Privacy Policy
Last updated: 10 June 2026
Effective: 10 June 2026
This Privacy Policy explains how UK Creative Ideas Limited (“we”, “us”), operator of art.art (the “Site”) — the official website of the .ART domain extension — collects, uses, shares and protects personal data. It meets the EU GDPR, the UK GDPR & Data Protection Act 2018, the Isle of Man Data Protection Act 2018 (Applied GDPR), the California Consumer Privacy Act as amended by the CPRA, and other applicable US state laws.
1. Who we are (controller)
UK Creative Ideas Limited, 1st Floor, 11–13 Hill Street, Douglas, Isle of Man, IM1 1EF · IoM company no. 002002V (Live · 2006 Act company; registered agent Acclaim Limited).
General contact: info@art.art
Data Protection Officer: dpo@art.art
2. Scope & jurisdictions
Applies to visitors of art.art and to anyone who contacts us, subscribes to our newsletter, or submits a story to be featured, located in the EU/EEA, UK, Isle of Man, California and the wider US, and elsewhere.
art.art is the marketing website for the .ART top-level domain. Registration of .ART domains and registrant (domain-owner) data are handled by the official registry at nic.art under its own privacy policy and are not covered here.
3. Personal data we collect
The Site has no user accounts or login. We collect:
CATEGORY | EXAMPLES | WHEN |
|---|---|---|
Contact form data | name, email, message, enquiry type | "Get in Touch" form |
Newsletter data | email address | if you subscribe |
"Be featured" submissions | your name, your .ART domain, uploaded text and images about your art/company | if you submit your story |
Communications | messages to info@art.art | if you contact us |
Technical & security | IP address, device/browser, bot-management (Cloudflare), platform session IDs (Wix) | automatic |
Analytics & advertising | usage events / identifiers — only if you consent (Google Analytics, Meta Pixel, Microsoft Clarity, X Pixel, Google Ads, via GTM) | with consent |
4. How we use your data & legal bases
PURPOSE | LEGAL BASIS (Art. 6 GDPR) |
|---|---|
Respond to enquiries / contact requests | Legitimate interests (and consent where given) |
Send the newsletter | Consent |
Review and, if selected, publish "be featured" submissions | Consent (+ contract/legitimate interests) |
Site security, fraud/abuse prevention (Cloudflare, Wix) | Legitimate interests |
Analytics & advertising | Consent |
Legal/accounting obligations | Legal obligation |
Where we rely on consent you may withdraw it any time (see Cookie Policy / "Cookie settings") without affecting prior processing.
5. Forms & consent
-
Contact ("Get in Touch") — you accept the Terms of Use and we link to this Privacy Policy; details used to answer your enquiry.
-
Newsletter — an unticked checkbox; you opt in to emails and can unsubscribe any time.
-
"Be featured" — an unticked checkbox: you confirm you own/have permission to use the materials (incl. any people shown) and agree we may feature/publish your name, .ART domain and materials.
6. Cookies, consent & tracking
We use the Usercentrics consent platform with Google Consent Mode v2. Strictly necessary and platform-essential technologies run the Site and security; analytics/advertising load only after you consent, and Google Tag Manager and its tags are not loaded before consent. We honour Global Privacy Control (GPC). Full details and how to change your choice: Cookie Policy.
7. Sharing & processors
We share personal data only with providers acting on our instructions under a data processing agreement, and where required by law. We do not sell personal data for money.
PROVIDER | PURPOSE | LOCATION |
|---|---|---|
Wix.com Ltd. | Website hosting / platform | Israel (adequacy) / US |
Cloudflare, Inc. | CDN, security, bot management | US / global |
Usercentrics GmbH | Consent management | EU (Germany) |
Google LLC | Tag Manager, Analytics, Ads (consent-based) | US |
Meta Platforms, Inc. | Meta (Facebook) Pixel — advertising (consent-based) | US |
X Corp. | X (Twitter) Pixel — advertising (consent-based) | US |
Microsoft Corporation | Microsoft Clarity — product analytics (consent-based) | US |
Sentry (Functional Software, Inc.) | Error monitoring | US |
8. International transfers
Several providers (Google, Meta, X, Microsoft, Cloudflare) are in the US; Wix is in Israel (EU adequacy decision) with US sub-processors. Transfers outside the EU/EEA, UK or Isle of Man rely on appropriate safeguards — Standard Contractual Clauses (with the UK Addendum / IoM equivalent) and, where applicable, the EU–US Data Privacy Framework. We keep data processing agreements with our processors.
9. Retention
DATA | RETENTION |
|---|---|
Contact / enquiry messages | 12 months after the matter is resolved |
Newsletter subscription | until you unsubscribe |
"Be featured" submissions | duration of the feature + 2 years, then deleted/anonymised |
Analytics | per the Google Analytics setting (default 14 months) |
__cf_bm ~30 min; Usercentrics consent record up to 12 months; advertising/analytics cookies up to ~2 years (see Cookie Policy).
10. Your rights (EU / UK / Isle of Man)
You have the right to access, rectification, erasure, restriction, portability, objection, and to withdraw consent. Contact info@art.art or dpo@art.art; we respond within one month. Supervisory authorities: EU — your national DPA; UK — ICO (ico.org.uk); Isle of Man — Information Commissioner (inforights.im).
11. California privacy rights (CCPA / CPRA)
California residents may know, delete and correct their personal information and opt out of its “sale” or “sharing”. We do not sell personal information for money; however, our use of advertising technologies (the Meta and X pixels) constitutes “sharing” for cross-context behavioural advertising under the CPRA. Opt out via the cookie banner “Reject”, our “Do Not Sell or Share My Personal Information” / “Your Privacy Choices” link, or a Global Privacy Control (GPC) signal, which we honour. We do not discriminate for exercising rights; you may use an authorized agent.
12. Other US states
Residents of Virginia, Colorado, Connecticut, Texas and similar states have rights to access, correct, delete and opt out of targeted advertising. Contact info@art.art.
13. Children
The Site is not directed to children and we do not knowingly collect children's data.
14. Security
We use technical and organisational measures (TLS/HTTPS, Cloudflare protections, platform controls). No method is fully secure; we cannot guarantee absolute security.
15. Changes & contact
We may update this policy; the “Last updated” date will change. UK Creative Ideas Limited · 1st Floor, 11–13 Hill Street, Douglas, Isle of Man, IM1 1EF · info@art.art · dpo@art.art.