English | Français | Deutsch | Italiano | 繁 | 简
Like most businesses, Christie’s holds and processes a range of information about its clients and other persons who may be interested in Christie’s services.
This privacy notice applies to Christie’s globally and explains the type of information that we process, why we are processing it and how that processing may affect you. If you live in California please also see our California Consumer Privacy Statement (CCPA Statement).If you are a resident in mainland China, please also see our Supplementary China Privacy Notice which contains additional sections that apply to you.
The privacy notice is split into the sections listed below. The Glossary section explains what we mean by “personal data,” “processing,” and other terms used in this notice.
We may update this privacy notice from time to time and will post any revised notice on this webpage. Where appropriate, we may notify you by email or by a notice on our website that our privacy notice has changed, but we recommend that you check this page regularly. Any changes will be immediately effective on posting.
- Who we are
- How and when do we collect your personal data?
- What personal data do we process and why?
- Who gets to see your personal data?
- Is your personal data transferred Internationally?
- How long do we keep your personal data?
- How do we keep your personal data secure?
- Third party websites
- Access to your data and other rights
- Contact Information
1. Who we are
The Christie’s group of companies is detailed here.
When you buy and sell in our auctions or by private sale or purchase other services or goods from us, the controller of your data will be the company or companies shown in your Seller’s Agreement, Conditions of Sale, invoice or agreement. When you take part in one of our events or attend a course or lecture in person, the saleroom or office running the course or event is the controller of your data.
The controller of data collected through christies.com, education.christies.com, our other websites and apps, online courses and object data is Christie Manson & Woods Ltd.
2. How and when do we collect your personal data?
Collection directly from you in response to our request
Most of the personal data we process about you comes directly from you (whether face to face, over the telephone, on a paper form, by email or online), for example:
- when you register to bid in an auction, agree to sell your property through Christie’s or ask us to perform a valuation;
- when you express an interest in certain types of property to one of our staff or representatives;
- when you subscribe to Christie’s catalogues, newsletters or other publications;
- when you sign up on christies.com to receive news about upcoming auctions and events relating to particular areas or complete your profile in your online account;
- when you attend a Christie’s live or digital event or participate in one of our courses.
Automatic collection when you telephone bid, call Client Services, visit our premises or our website or attend a digital event
Your voice will be recorded when you call our client service team, and when you use our telephone bidding service.
Your image may be collected by Christie’s if you attend our premises. We use CCTV at our salerooms and offices for the protection of our staff, our visitors and the property that we sell. We video our auctions for security reasons and to monitor bidding practices. Live streaming of our auctions and certain courses is available on our websites (and is also available on social media for certain auctions). Cameras and microphones recording images and sound for live streaming focus primarily on the auctioneer/presenters and Christie’s specialists but background sound and images may also be captured. Attendees should inform a member of the Front of House team if they do not wish to be filmed/recorded.
Our digital events and courses generally display and record only the presenters’ images and audio. Exceptions include discussions such as round tables, certain panels and seminars. Please contact the event organiser if you have questions about the filming/recording of a particular event or course.
As you interact with our websites, we collect data through cookies and other similar technologies together with technical data about your equipment, browsing actions and patterns. We may also receive technical data about you if you visit other websites employing our cookies. More detail is available below and in our Cookies Policy. You can change your cookies settings at any time by visiting the Cookies Settings page on our website (Cookies Settings).
Collection of data from other sources
We may obtain information about you and/or the property you own or wish to collect from other sources, for example:
- when someone informs us that you are authorised to bid on their behalf at Christie’s or collect their property;
- when someone introduces you to us (including when they use the LotFinder service to email you details of a lot that they believe may interest you);
- when we research artwork or other objects and we find information about you in sources such as newspaper articles, exhibition catalogues, public auction results and other publicly available sources, or one of our contacts gives us feedback in relation to objects or persons they have been told about;
Technical data from analytics providers, advertising networks, social media platforms, and similar applications;
- Identity, contact data and other information from publicly available sources such as company and electoral registries and companies that perform identification, anti-fraud and credit checks or screening for sanctions, anti-money laundering and/or negative media purposes.
Aggregated and special categories of data
We do not collect special categories of personal data unless it is necessary for us to do so to enable us to provide services or access.
3. What personal data do we process and why?
We have set out below the types of personal data that we process, the purposes for which we use it and the legal grounds on which we process it. The Glossary contains more information about the legal grounds for processing.
Examples of personal data
(please note that the list is not exhaustive)
Legal grounds for processing
To provide you with requested services
(for example, bidding, selling, valuations, storage, shipping, loans and loan referral, catalogue subscription, restoration, expertise)
- name, title, and contact details (including email address, postal address, telephone numbers)
- your bank account details (if we need to pay you) or payment card details or bank transfer receipt (if you need to pay us)
- the person or organisation who has introduced you, and any fee they receive
- details of the property to which the services relate
- nature of the services including contractual terms
- details of your insurance if your property remains at your risk
- financial information
- records of your communications with us (including bidding instructions recorded over the telephone or online bidding logs)
Performance of a contract
To evidence our compliance with legal requirements, (for example, knowing our clients and preventing money-laundering, payment of taxation and customs duties, anti-discrimination) and cooperate with regulators, enforcement authorities and the courts
- your date of birth, identification documents (including photo) proof of address documents and the results of identification verification checks
- the nature of your connection to an organisation (for example, your job title and whether you are a director, shareholder, partner), your source of wealth and whether you are a politically exposed person (PEP) or a family member or close associate of a PEP
- details of your past transactions (including any tax paid or tax withheld, and the source of your funds) and/or shipments (including any permits obtained or duties paid)
- any requirements relating to Christie’s obligation to make reasonable adjustments to accommodate a disability or otherwise meet your specific needs (This could include sensitive personal data. If you are a resident in mainland China, please also see our “Supplementary China Privacy Notice”.)
- any information relating to a dispute or legal proceeding
Compliance with a legal obligation
To keep you, our staff, and property on our premises secure
- CCTV images
- Contact details
To provide you with details about upcoming auctions, other events or types of property that interest you, and Christie’s wider services
- your name, email address and/or postal address
- your marketing and communication preferences (in your mychristies account, Christie’s online preference centre, or any hard copy or digital sign up)
Legitimate Interests (for clients who have previously requested or received services)
Consent (for clients who have not requested or received services but have signed up to receive Christie’s news online, at an event, by talking to a member of staff)
To create and maintain records on art objects to assist us (and, in the case of our public records including our online lot pages and online and printed catalogues and the wider public) with checks on authenticity, provenance, title and object value and prevent fraud, theft or other unlawful activities
- your interest in, possession of, or ownership (historic or current) of any relevant art object, or similar object
- allegations of fraud, theft or other unlawful activities relating to an object connected to you
- communications with the police, courts, regulators or other government or law enforcement authorities in relation to you or your object
To monitor the performance of our website and to personalise and improve your user experience
- Technical data including your internet address, your login data,
your browser type, version and operating system, time zone setting and location, browser plug-in types and versions, data obtained from cookies, web logs and other similar technologies that monitor the use of our website and deliver more appropriate advertisements on or beyond our website
- the resources you access on your mychristies account and our wider website including browsing actions, online bidding activity.
To monitor your use of our services, train our staff and improve your client or user experience
- your complaints, opinions, responses to our surveys or market research
- your voice when you call Christie’s Client Services or use our telephone bidding services
We aim to provide you with choices around marketing and advertising. You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and you have not opted out of receiving such marketing. We do not transfer your personal data to organisations who wish to use it for their own marketing promotions or other purposes.
You can ask us to stop sending you marketing messages at any time by following the unsubscribe links on any marketing message sent to you or by contacting us at any time at email@example.com.
4. Who gets to see your personal data?
Your personal data will be processed by the Christie’s company that initially receives it and may also be transferred to and processed by other companies within the Christie’s group. See “Is your personal data transferred internationally?” below for more information.
Outside the Christie’s Group
We do not transfer your personal data to organisations who wish to use it for their own marketing promotions or other purposes. Your personal data will only be shared with other organisations where it is necessary to enable us to provide you with the services you have requested (for example: we may transfer your data to our bank, payment card acquirers, shippers, warehouses, insurers, experts who help us authenticate or value property, companies that perform identification, anti-fraud and credit checks, blockchain analysis or screening for sanctions, anti-money laundering and/or negative media purposes, event venues, caterers, catalogue and direct marketing fulfilment and distribution). Where we do so it will be on the basis that these organisations are required to keep the information confidential and secure, and they will only use the information to carry out the instructed services.
Where you sell or buy an NFT or pay in cryptocurrency your data will be shared with Christie’s accepted digital wallet and cryptocurrency providers (for the most up-to-date accepted provider list please see the ‘Special Notice’ for the relevant lot you wish to bid on) as necessary to enable us to complete your sale or purchase. Please see these companies’ privacy notices for information on how your personal information will be used. Where you buy an NFT your digital wallet information will be provided to the seller in order to execute the transfer, NFT and cryptocurrency transaction information will also be made available on the blockchain.
Some of these organisations may be located in a different country to the saleroom or office who collected your personal data. See “Is your personal data transferred internationally?” below for more information.
We may need to retain and disclose certain information about you to appropriate agencies to conduct anti-money laundering and trade sanction checks, to assist with fraud and crime prevention and detection and to meet our finance and tax reporting and health and safety obligations and for research and screening services purposes. We may also need to disclose this information to our banks, insurers or auditors for the purposes of evidencing Christie’s compliance with anti-money laundering, sanctions and other relevant regulations, or to enable the bank, insurer or other regulated firm to complete its own due diligence in connection with you or your transactions.
If law enforcement or other entities, bodies or persons request disclosure of your personal data (such as your contact details or information about purchases), we will only disclose data if we are satisfied after internal review that we are legally required to do so or that disclosure is necessary to protect our rights or the rights of others and is not prohibited by law.
5. Is your personal data transferred internationally?
As a global organisation with a presence in more than 40 countries, Christie’s may in the normal course of its business transfer your personal data internationally to Christie’s salerooms, offices and representatives, and to other organisations who need to process your data in connection with the services that Christie’s provides to you (see Who gets to see my data?). Your data will be held on Christie’s servers located in the USA.
The UK, EEA countries, China and the Dubai International Finance Centre (DIFC) all require that certain safeguards are implemented where personal data is transferred internationally to countries which have not been approved by them as providing essentially equivalent data protection standards. We have approved standard contractual clauses in place to regulate the processing of personal data when it is sent outside of these countries/centres.
If you have any questions or would like further information about how we make personal data available to outside of the UK/EEA, mainland China or the DIFC please contact us (see Contact Information below).
6. How long will we keep your personal data?
We will retain your personal data for as long as is necessary to provide the relevant services, maintain business records to satisfy tax, legal and other regulatory requirements, and protect and defend against potential legal claims.
In the context of our research and records on ownership of art objects to assist with checks on authenticity, provenance and title, we will keep this data for as long as the record is relevant to our legitimate business interests and the public interest. Please be aware that we do not remove or amend property titles or provenance information once published. Christie’s catalogues and lot pages are important resources for public research, market transparency and, where relevant, supporting object value and, as such, we consider that it is in the interests of sellers and buyers and the public more generally for the published provenance of a property to remain available online to the public indefinitely. We take this approach unless required otherwise by applicable law.
7. How do we keep your personal data secure?
We understand that your personal information is important and we are committed to treating it with the utmost care and security.
We have multiple layers of security technologies and controls in our environment which safeguard your data, while at rest or in transit, from unauthorised access or disclosure. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. In addition, our colleagues receive data protection training and we have in place detailed security and data protection policies which colleagues are required to follow when handling personal information.
In an ever-altering threat landscape, we are constantly assessing our security defences to ensure your data continues to stay protected. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Third party websites
Christie’s websites may contain links to other websites not operated by Christie’s. The information you provide to us will not be transmitted to other websites, but these other websites may collect personal information about you in accordance with their own privacy notice. Christie’s cannot accept any responsibility for the privacy practices or content of those websites.
9. Access to your data and other rights
You may ask us if you have questions about the data we hold on you. Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include:
The right of access: You may request a copy of the personal data that we hold about you (a “subject access request”). If you exercise this right and we process personal data about you by automated means or as part of a filing system, once we have verified your identity and, if relevant, the authority of any third-party requestor, we are required to provide you with a description and copy of that personal data and tell you why we are processing it.
As well as your subject access right, you may have a legal right to have some or all of your personal data rectified or erased, to object to its processing, or have its processing restricted.
If you have provided us with data about yourself and the grounds for processing is Contract or Consent (see What personal data do we process and why?), you may have the right to be given the data in machine readable format for transmitting to another data controller.
If we are relying on Consent as the grounds for processing your data (see What personal data do we process and why?), you may withdraw consent at any time. This will not affect the lawfulness of Christie’s processing of your data prior to your withdrawal.
Please contact us at firstname.lastname@example.org if you would like to exercise any of your rights explained above in relation to your personal data.
Rights for California residents
If you are a California consumer, for more information about your privacy rights, please see our "California Consumer Privacy Statement".
Rights for residents in China
If you are a resident in China, please also see our “Supplementary China Privacy Notice”.
If you have any queries in relation to Christie’s processing of your personal data please contact us at email@example.com. You can also phone or email our Client Service team.
You have the right to make a complaint at any time to the applicable data privacy regulator. We would, however, appreciate the chance to deal with your concerns before you do so please contact us in the first instance using the contract details above. You can also phone or email our Client Service team.
Contact details for the UK Information Commissioner's Office are available here: https:ico.org.uk. Contact details for the French regulator can be found here: www.cnil.fr and other EU regulators here: www.edpb.europa.eu. The contact details for the DIFC can be found here https://www.difc.ae/contact-us/.
Compliance with a legal obligation - processing is necessary to ensure we comply with our legal and regulatory obligations.
Consent – you have given specific consent to the processing of your personal data.
Data Controller – the person who determines the purposes and means of processing personal data.
EEA – the European Economic Area which comprises countries that are members of the European Union and Norway, Iceland and Liechtenstein.
Filing System – a structured set of personal data that is accessible according to specific criteria.
Legitimate Interests - processing is necessary for our or a third party’s legitimate interests in carrying on, managing and administering our respective businesses effectively and properly (except where our or the third party’s interests are overridden by your own interests, rights and freedoms).
Performance of a contract – processing is necessary to carry out our contractual duties, exercise our contractual rights or otherwise perform our contract with you, or to take steps at your request to enter a contract.
Personal Data - any data relating to an identified or identifiable natural person. This can include names, user ID, location data, email addresses, photographs, job applications, purchase history, user account information, opinions, and correspondence to and from an individual.
Processing - any operation performed on personal data, such as collection, recording, storage, retrieval, use, combining it with other data, transmission, disclosure or deletion.
Public Interest – processing is necessary for the performance of a task carried out in the public interest.
Special category data - details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health and genetic and biometric data.
Last update 2022-11-23