Privacy Policy

1. Introduction

The Artworks Lounge ("we", "our", or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using our services, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information You Provide

• Account Information: Name, email address, password, and profile details
• Artist Information: Portfolio details, artwork descriptions, and biographical information
• Venue Information: Location details, exhibition spaces, and contact information
• Communication Data: Messages, feedback, and support requests
• Transaction Data: Purchase history and payment information (processed securely via Stripe)

2.2 Information Automatically Collected

• Device Information: IP address, browser type, operating system
• Usage Data: Pages visited, features used, time spent on site
• Cookies: Session cookies and preference settings
• Analytics Data: Aggregated usage patterns (if consented)

2.3 Information from OAuth Providers

When you sign in using Google OAuth, we receive your name, email address, and profile picture from Google, subject to your Google privacy settings.

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Consent: For marketing communications and analytics
• Contract: To provide our services and process transactions
• Legitimate Interests: For security, fraud prevention, and service improvement
• Legal Obligation: To comply with applicable laws and regulations

4. How We Use Your Information

• To create and manage your account
• To facilitate artwork exhibitions and sales
• To connect artists with venues
• To process transactions securely
• To communicate about your account and transactions
• To send marketing communications (with consent)
• To improve our services and user experience
• To prevent fraud and ensure security
• To comply with legal obligations

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third parties who help us operate our platform (e.g., hosting, email services)
• Payment Processors: Stripe for secure payment processing
• Other Users: Public profile information visible to platform users
• Legal Requirements: When required by law or to protect rights
• Business Transfers: In case of merger, acquisition, or asset sale

We do NOT sell your personal information to third parties.

6. Your Rights Under GDPR

As a data subject, you have the following rights:

6.1 Right to Access

You can request a copy of your personal data we hold.

6.2 Right to Rectification

You can request correction of inaccurate personal data.

6.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data under certain circumstances.

6.4 Right to Restrict Processing

You can request limitation of processing your personal data.

6.5 Right to Data Portability

You can request your data in a structured, machine-readable format.

6.6 Right to Object

You can object to processing based on legitimate interests or direct marketing.

6.7 Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing.

To exercise any of these rights, please contact us at privacy@theartworkslounge.com

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption of sensitive data at rest and in transit
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection
• Incident response procedures

While we strive to protect your personal information, no method of transmission over the Internet is 100% secure.

8. Data Retention

We retain your personal data only for as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes and enforce agreements

Account data is retained for the duration of your account. After account deletion, some data may be retained for legal compliance (typically up to 7 years for financial records).

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in accordance with GDPR requirements, including Standard Contractual Clauses.

10. Cookies and Tracking

We use cookies to:

• Maintain your session
• Remember your preferences
• Analyze usage (with consent)
• Improve our services

You can control cookies through your browser settings and our consent dialog. Essential cookies cannot be disabled as they are necessary for the platform to function.

11. Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

13. Marketing Communications

With your consent, we may send you marketing emails about our services, new features, and exhibitions. You can opt-out at any time by:

• Clicking the unsubscribe link in any marketing email
• Updating your preferences in account settings
• Contacting us directly

14. Data Protection Officer

For questions about data protection or to exercise your rights, contact our Data Protection Officer:

15. Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. For EU residents, you can find your local authority at https://edpb.europa.eu/about-edpb/board/members_en

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or prominent notice on our platform. The "Last Updated" date at the top indicates the latest revision.

17. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: