Privacy Notice

English | Français | Deutsch | Italiano


Like most businesses, Christie’s holds and processes a wide range of information about its clients and other persons who may be interested in Christie’s services.

This privacy notice applies to all Christie’s operations in the EEA and other global locations, and explains the type of information that we process, why we are processing it and how that processing may affect you.

The privacy notice is split into the sections listed below. The Glossary section explains what we mean by “personal data”, “processing”, and other terms used in this notice.

We may update this privacy notice from time to time, and will post any revised notice on this webpage. Where appropriate we may notify you by email or by a notice on our website that our privacy notice has changed but we recommend that you check this page regularly. Any changes will be immediately effective on posting.

Who we are

How and when do we collect your personal data?

What personal data do we process and why?

Who gets to see your personal data?

Is your personal data transferred out of the EEA?

How long do we keep your personal data?

What steps do we take to keep your personal data secure?

Third party websites

Access to your data and other rights

Contact Information



Who we are

The Christie’s group of companies consists of Christie’s International plc, Christie Manson & Woods Limited and several other companies located inside and outside the EEA.

Christie Manson & Woods Ltd (UK company number 01128160) of 8 King Street, St James’s, London SW1Y 6QT, is the primary Data Controller for the purposes of EU Data Protection Legislation. Christie’s Inc. (New York company number 407825) of 20 Rockefeller Plaza, New York, NY, 10020, United States may also control your data if you interact with Christie’s in the Americas, and Christie’s Hong Kong Limited (Hong Kong company number 172080) of 22nd Floor, Alexandra House, 18 Chater Road, Central, Hong Kong may also control your data if you interact with Christie’s in Asia.

How and when we collect your personal data

Collection directly from you in response to our request

Most of the personal data we process about you comes directly from you (whether face to face, over the telephone, on a paper form, by email or online) for example:

  • when you register to bid in an auction, agree to sell your property through Christie’s or ask us to perform a valuation;
  • when you express an interest in buying or selling certain types of property to one of our staff or representatives;
  • when you subscribe to Christie’s catalogues or the Christie’s Magazine;
  • when you sign up on to receive news about upcoming auctions and events relating to particular areas of interest;
  • when you attend a Christie’s event.

Automatic collection when you telephone bid, call Client Services, visit our premises or our website

Your voice will be recorded when you call our client service team, and when you use our telephone bidding service.

Your image may be collected by Christie’s if you attend our premises. We use CCTV at our salerooms and offices for the protection of our staff, our visitors and the property that we sell. We also video our auctions for security reasons and to monitor bidding practices. Live streaming of our auctions is available on (and is also available on social media for certain auctions).

We collect data about your computer when you visit our website, which includes your internet address, your operating system and browser type. We use this information for our internal system administration, to help diagnose problems with our servers, to administer our website and monitor and improve the user experience.

We also collect data about you through cookies. A cookie is a simple text file that is stored on your computer or mobile device by our website’s server which allows our website to remember your preferences or transactions that are in progress. You can see more detail on cookies in our Cookies Policy.

Collection of data from other sources

We may also obtain information about you and/or the property you own or wish to collect from other sources, for example:

  • When someone informs us that you are authorised to bid on their behalf at Christie’s or collect your property;
  • When someone introduces you to us (including when they use the Lotfinder service to email you details of a lot that they believe may interest you);
  • When we research artwork or other objects and we find information about you in sources such as newspaper articles, exhibition catalogues, public auction results, or one of our contacts gives us feedback in relation to objects or persons they have been told about.

What personal data do we process and why?

We have set out below the types of personal data that we process, the purposes for which we use it and the legal grounds on which we process it. The Glossary contains more information about the legal grounds for processing.


Examples of personal data

(please note that the list is not exhaustive)

Legal grounds for processing

To provide you with requested services

(for example, bidding, selling, valuations, storage, shipping, loan referral, catalogue subscription, restoration, expertise)

  • name, title, and contact details (including email address, postal address, telephone numbers)
  • your bank account details (if we need to pay you) or payment card details or bank transfer receipt (if you need to pay us)
  • the person or organisation who has introduced you, and any fee they receive
  • details of the property to which the services relate
  • nature of the services including contractual terms
  • details of your insurance if your property remains at your risk
  • records of your communications with us (including bidding instructions recorded over the telephone or online bidding logs)
  • your date of birth, identification documents (including photo) and the results of identification verification checks
  • details of your past transactions (including any tax paid or tax withheld) and/or shipments (including any permits obtained or duties paid)
  • any requirements relating to Christie’s obligation to make reasonable adjustments to accommodate a disability or otherwise meet your specific needs
  • any information relating to a dispute or legal proceeding

Performance of a contract

To evidence our compliance with legal requirements, (for example, knowing our clients and preventing money-laundering, payment of taxation and customs duties, anti-discrimination)

Compliance with a legal obligation

To keep you, our staff, and property on our premises secure

  • CCTV images
  • your name, email address and/or postal address
  • your marketing and communication preferences (in your mychristies account, Christie’s online preference centre, or any hard copy or digital sign up)
  • Your interest in, possession of, or ownership (historic or current) of any relevant art object, or similar object
  • Allegations of fraud, theft or other unlawful activities relating to an object connected to you
  • Communications with the police, courts, regulators or other government or law enforcement authorities in relation to you or your object
  • your internet address
  • your browser type and operating system
  • the resources you access on your mychristies account and our wider website
  • the data obtained from cookies, web logs and other similar technologies that monitor the use of our website and deliver more appropriate advertisements on or beyond our website

Legitimate Interests

To provide you with details about upcoming auctions, other events or types of property that interest you, and Christie’s wider services

Legitimate Interests (for clients who have previously requested or received services)


(for clients who have not requested or received services but have signed up to receive Christie’s news online, at an event, by talking to a member of staff

To create and maintain records on art objects to assist with checks on authenticity, provenance and title and prevent fraud, theft or other unlawful activities

Legitimate interests

Public interest

To monitor the performance of our website and make your user experience better

Legitimate Interests

To monitor your use of our services, train our staff and improve your client or user experience

  • Your complaints, opinions, responses to our surveys or market research
  • Your voice when you call Christie’s Client Services or use our telephone bidding services

Legitimate Interests

Who gets to see your personal data?

Christie’s Group

Your personal data will be processed by the Christie’s company that initially receives it, and may also be transferred to and processed by other companies within the Christie’s group. Christie’s uses EU Commission approved standard contractual clauses to regulate the transfer and processing of data between group companies.

Outside the Christie’s Group

We do not transfer your personal data to organisations who wish to use it for their own marketing promotions or other purposes. We only transfer your personal data to other organisations where it is necessary to enable us to provide you with the services you have requested (for example: we may transfer your data to our bank, payment card acquirers, shippers, warehouses, insurers, experts who help us authenticate or value property, event venues, caterers, catalogue and direct marketing fulfilment and distribution). Where we do so it will be on the basis that these organisations are required to keep the information confidential and secure, and they will only use the information to carry out the instructed services. Some of these organisations may be located outside the EEA and you should refer to the section Is your personal data transferred out of the EEA? for more information.

We may also need to retain and disclose certain information about you to appropriate agencies to conduct anti-money laundering and trade sanction checks and to assist with fraud and crime prevention and detection.

No government entity has direct access to your data. Where we receive a request from a government or law enforcement authority to provide your data, we will only disclose such information where we are ordered to do so by a court or we are otherwise satisfied after internal review that the body making the request has both the right to seek disclosure and has followed the correct process.

Is your personal data transferred out of the EEA?

As a global organisation with a presence in more than 40 countries, Christie’s may in the normal course of its business transfer your personal data outside of the EEA to Christie’s salerooms, offices and representatives, and to other organisations who need to process your data in connection with the services that Christie’s provides to you (see Who gets to see my data?). Your data will also be held on Christie’s servers located in the USA.

Non- EEA countries offer varying standards for the protection of personal data and your privacy rights and in some cases, these standards are lower than equivalent EEA standards. When we send your personal data outside the EEA, we have in place the EU Commission approved standard contractual clauses in the form of an appropriate data transfer agreement. More details about typical standard clauses can be found here.

If you have any questions or would like further information about how we make personal data available to non-EEA countries please contact us (see Contact Information below).

How long will we keep your personal data?

We will retain your personal data for as long as is necessary to provide the relevant services, maintain business records to satisfy tax, legal and other regulatory requirements, and protect and defend against potential legal claims.

In the context of our research and records on ownership of art objects to assist with checks on authenticity, provenance and title, we will keep this data for as long as the record is relevant to our legitimate business interest and the public interest.

What steps do we take to keep your personal data secure?

We will take all reasonable and appropriate steps to protect the security and integrity of all personal information provided via our website, or by any other means electronic or otherwise.

We use a variety of security technologies and procedures to help protect your personal details from unauthorised physical and electronic access.

As effective as modern security practices are, we cannot guarantee the complete security of personal data held in our systems, nor that that information you supply through the internet or any computer network is entirely safe from unauthorised intrusion, access or manipulation during transmission. Any transmission is at your own risk. We will not be liable for any resulting misuse of your personal data.

Third party websites

Christie’s websites may contain links to other websites not operated by Christie’s. The information you provide to us will not be transmitted to other websites, but these other websites may collect personal information about you in accordance with their own privacy notice. Christie’s cannot accept any responsibility for the privacy practices or content of those websites.

Access to your data and other rights

We try to be as open as we can about the data that we process and recommend you ask us if you have questions about the data we hold on you.

Subject Access Requests

If you are a resident of the EU, you have the legal right to make a “subject access request”. If you exercise this right and we process personal data about you by automated means or as part of a Filing System, we are required to provide you with a description and copy of that personal data, and tell you why we are processing it.

Other rights for EU residents

As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing, or have its processing restricted.

If you have provided us with data about yourself and the grounds for processing is Contract or Consent (see What personal data do we process and why?), you have the right to be given the data in machine readable format for transmitting to another data controller.

If we are relying on Consent as the grounds for processing your data (see What personal data do we process and why?), you may withdraw consent at any time. This will not affect the lawfulness of Christie’s processing of your data prior to your withdrawal.

Rights for California residents

If you are a resident of California you may have a right pursuant to Section 1798.83 of the California Civil Code to obtain certain information about the types of personal data that we have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties.

Please contact us at if you would like to exercise any of your rights explained above in relation to your personal data.

Contact Information

If you have any queries in relation to Christie’s processing of your personal data please contact us at You can also phone or email our Client Service team.


If you have any complaints relating to the processing of your personal data, please contact us at You can also phone or email our Client Service team. You may raise a complaint with the UK Information Commissioner ( or your local regulator if you consider that we have infringed applicable data privacy laws when processing your personal data. This right is without prejudice to any other administrative or judicial remedy you might have.


Compliance with a legal obligation - processing is necessary to ensure we comply with our legal and regulatory obligations.

Consent – you have given specific consent to the processing of your personal data.

Data Controller – the person who determines the purposes and means of processing personal data.

EEA – the European Economic Area which comprises countries that are members of the European Union and Norway, Iceland and Liechtenstein.

Filing System – a structured set of personal data that is accessible according to specific criteria.

Legitimate Interests - processing is necessary for our or a third party’s legitimate interests in carrying on, managing and administering our respective businesses effectively and properly (except where our or the third party’s interests are overridden by your own interests, rights and freedoms).

Performance of a contract – processing is necessary to carry out our contractual duties, exercise our contractual rights or otherwise perform our contract with you, or to take steps at your request to enter a contract.

Personal Data - any data relating to an identified or identifiable natural person. This can include names, user ID, location data, email addresses, photographs, job applications, purchase history, user account information, opinions, and correspondence to and from an individual.

Processing - any operation performed on personal data, such as collection, recording, storage, retrieval, use, combining it with other data, transmission, disclosure or deletion.

Public Interest – processing is necessary for the performance of a task carried out in the public interest.