arcarta is an online anti-fraud and due diligence platform for the Art World, operated by Arc-Pay Ltd, a company registered in the United Kingdom ("we," "us," "our," and "arcarta").

Our platform enables our members (or businesses) to conduct customer due diligence on an individual or company they wish to do business with - using a Know Your Customer toolkit - and take payment simply and securely via card payment or invoice.

Information you provide to us directly: You (or your organisation) may provide certain Personal Information to us when you receive a request for information from an arcarta member, wish to download an invoice or complete a card payment.

This information may include:

• Basic contact information (such as your name, location, email address and country)
‍
• Information for the purposes of security (such as your phone number)
‍
• Information concerning a company you are representing (the company name and relationship)
‍
• Specific Information for the purposes of due diligence (such as photo ID, residential address, Date of Birth, Gender and Nationality)

Information is only collected from you when information is requested from you by the business you are purchasing from or exercising reliance with.
‍
All information is collected via a secure online form, including when uploaded by the business in an administrative capacity.

We ensure all information uploaded to arcarta is fully encrypted and only accessible by the business with whom you are dealing with.
‍
All information is transmitted over SSL secure servers and we utilise a variety of security technologies such as access controls, encryption-at-rest protocols and more to help protect your personal data.

Only the business with which you are dealing with has direct access to the information you provide.
‍
arcarta accounts require a valid, verified email address and secure password to access. Businesses must keep their username and password secure, and never disclose it to a third party. Because the information in the account is private, account passwords are also encrypted, which means we can not see the password.

You have the right to request details of the processing activities that we carry out with your personal information through making a subject access request.
‍
All requests should be raised directly with the business with whom you are dealing and if it is necessary for our data controller to assist, we may do so.
‍
You also have the following rights:

• The right to access

• The right to request rectification of information that is inaccurate or out of date

• The right to erasure of your information if it is no longer necessary or needed for the purposes of Anti Money Laundering. Under the 5th Anti-Money Laundering Directive, art businesses are required to maintain records for a minimum of 5 years.

• The right to restrict the way in which we - and or the business - are dealing with and using your information

• The right to request that your information be provided to you in a format that is secure and suitable for reuse

These rights are subject to safeguards and limits or exceptions. Further details can be requested directly via support@arcarta.com 

This policy reflects only data handled through the arcarta platform. We do not accept responsibility or liability for a businesses use of your personal information outside of or beyond the platform. For example, if data is exported and uploaded to a third party without your consent.

If you have any concerns regarding the extent of which a business plans to use your information, please contact them directly.