Privacy Policy


In this Privacy Policy (the “Policy”), we provide information about how Artrovert Gallery (Artrovert OÜ, registered at 16423872, hereinafter referred to as the “Controller”) processes your personal data on the website www.artrovert.ee.

You can communicate with the controller through the following contact details:

telephone: +372 5076807
e-mail address: galerii@artrovert.ee
address: Ristiku 10, Tallinn, Harjumaa, Estonia

What personal data do we process about you?

PurposeDataLegal basisRetention timeMay be transferable
Communication with website visitorsFirst name and surname, telephone number, e-mail addressLegitimate interestOne year after the request has been answered
Direct marketing (sending newsletters/event invitations, offering goods/services).First name and surname, e-mail address, telephone number, etc. information providedConsentUntil consent is withdrawnNewsletter solutions

To whom may we transfer your personal data?

We may disclose information about you to our employees, agents and service providers such as debt management and collection agencies and archiving service providers, as well as to legal, marketing and IT service providers and subcontractors where reasonably necessary for the purposes set out in this policy.

In addition, we may disclose your personal information if required to do so by law or in order to protect our rights or interests (including where your personal information is disclosed to others for debt recovery purposes), or if we are about to sell part of the business or assets of the company or are restructuring the company (and in doing so we are asked to disclose your personal information to a (prospective) purchaser of the business or assets or other parties involved in the restructuring).

How is your personal data processed?

Your personal data will be processed in accordance with the General Data Protection Regulation, the Personal Data Protection Act of the Republic of Estonia and other legal requirements. When determining the measures for the processing of personal data and at the time of processing, the controller shall implement appropriate technical and organisational measures, as provided for by law, to protect personal data against accidental or unlawful destruction, accidental or unlawful loss, alteration, loss, disclosure or any other unlawful forms of processing and shall take into account the risks associated with the processing of personal data.

What are your rights?

Below you will find information about your rights in relation to the processing of your personal data by the controller and how to exercise those rights. If you would like more information about your rights or if you wish to exercise your rights, please contact us at the email address set out in this policy.

  • You can contact us at any time to ask if we are processing your personal data. If we store or use your personal data in any way, you have the right to access that data. To exercise this right, please send us a written request to the email address set out in this policy. We may ask you to confirm your identity so that we can comply with your request. Please comply with the principles of reasonableness and good faith when making a request.
  • Once you have given us your consent to process your personal data, you may withdraw your consent at any time by emailing us at the email address set out in this policy.
  • You have the right to request that we correct inaccuracies in your personal data. In such a case, we may ask you to confirm that the information has been corrected.
  • You have the right to request that we delete your personal data. This right may be exercised in the cases described in Article 17 of the GDPR.
  • You have the right to request that we restrict or refrain from processing your personal data.
  • You have the right to data portability where such processing is carried out by automated means and we have obtained the data from you on the basis of your consent or for the purposes of entering into a contract. If you choose to exercise this right, we will provide you with a copy of the data you have provided to us at your request.
  • You have the right to object to the processing of your personal data in accordance with Article 21 of the GDPR.

How can you exercise your rights?

To exercise your rights, you can send us written requests, complaints or claims using the contact details provided in this policy.

We will respond to your request, complaint or demand in writing in accordance with applicable law and will make every effort to provide you with the information you need as soon as possible, but no later than thirty (30) days after receiving your request.

If, after we receive your request, complaint or claim, we have doubts about your identity, we may ask you to provide identification.

If you believe that your rights as a data subject have been or may be infringed, please contact us immediately at the email address set out in this policy. We assure you that we will inform you within a reasonable time after receiving your complaint about the progress of the investigation of the complaint and, subsequently, about the outcome of the investigation. If you are not satisfied with the outcome of the investigation, you may lodge a complaint with the supervisory authority: Estonian Data Protection Inspectorate.


You are responsible for ensuring that the information you provide is accurate, correct and complete. If there are any changes to the information you have provided, you must notify us immediately by e-mail. Therefore, we will not be liable for any loss or damage arising from your failure to provide accurate or complete personal information or to notify us of any changes to such information.

This Privacy Policy was last updated in March 2024.