GDPR Statement

Bartha Contemporary Ltd is the data controller for personal data collected through this website. We are registered in England and Wales (company no. 07863410) and with the Information Commissioner’s Office under registration number ZA868878.

Contact: info@barthacontemporary.com
7 Ledbury Mews North, Notting Hill, London W11 2AF

We may collect the following categories of personal data:

• Contact information — name, email address, telephone number, postal address, provided when you submit an enquiry, register as a client, or make a purchase.
• Transaction data — details of artworks purchased or enquired about, payment references (we do not store card details; payments are processed by Stripe).
• Communication records — correspondence via our contact forms and live chat.
• Usage data — aggregated, anonymised analytics about how visitors use our website (via Plausible Analytics, which does not use cookies or collect personal data).
• Marketing data — email address and name if you subscribe to our mailing list or consent to marketing communications.
• Cookies and tracking — if you accept our cookie policy, we may use Meta Pixel to deliver relevant advertising. See Section 7 for details.

We process personal data on the following legal bases under UK GDPR:

• Contract — to process purchases, manage your client account, and fulfil orders.
• Legitimate interests — to respond to enquiries, prevent fraud, and improve our services.
• Consent — for marketing emails and cookie-based tracking. You may withdraw consent at any time.
• Legal obligation — to comply with Anti-Money Laundering regulations and other legal requirements.

• Responding to enquiries about artworks and exhibitions
• Processing purchases and managing transactions
• Managing your client portal account and selected works presentations
• Sending our newsletter and event invitations (with your consent)
• Complying with AML due diligence obligations
• Improving our website and services through anonymised analytics

We do not sell your personal data. We share data only with trusted third parties necessary to operate our services:

• Stripe — payment processing (Stripe's own privacy policy applies)
• Sanity — content and data management platform
• Campaign Monitor — email marketing (if you have subscribed)
• Meta Platforms — advertising analytics (only with your cookie consent)
• Legal and regulatory bodies — where required by law

All third-party processors are bound by appropriate data processing agreements.

• Enquiries — retained for 2 years from last contact
• Client accounts — retained for the duration of the client relationship plus 6 years
• Transaction records — retained for 6 years for legal and accounting purposes
• AML records — retained for 5 years as required by the Money Laundering Regulations 2017
• Marketing data — retained until you unsubscribe or withdraw consent

We use the following categories of cookies and tracking technologies:

• Essential — session and authentication cookies required for the site to function. These do not require consent.
• Analytics — we use Plausible Analytics, which is fully cookieless and collects no personal data. No consent is required for Plausible.
• Marketing — with your consent, we use Meta Pixel to measure the effectiveness of our advertising and deliver relevant content on Meta platforms (Facebook, Instagram). This involves the setting of cookies and may process your IP address and browsing data.

You can manage your cookie preferences at any time using the Cookie Settings link in the footer. Withdrawing consent will prevent new marketing cookies from being set; it does not affect data already collected.

You have the following rights regarding your personal data:

• Right of access — to request a copy of the personal data we hold about you
• Right to rectification — to request correction of inaccurate data
• Right to erasure — to request deletion of your data (subject to legal retention obligations)
• Right to restrict processing — to request we limit how we use your data
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests or for direct marketing
• Rights related to automated decisions — we do not make solely automated decisions with significant effects

To exercise any of these rights, email us at info@barthacontemporary.com. We will respond within 30 days.

Some of our third-party service providers are based outside the UK or EEA. Where personal data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions.

If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ico.org.uk · 0303 123 1113

We would appreciate the opportunity to address your concerns directly before you contact the ICO.

We may update this statement from time to time. Material changes will be notified to registered clients by email. The current version is always available at this URL.