GDPR Compliance
Last updated: March 1, 2026
The Art Marketing Agency is committed to full compliance with the General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679. As a France-based agency, we take our obligations under EU data protection law seriously.
Our Commitment
We are dedicated to:
- Processing personal data lawfully, fairly, and transparently
- Collecting data only for specified, explicit, and legitimate purposes
- Minimizing data collection to what is strictly necessary
- Keeping personal data accurate and up to date
- Retaining data only as long as necessary
- Ensuring appropriate security of personal data
Your Rights Under GDPR
As a data subject, you have the following rights:
Right of Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing
Request limitation of how we process your data.
Right to Data Portability
Receive your data in a structured, machine-readable format.
Right to Object
Object to processing based on legitimate interests or direct marketing.
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: hello@theartmarketingagency.com
We will respond to your request within 30 days. We may ask you to verify your identity before processing the request. If your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on it, providing an explanation.
Data Protection Officer
Given the scale of our operations, we have not appointed a formal Data Protection Officer. However, all data protection inquiries are handled directly by our management team with appropriate expertise. For any concerns, please contact us at the email address above.
Data Processing Activities
We process personal data in the following contexts:
- Website inquiries: Contact form submissions, consultation requests
- Client relationships: Service delivery, invoicing, communications
- Marketing: Newsletter subscriptions (opt-in only), social media interactions
- Analytics: Anonymized website usage data
Third-Party Processors
We use a limited number of third-party processors, all of which comply with GDPR:
- Website hosting provider (EU-based servers)
- Google Analytics (with IP anonymization enabled)
- Email service provider (GDPR-compliant)
Data Breach Procedures
In the event of a personal data breach, we will:
- Notify the relevant supervisory authority (CNIL) within 72 hours of becoming aware of the breach, where required
- Notify affected individuals without undue delay if the breach poses a high risk to their rights and freedoms
- Document the breach and corrective actions taken
Supervisory Authority
Our lead supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL):
CNIL — 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Website: www.cnil.fr