Privacy Policy

Privacy Policy – Timothy Taylor Ltd


1. Introduction and general terms


Timothy Taylor Limited, a company registered under company number 02946842 (“Timothy Taylor”, “we”, “us” or “our” in this policy), forms part of an international commercial gallery representing artists worldwide, and operating in New York and London.


If you have any questions or comments about this privacy policy please contact us via:


Telephone: 0207 4093 344




Timothy Taylor is committed to protecting and respecting your privacy. This policy explains the basis on which personal information we collect from you will be processed by us. Where we decide the purpose or means for which Personal Data you supply through these Services is processed, we are the “data controller” for the General Data Protection Regulation 2016/679.


This policy explains the following:


  • What information Timothy Taylor may collect about you;
  • How Timothy Taylor will use information we collect about you;
  • Whether Timothy Taylor will disclose your details to anyone else; and
  • Your choices and rights regarding the personal information you have provided to us.

Our Services may require the use of third parties. These third party websites may have their own privacy policies and we recommend you to review them. We do not accept any responsibility or liability for the privacy practices of such third parties and your use of them is at your own risk.


2. What information will Timothy Taylor collect about me?

We collect and process the following information which may include your Personal Data.


Information provided by you when using our Services


You may give us information about you by filling in forms when using our Services, singing up to our newsletter or contacting us with enquiries. Such information can include:


  1. Identity and contact data: including your name, username, address, telephone number and e-mail address; and
  2. Profile Data: including artwork information, artworks owned, requested, offered, reserved, purchased, consigned and details of artwork invoices.

(“Personal Data”).

Payment Information

In order for you to use all the functions of our Services we may collect payment information from you including your credit card number and bank account details. In collecting the information, we provide a sales invoice via a URL link that requires a 2 factor authentication.

Information about you collected from Third Parties

We may collect Personal Data about you from third party service providers. This includes information to check your identity and prevent fraud or other illegal activities.

As you interact with our website, we may automatically collect data about your browsing activities. We use cookies to collect and log analytical information such as your internet protocol (IP) address.

3. Data Sharing

We may share your Personal Data with our US office based in New York. Whenever we transfer your personal data outside of the European Economic Area (EEA) to our US office, we ensure that we have standard contractual clauses in place as a safeguard for this transaction.

We may also share your Personal Data with third parties who provide us with logistics and payment processing services (set out below), only in the ways that are described in this privacy policy. If you would like to find out more about how the third parties listed in this policy use your information, this should be set out in their respective privacy policies.

We keep your information confidential, but may disclose it to our personnel, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this privacy policy. However, this is on the basis that they do not make independent use of the information, and have agreed to safeguard this information.

In addition, we may disclose your information to the extent that we are required to do so by law (which may include to government bodies and law enforcement agencies); in connection with any legal proceedings or prospective legal proceedings; and in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention).

4. How we will use information we collect about you and who will we share it with

Providing the Services to you as a prospective or existing client

We may legally use and retain your Personal Data where we need to perform the contract we are about to enter into or have entered into with you, such as:

  • For registering you as a new client;
  • Processing purchases including any shipping details for delivery of the artwork; and
  • Keeping track of loan and consignment agreements;

We may also legally use and retain the Personal Data you provide to us when requesting our Services, to pursue our legitimate interest of providing our Services to you, such as:

  • Keeping track of artworks offered to you in order to understand your preferences and purchase history and allow us to offer relevant artwork to you when it comes in;
  • Responding to your enquiries; and
  • Providing you with information and updates about the Services and exhibitions we offer;

We may analyse certain types of information that you submit to us for the legitimate interest of improving the Services we offer to you and to provide you with a bespoke, tailored service and art advisory and consultancy service, based on your preferences, recommendations, interests and previous purchases and location.

We may share your Personal Data with our selected third party providers and suppliers for the performance of delivering our Service under the contract between you and Timothy Taylor, including managing and storing your details (via an art management system), processing payments and delivering artwork to you in accordance with your instructions. Our third party suppliers will have their own processing terms.

Occasionally we may use the following third party payment Services providers, who will store, collect and process your payment details:

  • WorldPay
  • PayPal; and
  • Stripe
  • Coutts

Providing the Services and acting for you as an artist or prospective artist

We may legally use and retain Personal Information that we collect about you for the legitimate interest of providing a bespoke artist consultancy and representation service to you, such as:

  • Promoting and selling your artwork to relevant clients based on their preferences and previous purchases;
  • Retaining a personal profile of you and your artwork to provide clients with background information, and market your artwork accordingly;
  • Responding to your enquiries; and
  • Providing you with information and updates about our Services and upcoming exhibitions.

Compliance and prevention of Fraud and Illegal Activity

We may process Personal Data for the legitimate interests of ensuring that use of our Services is lawful and non-fraudulent, does not disrupt the operation of our Services, does not harass our staff or other individuals, and to enforce our legal rights and comply with our legal obligations, including compliance with anti-money laundering regulations (if and where applicable).

We process Personal Data for the legitimate interest of complying with HMRC requirements by retaining records of customer purchases and transactions.

Where we reasonably believe that you are or may be in breach of any of the applicable laws, we may use your personal information to inform relevant third parties such as your email/internet provider or law enforcement agencies about the content.


We use various forms of marketing to provide you with promotional materials about our Services.

We may process your contact information that you provide to us (either via our website, through business cards, through use of our Services or when signing up to our guestbook) for the purposes of marketing in accordance with our legitimate interests to send you information about gallery exhibitions and events. We may use third party email providers, such as Mail Chimp, to process these marketing emails.

We may also disclose your name and contact information to our US office in New York, mentioned above, who provide the same type of products and services, to enable them to market their products and services to you.

If you would like to be removed from this mailing list, please contact us at or click on unsubscribe at the bottom of each marketing email.

To understand how our Services are used

We use Google Analytics to understand how visitors use our website and to compile reports on website activity.

This processing is necessary for us to pursue our legitimate interest in improving our website, and providing a more relevant service to our customers. This information is not used to develop a personal profile of you.

5. Your rights in relation to Personal Data which we process relating to you

You have the following rights over the way we process Personal Data relating to you. We aim to comply without undue delay, and within one month at the latest.

Ask for a copy of data we are processing about you and have inaccuracies corrected

You have the right to request a copy of the personal information we hold about you and to have any inaccuracies corrected.

We will use reasonable efforts to the extent required by law to supply, correct or delete personal information held about you on our files (and with any third parties to whom it has been disclosed to).

Object to us processing data about you

You can ask us to restrict, stop processing, or to delete your Personal Data by contacting us at if:

  • Timothy Taylor no longer needs to process that Personal Data for the reason it was collected;
  • Timothy Taylor is processing that Personal Data because it is in the public interest or it is in order to pursue a legitimate interest of Timothy Taylor, you don’t agree with that processing, and there is no overriding legitimate interest for us to continue processing it;
  • the Personal Data was unlawfully processed;
  • you need the Personal Data to be deleted in order to comply with a legal obligations;
  • the Personal Data is processed in relation to the offer of a service to a child.

If you inform us that you would no longer like us to store or process your Personal Data then we may not be able to offer you a fully tailored, bespoke service.

Obtain a machine readable copy of your Personal Data, which you can use with another service provider

  • If we are processing data in order to perform our obligations to you, if that processing is carried out by automated means, we will help you to move, copy or transfer your Personal Data to other IT systems.
  • If you request, Timothy Taylor will supply you with the relevant Personal Data in CSV format. Where it is technically feasible, you can ask us to send this information directly to another IT system provider if you prefer.

Make a complaint to a Supervisory Authority

  • If you are unhappy with the way Timothy Taylor is processing your Personal Data, please let us know.
  • If you do not agree with the way we have processed your data or responded to your concerns, an alternative is to submit a complaint to a Data Protection Supervisory Authority.

6. Data Retention

We will hold your personal information on our systems for as long as is necessary for the relevant service or as required by law, or for accounting or regulatory purposes, or as otherwise described in this privacy policy.

7. Children

We do not knowingly solicit data from or market to children under the age of 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at We will delete such information from our files within a reasonable time.

8. Security

We will take all reasonable technical and organisational precautions to prevent the loss misuse or alteration of your personal information.

Please be aware that, although we endeavour to provide reasonable security for information we process and maintain, no security system can prevent all potential security breaches.


9. Changes


We will notify you of any changes to this policy by email, notice on the website or account message.


10. International Data Transfers


Where we transfer your data outside of the EEA in respect of the transfer to our New York office, we have agreements in place which include standard data protection clauses adopted by a data protection regulator and approved by the European Commission to ensure that appropriate safeguards are in place to protect your Personal Data. If you would like to find out more about these safeguards, please let us know by writing to