Privacy Notice

1. Introduction Hermetic Arts, also referred to as Hermetic Arts, respects your privacy and is committed to handling personal data in a transparent, lawful, and secure manner. This Privacy Notice explains what personal data may be collected through the platform, how it may be used, why it may be used, who it may be shared with, how long it may be retained, and what rights individuals may have in relation to their information. Hermetic Arts is a brand associated with the platform. Unless otherwise stated for a specific processing activity, the platform is operated by IAF Tech Development. The Hermetic Arts brand and certain associated intellectual property are owned by IAF Design. This notice describes how personal data is handled in relation to the current platform experience and should be read together with any more specific notices presented in a relevant product flow. 2. Scope of This Notice This Privacy Notice applies to personal data collected through: the website the web application account registration sign-in and account management flows public profile interactions contact and enquiry routes messaging features where enabled booking and payment-related features where enabled support, moderation, legal, compliance, and security processes other related interactions with the platform 3. Who Controls Personal Data Operating entity: IAF Tech Development Brand / IP owner: IAF Design IAF Tech Development operates the platform. IAF Design owns the Hermetic Arts brand and certain associated intellectual property. Where a specific feature, service, or legal arrangement involves another controller or a joint arrangement, that should be made clear in the relevant flow or notice. 4. Personal Data We May Collect Depending on how you use the platform, we may collect and process categories of personal data such as: Account and identity information name display name email address login credentials and account identifiers role or account type Profile and participation information profession, specialties, portfolio-related information, biographical details, and other submitted profile content account preferences onboarding or role assignment information Communications data messages, enquiries, support requests, replies, and moderation-related communications where relevant Transactional and service-related information bookings, orders, service requests, payment status information, payout-related details, and related operational records where relevant and enabled Technical and usage information IP address browser/device data session and login records access timestamps audit and security logs usage events and diagnostics Cookie and preference data information collected through cookies and similar technologies as explained in the Cookie Notice 5. How Personal Data May Be Collected We may collect personal data: directly from you when you register, sign in, complete forms, contact us, apply for roles, or use platform features automatically when you use the website or app from communications or support interactions from payment, verification, hosting, analytics, messaging, or other service providers where relevant from moderation, compliance, fraud-prevention, or security monitoring activities where necessary and lawful 6. Why We Use Personal Data We may use personal data for purposes such as: creating and managing accounts providing access to platform features showing public profile content where appropriate enabling discovery, communication, services, bookings, and related features processing operational, transactional, or support activities maintaining security, audit trails, and access controls detecting fraud, abuse, misuse, or unauthorised activity responding to legal, regulatory, or rights-related matters improving platform functionality, stability, and user experience communicating important service, legal, or account notices 7. Lawful Bases Where UK GDPR or similar law applies, we may rely on lawful bases such as: performance of a contract compliance with legal obligations legitimate interests, where those interests are not overridden by the rights and freedoms of individuals consent, where consent is required establishment, exercise, or defence of legal claims where relevant The precise lawful basis may vary depending on the type of data and the processing activity involved. 8. Who Personal Data May Be Shared With We may share personal data where appropriate with: hosting and infrastructure providers authentication and security providers analytics providers where enabled payment and transaction providers where relevant messaging, notification, or communications providers professional advisers, auditors, insurers, or legal representatives courts, regulators, law enforcement, or other authorities where required or justified by law internal teams, role-holders, or authorised personnel on a need-to-know basis We do not share personal data arbitrarily. Access and disclosure should be limited to what is reasonably necessary for the relevant purpose. 9. International Transfers If personal data is transferred outside the UK or outside another applicable jurisdiction, appropriate safeguards should be used where required by law. Where material international transfers apply to a specific platform flow or provider arrangement, the relevant notice or provider terms may describe the safeguards used. 10. Retention We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including: platform operation account administration legal and regulatory compliance audit and security needs dispute handling fraud prevention enforcement of rights and agreements Retention periods may vary depending on the type of data, the feature involved, legal obligations, and operational needs. 11. Security We take steps intended to protect personal data through technical and organisational measures appropriate to the nature of the platform and the risks involved. These measures may include access controls, authentication safeguards, logging, role-based permissions, monitoring, review processes, and other security measures as implemented from time to time. No method of transmission or storage is guaranteed to be completely secure, but we aim to apply reasonable and proportionate safeguards. 12. Your Rights Where applicable, you may have rights in relation to your personal data, including the right to: request access request correction request deletion in certain circumstances request restriction of processing in certain circumstances object to certain processing in certain circumstances withdraw consent where processing is based on consent complain to the relevant supervisory authority if you believe your rights have been infringed The exact scope of these rights depends on applicable law and the circumstances of the processing. 13. Children The platform is not intended to be used in breach of applicable age or legal eligibility requirements. If we become aware that personal data has been collected in a way that should not have occurred under the applicable rules of platform use, we may take appropriate steps to review, restrict, or remove that data. 14. Changes to This Notice We may update this Privacy Notice from time to time to reflect changes to the platform, the law, the relevant entities, or the way personal data is processed. Where appropriate, updates may be brought to users' attention through the website, the app, or other suitable communication methods. 15. Contact and Complaints Privacy and data protection enquiries should be directed through the official privacy or legal contact route made available by the platform. For privacy and data protection enquiries, please use the platform's Help or Contact route unless a more specific contact method is shown in the relevant product flow or notice.