Free worldwide shipping on orders over $1500 — Authenticity guaranteed on every painting

shop now
Login

Country

Cart

Your cart is empty

Privacy Policy

GalerieClub Fine Art respects the privacy of every visitor and customer using this website. This Privacy Policy is written in plain English and describes how we collect, use, share and protect your personal data. We have designed this policy to comply with the EU General Data Protection Regulation (GDPR Regulation 2016/679), the French Loi Informatique et Libertés as amended, the California Consumer Privacy Act and California Privacy Rights Act (CCPA / CPRA) for our US buyers, and the Personal Information Protection and Electronic Documents Act (PIPEDA) for our Canadian buyers. We may amend this policy periodically; the most current version is always available on this page.

1. Data Controller

The data controller responsible for processing your personal data is GALERIECLUB, a French sole proprietorship (entreprise individuelle / auto-entrepreneur) trading as GalerieClub Fine Art, represented by Ms. Jessel, registered with the R.C.S. of Lyon under SIREN 831 077 557, registered office at 8 Place de Tassin, 69160 Tassin la Demi-Lune, France, intra-community VAT number FR 70 831 077 557. For any question relating to the processing of your personal data, please contact us at galerieclub1@gmail.com.

2. Data We Collect and Why

We collect, receive and process your personal data in several ways. Often you choose what to share (for example whether to include a phone number on a contact form); sometimes specific information is required to fulfil your order.

Contact forms and order checkout — When you contact us or place an order, we collect the information you provide through our website forms or Shopify checkout: first name, last name, postal address, email address, telephone number (optional), and the details of the artwork you are purchasing or enquiring about. We use this information strictly for the purpose for which you provided it: responding to your enquiry, fulfilling your order, invoicing, shipping, and complying with our legal obligations (accounting, customs, tax).

Payment data — Payment-card data (card number, expiry date, CVV) is never transmitted to or stored by GalerieClub Fine Art. It is collected and processed directly by our PCI-DSS compliant payment processors (Shopify Payments, Stripe, PayPal) under their own privacy policies.

Browsing data and analytics — When you visit our website we automatically collect non-identifying technical information via Shopify and Google Analytics: IP address (anonymized), browser type, device type, pages viewed, time spent, referrer URL. This data is used exclusively in aggregate form to understand how visitors use our website and to improve its content and performance.

Newsletter — If you voluntarily subscribe to our newsletter, we collect your email address and (optionally) your first name. We use this data exclusively to send you occasional emails about new arrivals, gallery news, and fine-art content. You can unsubscribe at any time via the unsubscribe link in every email or by writing to galerieclub1@gmail.com.

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data on one of the following legal bases, as required by Article 6 of the GDPR:

• Performance of a contract (Article 6(1)(b)) — when you place an order, we process the data needed to fulfil that order (name, address, contact details, payment processing, shipping).

• Legal obligation (Article 6(1)(c)) — we process and retain certain data (invoices, export documentation) to comply with French accounting, tax and customs law.

• Legitimate interest (Article 6(1)(f)) — we use aggregated analytics data to improve our website and protect it against fraud and abuse.

• Consent (Article 6(1)(a)) — we rely on your freely given, specific, informed and unambiguous consent for newsletter subscriptions and for non-essential cookies. You may withdraw your consent at any time.

4. Sharing Your Data With Third Parties

We share your personal data only with carefully selected third parties, only for the purposes described below, and only to the minimum extent necessary.

Shopify Inc. — our e-commerce platform provider, which hosts our store and processes orders. Shopify acts as a data processor under GDPR and is bound by our data processing agreement.

Couriers and shipping partners — when you order an artwork, we share your delivery name, postal address and telephone number with the courier responsible for delivery (for example FedEx, UPS, DHL, or a specialist art shipper). We share only the information required for delivery.

Payment processors — Shopify Payments, Stripe, PayPal, or any other payment processor we may use, each subject to their own privacy policy and PCI-DSS compliance.

Analytics providers — Google Analytics (aggregated, pseudonymized data only).

Legal and accounting advisors — our French accountant and, where necessary, our legal counsel, bound by professional confidentiality obligations.

Authorities — where we are required by law to disclose data to French or foreign administrative or judicial authorities (customs, tax authorities, court orders).

We do not sell your personal data to third parties. We do not share your data with advertisers or data brokers.

5. International Data Transfers

Because we sell to the United States, Canada and other countries outside the European Economic Area, some of your personal data (primarily: order and shipping information) is transferred outside the EU. These transfers take place on the basis of:

• Standard Contractual Clauses (SCCs) adopted by the European Commission, which provide appropriate safeguards under Article 46 of the GDPR;

• your explicit consent or the necessity of the transfer for the performance of the contract (your order), under Article 49 of the GDPR.

Shopify, Google and our US-based payment processors apply contractual and technical safeguards consistent with the current EU–US Data Privacy Framework and equivalent international transfer mechanisms.

6. Cookies

Cookies are small text files stored on your device by your browser. The GalerieClub Fine Art website uses the following categories of cookies:

• Strictly necessary cookies — required for the website to function (session management, cart, checkout). These cookies do not require your consent under EU law.

• Analytics cookies — Google Analytics cookies, which collect anonymized traffic data. These cookies are placed only with your consent via the cookie banner displayed on your first visit.

• Currency conversion session cookie — stores your selected display currency for the duration of your browsing session and is automatically removed when you close your browser.

You can withdraw your cookie consent at any time via the cookie settings link in the footer of our website, or by configuring your browser to reject cookies.

7. Third-Party Websites

The GalerieClub Fine Art website may contain links to third-party websites (museum pages, reference databases such as RKD and Codart, auction-house archives, artist biographies). We are not responsible for the privacy practices or content of those websites. Please review their privacy policies before disclosing any personal information to them.

8. Currency Conversion

By using our website, you authorize our third-party currency-conversion provider to process your IP address to determine your location and display prices in your local currency. The selected currency is stored in a temporary session cookie that is automatically removed when you close your browser.

9. Security

Our website is hosted on Shopify, which applies industry-standard security practices to protect the data it stores, both in transit (SSL/TLS encryption) and at rest. Payment data is processed under PCI-DSS. While we take all reasonable measures to protect your data, no online transmission or electronic storage system is 100% secure. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the French Commission Nationale de l’Informatique et des Libertés (CNIL) within 72 hours and, where required, we will notify you directly, in accordance with Articles 33 and 34 of the GDPR.

10. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, and in any event no longer than the retention periods listed below:

• Order and customer-account data — 10 years from the end of the accounting year in which the order was placed, in accordance with French commercial and tax law (Article L.123-22 of the French Commercial Code).

• Invoices and customs documentation — 10 years, for French accounting and tax compliance.

• Contact-form enquiries — 3 years from the last contact, for commercial follow-up under the French CNIL prospection commerciale guidance.

• Newsletter subscribers — until you unsubscribe, plus a cooling-off period of 3 years for commercial follow-up.

• Analytics data — up to 25 months (Google Analytics default retention).

After the applicable retention period, your data is deleted or irreversibly anonymized.

11. Your Rights

Under the GDPR and French Loi Informatique et Libertés, and under CCPA/CPRA (California) and PIPEDA (Canada) where applicable, you have the following rights with respect to your personal data:

• Right of access — to obtain a copy of the personal data we hold about you;

• Right of rectification — to correct inaccurate or incomplete data;

• Right of erasure (“right to be forgotten”) — to request the deletion of your data, subject to our legal retention obligations;

• Right to restriction of processing — to limit how we use your data in specific circumstances;

• Right to data portability — to receive your data in a structured, machine-readable format;

• Right to object — to object to processing based on legitimate interest or for direct-marketing purposes;

• Right to withdraw consent — to withdraw your consent at any time for processing based on consent;

• Right to define post-mortem instructions — under French law, you may issue directives regarding the processing of your data after your death;

• Right to lodge a complaint — with the CNIL (www.cnil.fr) in France, or with the equivalent supervisory authority in your country of residence.

California residents (CCPA/CPRA) additionally have the right to know the categories of personal information collected, to delete their personal information, to opt out of any “sale” or “sharing” of personal information (we do not sell or share your personal information as those terms are defined by the CCPA), and to non-discrimination for exercising these rights.

Canadian residents (PIPEDA) have parallel rights of access, correction and withdrawal of consent, and may lodge a complaint with the Office of the Privacy Commissioner of Canada (www.priv.gc.ca).

To exercise any of these rights, please contact us at galerieclub1@gmail.com. We will respond within one (1) month of receipt of your request, as required by Article 12 of the GDPR.

12. Artworks Provenance Records

Where you purchase an artwork from us, we keep a record of the sale (buyer name, contact details, description of the artwork, date of sale, price) for a minimum of ten (10) years. This record serves two purposes: compliance with French commercial and tax law, and preservation of the artwork’s provenance for future transactions. This information is not shared beyond the parties authorized under Section 4 above, and it is not used for marketing.

13. Children

The GalerieClub Fine Art website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at galerieclub1@gmail.com and we will delete the data promptly.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in applicable law, in our practices, or in the services we provide. The current version is always available on this page. Material changes will be communicated to you via the website or, where appropriate, by email.

15. Contact

For any question or request relating to this Privacy Policy or to the processing of your personal data, please contact: galerieclub1@gmail.com. Postal correspondence may be addressed to GALERIECLUB trading as GalerieClub Fine Art, 8 Place de Tassin, 69160 Tassin la Demi-Lune, France.


Data controller summary — GALERIECLUB, entreprise individuelle (auto-entrepreneur), représentant : Jessel. SIREN 831 077 557, R.C.S. Lyon. Siège social : 8 Place de Tassin, 69160 Tassin la Demi-Lune, France. TVA : FR 70 831 077 557. Contact RGPD : galerieclub1@gmail.com. Autorité de contrôle : CNIL — www.cnil.fr.

 

Free delivery USA & Canada

Ship from France with secure packaging.