Privacy Policy

1. Introduction

AART SPACE LTD ("we", "us", or "our") is committed to protecting the privacy and security of your personal and business information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wholesale trade platform, apply for a wholesale account, or interact with our services.

By accessing or using our wholesale platform, you agree to the terms of this Privacy Policy. If you do not agree with the terms of this policy, please do not access the platform or submit any information.

2. Information We Collect

2.1 Business Information

When you apply for a wholesale account, we collect:

• Business name and legal entity information
• Contact person name and job title
• Business email address and phone number
• Business address (physical or registered office)
• Business type (art gallery, bookstore, museum store, etc.)
• Tax ID / VAT number
• Website and social media information
• Estimated annual revenue
• Current inventory focus and business description

2.2 Account and Transaction Information

Once approved for a wholesale account, we collect:

• Order history and purchase preferences
• Shipping and billing addresses
• Payment method information (processed securely through Stripe)
• Communication preferences and email engagement data
• Product views, cart activity, and browsing behavior

2.3 Technical Information

We automatically collect certain technical information:

• IP address and geolocation data
• Browser type and version
• Device information and operating system
• Pages visited and time spent on pages
• Referring website and search terms
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Account Management

• Processing and evaluating wholesale account applications
• Creating and maintaining your wholesale account
• Verifying your business credentials and creditworthiness
• Communicating account status and updates

3.2 Order Processing and Fulfillment

• Processing and fulfilling your orders
• Arranging shipping and delivery
• Handling payments and invoicing
• Providing order tracking and customer support

3.3 Marketing and Communication

• Sending product updates and new releases
• Providing trade-specific promotions and offers
• Sharing industry news and educational content
• Requesting feedback and conducting surveys
• Tracking email engagement (opens, clicks)

3.4 Platform Improvement

• Analyzing platform usage and user behavior
• Improving our products and services
• Personalizing your experience
• Troubleshooting technical issues

3.5 Legal Compliance

• Complying with legal obligations (tax, accounting, anti-money laundering)
• Preventing fraud and unauthorized access
• Protecting our rights and property
• Resolving disputes and enforcing agreements

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

• Encryption: All data transmitted to and from our platform is encrypted using SSL/TLS protocols
• Secure Storage: Data is stored on secure servers provided by Supabase (PostgreSQL) with regular backups
• Access Controls: Only authorized personnel have access to personal data on a need-to-know basis
• Payment Security: Payment information is processed through Stripe, a PCI DSS compliant payment processor. We do not store complete payment card details
• Regular Audits: We conduct regular security assessments and updates

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

5. Third-Party Services

We use trusted third-party services to operate our platform. These services may have access to your information only to perform tasks on our behalf and are obligated to protect your data:

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze platform usage:

• Essential Cookies: Required for authentication and platform functionality
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and preferences
• Email Tracking: Track email opens and clicks to measure engagement

You can control cookies through your browser settings, but disabling certain cookies may limit platform functionality.

7. Your Rights (UK GDPR)

Under UK GDPR, you have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal obligations)
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for direct marketing
• Right to Withdraw Consent: Withdraw consent for data processing at any time

To exercise any of these rights, please contact us at sales@aartspace.com. We will respond within 30 days.

8. Email Preferences and Unsubscribe

You can manage your email preferences at any time:

• Click the "Unsubscribe" link in any marketing email
• Update preferences in your account settings (Portal → Account)
• Contact us at sales@aartspace.com to opt out of all communications

Please note that even if you opt out of marketing emails, we will still send essential transactional emails related to your orders and account.

9. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

• Active Accounts: Data retained while your account is active
• Inactive Accounts: Deleted after 3 years of inactivity
• Order Records: Retained for 7 years for tax and legal compliance
• Marketing Data: Deleted immediately upon unsubscribe request
• Declined Applications: Deleted after 1 year

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK, including the United States and European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard contractual clauses approved by the UK Information Commissioner's Office
• Adequacy decisions for countries with equivalent data protection laws
• Privacy Shield certification (where applicable)

11. Children's Privacy

Our wholesale platform is intended for business use only. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you via email if the changes are significant
• Post a notice on our platform homepage

Your continued use of the platform after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):