Privacy Policy

Artspark Art Consultants (hereinafter “Artspark”) is a start-up business, established in 2020, operating initially as the extension of Nitra Galleries and comprised, today, of a small team of curators, consultants, architects and artists. Its main purpose is to provide consultancy services regarding Art in hotels and to deliver high-end design projects. On that end, Artspark takes private information seriously and, therefore, it has formed the present policy not only in compliance with the General Data Protection Regulation but also out of inherent respect of the right in privacy, as a key-factor of its business mentality.

The present Privacy Policy aims at providing all the necessary information regarding the private data processing procedure, in the context of using Artspark website (hereinafter the “Site”), including the data shared by the user himself or gathered by his interaction with the Site. To be more specific, hereby you can find information such as which data of yours does Artspark collect and how they are used, the recipients of your data, the retainment period, the purpose of their processing, your privacy rights to be exerted and who to revert to in case of a data incident. So, please read carefully this private policy, since it is essential for your own protection as a private data subject.


Some of the terms used in this policy have a legal meaning as specifically defined in Article 4 of the new General Data Protection Regulation (learn more).

Here are some of the basic terms you will need to know:   

  • Personal data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
  • Processing” means any operation or set of operations carried out with or without the use of automated means on personal data. It includes, but is not limited to, the collection, recording and organization of personal data.
  • Consent” means any freely given, specific, explicit and informed indication of intent by which a natural person signifies his or her agreement, by means of a statement or explicit affirmative action, to the processing of his or her personal data.
  • Data Controller” means the natural or legal person, or public authority, or agency or other body which determines the purposes and means of the processing of personal data.
  • Data processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
  • Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access of personal data transmitted, stored or otherwise processed.
  • Current legislation“: the relevant national and EU legislation on personal data protection, in particular the General Data Protection Regulation (EU) 2016/679 (hereinafter “GDPR”), the Greek Law 4624/2019, as applicable, as well as the Decisions, Directives and Opinions of the Greek Data Protection Authority.

Furthermore, the collection and processing of personal data is governed by the following principles, according to the new General Data Protection Regulation, which on our end we apply at all stages of the processing procedure, i.e., we conform with:

  • Legitimacy, objectivity and transparency
  • Purpose Limitation
  • Accuracy
  • Limitation of the storage period
  • Integrity and confidentiality

Which personal data do we process?

The personal information that we process is related to the scope of our services provision and your interaction with our Site. In any way, if you are an interested party that either wishes to benefit from our consultant services, or wishes to cooperate with us, we only process the information that you disclose to us under these circumstances and in the context of fulfilling our obligations towards you, arising from each professional relationship.

In particular, we collect your name, your phone number, your e-mail address and whatever information you disclose to us via telephone or in your message if you choose to make use of the automated communication form appearing on our Site. In such case of contacting us, your personal data collected through this form will be used exclusively for the needs of information, communication and processing of your inquiries regarding the services provided by us and will not be further transmitted to third parties. Furthermore, in the case you wish to register to our newsletter list, we inform you that the personal data of yours that we gather are your name and e-mail. 

Minors are not allowed to access the services of our Site. If, however, underage users voluntarily visit our Site and their minority cannot be verified in any way, then we cannot be held responsible.

In view of the above, we notify you that upon your visiting our Site we automatically collect information about how you make use of our services, such as the website that linked you to us, the date of your visit, or the frequency and duration of your activities on our Site. In addition, our servers, logs and other technologies automatically collect certain information to help us administer, protect and improve our services. In particular, the obtained information contains cookies, IP addresses, referrer headers, browser data and browser version identification data, as well as web beacons and tags. For further notice, please read carefully our Cookies Policy that constitutes an integral part of the present Privacy Policy. We share personal information with third parties only in accordance with this policy or applicable law.

How do we use your personal data?

  • We collect your name and contact data, if you register at our newsletter & for promotional purposes on the legal basis of your expressed consent.
  • Same as before, we collect your name and contact data for providing preliminary information about our consultancy services on the legal basis of your expressed consent.
  • We collect device information, such as the web browser type and the language you use on the scope of improving our Sites performance thus setting default options (such as language) on the legal basis of the legitimate interest of our business.
  • We also collect information about your computer, your visits and the use you are making of our Site (e.g., your IP address, your geographic location, your browser, how you access our Site, the duration of your visit and the number of page views) for statistical purposes on the legal basis of the legitimate interest of our business.

In this point, we stress that we only collect and generally process the data that is absolutely necessary, relevant and appropriate for the purpose of each processing.

Providing Expressed Consent

By browsing our Site or subscribing to our newsletter list, you provide us with your explicit consent to the processing of your personal data, pursuant to the terms of this Policy. Your consent is given freely and can be revoked anytime as easy as it was given.

The recipients of your personal data

As of standard practice, we do not share your personal data with third parties unless it is necessary for the operation of the Site or if you consent to such disclosure. Indicatively, we may share your data with the following recipients:

  • Our curators, consultants, architects and artists, other employees, agents, cooperators and in general whoever holds a professional relationship with us.
  • Professional service providers, such as marketing agencies, advertising partners and website administrators who contribute to the operation of our Site.
  • Well-established service providers approved by you, such as social networking sites.

We do not disclose your personal data to third parties outside the European Union in countries where there is no appropriate data protection regime. However, should such a data transfer need to take place, the transfer to third countries will be made in accordance with the requirements of Regulation (EU) 2016/679 and any implementing Greek law and only in full compliance with applicable law.

The duration of personal data retainment

We will keep your personal data for a predetermined and limited period of time, depending on each purpose of processing, after which the data are deleted and/or securely destroyed, unless a different retention period is provided or permitted by applicable legislation. We may continue to retain your personal data even after the completion of the relevant purpose of processing, respecting the principle of proportionality and only on the basis of “absolute necessity of knowledge” to comply with legal or regulatory requirements, resolve disputes, or prevent fraud and abuse.

Taking appropriate technical and organizational measures

On our end, we have taken all the appropriate security measures in order to prevent accidental loss of personal data or to prevent unauthorized access. In addition, we have procedures in place to deal with any data security breaches. In particular, we have taken every organizational and technological precaution to prevent the loss, misuse or alteration of the users’ personal information. We store all personal data provided by users on secure cloud servers protected by passwords and firewalls. Furthermore, we use Https secure connection technology.

However, the user acknowledges that sending information over the internet presents inherent security problems and for that reason Artspark cannot guarantee the security of data transmitted over it. Therefore, we prevent you from disclosing sensitive personal information online. Likewise, please note that we cannot guarantee the security of data, information, etc. received by e-mail.

Privacy Rights

We inform you that you can exert the right to:

  • Access to your data: Τhe right to request access to your personal data, in accordance with Article 15 of the GDPR. By requesting access, you can be informed of the categories of your personal data that we hold and process, the purposes of their processing, the categories of recipients to whom the data have been or will be communicated, the period for which they will be stored, the existence of a right to rectification or erasure of data or restriction of their processing or a right to object to their processing.
  • Correction of your data in case of inaccuracy: Τhe right to demand the correction of inaccurate data as well as the completion of incomplete data concerning you, by presenting any necessary document showing the need for correction or completion pursuant to Article 16 of the GDPR.
  • Erasure of your data: In the cases that you no longer wish your personal data to be processed and maintained, you have the right to request their deletion, provided that the data are not kept for a specific legitimate and stated purpose, in accordance with Article 17 of the GDPR.
  • Restriction of your data processing: Τhe right to request the restriction of the processing of your personal data, under the conditions of Article 18 GDPR.
  • Object to your data processing: Τhe right to object at any time and on grounds relating to your particular situation to the processing of personal data relating to you where the processing is based on Article 6 para. 1(e) or (f) of the GDPR.
  • Transfer of your data to another entity: Τhe right to receive or request the transfer of your data, in unreadable form, from us to another controller, if you wish, pursuant to Article 20 GDPR.
  • Complaining to the Data Protection Authority in the event of an unfortunate incident of data breach

We will evaluate and respond to your afore-mentioned requests/claims within one month of receipt, deadline that may be extended for an additional two-month period in exceptional circumstances depending on the nature and complexity of the claim.

The exercise of any of the rights described above can take place by contacting us via email at: or via telephone at: +30 213 043 6697.

You may submit an access request free of charge, however, depending on the personal information you request, we may charge a fee to cover the cost of providing details of the information we keep. We will notify you of the possibility of such charges upon receipt of your access request and will await your confirmation to proceed and pay this fee.

In the case you wish to complain for our handling of your personal data, you have the right to contact the competent supervisory authority.

The competent supervisory authority is the Hellenic Data Protection Authority (DPA), which is located at 1-3, Kifissias Street, Athens, P.C. 11523, tel. 2106475600 and by email

Update of Privacy Policy

The Site may need to update this Policy by posting a new version on the Site or in connected applications.

The user is expected to check this page regularly to ensure that it complies with any changes to the terms of this Policy. Artspark may notify users of changes made to this Policy either by email or through notifications that will appear on our Site.


In the case you have further questions or comments regarding this policy, do not hesitate to contact us at or use the contact form on our Site.