artpoint logo

privacy policy

  1. Foreword

The Company enables users (hereinafter the “User”) registered on the website (hereinafter the “Website”) to benefit from an enhanced user interface. The Website provides a marketplace for its registered Users for rent, buy and collect Artworks and their underlying tokens which are based on blockchain technology. (the aforementioned activities, collectively, the “Services”).

In order to make use of the Services, Users shall create an account on the Website. Each account can be connected with a cryptocurrency wallet.

For more information regarding the Services, you are invited to read the Terms and Conditions (( ARTPOINT makes every effort to ensure the protection of your personal data and privacy. ARTPOINT is a "data controller" according to the applicable data protection laws.

The following privacy policy has been put in place to inform you about the processing of your personal data when using our services.

By continuing to use our services and browsing our site in accordance with the Terms of Use and these clauses, which you have read, you agree to the ARTPOINT Privacy Policy.

If you have any questions, please email us at

  1. Scope

This privacy policy (hereinafter the “Policy”) is intended to inform you, as a visitor or a User of the Services, about the way the Company processes information enabling to identify you either directly or indirectly (hereinafter “Personal Data”) in the context of your use of the Services.

This Personal Data may be the following (the list of which is not exhaustive): civil identification elements (surname, first name, address), telephone or e-mail address, data to meet the KYC of certain services required to comply with the AML/CFT (Anti-Money Laundering/Financing of Terrorism) regulations.

This Personal Data is collected in accordance with the provisions of the European Regulation 2016/679 on the protection of personal data (RGPD) and the law n°78-17 of 6 January 1978 relating to data processing, files and freedoms. The terms defined in article 4 of the RGPD apply to this RGPD Policy. ARTPOINT is the Data Controller.

By agreeing on this Policy, the User allows the use of Personal Data by the Company in line with this Policy.

The Policy is accessible at any time on the Site and may change significantly. The current date is the date mentioned at the top of the page with the update mention. The Policy is accessible and updated as needed. The applicable version is the one whose date is mentioned above.

  1. Data collected and purposes.

Within the framework of the services offered to Users, the Company is required to process Personal Data:

(1) Personal data relating to identification

As a User, you are required to create an account to benefit from the Company's Services. In order to manage this account from its creation to its deletion, the Company must collect and process Personal Identification Data (first name, last name, user name, wallet number).

Legal basis: the need to identify you as a Party to the Contract (for its creation)

(2) Personal data relating to use

As a user, you are required to use the services provided by the Company. The Company must therefore collect and process Personal Data from the User for the Use of the Services:

  • For the purchase and transfer of Works of Art: user name, Works of Art purchased, Works of Art resold on a Marketplace of a third company
  • For fraud prevention: any information added for account creation, including your username, account details and transaction details.

Legal basis: Legal basis: the need to identify you as a Party to the Contract (for its performance)

(3) Personal data relating to management

As a user, you may ask questions or request management services from the Company. In the event that you submit questions to the Company and/or any request, data processing will take place. This processing requires the Company to collect and process personal data: (i) identification data (user name, contact details) and (ii) content of the message sent to the Company in connection with your question and/or request.

Legal basis: the need to properly manage its relationship with the User.

The Company must also process various navigation information resulting from cookies, qualified as Personal Data, for the performance of operations resulting from the use of Services. The use of this data allows the Company to understand how Users interact with its Services in order to optimise its Services.

Legal basis: the Company's legitimate interest in understanding how its Users use its Services in order to optimise its Services if necessary.

The User is under no obligation to provide the Personal Data requested, but the use of certain services may be impaired in the event of refusal to submit such data.

In any case and regardless of the purpose of the processing in question, the company will only process the Personal Data necessary for the aforementioned purposes.

  1. Data Recipients

Recipients of the Personal Data

Subject to the service providers that ARTPOINT uses to provide the Services, ARTPOINT is the unique recipient of the Personal Data collected and will not sell this Personal Data without your express consent.

The Personal Data will be processed exclusively on the territory of (i) France, (ii) and/or any other Member State of the European Union, (iii) and/or any other State signatory to the Agreement on the European Economic Area or Switzerland (iv) and/or any other State ensuring an adequate level of protection (hereinafter referred to as the "Territory".)

Outside of the aforementioned places defining the Territory, any transfer of Personal Data to a third country requires your prior consent and is subject to compliance with the laws on the protection of personal data in place. The service providers of ARTPOINT who may receive your Personal Data are:


  • • Name and contact details (address, phone number, email, country, profile photo, payment information username),
  • • Info to verify your identity: social security nbr, social insurance nbr, driver’s license nbr, gov issued identification details.
  • • Informations shared in feedback, surveys, subscriptions to events and participation in product research.
  • • Content posted on Mailchimp’s social media pagespurpose of sharing
  • • Pages views informations and search resultas, if a campain sent to the customer was viewed, opened, read, delivered, clicked on or stored as a spam.
  • • IP addresses, log informations, error messages, device type, and unique device identifiers.
  • • Business, your finances, expenses, invoices, financial statements, details of your financial transactions, payroll details, payment details, tax return details, details about your customers or vendors or employees, income and wage information, and/or investment information.
  • • pages you viewed, the services and features you used or interacted with, your browser type and details about any links or communications with which you interacted.
  • • precise location information, device motion information
  • • access to your camera and contacts if you grant permission in your device settings.
  • • information about your activities, behavior, your interests and preferences,insights about your finances, business or preferences or your contacts;
  • • biometric data | purposes of preparing a tax return or in connection with the preparation of a tax return to manage, run, improve and develop our business and personalize users’ experience while interacting with the Intuit Platform. providing the benefits of the Intuit platform Run and manage business Improve features Communication & marketing personalization of the users’ experience Comply with legal requirements Exercise our rights in the course of judicial, administrative or arbitration proceedings

Shared infos : for advertising and analytics for cookies and tracking technologies For services providers and agents with 3rd parties for research | | | Metamask | 500 Sansome St San Francisco, California, 94111, United States | - first name, last name, username or similar identifier, title, date of birth and gender, country of birth,nationality, social security number, place of birth, employer and occupation.

  • • passport number and photo ID. • postal address, email address and telephone number; • username and password, interests, preferences, feedback and survey responses; • Feedback and correspondence, such as information you provide in your responses to surveys, when you participate in market research activities, report a problem with Service, receive customer support or otherwise correspond with us; • credit card or other payment card details; • details about purchases you make through the Service and billing details; • Usage information, such as information about how you use the Service and interact with us; • Marketing information, such as your preferences for receiving marketing communications and details about how you engage with them; • Financial information, such as bank account number and bank routing number; financial assets holdings; and • Technical information, such as your Ethereum wallet address, application programming interface (API)- • key and network information regarding transactions. • Information required to comply with anti-money laundering (AML) laws and know-your-customer (KYC) requirements (such as nationality and place of birth). • Source of funds for participating in token launches; and • Information that you give us in relation to your purchased token holdings, such as earnings received from staking, and the number of tokens in your wallet.
  • • IP address and operating system. | - to provide our service (access to services, provide and deliver products, process and complete transactions, send informations and messages).
  • • comply with law:KYC and AML requirements.
  • • communication
  • • optimization of the platform
  • • fraud surveillance and safety.

Sharing personal information with :

  • • affiliates, for business tranferts (when sales or merger of a part of business assets), Profesionnal advertisors and service providers | | | Google Analytics | 1600 Amphitheatre Pkwy, Mountain View, California 94043, US | - informations personnelles renseignées au moment de la création du compte
  • • informations de paiement
  • • numéro de téléphone, opérateur, adresse email et celles des destinataires
  • • contenu créé ou envoyé depuis un service google (mail, photos, vidéos…)
  • • Adresse IP, activités du système, navigateurs utilisés
  • • contacts, historique de navigation…
  • • position GPS | -fournir et assurer les services, les améliorer
  • • dévlopper de nouveaux services
  • • proposer du contenu personnalisé (advertising)
  • • évaluer les performances google

Informations partagées avec :

The service providers indicated being located in the Territories, they are therefore subject to the obligations of the RGPD.  ARTPOINT may also be required to share the Personal Data collected:

  • • with the companies it controls or those controlling it in the sense of articles L233-1 and following of the French Commercial Code,
  • • in the event of a sale, demerger, partial contribution of assets, or any other form of restructuring that it may undergo,
  • • in order to meet its legal and regulatory obligations.

Nevertheless, the Company shares your Personal Information with third-party companies that help it fulfil the purposes listed in this policy - such as Stripe, in the context of credit card payments. Stripe accesses your Personal Information (email, location...).

In the context of legal requests, the Company may also share your Personal Data with the competent courts and any other governmental and/or public authority requesting access to your Personal Data.

In any event, in the event of disclosure of Personal Information to a third party such as those listed above, the disclosure will be on a strict need-to-know basis and only to the extent necessary for the purposes identified.

  1. Storage Period

For Personal Data processed outside the Blockchain, the retention periods are as follows:

  • • For accounting purposes: 10 years from the end of the accounting period ;

  • • For the purposes of preventing money laundering and the financing of terrorism, and the fight against corruption: 5 years after the end of the relationship with AP ;

  • • For the purposes of identifying and managing Users and Artists: for the duration of the contractual relationship plus 2 years after its end ;

At the end of these periods, Personal Data is deleted or anonymised.

Nevertheless, the Company may store some Personal Data for a longer period of time than is required by immediate and current needs due to legitimate interests and legal obligations.

We implement all the technical and organisational measures we deem necessary to protect your Data with an appropriate level of security, including:

  • • Security of payment information: your payment information is encrypted using the commercial secure internet protocol TLS, and is never stored on our server ;
  • • Employee awareness programme ;
  • • Encryption during exchanges and storage ;
  • • Regular audits of the companies hosting the data ;
  • • Data redundancy, for greater resilience in the event of a disaster ;
  • • Role-based authentication ;
  • • Two-factor identification for our authorised staff ;
  • • Continuous system monitoring ;
  • • Security assessments in accordance with industry standards ;
  • • Independent third party security and penetration testing.

  1. Subcontracting and Data Transfer

In the course of its business, the Company may use service providers and other third parties to facilitate, maintain, improve, analyse and secure the use of the Website and its Services. Service providers may have access to Users' Personal Data for the unic purpose of performing their duties.

Your Data is stored in France, but we may transfer it to countries outside the European Economic Area.

We will only transfer your Data to companies:

The subcontractors are the following:


Given the direct registration by the user of his Personal Data, by some of the service providers listed above, they are likely to act as subcontractors and are subject to the applicable laws and regulations in the performance of their services.

In the context of its business, the Company may use service providers and other third parties to facilitate, maintain, improve, analyse and secure the use of the Website and its Services. Service providers may have access to Users' Personal Data for the sole purpose of performing their duties.

The Company ensures that the service providers present sufficient guarantees for the execution of their mission and respect the applicable laws and regulations.

Personal Data may be processed outside the European Union. In this situation, the Company takes all necessary precautions and ensures alternatively or cumulatively that an adequacy decision has been taken by the European Commission concerning the country of destination.

  1. Rights of the User

In view of the Blockchain technology used, the User is aware that this technology, using an immutable anchor on the Blockchain ("On Chain"), does not allow the deletion of information anchored on the Blockchain. To the extent possible, Artpoint takes appropriate technical measures to pseudonymise and/or make inaccessible the On Chain Personal Data that is to survive deletion. For all other Off Chain information, the following rules apply:

  • • Under data protection laws, the User has a right of access to Personal Data held by the Company. If you wish to receive a copy of the information held by the Company, please write to us at ;

  • • The User may supplement certain information held by the Company if he/she considers it to be inaccurate or incomplete. In this case, please write to us at the following address:

  • • The User may request the Company if he/she believes that someone is using our Services on his/her behalf. In this case, please write to us at the following address:

  • • Under the conditions defined by the Data Protection Act and the RGPD, the User - a natural person - has a right of access to Personal Data concerning him/her, of rectification, limitation, portability and deletion. The persons concerned by the Processing implemented also have the right to object at any time, for reasons relating to their particular situation, to the processing of Personal Data, as well as the right to object to commercial prospecting. The User - a natural person - also has the right to define general and specific directives defining the way in which he/she intends the above-mentioned rights to be exercised after his/her death by e-mail to the following address: or by post to the following address: 130 bis boulevard Diderot - 75012 Paris, France.

  • • The User also has the right to specify instructions defining the way in which the Personal Data will be managed after his/her death under the conditions provided for in articles 84 to 86 of the law n°78-17 of 6 January 1978.

  • • To exercise his rights or for any question relating to the protection of Personal Data, the User must make a request accompanied by proof of identity by mail addressed to the company :


Société ONE.0.1

130 bis Boulevard Diderot

75012 Paris


Ou par mail à l’adresse suivante :

The Company will endeavour to respond within one (1) month from the date of receipt of the request. In the event of a complex or incomplete request, the Company reserves the right to extend this period to three (3) months.

  • • Finally, the User may refer to the competent supervisory authority, the Commission Nationale Informatique et Libertés ("CNIL"), in order to lodge a complaint. ;

  • • The Company is committed to protecting your Personal Data and to respecting the applicable legal framework regarding data protection. Thus, you undertake to inform the Company in the event that the Personal Data shared with the Company becomes obsolete or inaccurate ;

  • • In the event that you provide the Company with information that directly or indirectly identifies any other natural person (e.g., you have sent a request to the Company with the contact email address available on the Services and share personal data about another natural person in your email), you represent and warrant that, prior to sharing such information with the Company, such other natural persons have received this Policy and, to the extent applicable, have consented to the processing of their data.

  1. Cookies

The User is informed that information may be transmitted to his/her browser by the Services ("Cookies"). When the User navigates for the first time on the Services, a Cookies banner may be displayed asking him to accept Cookies or to configure them.

The Cookies used allow the analysis of the Users' behaviour, solely for the Company's use and for legitimate interests.

Presentation of the Cookies present on the Site :

  1. Applicable law and competent jurisdiction

This RGPD Policy is subject to French law. In the event of a dispute and in the event that an amicable agreement cannot be reached, the competent courts will be those of the jurisdiction of the Paris Court of Appeal, notwithstanding multiple defendants or the introduction of third parties.