Skip to main content

Legal

Privacy Policy

Last updated: April 2026. This document is provided for transparency and does not constitute legal advice.

This Privacy Policy explains how personal data flows through the Mécène platform at mecene.art and what rights individuals have in connection with that data. Please read it alongside the privacy notice provided by the organiser who invited you to an event.

Our Role

[COMPANY NAME TBC] operates as a data processor, not a data controller, for the personal data of guests and attendees managed through the platform. The art galleries, foundations, auction houses, and other organisations that use Mécène to run their events are the data controllers. They determine why your data is collected and what legal basis applies. If you have a question about how your personal data is used in connection with a specific event, your first point of contact should be the organiser.

Where Mécène does act as a controller (for example, in managing the accounts and billing information of subscribing organisations), this Policy also covers that limited processing.

What Data Is Processed Through the Platform

When an organiser uses Mécène to manage an event, the platform may process on their behalf: your name and contact details, dietary requirements and food allergies, your tier or relationship classification within the organiser's guest programme, private relationship notes entered by the organiser, your attendance history across events run by that organiser, and any responses you provide when accepting or declining an invitation.

Payment card data is never processed or stored by Mécène. Ticketing payments for public events are handled entirely by a third-party payment processor, and card details go directly to that processor and never pass through Mécène's systems.

Why and How Long Data Is Retained

Personal data processed on behalf of an organiser is retained for the duration of their active subscription and for twelve months following its end. After that period, data is either returned to the organiser or securely deleted. Organisers may request earlier deletion at any time using the platform's erasure tooling, which anonymises records while preserving audit log integrity.

Where Mécène processes organiser account data in its capacity as a controller, that data is retained for the duration of the contractual relationship and for such period thereafter as is required by applicable law or legitimate business need.

Your Rights

Under the UK GDPR and EU GDPR, you have the right to request access to your personal data, to request its correction or erasure, to object to processing, and to receive a portable copy of your data. Because Mécène processes your data on the instructions of an organiser who is the controller, the most effective route for exercising these rights is to contact that organiser directly.

If you are unable to identify the organiser or your request is not resolved, you may contact Mécène at hello@mecene.art and we will assist where we are able to do so, including by forwarding your request to the relevant organiser.

You also have the right to lodge a complaint with the Information Commissioner's Office in the UK, or with the supervisory authority in your EU member state of residence.

Cookies

The Mécène platform uses session cookies only. These are strictly necessary for authentication and platform operation and are deleted when you close your browser. We do not use tracking cookies, behavioural advertising cookies, or third-party analytics cookies. No personal data is shared with advertising networks.

Contact

For privacy enquiries: hello@mecene.art. For security disclosures: security@mecene.art.