Privacy Policy

Update: Nov 15, 2023

Last updated: November 15, 2023

This Website is owned by Art Share 002 S.A. (“Art Share 002”, the “Company”), a public limited liability company (société anonyme), incorporated and existing under the laws of the Grand Duchy of Luxembourg, having its registered office at 16, rue E. Ruppert, L-2453 Luxembourg, Grand Duchy of Luxembourg and registered with the Luxembourg trade and companies register (Registre de commerce et des sociétés, Luxembourg, the “RCSL”) under number B273672.

We understand that your privacy is important to you and that you care about how your personal data is collected, stored and used. We respect and value the privacy of everyone who visits this Website, (the "Website") and we will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

By using the Website, you consent to this policy.


This Privacy Policy ("Policy") applies only to your use of our Website. Our Website may contain links to other Websites. Please note that we have no control over how your data is collected, stored, or used by other Websites and we advise you to check the privacy policies of any such Websites before providing any data to them.

The purpose of this Policy is to provide information on the collection, storage and processing of your personal data by the Company and its affiliates, and information on the rights you have under data protection legislation.

This Policy applies to the Company as a "Data Controller" for data protection purposes. We are committed to our responsibilities under the data protection laws, including the European General Data Protection Regulation ("GDPR"), and other applicable legal provisions on the protection and privacy of personal data and data security.


"Account" means an account required to access and/or use certain areas and features of Our Website;
"Affiliates" means any entity, individual, firm, or corporation, directly or indirectly, through one or more intermediaries, controlling, controlled by, or under common control of ARTEX AG
"Cookie" means a small text file placed on your computer or device by Our Website when you visit certain parts of Our Website and/or when you use certain features of Our Website. Details of the Cookies used by Our Website are set out below;
"Data controller" means the person or entity that determines the purpose and means of the processing of the Personal Data. For the purposes of this Privacy Policy, ARTEX AG;
"Data Processor" natural or legal person, public authority, agency or other body which processes personal data on behalf of a controller;
"GDPR" the General Data Protection Regulation (EU) 2016/679 is an EU regulation on personal data protection and privacy. GDPR achieves uniformity in the data protection rules applicable to all individuals within the European Union;
"Personal Data" any information related to an identified individual or that may allow to directly or indirectly identify an individual (e.g., name, phone number, job title). Personal Data does not include any information or data related to legal entities (e.g., securities issuers);
"Processing" any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means (e.g., collection, recording, organisation, storage, consultation).


This Website and hosts the legal and regulatory information required to be published by The Company including non-regulatory information. Art Share 002 may in the course of providing such services to may also market it services and provide bespoke information and contents to its visitors. Personal information collected on our Website will be processed in accordance with this Policy.

What is Personal Data?

Personal data is defined by the GDPR as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information, such as your name and contact details, but it also covers less obvious information, such as identification numbers, electronic location data, and other online identifiers.

Sources of Personal Information

We collect personal information about you (e.g., your access, use, and/or interactions with us and our services) from certain third parties and other sources.

Such data we obtain from you may include :

  • through your interactions with us and our services;
  • through signing up to use a service, request information or receive marketing or other communications from us (e.g., marketing emails, alerts, newsletters, etc.);
  • through your system/device and use of our services;
  • through Cookies and similar technologies included in our services;
  • when you apply for an advertised job or via a third-party recruiter who provides your resume or details;
  • through your engagement with us as an independent contractor/consultant.
  • collect personal information about you from third parties such as:
  • the party or person(s) arranging for you to access our Services (e.g., your employer, subscriber, an organization, group, or association to which you belong or are associated with) in order to set up a user account or otherwise to access and/or use our services;
  • the party or person(s) arranging for you to access our Services (e.g., your employer, subscriber, an organization, group, or association to which you belong or are associated with) in order to set up a user account or otherwise to access and/or use our services;
  • partners and service providers who work with us in relation to our services;
  • companies that provide content or information to be used in our services;
  • public domain sources (e.g., sources available to the public and typically over the internet (e.g., Websites available to the general public), available in or through widely distributed media, and from government databases, records, and systems (e.g., register of UBOs, NCA registries, local trade registries, sanctions list, etc.).

To the extent that any personal information is provided to us by a third party, other than the data subject, such third parties are also responsible for their own compliance with applicable data protection and privacy laws.

Types of Personal Information We Collect

Depending upon the Services you use or your interactions with us, on the relevant Service(s), the personal information we collect may include :

Type Data How we collect
Contact Forms Such as first and last name, email address, address, phone number, Company name(s), job title and position. Email or via our Website
Employer and Professional Level data Such as the names of your current and/or former employers, job title(s), business contact information, industry, certifications, etc. Email or via our Website
Educational data Professional qualifications and educational history. Email or via our Website
CCTV, Images and/or Photographs If you visit or work from our offices or attend one of our events, we sponsor or organise. Office premises
Special categories of data or sensitive personal information information on health/disabilities or religion, as it relates to your use of or access to our Services or events (e.g., health/disability information relating to your access to and use of our offices or attending our events, religious information as it relates to dietary requirements for attending an event or meeting, etc.). Email or via our Website
Publicly Available Information information available:
  • on the Websites or promotional material of companies or organisations with which you are connected;
  • (ii) in news articles; or (iii) from registries such as the companies registration offices.
Email or via our Website

We do not collect any personal data relating to children.

With your permission and where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone, text message and post with information, news, and offers on our or products or services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection laws and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.

Third Parties whose content appears on Our Website may use third-party Cookies. Please refer to the Cookie Policy for more information on controlling cookies. Please note that we do not control the activities of such third parties, nor the data that they collect and use themselves, and we advise you to check the privacy policies of any such third parties.

Purposes of Processing and Legal Basis

We and third-party service providers acting on our behalf, will, in particular, use your personal data for the purpose of performing contracts between you and us (Art. 6 (1) lit. b GDPR), complying with legal and regulatory obligations (Art. 6 (1) lit. c GDPR) and in certain individual cases to pursue other compelling legitimate interests of the Company (Art. 6 (1) lit. f GDPR).

If we want to process your personal data for specific purposes that are not covered by the purposes specified above, we will request your consent in accordance with the relevant statutory requirements (Art. 6 (1) lit. a GDPR).

The lawful basis we rely on for processing this information are :

Your consent. e.g., signing up to receive legal, regulatory, marketing and promotional communications from Art Share 002 and on behalf of Issuers, and competitions administered by or on behalf of us. We only ask for your consent in relation to specific uses of personal information where we need to and, if we need it, we will collect it separately and make it clear that we are asking for consent.
We have a contractual obligation. where we have a contract with you, we will process your personal information in order to fulfil that contract (i.e., to provide you with Services).
We have a legal obligation. As a group consisting of regulated and supervised entities for investment services and money laundering, respectively we obtain, collect and process your personal data to comply with legal and regulatory obligations as applicable to ART Services, its Affiliates and Issuers.
We need it to perform a public task. (e.g., to help prevent and detect unlawful acts (e.g., money laundering, terrorism, fraud and/or other criminal activity (including, without limitation, modern slavery))).
We have a legitimate interest We have a legitimate interest in processing personal data for members, employees (including contractors), suppliers, marketing, fraud prevention, intra-group transfers and IT security purposes.

In the limited circumstances where we process sensitive personal data, we normally do so where :

  • necessary in relation to employee obligations;
  • personal data is within the public domain;
  • necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
  • processing is necessary for reasons of substantial public interest, on the basis of applicable law.

Sharing your Data

We will not share any of your personal data with any third parties for any purposes, subject to the following exception(s) :

  • If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy.
  • In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
  • We may share your personal data with Affiliates for outsourcing purposes. This includes the holding company and its subsidiaries.
  • We may sometimes contract with the following third parties to supply certain products services.

If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.

If any personal data is transferred outside of the European Economic Area (the "EEA"), we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the EEA and under the Data Protection laws.

Retention of your Personal Data

We will retain personal data for a reasonable period, considering legitimate business needs to capture and retain such information as required by our internal retention policies. Information will also be retained for a period necessary to comply with legal and regulatory or country-specific regulations and requirements and in accordance with our Document Retention Schedule. By using state-of-the-art security software and certified coding and encryption processes, our IT infrastructure complies with international security standards. In addition, we have taken additional, extensive security precautions and technical and organisational measures to protect your data from loss, unauthorised access or misuse.

Disclosure of your Personal Data

We may use third-party service providers as well as associated group entities, which will receive access to your personal data to fulfil the tasks commissioned to them. Our partners are meticulously chosen and are obliged under Art. 28 GDPR to observe data protection standards. The service providers and associated group entities we may commission will process your personal data exclusively in accordance with our instructions and only to the extent required to perform the commissioned service. All employees of Art Share 002 Services and its Affiliates including the staff of the commissioned service providers have to treat your personal data confidentially.

Where personal data is transferred to non-EEA jurisdictions, stringent policies are implemented. See Non-EEA Transfers of Personal Data.

We might furthermore be obliged to pass your personal data to such other recipients as authorities to fulfil statutory reporting obligations.

Non-EEA Transfers of Personal Data

Personal information may be transferred, accessed and stored globally as necessary for the uses stated above in accordance with this Policy, and in compliance with local regulations.

Personal Data may be transferred to or processed in locations outside of the European Economic Area (EEA), some of which have not been determined by the European Commission to have an adequate level of data protection. In that case, for personal data subject to European data protection laws, we take measures designed to provide the level of data protection required in the EU, including ensuring transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission or another adequate transfer mechanism. The Company and its Affiliated entities have entered into intragroup transfer agreements based on the Standard Contractual Clauses (where applicable), which allows for the processing and transfer of personal data and have a legitimate interest.

Where we receive requests to disclose personal data from law enforcement or regulators, we carefully validate these requests, including reviewing the legality of any order and challenging the order if there are grounds under the law to do so before any personal data is disclosed.

How and Where Do You Store or Transfer My Personal Data ?

We will store your personal data within the EEA. The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the EU GDPR and/or to equivalent standards by law. Transfers of personal data to the UK from the EEA are permitted without additional safeguards. We store some or all your personal data in countries outside of EEA. These are known as "third countries". We will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within Lichtenstein and under the Data Protection Law as follows :

  • We will only store or transfer personal data in or to countries that are deemed to provide an adequate level of protection for personal data.
  • We will use specific approved contracts which ensure the same levels of personal data protection that apply under the GDPR.

Summary of Cookies Policy

Our Website uses cookies. We use cookies to gather information about your computer for our services and to provide statistical information regarding the use of our Website. Such information will not identify you personally – it is statistical data about our visitors and their use of our Website. This statistical data does not identify any personal details whatsoever. We may also gather information about your general Internet use by using a cookie file. Where used, these cookies are downloaded to your computer automatically. This cookie file is stored on the hard drive of your computer, as cookies contain information that is transferred to your computer’s hard drive.

They help us to improve our Website and the service that we provide to you. All computers have the ability to decline cookies. This can be done by activating the setting on your browser which enables you to decline the cookies. Please note that should you choose to decline cookies; you may be unable to access particular parts of our Website. Where we work with advertisers on our Website, our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on advertisements on our Website.

You can toggle your cookie preferences on our Website using the CookieBot widget.

Your Data Protection Rights

  • Your right to be informed about our collection and use of your personal data. This Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details below.
  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
  • Your right to be forgotten – You have the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details below.
  • Right to withdraw consent: The right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of our use of your personal information prior to the withdrawal of your consent
  • the accuracy of the personal data is contested;
  • the processing is unlawful but you object to the erasure of the personal data; or
  • we no longer require the personal data, but it is still required for the establishment, exercise or defense of a legal claim.

These rights are not absolute, and they do not always apply in all cases. For more information about our use of your personal data or exercising your rights as outlined above, please contact us.

How Do I Contact You ?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details

Data Protection Officer

ART Share 002 S.A.

16, rue E. Ruppert,

L-2453 Luxembourg,

Grand Duchy of Luxembourg.

Email: [email protected]

How to Complain

If you have any concerns about our use of your personal information, you can make a complaint to us at [email protected]

You can also complain to the Liechtenstein Data Protection Commission (CNPD) of Luxembourg if you are unhappy with how we have used your data.

Commission nationale pour la protection des données

15, Boulevard du Jazz

L-4370 Belvaux

Tel. : (+352) 26 10 60-1


Changes to this Policy

We may occasionally update this Privacy Statement to reflect changes in our business or to comply with applicable law and regulations. We therefore advise you to review this statement regularly to ensure that you are updated with any changes. Any changes will be immediately posted on Our Website, and you will be deemed to have accepted the terms of the Policy on your first use of Our Website following the alterations. We recommend that you check this page regularly to keep up to date.

Contact us