Privacy policy

Version 1.0 from 14.02.2022

1. General information

We, art24 Services GmbH, operate the art24.world art trading platform ("platform"). The purpose of this privacy policy is to explain how we collect and process personal data in our company.

Within the context of our business activities, we are subject to the Swiss data protection law, in particular the Federal Act on Data Protection (FADP) and, where applicable, foreign data protection law, in particular the General Data Protection Regulation (GDPR) of the European Union (EU)

Particularly the latter is only applicable to natural persons with domicile in an EU/EEA state. The EU recognises that Swiss data protection law ensures adequate data protection.

By using our services and our platform, you agree to the processing of the data collected about you in the manner and for the purpose as described below. Personal data of third parties may only be provided to us if you are authorised to do so and if such personal data is correct.

We can amend this privacy policy at any time and without prior notice. The current version published on our platform is applicable in each case.

The masculine form of language we use is for simplification and applies equally to all other forms of gender expression.

2. Responsible for data protection issues

Responsibility for the content of this privacy policy and for the described data processing is held by art24 Services GmbH, Hinterbergstrasse 26, 6312 Steinhausen, privacy@art24.services, phone no.: +41 43 499 50 30.

Contact person for data protection matters at art24 World AG is:
art24 World AG
Sebastian Nellen
Hinterbergstrasse 26
Postfach 28
6312 Steinhausen
privacy@art24.world
Phone no.: +41 43 499 50 20

3. EU data protection representative

For natural persons with simple residency in countries of the European Economic Area (EEA) including the European Union (EU) and the Principality of Liechtenstein, as well as for the country-specific supervisory authorities provided for by the GDPR, we designate the following person as EU data protection representative according to Article 27 of the GDPR:
VGS Datenschutzpartner UG
Am Kaiserkai 69
20457 Hamburg
Deutschland
info@datenschutzpartner.eu
https://datenschutzpartner.eu 

4. Terminology

For better understanding, we would like to start by clarifying the most important terms used in the following. In this regard, we adhere to the definitions from the Swiss Data Protection Act (Article 3 DPA).

5. Collection and processing of personal data

We process personal data that we receive from our users, visitors, customers, business partners, employees, authorities and other involved persons in the course of our business activities with them and third parties or that we collect in the course of operating our platform and other applications. In addition, we also collect publicly accessible data (e.g. from public registers, the Internet, the press, social media, etc.) if necessary and permissible for the fulfilment of our business activities.

6. Purpose of the data processing

We process the data collected in order to fulfil our legal and contractual obligations towards our users, visitors, customers, business partners, employees, authorities and other persons involved.

Furthermore, we process the data collected in order to improve the products and services you have requested, to manage your use of and access to our services, products and information, to maintain our business relationship with you, to carry out advertising and marketing measures ( provided that you have consented to the use of your personal data in this respect), to monitor and improve the performance of our services, to enforce legal claims or defend ourselves against them, to detect, prevent or resolve illegal activities as well as to generally guarantee our operations (in particular IT, platform, etc.). We only collect, use and disclose your personal data if this is permitted or required by law or if you have agreed to the disclosure of your data.

7. Legal basis of data processing

We process personal data in accordance with Swiss data protection law pursuant to Article 4 et seq. DSG (Article 6 revised FADP). Where a justification for processing your personal data is necessary, this is either based on your consent in accordance with Article 13 para. 1 FADP (Article 31 para. 1 revised FADP) or on a legal basis or on our predominant private interest on the data processing. Any processing of your personal data by other group companies is also based on Article 13 para. 2 FADP (Article 31 para. 2 revised FADP). 

In addition, we process - insofar as and to the extent that the GDPR is applicable - personal data in accordance with the following legal basis in connection with Article 6 para. 1 GDPR:

8. Processing time of personal data

We will process your personal data for as long as we are legally obliged to do so or for as long as our legitimate business interests require or as long as the purpose of collecting your data makes it necessary. The associated retention periods may result in your personal data or extracts from them being kept for several years after the end of the contractual relationship between you and us. If your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as far as possible.

9. Data processing in connection with the usage of our platform

9.1. Cookies

The software Cookiebot is used for cookie consent. The following source code includes Cookiebot in our platform:

<script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="adc67a23-522b-4807-b62e-b28e7fbe2b0a" data-blockingmode="auto" type="text/javascript"></script>

9.2. Contact form

You have the possibility to use a contact form to get in touch with us. The collection and transmission of the following data is possible:

We have marked the mandatory fields (*). The provision of personal data in other fields or in the context of any other method of contact (e.g., by email, telephone) is voluntary. Within the area of application of the DSGVO, this data is processed for the purpose of initiating or fulfilling a contract (Art. 6 para. 1 lit. b DSGVO) or on the basis of our legitimate interest in processing the requests addressed to us (Art. 6 para. 1 lit. f DSGVO) or based on your consent (Art. 6 para. 1 lit. a DSGVO).

9.3. Platform hosting provider

We host our platform with a Swiss hosting provider with its headquarters and server location in Switzerland (VSHN AG). With each visit to our platform, the hosting provider automatically collects and stores information (server log files) which your browser transmits. This includes the name and URL of the accessed file, date and time, amount of data, web browser and web browser version, operating system, the domain name of your internet provider, the so-called referrer URL (the page from which you accessed our website) and the IP address. This usage data serves to identify technical problems, to ensure security and to statistically evaluate the use of our platform and thus the further development of our offer.

The mentioned data is processed by us for the following purposes: 

Within the area of application of the DSGVO, the processing of this data is based on our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in accordance with the purposes listed above or your consent (Art. 6 para. 1 lit. a DSGVO).

9.4. User data

You can register to our platform ("user") in order to use further functions of our platform. The latest GTC are applicable and can be found at https://art24.world/legal/terms. The mandatory information requested during registration must be provided in full. Otherwise, registration is not possible. For important changes, for example in the range of services offered or in the case of technically necessary changes, we use the email address provided when you first registered in order to inform you this way.

For all purposes related to the fulfilment of the contract, we are entitled to collect, process and use personal data of the user and, if applicable, also of the user's employees, bodies or third parties involved. Your consent also includes the use for marketing purposes.

Users may process and use personal data of other users, which they legally collect in the course of using the platform, exclusively for the performance of their pre-contractual and contractual services. With disclose out the expressed permission of the user concerned, they are in particular prohibited from disclosing this data on to third parties (e.g., for marketing purposes).

The user explicitly authorises us to process his personal data and data related to him and to disclose it to third parties abroad and hence worldwide. These recipients may also be located in countries where there may not be an equivalent level of data protection. The user explicitly agrees to the transfer of data to these countries.

The user explicitly declares that consent for the processing of personal data as described above has been given and that the legal requirements for transfer to and processing through us have been fulfilled.

Within the scope of application of the GDPR, the processing of this data takes place either for the purpose of initiating and fulfilling a contract (Art. 6 para. 1 lit. b GDPR) or based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) or based on your consent (Art. 6 para. 1 lit. a GDPR).

9.5. Payments

We may offer paid products and/or services (esp. user subscriptions). In this case, we may use third party services for the payment processing. The use of your personal data and payment data by these third-party providers is regulated in the privacy policy of these providers. 

Datatrans
We use the services of Datatrans. The provider is Datatrans AG, Kreuzbühlstrasse 26, 8008 Zurich, Switzerland ("Datatrans"). Datatrans follows the standards set by PCI-DSS, which are managed by the PCI Security Standards Council. PCI-DSS requirements help to ensure the secure handling of payment information.

In the case of a payment with Datatrans, your payment data will be forwarded from our platform to Datatrans via an interface to their e-payment platform in order to carry out the payment. You can find more information on how Datatrans handles your personal data in their privacy policy: https://www.datatrans.ch/en/privacy-policy.

Within the scope of application of the GDPR, the transfer of your data to Datatrans is based on the execution of the contract (Art. 6 para. 1 lit. b GDPR) as well as on our justifiable interest (Art. 6 para. 1 lit. f GDPR) in the use of reliable and secure payment processing. 

9.6. Newsletter

On our platform, we offer you the possibility to subscribe to our newsletter, through which we will inform you regularly about offers, products and information.

In order to send you a personalised newsletter, we require your first and last name, email address as well as information that allows us to verify that you are the owner of the email address provided and that you agree to receiving the newsletter. This data will only be used for the purpose of sending you the newsletter. You are free to provide us with further information on a voluntary basis. This personal data will not be passed on to third parties outside our company respectively our group of companies. For your registration to the newsletter, we use the so-called double opt-in procedure. After your registration you will receive an e-mail in which we ask you to confirm your registration. The subscriptions to the newsletter are recorded. This includes the storage of the time of registration and confirmation as well as the IP address. In addition, any changes to your submitted data are logged.

You can withdraw your consent to the storage of your personal data and its use for the newsletter dispatch at any time. You will find a link to do so in every newsletter. 

For processing, sending and analysing the newsletter, we use the services of mailXpert, the provider mailXpert GmbH, Schulstrasse 37, 8050 Zurich, Switzerland. You can find the privacy policy of mailXpert GmbH (in german language) by clicking the following link: https://www.mailxpert.ch/datenschutz.

Within the scope of the GDPR, the processing of the data collected as part of your newsletter subscription is based on your consent (Art. 6 para. 1 lit. a GDPR).

9.7. Links to other websites

Our platform contains hyperlinks to third-party websites that are not operated or controlled by us. We are not responsible for their content or data protection practices.

9.8. Google Inc.

9.8.1. General information

Our platform uses functions and services of Google Inc. The company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services in the European area.

In addition to the following explanations, you will find further information in the Google privacy statement on data protection at Google: https://policies.google.com/privacy?hl=en-GB.

In the scope of application of the GDPR, the processing of this data is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in an appealing internet appearance as well as in increasing our reach or based on your consent (Art. 6 para. 1 lit. a GDPR).

9.8.2. Services used by Google

Our platform uses functions of the web analytics service Google Analytics, Google Tag Manager, Google AdSense and Google Ads. In addition, we use Google Maps to embed maps, Google Fonts to use fonts and Google reCAPTCHA to protect our platform from spam and misuse.

Google Analytics uses cookies, which enable an analysis of your use of the platform. The information generated by cookies about your use of our platform is transferred to Google servers (if necessary, also in the USA) and stored there.

Google Tag Manager is a solution that allows us to manage website tags through one interface. Google Tag Manager is a cookie-less domain that does not collect any personal data. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it remains in place for all tracking tags implemented with Google Tag Manager.

Google AdSense uses cookies and web beacons (invisible graphics). With the help of web beacons, Google can evaluate information (e.g., visitor traffic, clicks) on these pages. The information generated by cookies and web beacons about your use of our platform (including your IP address) and delivery of advertising formats is transmitted to Google servers (if necessary, also in the USA) and stored there. This information may be passed on by Google to contractual partners of Google.

Furthermore, we use the advertising tool Google-Ads to promote our platform. For this purpose, we use the analysis service "Conversion Tracking" from Google on our platform. If you have accessed our platform via a Google

art24

Become a part of art24

Create your personal profile.
Get insights into the art market.
Buy and sell with trust.

* Required field