get started

Privacy Policy

Last updated: 15/03/2026

Welcome to Veralinx.art.
Protecting your privacy and your personal data is a priority for us. This Privacy Policy explains how we collect, use, store, and protect the personal data of users of Veralinx.art and its related services, including the Opera-ID web app, in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable laws.

1. Data Controller

The data controller of the personal data collected through Veralinx.art and its related services is:

Veralinx
Email: support@veralinx.art
Phone: +39 0117073295

2. Purpose of this Policy

This Privacy Policy explains:

  • what data we collect;

  • why we use it;

  • the legal bases for processing;

  • how we protect it;

  • your privacy rights;

  • how you can contact us regarding privacy matters.

3. Personal Data We Collect

3.1 Data provided directly by the user

When registering or using our services, we may collect:

  • first name and last name;

  • email address;

  • phone number;

  • postal address, where necessary;

  • company or artist studio details, where applicable;

  • images and information relating to artworks registered on Veralinx;

  • any other data voluntarily provided by the user through contact forms or support requests.

3.2 Data collected automatically

When using the website or services, we may collect technical and usage data to the extent necessary for the operation, security, and technical management of the platform, such as:

  • IP address;

  • device information;

  • browser type;

  • operating system;

  • date and time of access;

  • language settings and time zone;

  • technical access and usage logs.

Such data is not used for commercial profiling purposes.

3.3 Data collected through Opera-ID

The Opera-ID web app may use the device camera and, where requested and authorized by the user, the device geolocation in order to identify an artwork.

In this context, we may collect:

  • scan timestamp;

  • name of the registered user performing the identification;

  • captured image of the artwork;

  • geolocation of the artwork at the time of capture, where available and authorized;

  • identification logs, including:

    • artwork title, if identified;

    • the indication “NOCARD” if not identified;

    • number or level of matches against reference data;

    • technical data relating to the position and operation performed.

Opera-ID may only be used by registered users and must be used in compliance with the rights of the artwork owner or the lawful holder of the artwork.

4. Purpose of Processing

The personal data collected is processed for the following purposes:

  • to allow user account registration and management;

  • to provide the services offered by Veralinx;

  • to enable the registration, identification, verification, and traceability of artworks;

  • to handle assistance or information requests;

  • to ensure platform security and prevent misuse or fraudulent activities;

  • to improve the technical and operational functioning of the website and services;

  • to comply with legal obligations;

  • to send informational or promotional communications, only where the user has given explicit consent, if required.

5. Legal Basis for Processing

Personal data is processed on one or more of the following legal bases:

  • performance of a contract or pre-contractual measures requested by the user;

  • compliance with legal obligations;

  • legitimate interest of the controller, within the limits permitted by law, especially for security, system protection, and abuse prevention;

  • consent of the data subject, where required, for example for marketing purposes.

6. Processing Methods and Security

Data is processed using electronic tools and, where necessary, manual means, in ways suitable to ensure its security, integrity, confidentiality, and availability.

Veralinx adopts appropriate technical and organizational measures to prevent unauthorized access, loss, disclosure, alteration, or unlawful use of personal data.

Users are responsible for keeping their login credentials confidential and for using their account properly.

7. Data Retention

Personal data is stored only for as long as necessary to achieve the purposes for which it was collected, unless longer retention is required by law or necessary to protect the rights of the controller.

In particular:

  • account data is retained as long as the account remains active, unless deletion is requested and subject to legal obligations;

  • technical data and security logs may be retained for the period necessary to protect systems and manage technical operations;

  • data relating to artworks and identification services may be retained as long as necessary for the management, verification, and historical record of Veralinx services;

  • data processed for marketing purposes is retained until consent is withdrawn or for such different period as required by applicable law.

Information recorded on blockchain may, by its nature, not be modifiable or erasable.

8. Sharing of Data with Third Parties

Veralinx does not sell personal data and does not share personal data with third parties for commercial purposes without consent.

Data may be disclosed to third parties only in the following cases:

  • technical service providers, hosting providers, maintenance providers, assistance providers, or delivery partners, where necessary for service provision;

  • legal obligations or requests from competent authorities;

  • extraordinary transactions such as mergers, acquisitions, transfer of business units, or reorganizations.

Where required, such parties are appointed as data processors or act as independent controllers, depending on their actual role.

Images and data collected through Opera-ID are managed by Veralinx within the scope of the services provided and are not disclosed without a legal basis or authorization, except where required by law.

9. Transfer of Data Outside the European Economic Area

Where, for technical or organizational reasons, some data must be processed outside the European Economic Area (EEA), Veralinx will adopt the measures required by applicable law to ensure an adequate level of protection for personal data.

10. Data Subject Rights

Under the GDPR, users have the right to:

  • obtain confirmation as to whether personal data concerning them is being processed;

  • access their personal data;

  • request rectification or updating of inaccurate data;

  • request erasure of data, within the limits permitted by law;

  • request restriction of processing;

  • object to processing, where applicable;

  • withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal;

  • receive their data in a structured format, where applicable;

  • lodge a complaint with the competent supervisory authority.

To exercise these rights, users may contact:

Email: support@veralinx.art
Phone: +39 0117073295

11. Links to Third-Party Websites

Veralinx.art may contain links to external websites. These websites are managed by third parties and are governed by their own privacy policies. Veralinx is not responsible for the processing of personal data carried out by such websites.

12. Protection Against Fraudulent Communications

Veralinx will never ask users by email or SMS to disclose passwords, access codes, or other particularly sensitive information.

If you receive suspicious messages appearing to come from Veralinx, please do not reply and report them immediately to:

support@veralinx.art

13. Cookie Policy

Veralinx.art does not use profiling cookies, advertising cookies, remarketing cookies, or other tracking tools aimed at monitoring user behavior for commercial or promotional purposes.

As of the last update of this policy, the website does not use third-party tracking systems for marketing purposes and does not use user profiling tools.

The website may use only strictly necessary technical tools required for the proper functioning of the pages, browsing security, and the management of essential platform features. Where present, such tools do not serve profiling purposes and do not require prior user consent, without prejudice to the duty to provide information.

In the absence of non-technical cookies or other non-essential tracking tools, no consent banner is required. Should Veralinx introduce in the future services or tools involving profiling cookies, analytics cookies not equivalent to technical tools, or other trackers requiring consent, this policy will be updated and the necessary measures will be adopted, including, where required, an appropriate consent collection mechanism.

Users may still configure their browser to limit or block any technical cookies. However, disabling such tools may affect the proper functioning of some parts of the website.

14. Changes to this Privacy Policy

This Privacy Policy may be updated over time for legal, technical, organizational, or service-related reasons.

Any changes will be published on this page together with the updated date. Users are encouraged to review this policy periodically.

15. Contact

For any questions regarding this Privacy Policy or to exercise your rights, you may contact us at:

Email: support@veralinx.art
Phone: +39 0117073295