Effective Date: 30 November 2022
For those who reside in California, the United Kingdom or the European Economic Area, please see the end of this Policy for additional information regarding our practices.
INFORMATION SOTHEBY’S COLLECTS ABOUT YOU
Personal information is information, or a combination of pieces of information, that could reasonably allow you to be identified. As described in more detail below, we collect personal information about you from a variety of sources, including information we collect from you directly, information we collect about you from other sources, and information we collect automatically from you.
Information We Collect Directly From You
We collect information that you submit to us or provide to us on forms available on third party websites. The types of information that we collect directly from you include: personal details (e.g., name, date of birth, alias and/or avatar alias), contact details (e.g., phone number, email address, postal address), transaction information (e.g., bidding or purchase records, shipping details, information about items you purchase or wish to sell or consign), details about your collection, limited financial information (e.g., tokenized payment information in connection with your purchases, wire instructions, digital wallet details and address), username and password, user ID, unique device ID, information on forms required for certain transactions (e.g social security number), and identification information (e.g. photo ID).
We rely on the information you provide to us or that we collect or observe about your individual interactions with us, for example, if you attend a live event, sell or consign property, participate in one of our auctions, become a client, register or bid online.
Information We Collect From Other Sources
We share information within the Sotheby’s group of companies. We may collect information about you from external sources, including social media sites and data supplementation services. The types of information we collect about you from other sources include your public profile information, family relationships, and organizational affiliations. We may work to expand our customer base by acquiring names, contact data, financial information, affiliations, and demographic information from other sources such as private companies, public registers, and social media sites, where permitted by law. We may also generate information such as appraisals, profiles, and a history of our relationships with you based on the information you have provided or that we have obtained from other sources, as permitted under applicable law.
Information We Collect Automatically
We may make video recordings of our auctions, gallery spaces, and certain live events.
We record calls made to our customer care and telephone bidding lines for quality assurance, compliance purposes, and recordkeeping purposes.
We may use common data collection technologies as you visit our websites or apps or interact with our emails. For example:
– Our logs gather date, time, information about your browser and system or device configuration, information about how you interact with our digital properties, and an IP address for all visitors to our sites.
– If you have registered with us online, we use data collection technologies to collect information that indicates your individual interests in our websites, online platforms and apps, and your response to our emails and marketing campaigns.
– In general, our app will communicate data you provide about yourself, for example, registration, purchase, or bidding data, to our databases and systems. An app may, however, rely on other data collection technologies to recognize the device you use for viewing and to personalize your experience. If our app relies on additional data collection technologies that collect or use data about individual users, we will include additional notice either within the app or in a policy that accompanies it.
– We also use and allow certain other companies to use technologies that are similar to cookies (for example pixels and gifs) when we send you emails.
HOW SOTHEBY’S USES INFORMATION ABOUT YOU
Sotheby’s uses data about you for the following purposes, as permitted by applicable law:
– To manage and assure the integrity of our auctions.
– To fulfill your orders and purchases, facilitate sales or consignments, provide the services, publications, catalogs, and information you request, and manage your account, enquiries and requests and to manage your relationship with us.
– To send you information about upcoming events and content that you may be interested in.
– To improve and personalize based on your inferred interests from our website and services.
– To match online ads to your interests, arrange for Sotheby’s and other companies’ ads to reach you after you have left our sites, and help advertisers show you ads that are more relevant to your interests.
– To expand our online audiences.
– To provide, maintain, and protect our digital offerings.
– To check and verify your identity and to protect against the risk of fraud and to detect money laundering or other financial crime.
– To carry out anti money laundering checks, risk screening, crypto wallet and transaction screening and monitoring and blockchain analytics.
– To provide you (where required) with a digital wallet to enable you to receive an NFT that you have purchased.
– To protect and defend our rights and property, you, or third parties.
– To comply with legal obligations and regulations to which we are subject and cooperate with regulators and law enforcement bodies.
– To develop, improve and test certain of our products and services.
– For other purposes that we tell you about specifically when you register or provide data about yourself to us.
HOW SOTHEBY’S DISCLOSES INFORMATION ABOUT YOU
– To business partners and vendors that work on our behalf to provide services such as item shipments, mailings, customer account and technology support, secure payment processing, fraud prevention, digital marketing management, and data storage.
– To our auction partners in association with auctions.
– To consigners, sellers, buyers, customs authorities and others as needed to facilitate a consignment, sale or purchase, including to arrange the collection, delivery or shipment of property.
– To organizations we partner with to host events.
– To digital wallet and cryptocurrency providers as required to complete your sale or purchase. Please see their privacy policies for details of how they use your personal information. One such provider is Circle Internet Financial, LLC ("Circle") that provides payment processing services on Sotheby's Metaverse. Note that as part of the process of minting NFTs, your digital wallet details will be made available on the public blockchain to enable the NFT to be made available to you and will be a permanent record of the transaction, along with the details of the NFT’s you purchase.
– To law enforcement or other entities that present valid legal process or in our discretion, unless otherwise prohibited by law, to protect human safety, our rights, or the rights of others.
– To meet certain legal compliance requirements, for example under anti-money laundering laws or customs laws and regulations.
– To US, UK, EU and other domestic and overseas regulators, law enforcement agencies and authorities in connection with their duties, such as preventing or detecting crime.
– As part of a sale, merger, liquidation, or transfer of our business assets.
– We may disclose information about you to Sotheby’s International Realty, a company outside of the Sotheby’s corporate group and a business partners that we coordinate our activities with from time to time.
· YOUR CHOICES
You have a choice about and control over:
– Receiving marketing messages from us. We may contact you by email, text, or SMS messaging. You may stop email marketing by using the “opt out,” or “unsubscribe” mechanism at the bottom of our email marketing messages. In most cases, we will give you a choice about stopping just one kind of email or opting out of all email marketing from us.
– Whether your account is up to date. You may review and edit the personal information that is stored in your user account on our website (e.g., your passwords and other contact information) by visiting the “Profile” area of your account on our website or by contacting Sotheby’s via the email address at the end of this Policy. We will endeavor to respond to your request as soon as practicable. Before we are able to provide you with any information, correct any inaccuracies, or delete any information, however, we may ask you to verify your identity and to provide other details to help us to respond to your request.
–Your public profile on Sotheby’s Metaverse and Metaverse notifications. Details of your bidding activity, your collection (i.e. any lots you have won) and your saved items (i.e. saved lots) will be displayed in your public profile on Sotheby’s Metaverse if you are a Metaverse user. These details will be publicly available unless you change your settings. You will also receive notifications regarding saved items and items you have bid on. You can go to your Settings on Metaverse to change your settings in respect of the information that will be displayed as part of your public profile and the notifications you receive in relation to the Metaverse at any time.
· INFORMATION SECURITY AND STORAGE
Sotheby’s is a global company. We receive data collected locally by members of the Sotheby’s group and collect data online directly from individuals in countries around the world. We may process that data on servers globally. We have put recognized protections in place for the transfer of data from members of the Sotheby’s group in the EU to our servers in the United States (“US”).
We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. Please be aware, though, that no security measures are perfect or impenetrable. You remain responsible for protecting your username and password and for the security of information you transmit to us over the Internet.
We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
- – Maintain business records for analysis and/or audit purposes.
- – Comply with record retention requirements under the law or other relevant legal or regulatory requirements.
- – Defend or bring any existing or potential legal claims.
- – Deal with any complaints regarding the services.
- – Preserve historical records of transactions and property.
We will delete your personal information when it is no longer required for these purposes.
· CHILDREN’S DATA
Our websites are directed to adults. We do not accept children as clients or knowingly collect data about them.
· THIRD PARTY WEBSITES
Our websites may contain links to other websites not owned or controlled by Sotheby’s. Those websites may collect information about you. Sotheby’s is not responsible for their practices or content.
· HOW TO CONTACT US
Attn: Legal and Compliance Department
1334 York Avenue
New York, NY 10021
· ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
We may collect the following categories of personal information from and about you:
- Identifiers: Such as your name, email address, phone number, IP address, device identifier, online identifier, and government-issued identification numbers you provide.
- Internet activity: Such as browsing history, search history, content or items viewed, account logins, and interactions with emails, digital ads, and other communications.
- Transactions: Such as bidding and purchase records, items considered for purchase or bidding, items offered for consignment, shipping details, and events attended.
- Payment information: Such as tokenized payment information or wire instructions.
- Demographics: Such as information about your gender or age.
- Location information: Such as the addresses you provide or your general location as inferred from your IP address or other network information.
- Professional and employment information: Such as information provided on valuation or credit documents.
- Video and audio: Such as recordings of auctions or client service calls.
- Inferences: Such as our assessment of the types of art, furniture, objects or jewelry in which you may have an interest.
We share your information for the following business purposes:
- To obtain services such as item shipments, mailings, customer account and technology support, secure payment processing, fraud prevention, digital marketing management, and data storage;
- To coordinate auctions with business partners;
- To coordinate events;
- For legal and compliance purposes;
- To cooperate with law enforcement or other reasonable requests for information;
- To support potential sales, mergers, liquidations, or transfers of our business assets.
We disclose all of the categories of personal information noted above with service providers that process personal information on our behalf (e.g., data storage providers, email services, Internet service providers, and research firms), business partners (e.g., event coordinators, professional advisors and consultants), government and law enforcement entities, advertising and marketing companies, and our affiliates.
We also disclose certain personal information in exchange for services, insights, or other valuable consideration. California law treats such disclosures as “sales” even if no money is exchanged. We may disclose or sell the following categories of information to the third parties listed below:
|Categories of personal information disclosed in exchange for valuable consideration||Categories of third parties to whom this information is or was disclosed in the past 12 months|
|Identifiers||Digital advertising and analytics companies, marketing partners, social media platforms, auction partners and event co-hosts.|
|Internet activity||Digital advertising and analytics companies, social media platforms, and marketing partners.|
|Transactions||Digital advertising and analytics companies, auction partners and event co-hosts, and marketing partners.|
|Demographics||Digital advertising and analytics companies, marketing partners, social media platforms, auction partners and event co-hosts.|
|Location information||Digital advertising and analytics companies, auction partners and event co-hosts.|
|Professional and employment information||Marketing partners, auction partners, and event co-hosts.|
|Video and audio information||Auction partners and event co-hosts.|
|Inferences||Digital advertising and analytics companies, marketing partners, social media platforms, auction partners and event co-hosts.|
Residents of California have the following rights:
- Right to know. You may request that we provide you with information about the categories of your personal information that we collect, the specific pieces of personal information that we hold about you, the categories of sources from which we collected the information, our reasons for collecting and sharing the information, and the types of third parties with which we share the information.
- Right to deletion. You may ask us to delete your personal information, subject to certain exceptions.
- Right to opt out of sales. You have the right to opt out of certain disclosures of your personal information for valuable consideration. You can exercise this right through the “Do Not Sell My Personal Information” link.
- Right to be free from discrimination. You have the right to not be discriminated against for exercising any of the above-listed rights. We may, however, provide a different level of service or charge a different rate reasonably relating to the value of your personal information.
If you are a California resident and would like to exercise any of the above rights, please submit your request at email@example.com.
Please note that we may request specific information from you in order to verify your identity, and there may be circumstances where we will not be able to honor your request. For example, if you request deletion, we may need to retain certain personal information to comply with our legal obligations or other permitted purposes. We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request. If you are submitting a request through an authorized agent, the authorized agent must provide us with your signed written permission stating that the agent is authorized to make the request on your behalf. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf.
ADDITIONAL INFORMATION FOR EEA, UK, AND SWITZERLAND CUSTOMERS & VISITORS TO SOTHEBY’S SITES AND APPS
Who is responsible for your data?
If you transact in an auction or private sale in a Sotheby’s office in the EEA, UK, or Switzerland, then the Sotheby’s entity running the auction will be the data controller for that data. The name and contact details for this entity will be set out in your consignment agreement, private sale agreement, invoice, or Conditions of Business for the auction.
If you visit Sothebys.com, another Sotheby’s website (such as Sotheby’s Metaverse) or use a Sotheby’s app, then the data controller will be Sotheby’s, a US entity, and this Policy contains our contact details. Sotheby’s main establishment in the EU is Sotheby’s France. Sotheby’s in London is the Sotheby’s UK-based establishment.
What is the legal basis on which Sotheby’s relies to process your data?
On some occasions, Sotheby’s processes your data with your consent (e.g., when you agree that we may place cookies, or if you ask Sotheby’s to send you information about upcoming events).
On other occasions, Sotheby’s processes your data when we need to do this to fulfill a contract with you (e.g., for billing purposes) or where we are required to do this by law (e.g., where we have to fulfill anti-money laundering requirements). If it is mandatory for you to provide data for these purposes, we will make this clear at the time and will also explain what will happen if you do not provide the data (e.g., that we will not be able to process a bid at auction).
Sotheby’s also processes your data when it is our legitimate interests to do this and when these interests are not overridden by your data protection rights. For example, Sotheby’s has a legitimate interest in ensuring the security and integrity of our auctions, in learning about the interests and preferences of our current and prospective clients, in developing new business opportunities, in maintaining accurate business and provenance records, and in ensuring that our websites and apps operate effectively. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Sotheby’s may transfer personal information to countries outside the EEA and the UK, including to countries which have different data protection standards to those which apply in the EEA and the UK. Sotheby’s has put in place European Commission approved standard contractual clauses to protect this data. For more information on the appropriate safeguards in place, please contact us at the details above.
The way we analyse personal information for advertising and marketing purposes and for client development, risk assessment, or fraud prevention may involve profiling, which means that we may process your personal information using software that is able to evaluate your personal aspects and predict risks or outcomes. For example, we may use the information we collect (e.g., bidding and purchase information, browsing history, and consignment history) to infer your interests. And we may use those inferences to support automated decisions about the content, recommendations, and offers we present to you on our digital properties. We may use automated tools to flag for further review suspicious activities associated with our services (e.g., multiple logins from different locations within a short period of time or activities associated with suspicious IP addresses). These automated activities will not, in themselves, have legal or similar effects for you.
You may ask Sotheby’s for a copy of your personal information, to correct it, erase it, restrict our use of it, or to transfer it to other organizations at your request subject to local law. You also have rights to object to some processing and, where we have asked for your consent to process your data, to withdraw this consent. In particular, you have rights to object to direct marketing at any time.
Where we process your data because we have a legitimate interest in doing so (as explained above), you also have a right to object to this. These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data.
If you would like to discuss or exercise such rights, please contact us at the details below. We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honor your requests.
We hope that we can satisfy queries you may have about the way we process your data. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. However, if you have unresolved concerns and believe that we have not been able to assist with your complaint or concern, you also have the right to complain to data protection authorities.
Attn: Legal and Compliance Department
1334 York Avenue
New York, NY 10021
· CHANGES TO THIS POLICY
You may request a copy of this Policy from us using the contact details set out above. We may modify or update this Policy from time to time. If we change this Policy, we will notify you of the changes by updating this Policy on our website. Where changes to this Policy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights.