Governance

ArtRightsDB Privacy Policy

We steward personal and professional data with transparency, purpose limitation, and global regulatory alignment. This policy outlines how we collect, use, store, and protect information for members, partners, and site visitors.

Effective: November 2025 Last reviewed: November 10, 2025

1. Information We Collect

We collect only what is necessary to operate ArtRightsDB services, provide support, and improve member experience. We process data under legitimate interest, contractual necessity, or explicit consent.

Account & Profile Data

Name, professional affiliation, preferred language, timezone, and communication preferences.

Engagement Signals

Module enrollments, assessment results, advisory requests, and event participation history.

Technical Metadata

Device, browser, IP address, and session telemetry captured for security and localization.

Support Communications

Email exchanges, live chat transcripts, and consent forms submitted during engagements.

2. How We Use Information

  • Deliver platform functionality, personalization, and analytics for modules and advisory services.
  • Coordinate compliance communications and policy updates aligned with regional legal obligations.
  • Maintain security posture, detect anomalies, and fulfill incident response protocols.
  • Apply aggregated insights (never sensitive personal data) to improve product roadmap decisions.

3. Data Sharing & International Transfers

ArtRightsDB operates across multiple jurisdictions with carefully vetted sub-processors that uphold equivalent safeguards.

We Share Data With

  • • Cloud hosting providers certified under ISO 27001 & SOC 2.
  • • Compliance counsel under NDA for rights-related escalations.
  • • Payment facilitators for subscription management.

Transfer Mechanisms

We rely on GDPR-approved Standard Contractual Clauses, UK IDTA, and other treaty-aligned safeguards. Data residency requests are honored for enterprise subscribers.

4. Your Rights & Choices

Individuals located in the EU/EEA, UK, Switzerland, Brazil, and other jurisdictions benefit from specific privacy rights. We respond to all verified requests within 30 days (or sooner where required).

Access & Portability

Request a machine-readable export of your personal data and system configuration settings.

Correction & Deletion

Ask us to rectify inaccurate data or delete information, subject to legal retention requirements.

Consent Management

Update marketing preferences and advisory communications through your profile dashboard.

Appeals

Escalate unresolved concerns to our Data Protection Officer or relevant supervisory authority.

5. Data Retention & Security

We adhere to retention schedules tailored to legal, contractual, and operational requirements. Safeguards include encryption in transit and at rest, role-based access controls, and continuous monitoring.

Retention Benchmarks

  • • Account data retained for the subscription lifecycle + 24 months.
  • • Advisory artifacts retained for contractual obligations, then anonymized.
  • • Security logs retained for 12 months unless extended for investigations.

6. Contacting Us

For privacy-related requests, email h38881417@gmail.com or

We will update this policy when we introduce new data practices. Significant changes trigger direct notifications.

View Terms of Service → Submit a privacy request →