Privacy Policy

Who are we?

We are Colart International Holdings Limited, a company registered in England and Wales under number 03659130, with our principal place of business located at Huckletree West, The MediaWorks Building, 191 Wood Lane, London, W12 7FP, United Kingdom. We operate under the name “Colart” (“we,” “us,” “our”). We own and operate this website (the “Site”). Our contact details are provided on the Site. Please contact us if you have any questions or comments about this policy.

What is the purpose of this policy?

This policy informs you about how we process your “personal data” (that is, information relating to any identified or identifiable living person). For the purposes of the General Data Protection Regulation (EU 2016/679), we are the data controller with respect to the personal data we collect. Below, you will find the types of personal data we collect, how we use them, to whom we disclose them, and how you can access your data, correct it, or request that we stop processing it.

By using the Site, you agree to this policy, our terms and conditions of use, and our cookie policy. Please do not use this Site if you are not fully satisfied with this policy, our cookie policy, and our terms and conditions of use. If you use the Site, we will consider that you accept them.

Can this policy be modified?

This policy may be updated from time to time. We therefore recommend that you check it whenever you visit the Site. If you use the Site after the effective date shown at the top of the updated policy, you agree to this policy, our cookie policy, and the terms and conditions of use.

What personal data or other data do we collect?

Information you provide to us

4.1 We collect and store the information you provide to us through forms you complete on the Site (for example, your first and last name, postal and email addresses, telephone number, artist category, artistic preferences) or when you communicate with us by telephone, email, or any other means. You may choose which information to provide in these forms, but some information may be required if you wish to receive certain products or services from us (for example, a billing or delivery address if you place an order with us). If you choose not to provide this information, we will not be able to provide you with those products or services.

Information we collect about you

4.2 When you interact with us, we automatically receive and store certain information, such as connection information including your country and city, browser type and version, operating system and platform, a unique reference number linked to the data you enter into our system, your login details, navigation paths to, through, and from our Site (including date and time), cookie number, activity on the Site—including pages viewed, searches performed, products purchased—as well as your likes, comments, and downloads.

Information we receive from other sources

4.3 We may receive information about you if you use another website that we operate or other services we provide. We also work closely with third parties (for example, business partners, technical, payment, and delivery service providers, advertising networks, analytics providers, search information providers, and credit agencies) and may receive information about you from them.

Information we do not collect

This Site is not intended for children, and we do not knowingly collect personal data relating to children.

We do not collect special categories of personal data about you (including details about your ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, or genetic and biometric data). We also do not collect information about criminal convictions and offences (unless you apply for a job, in which case a separate privacy policy for job applicants applies).

What about cookies?

We use cookies on the Site. For more information, please see our cookie policy.

What is the legal basis that allows us to process personal data?

In accordance with the General Data Protection Regulation, several legal bases allow us to process your personal data:

Performance of a contract entered into with you: For data required to provide you with products or services (mandatory fields when placing an order or registering), we process this data in order to deliver the relevant products or services.

Consent: When you have given your consent (for example, by agreeing to be contacted about offers or events that may interest you), we process your data on the basis of your consent.

Legitimate interest: For other data we collect, we process it based on our legitimate interest in conducting our business.

We may process your personal data for more than one lawful basis depending on the specific purpose for which we use your data.

We may process your personal data without your knowledge or consent, in accordance with the rules above, where this is required or permitted by law.

How do we use your personal data?

We use your personal data to provide our services under contracts entered into between you and us and to supply you with the information, products, and other services you may request from us. This includes sending service/transactional messages, processing payments, and/or fulfilling orders.

We use your personal data to communicate more effectively with you if you attempt to contact us via the Site.

We only wish to send you marketing-related communications (including by email, postal mail, telephone, SMS, or social media) that we believe may be of interest to you, and only if you have given your consent on the Site. You can change your privacy settings and preferences on the subscription management page, accessible via a link located in the footer of each marketing email we send. Please note that it may take up to 72 hours for your preferences to be reflected in our systems and on the Site. If, for any reason, you are unable to access our marketing emails, you should contact Customer Service, who can manually unsubscribe you. Please note that even if you choose not to receive marketing emails from us, you will continue to receive transactional emails, such as messages relating to your orders, updates on products and services you have purchased from us, or information about your account. You may continue to receive emails from other Colart brands and other companies within the Colart group (i.e., our subsidiaries, our ultimate holding company, and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006) to which you have subscribed or for which you have given your consent, including, for example, emails relating to The Fine Art Collective and artist outreach programs you have signed up for.

We may use personal data to recognize you when you visit the Site, whether for the first time or not, to track your browsing and usage habits, to prevent or detect fraud or abuse, or to help us improve the Site. We may use cookies for this purpose. We recommend that you consult our cookie policy.

We may use your personal data to show you advertisements on our Site that are personalized to you and your preferences. We may use cookies for this purpose. We recommend that you consult our cookie policy.

We may use your personal data to contact you via a contact point other than the one through which you initially contacted us. For example, we may use your email address obtained from: (i) a purchase you made with us; (ii) an account you registered with us on our Site; or (iii) an electronic newsletter you subscribed to, in order to show you advertisements on your social media platforms or contact you by telephone, SMS, or any other contact point. This is known as “retargeting.”

We may use your personal data to ensure that the content of our Site is presented in the most effective way for you and your device, in order to provide the most user-friendly browsing experience.

We may use your personal data to inform you of changes to the Site and to our products and services.

If you provide us with the email address of a third party in order to recommend someone, we will use that email address only to send the recommendation message and will then delete it immediately. You must obtain the consent of the person whose contact details you provide before sharing them with us.

We retain the personal data of closed accounts in order to comply with legal obligations, enforce our terms and conditions, prevent fraud, recover fees owed, resolve disputes, troubleshoot issues, assist with investigations, and take other actions permitted by law.

We may access, delete, modify, store, or otherwise use personal data if we have reason to believe that it violates our terms and conditions, that such actions are necessary to protect us or others, that a criminal act has been committed, or if we are required to do so by law or by a competent authority.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that this purpose is compatible with the original purpose. If you would like an explanation of how processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis that allows us to do

How long will you keep my personal data?

We will retain your personal data only for as long as is reasonably necessary to achieve the purposes for which it was collected, including to comply with any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is

How do we protect personal data?

We have implemented appropriate technical and organizational measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized manner, altered, or disclosed. In addition, we limit access to your personal data to employees, agents, subcontractors, and other third parties who have a business need to know it. They will process your personal data only on our instructions and are subject to a duty of confidentiality. We have put procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulatory authority of a breach where we are legally required to do so.

All information you provide to us is stored on servers owned and operated by:

Amazon Web Services, Inc. (more information available at https://aws.amazon.com

);

M3, based in France (more information available at https://www.infor.com/about/privacy

);

Google BigQuery Data Warehouse (more information available at https://cloud.google.com/bigquery

);

Bloomreach (Exponea) (more information available at https://exponea.com/legal/privacy-policy/

); and

Sage, based in the United Kingdom (more information available at https://www.sage.com/en-gb/legal/privacy-and-cookies/

).

Emails and other electronic communications are not secure unless they have been encrypted. Your communications may pass through servers in a number of countries, including countries outside the European Economic Area (“EEA”), before reaching us. While we make every effort to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. We do not accept responsibility for any unauthorized access to or loss of personal data resulting from causes beyond our control. We also cannot be held responsible for the actions or omissions of other users or third parties who may misuse your personal data that they collect on the Site.

Who do we share personal data with?

Payment details, including credit card numbers, are provided directly to our banking partner. We do not receive this information. To ensure that your data is not used without your consent, your personal data may be provided to relevant third parties, including credit reference and fraud prevention agencies, which may keep a record of this information in accordance with their own privacy policies.

We may allow access to your personal data to third parties who provide services to us. This includes, for example, e-commerce platform providers, couriers (to enable the delivery of goods), website hosting providers, and companies that help us carry out communications or monitor our Site, such as Google Analytics for retargeting, Facebook, LinkedIn, Twitter, and WhatsApp. We require all such third parties to respect the security of your personal data and to process it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your

What are your rights in relation to your personal data?

You can contact us using the contact form (Contact Us) to:

request access to the personal data we hold about you or a copy of that data, either to review it yourself or to provide it to another data controller;

request the deletion or correction of personal data we hold about you;

object to our use of your personal data and/or request that we restrict or cease our use of that data;

withdraw your consent to the processing of your personal data, where we process data on the basis of consent, provided that you are able to prove your identity using two verifiable forms of identification. This measure is intended to ensure that personal data is not disclosed to a person who is not entitled to receive it. We may also contact you to request additional information in connection with your request in order to speed up our response.

If you wish, you may permanently delete your account with us in the manner explained above.

If you wish to make a complaint about the processing of your personal data, you should first contact us. If we do not handle your complaint to your satisfaction, you may then contact the UK Information Commissioner’s Office or the equivalent data protection authority in your country.

To learn more about your rights under European Union data protection law, please visit:

https://ec.europa.eu/info/law/law-topic/data-protection_fr