The Company enables users (hereinafter the “User”) registered on the website artpoint.fr (hereinafter the “Website”) to benefit from an enhanced user interface. The Website provides a marketplace for its registered Users for rent, buy and collect Artworks and their underlying tokens which are based on blockchain technology. (the aforementioned activities, collectively, the “Services”).
In order to make use of the Services, Users shall create an account on the Website. Each account can be connected with a cryptocurrency wallet.
For more information regarding the Services, you are invited to read the Terms and Conditions ((https://www.artpoint.xyz/terms-and-conditions). ARTPOINT makes every effort to ensure the protection of your personal data and privacy. ARTPOINT is a "data controller" according to the applicable data protection laws.
If you have any questions, please email us at email@example.com.
This Personal Data may be the following (the list of which is not exhaustive): civil identification elements (surname, first name, address), telephone or e-mail address, data to meet the KYC of certain services required to comply with the AML/CFT (Anti-Money Laundering/Financing of Terrorism) regulations.
This Personal Data is collected in accordance with the provisions of the European Regulation 2016/679 on the protection of personal data (RGPD) and the law n°78-17 of 6 January 1978 relating to data processing, files and freedoms. The terms defined in article 4 of the RGPD apply to this RGPD Policy. ARTPOINT is the Data Controller.
By agreeing on this Policy, the User allows the use of Personal Data by the Company in line with this Policy.
The Policy is accessible at any time on the Site and may change significantly. The current date is the date mentioned at the top of the page with the update mention. The Policy is accessible and updated as needed. The applicable version is the one whose date is mentioned above.
Within the framework of the services offered to Users, the Company is required to process Personal Data:
(1) Personal data relating to identification
As a User, you are required to create an account to benefit from the Company's Services. In order to manage this account from its creation to its deletion, the Company must collect and process Personal Identification Data (first name, last name, user name, wallet number).
Legal basis: the need to identify you as a Party to the Contract (for its creation)
(2) Personal data relating to use
As a user, you are required to use the services provided by the Company. The Company must therefore collect and process Personal Data from the User for the Use of the Services:
Legal basis: Legal basis: the need to identify you as a Party to the Contract (for its performance)
(3) Personal data relating to management
As a user, you may ask questions or request management services from the Company. In the event that you submit questions to the Company and/or any request, data processing will take place. This processing requires the Company to collect and process personal data: (i) identification data (user name, contact details) and (ii) content of the message sent to the Company in connection with your question and/or request.
Legal basis: the need to properly manage its relationship with the User.
The Company must also process various navigation information resulting from cookies, qualified as Personal Data, for the performance of operations resulting from the use of Services. The use of this data allows the Company to understand how Users interact with its Services in order to optimise its Services.
Legal basis: the Company's legitimate interest in understanding how its Users use its Services in order to optimise its Services if necessary.
The User is under no obligation to provide the Personal Data requested, but the use of certain services may be impaired in the event of refusal to submit such data.
In any case and regardless of the purpose of the processing in question, the company will only process the Personal Data necessary for the aforementioned purposes.
Recipients of the Personal Data
Subject to the service providers that ARTPOINT uses to provide the Services, ARTPOINT is the unique recipient of the Personal Data collected and will not sell this Personal Data without your express consent.
The Personal Data will be processed exclusively on the territory of (i) France, (ii) and/or any other Member State of the European Union, (iii) and/or any other State signatory to the Agreement on the European Economic Area or Switzerland (iv) and/or any other State ensuring an adequate level of protection (hereinafter referred to as the "Territory".)
Outside of the aforementioned places defining the Territory, any transfer of Personal Data to a third country requires your prior consent and is subject to compliance with the laws on the protection of personal data in place. The service providers of ARTPOINT who may receive your Personal Data are:
| Nom | Adresse, siège social | Données collectées | Finalité du partage | Lien | | --- | --- | --- | --- | --- | | Mailchimp | 675 Ponce De Leon Avenue, Northeast Suite 5000 Atlanta, GA 30308 USA | - Creditentials,
Shared infos : for advertising and analytics for cookies and tracking technologies For services providers and agents with 3rd parties for research | https://www.intuit.com/privacy/statement/ | | Metamask | 500 Sansome St San Francisco, California, 94111, United States | - first name, last name, username or similar identifier, title, date of birth and gender, country of birth,nationality, social security number, place of birth, employer and occupation.
Sharing personal information with :
Informations partagées avec :
The service providers indicated being located in the Territories, they are therefore subject to the obligations of the RGPD. ARTPOINT may also be required to share the Personal Data collected:
Nevertheless, the Company shares your Personal Information with third-party companies that help it fulfil the purposes listed in this policy - such as Stripe, in the context of credit card payments. Stripe accesses your Personal Information (email, location...).
In the context of legal requests, the Company may also share your Personal Data with the competent courts and any other governmental and/or public authority requesting access to your Personal Data.
In any event, in the event of disclosure of Personal Information to a third party such as those listed above, the disclosure will be on a strict need-to-know basis and only to the extent necessary for the purposes identified.
For Personal Data processed outside the Blockchain, the retention periods are as follows:
• For accounting purposes: 10 years from the end of the accounting period ;
• For the purposes of preventing money laundering and the financing of terrorism, and the fight against corruption: 5 years after the end of the relationship with AP ;
• For the purposes of identifying and managing Users and Artists: for the duration of the contractual relationship plus 2 years after its end ;
At the end of these periods, Personal Data is deleted or anonymised.
Nevertheless, the Company may store some Personal Data for a longer period of time than is required by immediate and current needs due to legitimate interests and legal obligations.
We implement all the technical and organisational measures we deem necessary to protect your Data with an appropriate level of security, including:
In the course of its business, the Company may use service providers and other third parties to facilitate, maintain, improve, analyse and secure the use of the Website and its Services. Service providers may have access to Users' Personal Data for the unic purpose of performing their duties.
Your Data is stored in France, but we may transfer it to countries outside the European Economic Area.
We will only transfer your Data to companies:
The subcontractors are the following:
| Sous-traitants | Vente de données | Informations légales | Lien | | --- | --- | --- | --- | | Stripe | NON | We do not share End User Personal Data with third parties for their marketing or advertising unless you give us or the third party permission to do so. We do not sell the data of End Users. | https://stripe.com/fr/privacy | | Metamask | NON | Company does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). | https://consensys.net/privacy-policy/ |
Given the direct registration by the user of his Personal Data, by some of the service providers listed above, they are likely to act as subcontractors and are subject to the applicable laws and regulations in the performance of their services.
In the context of its business, the Company may use service providers and other third parties to facilitate, maintain, improve, analyse and secure the use of the Website and its Services. Service providers may have access to Users' Personal Data for the sole purpose of performing their duties.
The Company ensures that the service providers present sufficient guarantees for the execution of their mission and respect the applicable laws and regulations.
Personal Data may be processed outside the European Union. In this situation, the Company takes all necessary precautions and ensures alternatively or cumulatively that an adequacy decision has been taken by the European Commission concerning the country of destination.
In view of the Blockchain technology used, the User is aware that this technology, using an immutable anchor on the Blockchain ("On Chain"), does not allow the deletion of information anchored on the Blockchain. To the extent possible, Artpoint takes appropriate technical measures to pseudonymise and/or make inaccessible the On Chain Personal Data that is to survive deletion. For all other Off Chain information, the following rules apply:
• Under data protection laws, the User has a right of access to Personal Data held by the Company. If you wish to receive a copy of the information held by the Company, please write to us at firstname.lastname@example.org ;
• The User may supplement certain information held by the Company if he/she considers it to be inaccurate or incomplete. In this case, please write to us at the following address: email@example.com
• The User may request the Company if he/she believes that someone is using our Services on his/her behalf. In this case, please write to us at the following address: firstname.lastname@example.org
• Under the conditions defined by the Data Protection Act and the RGPD, the User - a natural person - has a right of access to Personal Data concerning him/her, of rectification, limitation, portability and deletion. The persons concerned by the Processing implemented also have the right to object at any time, for reasons relating to their particular situation, to the processing of Personal Data, as well as the right to object to commercial prospecting. The User - a natural person - also has the right to define general and specific directives defining the way in which he/she intends the above-mentioned rights to be exercised after his/her death by e-mail to the following address: email@example.com or by post to the following address: 130 bis boulevard Diderot - 75012 Paris, France.
• The User also has the right to specify instructions defining the way in which the Personal Data will be managed after his/her death under the conditions provided for in articles 84 to 86 of the law n°78-17 of 6 January 1978.
• To exercise his rights or for any question relating to the protection of Personal Data, the User must make a request accompanied by proof of identity by mail addressed to the company :
130 bis Boulevard Diderot
Ou par mail à l’adresse suivante : firstname.lastname@example.org
The Company will endeavour to respond within one (1) month from the date of receipt of the request. In the event of a complex or incomplete request, the Company reserves the right to extend this period to three (3) months.
• Finally, the User may refer to the competent supervisory authority, the Commission Nationale Informatique et Libertés ("CNIL"), in order to lodge a complaint. https://www.cnil.fr/ ;
• The Company is committed to protecting your Personal Data and to respecting the applicable legal framework regarding data protection. Thus, you undertake to inform the Company in the event that the Personal Data shared with the Company becomes obsolete or inaccurate ;
• In the event that you provide the Company with information that directly or indirectly identifies any other natural person (e.g., you have sent a request to the Company with the contact email address available on the Services and share personal data about another natural person in your email), you represent and warrant that, prior to sharing such information with the Company, such other natural persons have received this Policy and, to the extent applicable, have consented to the processing of their data.
The User is informed that information may be transmitted to his/her browser by the Services ("Cookies"). When the User navigates for the first time on the Services, a Cookies banner may be displayed asking him to accept Cookies or to configure them.
The Cookies used allow the analysis of the Users' behaviour, solely for the Company's use and for legitimate interests.
Presentation of the Cookies present on the Site :
• Mux.com (video storage service). More information on : https://www.mux.com/privacy.
• Wordpress.com](http://Wordpress.com) (video storage service). More information on https://www.mux.com/privacy.
• https://stripe.com/fr (card payment service). More information on : https://stripe.com/fr/legal/cookies-policy
• Mailchimp.com (newsletter setup service). More information on : https://mailchimp.com/about/security/?locale=fr:unavailable
• Google Analytics (audience measurement service). More information on : https://policies.google.com/privacy
This RGPD Policy is subject to French law. In the event of a dispute and in the event that an amicable agreement cannot be reached, the competent courts will be those of the jurisdiction of the Paris Court of Appeal, notwithstanding multiple defendants or the introduction of third parties.