personal Data communicated to you. Subject to applicable law, we may charge you with a fee. Please note that we may not be able to provide you with all the information you request, and, in such case, we will endeavor to explain to you why.
  • Right to Data Portability. If the processing is based on your consent or performance of a contract with you and processing is being carried out by automated means, you may be entitled to (request that we) provide you or another party with a copy of the Personal Data you provided to us in a structured, commonly-used, and machine-readable format.
  • Right to Correct Personal Data. Subject to the limitations in applicable law, you may request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data.
  • Deletion of Personal Data ("Right to Be Forgotten"). You have a right to request that we delete your Personal Data if either: (i) it is no longer needed for the purpose for which it was collected, (ii) our processing was based on your consent and you have withdrawn your consent, (iii) you have successfully exercised your Right to Object (see below), (iv) processing was unlawful, or (iv) we are required to erase it for compliance with a legal obligation. We cannot restore information once it has been deleted. Please note that to ensure that we do not collect any further Personal Data, you should also terminate your account with us. We may retain certain Personal Data (including following your request to delete) for audit and record-keeping purposes, or as otherwise permitted and/or required under applicable law.
  • Right to Restrict Processing. You can ask us to limit the processing of your Personal Data if either: (i) you have contested its accuracy and wish us to limit processing until this is verified; (ii) the processing is unlawful, but you do not wish us to erase the Personal Data; (iii) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend of a legal claim; (iv) you have exercised your Right to Object (below) and we are in the process of verifying our legitimate grounds for processing. We may continue to use your Personal Data after a restriction request under certain circumstances.
  • Account Deactivation. You can ask us to deactivate your account by contacting us at support@mutualart.com. In order to deactivate your account, we may ask you for additional information
  • Direct Marketing Opt Out. You can change your mind at any time about your election to receive marketing communications from us and/or having your Personal Data processed for direct marketing purposes. If you do, please notify us by contacting us at support@mutualart.com. We will process your request as soon as reasonably possible, however it may take a few days for us to update our records before any opt out is effective.
  • Right to Object. You can object to any processing of your Personal Data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
  • Withdrawal of Consent. You may withdraw your consent in connection with any processing of your Personal Data based on a previously granted consent. This will not affect the lawfulness of any processing prior to such withdrawal.
  • Right to Lodge a Complaint with Your Local Supervisory Authority . You may have the right to submit a complaint to the relevant supervisory data protection authority if you have any concerns about how we are processing your Personal Data, though we ask that as a courtesy you please attempt to resolve any issues with us first.

Data Retention

Subject to applicable law we retain Personal Data as necessary for the purposes set forth above. We may delete information from our systems without notice to you once we deem it is no longer necessary for these purposes. Retention by any of our processors may vary in accordance with the processor's retention policy.

In some circumstances, we may store your Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, audit, accounting requirements and so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether those purposes can be achieved through other means, as well as applicable legal requirements.

Please contact us at support@mutualart.com if you would like details regarding the retention periods for different types of your Personal Data.

Cookies and Similar Technologies

We use cookies and similar technologies for a number of reasons, including to help personalize your experience. Third parties through which we provide the Services and/or our business partners may be placing and reading cookies on your browser or using web beacons to collect information in the course of advertising being served on different websites. When visiting this Site, you shall be notified of the use of and placement of cookies and other similar technologies on your device as specified herein.

What are Cookies?

A cookie is a small piece of text that is sent to a user's browser or device. The browser provides this piece of text to the device of the originating user when this user returns.

- A "session cookie" is temporary and will remain on your device until you leave the Site.

- A "persistent" cookie may be used to help save your settings and customizations across visits. It will remain on your device until you delete it.

- First-party cookies are placed by us, while third-party cookies may be placed by a third party. We use both first- and third-party cookies.

- We may use the terms "cookies" to refer to all technologies that we may use to store data in your browser or device or that collect information or help us identify you in the manner described above, such as web beacons or "pixel tags".

How We Use Cookies

We use cookies and similar technologies for a number of reasons, as specified below:

- Necessary – These cookies are necessary in order to allow the Site to work correctly. They enable you to access the Site, move around, and access different services, features, and tools. Examples include remembering previous actions (e.g. entered text) when navigating back to a page in the same session. These cookies cannot be disabled.

- Functionality – These cookies remember your settings and preferences and the choices you make (such as language or regional preferences) in order to help us personalize your experience and offer you enhanced functionality and content.

- Performance – These cookies can help us collect information to help us understand how you use our Site, for example whether you have viewed messages or specific pages and how long you spent on each page. This helps us improve the performance of our Site.

- Analytics – These cookies collect information regarding your activity on our Site to help us learn more about which features are popular with our users and how our Site can be improved.

- Advertising – These cookies are placed in order to deliver content, including ads relevant and meaningful to you and your interests. They may also be used to deliver targeted advertising or to limit the number of times you see an advertisement. This can help us track how efficient advertising campaigns are. Such cookies may track your browsing habits and activity when visiting our Site and those of third-parties.

We use the following cookies on our Site:

Cookie Name

Domain

Cookie Type

Expiration

Description

.ASPXFORMSAUTH

www.mutualart.com

Necessary

Required as long as the user is registered

Authentication cookie to verify users

1P_JAR

www.google.com

Functionality

1 Month

Set a unique ID to remember preferences and other information, such as website statistics and track conversion rates

NID

www.google.com

Functionality

1 Day

AB

www.mutualart.com

Functionality

1 Year

Defines user experience that will be presented per page

ANID

www.google.com

Advertising

2 Years

Monitors performance of advertising

IDE

www.doubleclick.net

Advertising

1 Year

MPI

www.mutualart.com

Analytics

Session

Identifies a user session to helps us understand how people are using the site so we can improve the experience

MUID

www.bing.com

Advertising

13 Months

Identify user sessions to measure the effectiveness of marketing campaigns

RedirectUrl

www.mutualart.com

Functionality

Session

User's last page visit url

Session

www.mutualart.com

Analytics

1 Day

A key generated per session

UserGuid

www.mutualart.com

Analytics

1 Day

A key generated per user

__stripe_mid

www.mutualart.com

Functionality

1 Year

Stripe is used to make credit card payments in our site. Stripe uses this cookie to remember who you are and process payments without storing any credit card information on our servers.

__stripe_sid

www.mutualart.com

Functionality

1 Day

__zlcmid

www.zendesk.com

Functionality

1 Year

Live chat widget

_ga

www.google.com

Analytics

2 years

Google Analytics gathers information allowing us to understand interactions with our websites and ultimately refine that experience to better serve you.

_gat

www.google.com

Analytics

1 minute

_gid

www.google.com

Analytics

1 Day

DV

www.google.com

Analytics

1 Day

_hjIncludedInSample

www.hotjar.com

Analytics

Session

This session cookie is set to let Hotjar know whether a user is already included in the sample which is used to generate funnels.

_hjDonePolls

www.hotjar.com

Functionality

1 Year

This cookie is set once a user completes a poll in order to ensure that the same poll does not re-appear.

_hjMinimizedPolls

www.hotjar.com

Functionality

1 Year

This cookie is set once a user minimizes a Feedback Poll widget in order to ensure that the widget stays minimized.

_hjid

www.hotjar.com

Functionality

1 Year

This cookie is set by Hotjar in order to persist a random user ID so that behavior in subsequent visits to the same site will be attributed to the same user ID.

mp_*_mixpanel

www.mutualart.com

Analytics

1 Year

Mixpanel cookie and helps us understand how people are using the site so we can improve the experience

t

www.mutualart.com

Functionality

Session

Formats images for best performance

How to Adjust Your Preferences

Most Web browsers are initially configured to accept cookies, but you can change this setting so your browser either refuses all cookies or informs you when a cookie is being sent. In addition, you are free to delete any existing cookies at any time. Please note that some features of the Services may not function properly when cookies are disabled or removed. For example, if you delete cookies that store your account information or preferences, you will be required to input these each time you visit.

Third-Party Applications and Services

All use of third-party applications or services is at your own risk and subject to such third party's terms and privacy policies.

Communications

We reserve the right to send you service-related communications, including service announcements and administrative messages, without offering you the opportunity to opt out of receiving them. Should you not wish to receive such communications, you may cancel your account.

Children

We do not knowingly collect Personal Data from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has enrolled without parental permission, please advise us immediately.

Changes to the Privacy Notice

We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business, and we will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version. If we make material changes to this Privacy Notice, we will seek to inform you by notice on our Site or App or by email.

Comments and Questions

If you have any comments or questions about this Privacy Notice or if you wish to exercise any of your legal rights as set out herein, please contact us at support@mutualart.com.

Last updated: October 2019

Sign in to MutualArt.com