Data Protection

Privacy Policy & GDPR Compliance

Delorem
CVR-nr36648805
Address. Raadhusstraede 15, 1466 København K

To ensure Delorem.com is fully compliant with the General Data Protection Regulation (GDPR), this policy incorporates the specific articles and legal principles required for a platform handling high-value assets like art.

This document specifically addresses the Rights of the Data Subject (Articles 12-23) and the Principles of Processing (Article 5).

Delorem.com | Privacy Policy & GDPR Compliance

Last Updated: April 27, 2026

Data Controller: Delorem Inc. / Delorem.com

DPO Contact: dpo@delorem.com

This Privacy Policy explains how Delorem.com ("the Company") collects, protects, and manages personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK Data Protection Act 2018.

1. Core Principles of Data Processing

In accordance with Article 5 of the GDPR, Delorem.com adheres to the following principles:

  • Lawfulness, Fairness, and Transparency: Data is processed only on valid legal grounds.
  • Purpose Limitation: Data is collected for specified, explicit, and legitimate art-transaction purposes.
  • Data Minimization: We only collect the minimum data necessary for the sale and shipping of artwork.
  • Accuracy: We take every reasonable step to ensure personal data is kept up to date.
  • Storage Limitation: Data is only kept for as long as necessary for the purpose it was collected.
  • Integrity and Confidentiality: We use high-level encryption to ensure protection against unauthorized or unlawful processing.

2. Legal Bases for Processing (Article 6)

Delorem.com processes your data under the following legal frameworks:

  • Art. 6(1)(b) Contract: Processing is necessary to fulfill the sale between the Artist and the Buyer.
  • Art. 6(1)(c) Legal Obligation: Retention of financial records for tax purposes (usually 7-10 years) and AML (Anti-Money Laundering) compliance.
  • Art. 6(1)(f) Legitimate Interests: To protect the platform against fraud, maintain site security, and provide customer support.
  • Art. 6(1)(a) Consent: For marketing communications and the use of non-essential cookies.

3. Your Mandatory Rights as a Data Subject

Under Articles 15 through 21, you have the following rights which Delorem.com facilitates:

  • Right of Access (Art. 15): You may request a "Data Subject Access Request" (DSAR) to receive a copy of all data we hold on you.
  • Right to Rectification (Art. 16): You have the right to correct inaccurate or incomplete personal data.
  • Right to Erasure / "Right to be Forgotten" (Art. 17): You may request deletion of your data when it is no longer necessary for the purposes it was collected (subject to legal retention requirements).
  • Right to Restriction of Processing (Art. 18): You may ask us to suspend the processing of your data in specific scenarios (e.g., while contesting data accuracy).
  • Right to Data Portability (Art. 20): You may request your data in a structured, machine-readable format to move to another service.
  • Right to Object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing.

4. International Data Transfers (Articles 44-49)

If Delorem.com transfers data outside the European Economic Area (EEA), we ensure a "level of protection" essentially equivalent to that within the EU through:

  • Standard Contractual Clauses (SCCs): Specific contracts approved by the European Commission.
  • Adequacy Decisions: Transfers to countries that the EU recognizes as having sufficient privacy laws.

5. Data Security & Breach Notification (Articles 32-34)

Delorem.com implements robust technical and organizational measures (Encryption, Two-Factor Authentication). In the unlikely event of a data breach that poses a high risk to your rights and freedoms, we are legally committed to notifying you and the relevant Supervisory Authority within 72 hours of becoming aware of the breach.

6. Automated Decision-Making (Article 22)

Delorem.com does not use automated decision-making or profiling that produces legal effects concerning you, unless necessary for entering into a contract or with your explicit consent (e.g., fraud detection algorithms).

7. How to Complain

If you believe Delorem.com has infringed upon your rights, you have the right to lodge a complaint with a Supervisory Authority in your country of residence (e.g., the CNIL in France, the BfDI in Germany, or the ICO in the UK).

Specific Notice for the Delorem Art Marketplace

Note to Buyers & Artists: To facilitate shipping, Delorem.com must share the Buyer's name and address with the Artist. Both parties agree, by using our platform, to process this information solely for the fulfillment of the specific order and to delete said information once the cooling-off/shipping window has closed, unless a longer retention period is required by law.

Contact our DPO: For any GDPR-related inquiries, please contact: contact@delorem.com