ART LIARD

Legal

Privacy Policy

How we handle your personal data and the rights you have.

Last updated: 6 June 2026

This Privacy Policy explains how Art Liard(“we”, “us”, “our”) collects, uses, discloses and protects personal data when you visit this website or contact us. We are committed to processing personal data in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act as amended by the CPRA, and other applicable data-protection laws.

1. Who we are (Data Controller)

Art Liard is the controller responsible for your personal data. For any privacy question or to exercise your rights, contact us at Email.

2. What data we collect

  • Inquiry / contact data you provide voluntarily through our forms: name, email address, phone number (optional), your message, and the artwork you are asking about.
  • Technical data automatically collected by our hosting/server: IP address, browser type, device information and access logs, used for security and to operate the site.
  • Cookie / consent data: your cookie preferences and the timestamp of your consent (see our Cookie Policy).

We do not knowingly collect data from children under 16, and we do not collect special categories of data or use automated decision-making or profiling.

3. Why we use your data and our legal bases

PurposeLegal basis (GDPR / UK GDPR)
Respond to your purchase/contact inquiriesConsent and/or steps taken at your request prior to a contract (Art. 6(1)(a)/(b))
Operate, secure and maintain the websiteLegitimate interests (Art. 6(1)(f))
Analytics / marketing cookiesYour consent (Art. 6(1)(a)) — only if you opt in
Comply with legal obligationsLegal obligation (Art. 6(1)(c))

4. Sharing your data

We do not sell or rent your personal data. We share it only with processors who help us run the site and respond to you, under appropriate data-processing agreements, including:

  • our website hosting and database provider;
  • our email delivery (SMTP) provider, to notify us of your inquiry;
  • Telegram Messenger, where we receive an internal notification of your inquiry;
  • authorities or advisers where required by law.

5. International transfers

Some of our providers may process data outside the EEA/UK. Where this happens, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum) or an adequacy decision.

6. How long we keep your data

We keep inquiry data for as long as necessary to handle your request and for a reasonable period afterwards for record-keeping and legal purposes, then delete or anonymise it. Cookie consent records are kept for up to 12 months. Server logs are kept for a short period for security.

7. Your rights

Depending on where you live, you have the following rights:

Under GDPR / UK GDPR (EU, UK)

  • access to your data and a copy of it;
  • rectification of inaccurate data;
  • erasure (“right to be forgotten”);
  • restriction of processing;
  • data portability;
  • objection to processing based on legitimate interests;
  • to withdraw consent at any time, without affecting prior processing;
  • to lodge a complaint with a supervisory authority.

Under US laws (e.g. California CCPA/CPRA, and similar state laws)

  • to know what personal information we collect and how it is used;
  • to access and delete your personal information;
  • to correct inaccurate personal information;
  • to opt out of the “sale” or “sharing” of personal information — we do not sell or share it;
  • to be free from discrimination for exercising your rights.

To exercise any right, email Email. We will respond within the timeframes required by law (generally one month under GDPR/UK GDPR, 45 days under CCPA).

8. Complaints

If you are in the UK you may complain to the Information Commissioner’s Office (ICO, ico.org.uk). If you are in the EEA you may complain to your local Data Protection Authority. We would, however, appreciate the chance to address your concerns first.

9. Data security

We use appropriate technical and organisational measures to protect personal data, including access controls, hashed administrator credentials and encrypted transport (HTTPS). No method of transmission is 100% secure, but we work to protect your data.

10. Changes to this policy

We may update this policy from time to time. The “Last updated” date above shows the latest revision. Material changes will be highlighted on this page.

11. Contact

Questions about this policy or your data? Email Email.