Recruitment Privacy Notice

Introduction

Scope of Privacy Notice

This Recruitment Privacy Notice explains the type of information Christie’s processes, why we are processing it and how that processing may affect you.

What do we mean by “personal data” and “processing”?

“Personal data” is information relating to you (or from which you may be identified) which is processed automatically or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.

Data “processed automatically” includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device. It covers data derived from equipment such as access passes within a building, data on use of vehicles and sound and image data such as CCTV or photographs. "Processing" means doing anything with the data, including collecting it, recording it, storing it, retrieving it, using it, transmitting it, combining it with other data, disclosing it and deleting it.

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by EU privacy law to be “sensitive personal data”.

Your personal data

We process your data for the purposes of fulfilling our recruitment practices. Some of the personal data that we process about you comes from you. For example, you tell us your contact details. Other personal data about you is generated from references and third party companies such as recruitment agencies. Your personal data will be seen internally by managers, administrative assistants to HR/hiring managers, payroll, IT and HR. You are not obliged to provide us with this data. However, not doing so may adversely affect your chances of recruitment.

How long do we keep your personal data?

If you are successful in your application your data will be kept on your personnel file. If you are unsuccessful, your data will normally be destroyed up to twelve months after you have been informed that you were unsuccessful, unless you inform us otherwise. Your data may be kept on file and considered for other roles. Irrelevant data such as CCTV images may be deleted after a short period.

Transfers of personal data outside the EEA

As a global organisation with a presence in more than 40 countries, we may in the normal course of our business transfer your personal data outside the EEA to Christie’s offices and to other organisations who need to process your data to enable us to fulfil our recruitment practices. Your data will also be held on Christie’s servers located in the USA.

Non-EEA countries offer varying standards for the protection of personal data and your privacy rights and in some cases these standards are lower than equivalent EEA standards. When we send your personal data outside the EEA, we have in place the EU Commission approved standard contractual clauses in the form of an appropriate data transfer agreement. More details about typical standard clauses can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm. If you have any questions or would like further information about how we make personal data available to non-EEA countries please contact us at dataprivacy@christies.com.

The recipients of the personal data are indicated in Annex 2.

The transfer of personal data to recipients based outside of the EEA is carried out to facilitate the recruitment process and obtain approval for new hires and remuneration levels.

Contact details

In processing your personal data, we act as a data controller. Our contact details are set out in Annex 1.

Legal grounds for processing personal data

What are the grounds for processing?

Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts, more than one ground applies. We have summarised certain grounds as Legal obligation and Legitimate Interests and outline what those terms mean below.


Term

Ground for processing

Explanation

Contract

Processing necessary for performance of a contract with you or to take steps at your request to enter a contract

This covers carrying out our contractual duties and exercising our contractual rights.

Legal obligation

Processing necessary to comply with our legal obligations

Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination

Legitimate interests

Processing necessary for our or a third party’s legitimate interests

We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data. Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.




Processing sensitive personal data

If we process sensitive personal data about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing sensitive personal data applies, including that the processing is for equality and diversity purposes to the extent permitted by law.

Further information on the data we process and our purposes

Examples of the data and the grounds on which we process data are in the table below.


Purpose

Examples of personal data that may be processed

Grounds for processing

Recruitment

Standard data related to your identity (e.g. your name, address, place of birth, nationality, contact details, professional experience, education, language skills, and any other personal data that you present us with as part of your application related to the fulfilment of the role.

Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to reside and work. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangements.

Contract

Legal obligation

Legitimate interests

Exercising specific rights in the field of employment

Contacting you or others on your behalf

Your address and phone number, emergency contact information and information on your next of kin

Contract

Legitimate interests

Security

CCTV images

Legitimate interests




Who gets to see your data?

Your personal data may be disclosed to managers, HR and administrators for employment, administrative and management purposes as mentioned in this document. We may also disclose this to other members of our group, specifically any senior management for the department and for the Christie’s Group company that is relevant in order to make decisions around hiring and remuneration.

Access to your personal data and other rights

We try to be as open as we reasonably can about personal data that we process. If you would like specific information, please speak to one of our recruiters. You can also contact us at dataprivacy@christies.com.

You also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information, including a description of the personal data, and an explanation of why we are processing it.

If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.

well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted. If you have provided us with data about yourself (for example your address or bank details), you have the right to be given the data in machine readable format for transmitting to another data controller. This only applies if the ground for processing is Consent or Contract.

If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.

Complaints

If you have complaints relating to our processing of your personal data, you should raise these with one of our recruiters or contact us at dataprivacy@christies.com. You may raise a complaint with the UK Information Commissioner (https://ico.org.uk) or your local regulator if you consider that we have infringed applicable data privacy laws when processing your personal data. This right is without prejudice to any other administrative or judicial remedy you might have.

Scope

This notice does not form part of any contractual relationship between the Company and a job applicant. This notice can be changed at any time.

ANNEX 1 – CONTACT INFORMATION

Data controller

Address

Officer responsible for data protection

Christie, Manson & Woods Limited

8 King Street, London SW1Y 6QT, United Kingdom.

International Director of Client Governance and Data Protection: dataprivacy@christies.com

Christie’s Amsterdam BV

Vondelstraat 73, 1054 GK Amsterdam, The Netherlands.

As above.

Christie’s (Deutschland) GmbH

Inselstrasse 26, 40479 Düsseldorf, Deutschland.

As above.

Christie’s France SNC

9, Avenue Matignon, 75008 Paris, France.

As above.

Christie’s France SAS

9, Avenue Matignon, 75008 Paris, France.

As above.

Christie’s (International) SA, Filiale Italiana

Via Clerici 5, 20121 Milano, Italia.

As above.

Christie’s Belgium NV

Waterloolaan (Dutch)/ Boulevard de Waterloo (French) 33, 1000 Brussels.

As above.

Christie’s Kunstauktionen GmbH

Bankgasse 1, 1010 Wien, Austria.

As above.

Christie’s Iberica SL

Calle de Antonio Maura 10, 28014 Madrid, Espaňa.

As above.




Country

Data protection regulator

Contact details

UK

ICO

https://ico.org.uk/

France

CNIL

https://www.cnil.fr/

The Netherlands

Autoriteit Persoonsgegevens

https://autoriteitpersoonsgegevens.nl/

Italy

Autorità Garante della Privacy

www.garanteprivacy.it/

Austria

Österreichische Datenschutzbehörde

https://www.data-protection-authority.gv.at/

Belgium

Gegevensbeschermingsautoriteit

https://autoriteitpersoonsgegevens.nl/nl/zelf-doen/functionaris-voor-de-gegevensbescherming

Spain

Agencia Española de Protección de Datos

https://www.agpd.es

Baden-Wuerttemberg

Der Landesbeauftragte für den Datenschutz in Baden-Württemberg

https://www.baden-wuerttemberg.datenschutz.de/

Bavaria

Bayerisches Landesamt für Datenschutzaufsicht

https://www.lda.bayern.de/de/index.html

Berlin

Berliner Beauftragter für Datenschutz und Informationsfreiheit

https://www.datenschutz-berlin.de/

Brandenburg

Die Landesbeauftragte für den Datenschutz und für das Recht auf Akteneinsicht

http://www.lda.brandenburg.de

Bremen

Die Landesbeauftragte für Datenschutz und Informationsfreiheit

https://www.datenschutz.bremen.de

Hamburg

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

http://www.datenschutz-hamburg.de

Hessen

Der Hessische Datenschutzbeauftragte

http://www.datenschutz.hessen.de

Lower Saxony

Die Landesbeauftragte für den Datenschutz Niedersachsen

https://www.lfd.niedersachsen.de

Mecklenburg-Western Pomerania

Der Landesbeauftragte für Datenschutz und Informationsfreiheit Mecklenburg-Vorpommern

https://www.datenschutz-mv.de

North Rhine-Westphalia

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

https://www.ldi.nrw.de/

Rhineland-Palatinate

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz

https://www.datenschutz.rlp.de/de/startseite/

Saarland

Landesbeauftragte für Datenschutz und Informationsfreiheit

http://www.datenschutz.saarland.de

Saxony

Der Sächsische Datenschutzbeauftragte

https://www.saechsdsb.de

Saxony-Anhalt

Landesbeauftragter für den Datenschutz Sachsen-Anhalt

http://www.datenschutz.sachsen-anhalt.de

Schleswig-Holstein

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein

https://www.datenschutzzentrum.de

Thuringia

Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit

http://www.tlfdi.de/tlfdi/