Privacy Policy – ArtCheck Provenance Verification
1. Data Controller
The data controller is:
ArtCheck – Provenance Verification Founder: Dr. Luca Sasdelli Email: privacy@artcheck.art
ArtCheck processes personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable national laws.
In certain cases, ArtCheck may also act as a data processor on behalf of the client, pursuant to Article 28 GDPR and based on a specific agreement.
2. Categories of Personal Data
ArtCheck may process the following categories of data:
• Identification and contact data: name, surname, email, phone number, company/organization
• Artwork-related data: descriptions, images, dimensions, serial or edition numbers, labels, stamps, provenance documentation, transaction history
• Event or illicit-related data: information concerning theft, loss, spoliation, seizure, or insurance claims
• Data collected from third parties: information obtained from archives, databases, authorities, market operators, and publicly available sources
• Technical data: IP addresses, system logs, cookies, and similar technologies ArtCheck does not generally request or process special categories of data (Article 9 GDPR). Any criminal or judicial data is processed only where strictly necessary and within legal limits.
3. Purposes and Legal Bases for Processing
Personal data is processed for the following purposes:
• Performance of pre-contractual and contractual obligations handling inquiries, engagements, and provenance verification activities
• Legitimate interest of the controller preventing legal risks in the art market, conducting provenance checks, protecting the rights of clients and third parties, ensuring system security
• Compliance with legal obligations including cooperation with competent authorities
• Consent of the data subject for informational or marketing communications, where applicable
The legitimate interest pursued by ArtCheck is based on ensuring transparency and security in art transactions and is balanced against the rights and freedoms of data subjects.
4. Data Collection Methods
Personal data may be collected:
• directly from the data subject
• from authorized third parties, including authorities, law enforcement, insurance companies, experts, archives, databases, and public sources
Where personal data is not obtained directly from the data subject, ArtCheck provides information pursuant to Article 14 GDPR where possible. Where this proves impossible or would involve disproportionate effort (for example, in historical research contexts), processing is carried out in accordance with applicable legal provisions.
5. Recipients of Data
Personal data may be disclosed to:
• judicial authorities and law enforcement agencies
• insurance companies, experts, archives, databases, auction houses, and art market operators
• IT service providers (hosting, email, document management), appointed as data processors
• other third parties where necessary for the performance of the engagement
Personal data is not sold.
6. International Data Transfers
Personal data may be transferred to countries outside the European Economic Area.
In such cases, ArtCheck ensures that transfers comply with Articles 44 et seq. GDPR, through:
• adequacy decisions of the European Commission
• Standard Contractual Clauses (SCCs)
• additional safeguards where required
Further information on transfers and safeguards is available upon request.
7. Data Retention
Personal data is retained only as long as necessary for the purposes for which it was collected:
• provenance verification files: up to 10 years from the end of the engagement, unless longer retention is required for legal defense or compliance purposes
• administrative and accounting data: as required by law
• technical data and cookies: as specified in the Cookie Policy
8. Data Subject Rights
Data subjects may exercise their rights under Articles 15–22 GDPR at any time, including:
• right of access
• right to rectification
• right to erasure
• right to restriction of processing
• right to data portability
• right to object, in particular to processing based on legitimate interest
• right to withdraw consent
Requests may be sent to: privacy@artcheck.art
Data subjects also have the right to lodge a complaint with a competent supervisory authority.
9. Data Security
ArtCheck implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
• access control systems
• encryption where appropriate
• data segregation
• auditing and monitoring procedures
10. Cookies and Similar Technologies
The website uses technical cookies and, subject to consent, analytics and marketing cookies. Users may manage their preferences via the cookie banner or browser settings.
Further details are available in the Cookie Policy.
11. Mandatory Data Provision
Providing the data necessary for the performance of the requested service is mandatory. Failure to provide such data may prevent ArtCheck from carrying out the requested verification.
12. Minors
ArtCheck services are not directed to minors, and ArtCheck does not knowingly collect personal data from minors.
12. Updates
This Privacy Policy may be updated to reflect legal or operational changes. The current version is always available on the website.
Last updated: 07/04/2026