Sotheby's Australia is committed to protecting the privacy of your personal information. This policy outlines our commitments to you in accordance with the Commonwealth Privacy Act (1998) and the ten National Privacy Principles (NPP's) it contains.
The NPP's regulate the manner in which we handle your personal information from initial collection to use and disclosure, storage, accessibility and disposal.
This Policy covers information that you give us when you bid or purchase something from us or consign art work or other goods to us, register for or attend any of our live events, visit or register for any of our Sotheby’s Australia branded websites or apps, request a catalog, sign up for any of our print or online publications or newsletters or publish information on Sotheby’s Australia's pages on social media platforms. We will publish a link to the Policy at the bottom of online properties to which it applies and as often as possible, will include its URL, http://www.sothebysaustralia.com.au/privacy.html on paper forms to which it is applicable.
Collection of personal information
Sotheby's Australia will only collect your personal information where and when it relates to the provision of services to you and the performance of our business activities. At no time will your personal information be disclosed to another company for that company's independent use.
Whenever Sotheby's Australia collects personal information directly from you or through a third party we will make every reasonable attempt at the time to inform you:
– why we are collecting your information
– to whom we will disclose that information
– of the purpose(s) for which we intend to use that information
Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified. We will collect personal information about you from a variety of sources, including information we collect from you directly (e.g. when you contact us), information we collect about you from other sources and information we collect automatically from you, as described below:
Information we collect directly from you
The categories of information that we collect directly from you are: personal details (e.g., name, date of birth), contact details (e.g., phone number, email address, postal address), transaction information (e.g., bidding records, shipping details, information about items you purchase or wish to consign), limited financial information (e.g., tokenized payment information in connection with your purchases, wire instructions), username and password, and identification information.
We rely on the information you provide to us or that we collect or observe about your individual interactions with us, for example, if you attend a live event, participate in one of our auctions, become a client, or register online. If you have registered with us online, we use data collection technologies to collect information that indicates your individual interests in our websites, online platforms and apps, and your response to our emails and marketing campaigns.
Information we collect from other sources
We may add public information about you from external sources, including social media sites. The categories of info we collect about you from other sources are your public profile information, family relationships, and organizational affiliations. We may work to expand our customer base by acquiring names, contact data, financial information, affiliations, and demographic information from other sources such as private companies, public registers, and social media sites. We may also generate information such as appraisals, profiles, and a history of our relationships with you based on the information you have provided or that we have obtained from other sources.
We may make video recordings of our auctions, gallery spaces, and certain live events.
Information we collect automatically
We may use common data collection technologies as you visit our websites or apps or interact with our emails:
– Our logs gather date, time, information about your browser and system or device configuration, information about how you interact with our digital properties, and an IP address for all visitors to our sites. We use this information for our internal security purposes, for trend analysis and system administration, and to gather general information about our audiences and their geographic locations.
– In general, our app will funnel data you provide about yourself, for example, registration or bidding data, back to our data bases and systems. An app may however, rely on other data collection technologies to recognize the device you use for viewing and personalize your experience. If our app relies on additional data collection technologies that collect or use data about individual users, we will include additional notice either within the app or in a policy that accompanies it.
– We also use and allow certain other companies to use technologies that are similar to cookies (for example pixels and gifs) when we send you emails. This helps support the delivery of Internet-based content and advertisements to you.
The way we analyse personal information for advertising and marketing purposes and for client development, risk assessment, or fraud prevention may involve profiling, which means that we may process your personal information using software that is able to evaluate your personal aspects and predict risks or outcomes. For example, we may use the information we collect (e.g., bidding information, browsing history, and consignment history) to infer your interests. And we may use those inferences to support automated decisions about the content, recommendations, and offers we present to you on our digital properties. We may use automated tools to flag for further review suspicious activities associated with our digital services (e.g., multiple logins from different locations within a short period of time or activities associated with suspicious IP addresses). These automated activities will not, in themselves, have legal or similar effects for you.
How Sotheby's Australia uses information about you
Sotheby’s Australia uses data about you for the following purposes:
– To manage and assure the integrity of our auctions.
– To fulfill your orders, facilitate consignments, provide the services, responding to requests for valuations, publications, catalogues, and information you request, and manage your account, enquiries and requests and to manage your relationship with us.
– To send you information about upcoming events such as auctions and content that you may be interested in and inform you of the results of auctions which you may have participated
– To supply marketing information about our auctions and other services
– To improve and personalise our website and services.
– To expand our online audiences.
– To provide, maintain, and protect our digital offerings.
- To protect against risk of fraud by clients.
– To protect and defend our rights and property, you, or third parties.
– To comply with legal obligations to which we are subject and cooperate with regulators and law enforcement bodies.
– For any other purpose that we tell you about specifically when you register or provide data about yourself to us.
When Sotheby's Australia may disclose information that identifies you
Sotheby’s Australia may disclose or transfer data that identifies you to other companies or entities only as follows:
– To business partners and vendors that work on our behalf to provide services such as item shipments, mailings, customer account and technology support, secure payment processing, fraud prevention, digital marketing management, and data storage.
– To our online auction partners.
– To consigners and others as needed to facilitate a consignment.
– To organisations we partner with to host events.
– To other companies within the Sotheby’s Australia group (including Sotheby's) for marketing, business development purposes and internal reporting.
– To law enforcement or other entities that present valid legal process or in our discretion, unless otherwise prohibited by law, to protect human safety, our rights, or the rights of others.
– To meet certain legal compliance requirements for example, under AML (anti-money laundering) laws, or customs laws and regulations.
– To comply with the Resale Royalty Right for Visual Artists Act 2009 (Cwth), or other reporting requirements under Australian laws.
– As part of a sale, merger, liquidation, or transfer of our business assets.
– We may disclose information about you to Sotheby’s International Realty, a company not affiliated with Sotheby’s Australia.
At all times, we will take great care to ensure that your personal information is:
– Accurate, complete and up to date
– Protected, treated confidentially and guarded from unauthorised access
You have a choice about and control over:
– Receiving marketing messages from us. We may contact you by mail, email, text, or SMS messaging.
– We encourage you to contact Sotheby’s Australia via email to let us know what information you would like us to send to you and your preferred means of delivery.
– You may also stop email marketing by using the “opt out,” or “unsubscribe” mechanism at the bottom of our email marketing messages. In most cases, we will give you a choice about stopping just one kind of email or opting out of all email marketing from us.
– If you have provided data about yourself to a member of the Sotheby’s Australia group and reside in the European Union (“EU”) you have the legal right to ask us not to process that personal data about you for marketing purposes and to revoke your consent at any time. To make such a request, please contact firstname.lastname@example.org.
– Whether your account is up to date. You may review and edit the Personal Information that is stored by Sotheby's Australia by contacting Sotheby’s Australia via the email address at the end of this policy. We will endeavor to respond to your request as soon as practicable. Before we are able to provide you with any information, correct any inaccuracies, or delete any information, however, we may ask you to verify your identity and to provide other details to help us to respond to your request.
Information security and storage
Sotheby’s Australia in an Australian based company. We receive data collected locally by members of the Sotheby’s Australia group and collect data online directly from individuals in countries around the world. We may process that data on servers globally.
We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure, and alteration. Only staff that have a need to access your personal information to perform their job will have access to that information. Please be aware, though, that no security measures are perfect or impenetrable. You remain responsible for protecting your username and password and for the security of information you transmit to us over the Internet.
We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:
– Maintain business records for analysis and/or audit purposes.
– Comply with record retention requirements under the law or other relevant legal or regulatory requirements.
– Defend or bring any existing or potential legal claims.
– Deal with any complaints regarding the services.
– Preserve historical records of transactions and property.
Personal information held by us will be deleted, destroyed or permanently de-identified when it is no longer required for these purposes.
Our websites are directed to adults, including young adults. They are not directed to children, particularly those under the age of thirteen. We do not accept them as clients or knowingly collect data about them.
Our websites may contain links to other websites not owned or controlled by Sotheby’s Australia. Those websites may collect information about you. Sotheby’s is not responsible for their practices or content.
How to contact us
Sotheby’s Australia Privacy Compliance Officer
41 Exhibition Street
MELBOURNE VIC 3000
Additional information for EEA customers & visitors to Sotheby's Australia sites and apps
In order to meet privacy regulations in the European Economic Area (“EEA”) and Switzerland, Sotheby’s Australia provides additional information to its EEA based customers, website visitors, and users of its apps.
Who is responsible for your data?
If you visit sothebysaustralia.com.au, another Sotheby’s Australia website or use a Sotheby’s Australia app, then the data controller will be Sotheby’s Australia, an Australian entity, and this Policy contains our contact details. Sotheby’s Australia does not have a representative in the European Union (EU).
What is the legal basis on which Sotheby's Australia relies to process your data?
On some occasions, Sotheby's Australia processes your data with your consent (e.g., when you agree that we may place cookies, or if you ask Sotheby's Australia to send you information about upcoming events).
On other occasions, Sotheby's Australia processes your data when we need to do this to fulfill a contract with you (e.g., for billing purposes) or where we are required to do this by law (e.g., where we have to fulfill anti-money laundering requirements). If it is mandatory for you to provide data for these purposes, we will make this clear at the time and will also explain what will happen if you do not provide the data (e.g., that we will not be able to process a bid at auction).
Sotheby's Australia also processes your data when it is our legitimate interests to do this and when these interests are not overridden by your data protection rights. For example, Sotheby's Australia has a legitimate interest in ensuring the security and integrity of our auctions, in learning about the interests and preferences of our current and prospective clients, in developing new business opportunities, in maintaining accurate business and provenance records, and in ensuring that our websites and apps operate effectively. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Sotheby's Australia may transfer personal data to countries outside the EEA, including to countries which have different data protection standards to those which apply in the EEA. For more information on the appropriate safeguards in place, please contact us at the details above.
You may ask Sotheby's Australia for a copy of your personal information, to correct it, erase it, restrict our use of it, or to transfer it to other organisations at your request subject to local law. You also have rights to object to some processing and, where we have asked for your consent to process your data, to withdraw this consent. In particular, you have rights to object to direct marketing at any time. Where we process your data because we have a legitimate interest in doing so (as explained above), you also have a right to object to this. These rights may be limited in some situations - for example, where we can demonstrate that we have a legal requirement to process your data.
If you would like to discuss or exercise such rights, please contact us at the details above. We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honor your requests.
We hope that we can satisfy queries you may have about the way we process your data. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. However, if you have unresolved concerns and believe that we have not been able to assist with your complaint or concern, you also have the right to complain to data protection authorities.
Changes to this Policy
You may request a copy of this Policy from us using the contact details set out above. We may modify or update this Policy from time to time.
If we change this Policy, we will notify you of the changes by updating this Policy on our website. Where changes to this Policy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g., to object to the processing if you are located in the EEA or Switzerland).