ARTE One — Privacy Policy

Effective date: [15 January 2026]
Last updated: [15 January 2026]

1. Introduction

ARTE One ("ARTE One", "we", "us", "our") is committed to protecting the privacy and personal data of visitors, users, clients, and business partners. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit our website or use our digital wealth platform, products, and related services (collectively, the "Services").

This Privacy Policy should be read together with our Cookie Policy, which explains how we use cookies and similar technologies.

2. Who We Are (Controller / Processor)

For the purposes of applicable data protection laws, the primary data controller is:

Arte Partners LLC, a company registered in the United Arab Emirates ("ARTE One").

Depending on the Service and your relationship with us:

  • ARTE One may act as a data controller (e.g., for platform accounts, website use, client relationship management, security, marketing).
  • ARTE One may act as a data processor where we process personal data on behalf of a client, fund, or institutional partner under a separate written agreement.
  • Certain third parties (e.g., KYC/AML providers, payment providers, brokers/custodians, fund administrators, regulators) may act as independent controllers with respect to the data they process for their own purposes.

3. Personal Data We Collect

We may collect personal data directly from you, automatically through your use of the Services, and/or from third parties (as described below). Categories of personal data may include:

A. Identity and contact data

Name, date of birth (where required), nationality (where required), email, phone number, postal address, professional title, employer/company details.

B. Account and authentication data

Username, account identifiers, passwords (stored in hashed form), multi-factor authentication data, login and access logs.

C. Financial and transaction-related data (where applicable)

Payment details (e.g., bank account/IBAN, payment confirmation references), transaction history, subscription/redemption instructions, and related records.

Where digital assets are involved: wallet addresses and transaction identifiers.

D. Compliance and due diligence data (KYC/AML) (where applicable)

Government-issued ID details, proof of address, source of funds/source of wealth information, beneficial ownership information, sanctions/PEP screening results, and other data required to comply with legal and regulatory obligations.

E. Communications

Information you provide when contacting us (email, chat, forms), support tickets, and other communications. Calls may be recorded where permitted by law and with appropriate notice.

F. Technical, usage, and security data

IP address, device identifiers, browser type, operating system, session data, pages viewed, timestamps, referral URLs, cookies and similar identifiers, and security logs (including information used to detect suspicious activity).

G. Marketing preferences

Consent records, opt-in/opt-out status, preferred communication channels.

Sensitive data: We do not intentionally collect special category data (e.g., health data) except where required by law or necessary for compliance purposes, in which case we apply enhanced protections.

4. Sources of Personal Data

We collect personal data:

  • Directly from you (account creation, forms, onboarding, communications).
  • Automatically (technical and usage data via cookies/logs).
  • From third parties, where permitted and relevant, such as:
    • identity verification and screening providers (KYC/AML),
    • payment service providers and banking partners,
    • brokers/custodians/fund administrators (where applicable),
    • publicly available sources and databases (e.g., sanctions lists) for compliance checks,
    • professional advisers and service providers supporting our operations.

5. How We Use Personal Data (Purposes)

We process personal data for the following purposes:

A. Providing and operating the Services

Creating and administering accounts; providing platform access; enabling requested features and services; managing user authentication and session integrity.

B. Client relationship management and support

Responding to inquiries; providing client support; handling complaints and disputes.

C. Onboarding and compliance (where applicable)

Conducting identity verification and due diligence; meeting AML/CFT, sanctions, tax, audit, and other legal and regulatory requirements; maintaining required records and audit trails.

D. Security, fraud prevention, and platform integrity

Protecting against unauthorised access, account takeover, malicious activity, and other security threats; monitoring, investigating, and preventing fraud; ensuring operational continuity and integrity of the Services.

E. Analytics and service improvement

Understanding usage patterns; improving performance, usability, and features; developing new services; quality assurance.

F. Communications and marketing (where permitted)

Sending service-related notices; providing updates; sending marketing communications where permitted by law and subject to your preferences and opt-out rights.

G. Legal and risk management

Establishing, exercising, or defending legal claims; enforcing agreements; conducting internal governance and risk management activities.

6. Legal Bases for Processing

Where applicable, we rely on one or more of the following legal bases:

  • Contract: processing necessary to provide the Services or take steps at your request.
  • Legal obligation: processing necessary to comply with AML/CFT, sanctions, accounting, tax, regulatory, or other legal requirements.
  • Legitimate interests: processing necessary for platform security, fraud prevention, service improvement, and business operations—balanced against your rights and expectations.
  • Consent: for certain cookies and marketing communications where required by law (you can withdraw consent at any time).

7. Profiling and Automated Decisions

We may use limited automated processes to support security, fraud prevention, and compliance screening (e.g., risk signals, suspicious activity flags, sanctions/PEP screening results). These processes are designed to protect users and the platform.

Where required by law, you may have the right to request human review of decisions that produce legal or similarly significant effects.

8. How We Share Personal Data

We may share personal data on a need-to-know basis with:

  • Group companies and affiliates, where relevant to providing Services, governance, and support.
  • Service providers acting on our instructions (e.g., cloud hosting, cybersecurity, analytics, customer support tools), subject to contractual safeguards.
  • Compliance providers (e.g., KYC/AML verification, screening, and monitoring).
  • Payment providers and banking partners for processing payments and related services.
  • Professional advisers (legal, compliance, audit, accounting).
  • Regulators, law enforcement, or courts where required by law or to protect rights and safety.
  • Successors in connection with a merger, acquisition, restructuring, or sale of assets (subject to appropriate protections).

We do not sell personal data.

9. International Data Transfers

Your personal data may be transferred to and processed in jurisdictions outside your country of residence. Where required, we implement appropriate safeguards such as contractual protections and other lawful transfer mechanisms to ensure an adequate level of protection.

10. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including:

  • maintaining your account and providing Services,
  • meeting legal and regulatory obligations (including recordkeeping and audit trail requirements),
  • resolving disputes and enforcing agreements,
  • security monitoring and fraud prevention.

Retention periods may be extended where required by law or where necessary to establish, exercise, or defend legal claims.

11. Data Security

We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. Security measures are reviewed and enhanced in line with evolving risks and industry practices. No system is completely secure; however, we maintain safeguards proportionate to the nature of the data and the risks involved.

12. Your Rights

Depending on your jurisdiction, you may have rights to:

  • access your personal data,
  • correct inaccurate or incomplete data,
  • request deletion (subject to legal retention obligations),
  • restrict or object to processing,
  • request portability of certain data,
  • withdraw consent (where processing is based on consent),
  • opt out of marketing communications at any time (via unsubscribe links or by contacting us).

You may also have the right to lodge a complaint with a data protection authority where applicable.

13. Cookies and Similar Technologies

We use cookies and similar technologies to operate and improve the Services. Please refer to our Cookie Policy for more information and your choices.

14. Children's Privacy

Our Services are not directed to minors, and we do not knowingly collect personal data from minors.

15. Jurisdictional Notice

ARTE One operates as a global wealth platform and may provide access to its website and Services to users located in multiple jurisdictions. The application of data protection laws may therefore vary depending on your place of residence, nationality, or the ARTE One entity with which you interact.

European Union / United Kingdom

Where applicable, ARTE One processes personal data in accordance with the General Data Protection Regulation (GDPR) and, in the United Kingdom, the UK GDPR and related data protection legislation. References in this Privacy Policy to data subject rights, legal bases for processing, and international data transfers are intended to reflect these frameworks where applicable.

United Arab Emirates

Where applicable, ARTE One processes personal data in accordance with relevant UAE data protection laws, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data, as amended, and applicable implementing regulations.

United States

Where applicable, ARTE One processes personal data in accordance with applicable U.S. federal and state privacy laws. Certain rights described in this Privacy Policy may not apply uniformly across all U.S. jurisdictions. ARTE One does not sell personal data as defined under applicable U.S. privacy laws.

Other Jurisdictions

For users located outside the jurisdictions listed above, ARTE One applies data protection standards designed to be consistent with recognised international best practices, taking into account local legal requirements where applicable.

Nothing in this Privacy Policy is intended to create additional rights or obligations beyond those required under applicable law. Where local laws impose stricter requirements, ARTE One will comply with such laws to the extent applicable to its activities.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version on our website and update the "Last updated" date.

17. Contact

For privacy-related questions or requests, please contact:

privacy@arte-one.com

ARTE Partners LLC, Bay Square BB12, Business Bay, Dubai UAE