collection.direct
Log in

Security and Data Protection

We value your privacy, and it is our goal to maintain the security of our products. This page describes some steps that we are taking to address potential security issues and to help protect our products, our users, and their data.

WHERE IS YOUR DATA HOSTED?

The location where your data is hosted and stored is determined by the jurisdiction and physical location of your organisation. Some data may be hosted in Europe (EU, Switzerland, UK), the United States of America or CIS countries, but always compliant to similar legal and security conditions. In the case of customised solutions, products and data may be placed in any jurisdiction, subject to agreement with the customer and end user, if this does not conflict with legislation and legal obligations. Some of our subcontractors (in terms of communication and marketing) generate data flows to the United States. Nevertheless, these flows are governed by the standard contractual clauses of the European Commission and additional security measures such as strong data encryption have been put in place. These transfers therefore take place under the conditions of legal and technical security required by law.

WHICH SECURITY MEASURES DO WE IMPLEMENT TO PROTECT YOUR DATA?

Collection Direct Sp. z o. o. takes measures to ensure that the security of the personal data it processes is adapted according to the sensitivity of this data and the risks attached to it. To this end, the IT teams implement the requirements of the data protection policy and in particular those relating to:

  • The identification of possible cyber attacks
  • The implementation of appropriate network protection, via filtering programs and firewalls,
  • Maintaining security conditions for the various components of the infrastructure and applications, in particular the application of security updates and the upgrading of components to avoid using out-of-date or unserviceable components,
  • The strengthening of infrastructure components such as servers or workstations,
  • Regular verification of infrastructure or application vulnerabilities via monitoring and the use of technical or application vulnerability detectors,
  • Encryption of data at rest when needed and in transit,
  • The use of good security practices when developing applications, particularly for web-type applications,
  • The allocation of user rights respecting the principle of least privilege and the right to know,
  • Supervising the security of personal data and the applications accessing it, in particular through the centralization and use of logs.

If you encounter or identify any security issues with collection.direct, gallerist247, galleries.pro, artcare.one, artcare.pro or any of our products, services, mobile applications or websites, please submit the form via the Feedback option in Settings. Someone from our team will be in touch as soon as possible.

We also welcome security researchers that practice responsible disclosure and comply with our policies.