BLUE POINT ART GALLERY BLUE POINT ART

DIGITAL ENVIRONMENT FOR DOCUMENTARY, EDUCATIONAL AND CREATIVE ACTIVITIES

Privacy Policy

Privacy Policy (UK GDPR / GDPR)

BLUE POINT ART LTD (“Blue Point Art”, “we”, “us”) is committed to protecting your privacy and handling personal data transparently and securely. This Privacy Policy explains how we collect, use, share and protect personal data when you interact with:

  • our website at bluepointart.uk (the “Portal”);
  • our email services (eg [email protected]) (“Email”); and
  • our in-person activities, such as exhibitions, events and workshops (“Local Services”).

1) Who we are and how to contact us

Controller: BLUE POINT ART LTD Registered office: 4th Floor Silverstream House, 45 Fitzroy Street, London, W1T 6EB, United Kingdom Data protection contact: Jaroslaw Solecki Email: [email protected]

2) IPFS hosting and what this means

The Portal is a static website hosted on IPFS and delivered via our domain using Cloudflare. We do not operate an application server that stores visitor accounts or maintains traditional server-side session logs.

Important note about IPFS: IPFS is a distributed network. We can update the content served via our official domain and can remove (“unpin”) content from systems under our control. However, copies of public content may exist on third-party nodes or gateways. Where you request removal or correction, we will update or remove content under our control and take reasonable steps to reduce further distribution.

3) What personal data we collect

A. Information you provide

  • Contact details (name, email address, phone number)
  • Enquiry details and correspondence (messages sent via email or contact forms, if used)
  • Event/workshop information (registration details and attendance)
  • Accessibility information you choose to provide (where relevant to event delivery)
  • Billing/shipping details where you purchase publications or services (if applicable)

B. Information collected automatically (Portal)

To keep the Portal reliable and to understand how pages perform for visitors, we use Cloudflare Web Analytics and Real User Measurements (RUM). These services may process technical information such as:

  • approximate location (derived from IP), device type, browser and operating system;
  • page URLs visited and referrer information;
  • performance and experience metrics (eg page load timing, rendering and responsiveness);
  • security-related telemetry to protect the Portal from abuse.

We use this information to:

  • monitor performance and improve user experience;
  • understand usage trends at an aggregate level; and
  • maintain the security and integrity of the Portal.

We do not use this information to create personalised advertising profiles.

4) Why we use your data and lawful bases

We use personal data only where UK GDPR allows it. The main purposes and lawful bases are:

  1. Responding to enquiries and communications (Email / Portal forms if used) Lawful basis: Legitimate interests (to respond and provide information) and/or steps prior to entering a contract where relevant.

  2. Delivering exhibitions, events, workshops and learning activities (Local Services) Lawful basis: Contract (to deliver what you register for) and/or legitimate interests (programme administration).

  3. Publishing, documentation and dissemination of project outcomes Lawful basis: Legitimate interests (cultural/educational dissemination). Where we publish identifiable images/video or personal attribution beyond what is reasonably expected, we will seek consent or provide an appropriate opt-out where feasible.

  4. Website performance measurement and improvement (Cloudflare Web Analytics / RUM) Lawful basis: Legitimate interests (to ensure the Portal performs well and improves over time).

  5. Security, fraud prevention and service reliability (Cloudflare services) Lawful basis: Legitimate interests (protecting the Portal and users).

  6. Legal and regulatory compliance Lawful basis: Legal obligation and/or legitimate interests.

  7. Marketing / newsletters (if you opt in) Lawful basis: Consent (you can unsubscribe at any time).

We do not use automated decision-making that produces legal or similarly significant effects.

5) Who we share data with

We share personal data only when necessary and with appropriate safeguards.

Service providers (processors):

  • Cloudflare (content delivery, security, Web Analytics and RUM for the Portal)
  • email and productivity service providers (for communications)
  • event/workshop partners and venues (only where necessary for delivery)
  • professional advisers (eg accounting/legal) where required

Legal disclosures: We may share information with authorities or regulators where required by law or to prevent fraud/crime.

6) Cookies and similar technologies

The Portal may use cookies or similar technologies that are strictly necessary for secure and reliable delivery. Cloudflare Web Analytics is designed to provide privacy-focused measurement.

If we introduce any non-essential cookies or third-party trackers in the future, we will update this policy and, where required, provide an appropriate consent mechanism.

You can also control cookies through your browser settings.

7) International data transfers (UK/EEA and beyond)

We are based in the UK and collaborate internationally. Some suppliers (including Cloudflare) may process technical data in countries outside the UK/EEA. Where this happens, we ensure appropriate safeguards are used in line with UK data protection law (for example, approved transfer mechanisms and contractual protections).

If you are located in the EEA, personal data may be transferred to the UK; current EU adequacy decisions permit this transfer (in force until 27 December 2031, subject to review/renewal).

8) Security

We use appropriate technical and organisational measures designed to protect personal data, including secure configurations, access controls, and reputable providers for delivery and protection of the Portal. No online service can be guaranteed 100% secure, but we take reasonable steps to reduce risk.

9) How long we keep your data (retention)

We keep personal data only as long as necessary for the purposes described above, including legal and accounting obligations. Typical retention periods:

  • Enquiries and correspondence: up to 24 months after last contact
  • Event/workshop registrations and attendance records: up to 36 months (or longer if required for accounting/safeguarding)
  • Publishing orders/invoices (if applicable): 6 years
  • Web Analytics / RUM data: retained according to our Cloudflare configuration and only as long as needed for performance monitoring and improvement.

10) Your rights

You have rights under UK GDPR (and, where applicable, EU GDPR), including the right to:

  • access your data
  • correct inaccurate data
  • request deletion (in certain circumstances)
  • restrict processing (in certain circumstances)
  • object to processing (particularly where we rely on legitimate interests; always for direct marketing)
  • data portability (where applicable)
  • withdraw consent at any time (where we rely on consent)

To exercise your rights, contact: [email protected].

11) Complaints

If you have concerns, please contact us first and we will try to resolve them.

You also have the right to complain to the UK Information Commissioner’s Office (ICO): www.ico.org.uk.

12) Changes to this policy

We may update this policy from time to time by publishing a new version on this page.

Last updated: 23 January 2026