PRIVACY CENTRE

Recruitment privacy notice

Introduction

Scope of privacy notice

This Recruitment Privacy Notice explains the type of information Christie’s processes, why we are processing it and how that processing may affect you. This Recruitment Privacy Notice applies to those who choose to apply for roles at Christie’s offices in the UK or EEA, from the EEA, whether from the UK or the EEA. It also applies to those who choose to apply for roles at Christie’s office in the Dubai International Financial Centre, or DIFC.

What do we mean by “personal data” and “processing”?

“Personal data” is information relating to you (or from which you may be identified) which is processed automatically or which is (or is intended to be) part of a structured manual filing system. It includes not only facts about you, but also intentions and opinions about you.

Data “processed automatically” includes information held on, or relating to use of, a computer, laptop, mobile phone or similar device. It covers data derived from equipment such as access passes within a building, data on use of vehicles and sound and image data such as CCTV or photographs.

"Processing" means doing anything with the data, including collecting it, recording it, storing it, retrieving it, using it, transmitting it, combining it with other data, disclosing it and deleting it.

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual orientation, sex life, trade union membership and genetic and biometric data are subject to special protection and considered by EU or DIFC privacy law to be “special category personal data” (formerly “sensitive personal data”).

Your personal data

We process your data for the purposes of fulfilling our recruitment practices. Some of the personal data that we process about you comes from you. For example, you tell us your contact details. Other personal data about you is generated from references and third party companies such as recruitment agencies. Your personal data will be seen internally by managers, administrative assistants to HR/hiring managers, payroll, IT and HR.

You are not obliged to provide us with this data. However, not doing so may adversely affect your chances of recruitment.

How long do we keep your personal data?

If you are successful in your application your data will be kept on your personnel file. If you are unsuccessful, your data will normally be destroyed up to twelve months after you have been informed that you were unsuccessful, unless you inform us that you would like us to keep your data for a further 12 months after that. Until then, your data may be kept on file and considered for other roles. Irrelevant data such as CCTV images may be deleted after a short period.

Transfers of personal data outside the EEA

As a global organisation with a presence in more than 40 countries, we may in the normal course of our business transfer your personal data outside the EEA, and/or, as the case may be, outside the DIFC, to Christie’s offices and to other organisations who need to process your data to enable us to fulfil our recruitment practices. Your data will also be held on Christie’s servers located in the USA.

The UK, EEA countries and the Dubai International Finance Centre (DIFC) all require that certain safeguards be implemented where personal data is transferred internationally to countries which have not been approved by them as providing essentially equivalent data protection standards. We have approved standard contractual clauses in place to regulate the processing of personal data when it is sent outside of these countries/centres.

The recipients of the personal data are indicated in Annex 2.

The transfer of personal data to recipients based outside of the EEA or, as the case may be, the DIFC, is carried out to facilitate the recruitment process and obtain approval for new hires and remuneration levels.

Contact details

In processing your personal data, we act as a data controller. Our contact details are set out in Annex 1.

Legal grounds for processing personal data

What are the grounds for processing?

Under data protection law, there are various grounds on which we can rely when processing your personal data. In some contexts, more than one ground applies. We have summarised certain grounds as Legal obligation and Legitimate Interests and outline what those terms mean below.

Term	Grounds for Processing	Explanation
Contract	Processing necessary for performance of a contract with you or to take steps at your request to enter a contract	This covers carrying out our contractual duties and exercising our contractual rights.
Legal Obligation	Processing necessary to comply with our legal obligations	Ensuring we perform our legal and regulatory obligations. For example, providing a safe place of work and avoiding unlawful discrimination
Legitimate Interests	Processing necessary for our or a third party’s legitimate interests	We or a third party have legitimate interests in carrying on, managing and administering our respective businesses effectively and properly and in connection with those interests processing your data. Your data will not be processed on this basis if our or a third party’s interests are overridden by your own interests, rights and freedoms.

Processing special category personal data

If we process special category personal data about you, as well as ensuring that one of the grounds for processing mentioned above applies, we will make sure that one or more of the grounds for processing special category personal data applies, including that the processing is for equality and diversity purposes to the extent permitted by law.

Further information on the data we process and our purposes

Examples of the data and the grounds on which we process data are in the table below.

Purpose	Examples of personal data that may be processed	Grounds for Processing
Recruitment	Standard data related to your identity (e.g. your name, address, place of birth, nationality, contact details, professional experience, education, language skills, and any other personal data that you present us with as part of your application related to the fulfilment of the role. Information concerning your application and our assessment of it, your references, any checks we may make to verify information provided or background checks and any information connected with your right to reside and work. If relevant, we may also process information concerning your health, any disability and in connection with any adjustments to working arrangements.	Contract Legal obligation Legitimate interests Exercising specific rights in the field of employment
Contacting you or others on your behalf	Your address and phone number, emergency contact information and information on your next of kin	Contract Legitimate interests
Security	CCTV images	Legitimate interests
Monitoring of diversity and equal opportunities (to the extent that this would be allowed by the applicable law)	Information on your nationality, racial and ethnic origin, gender, sexual orientation, religion, disability and age.	Legitimate interests Exercising the right to identify or keep under review equality of opportunity and treatment at Christie’s.

Who gets to see your data?

Your personal data may be disclosed to managers, HR and administrators for employment, administrative and management purposes as mentioned in this document. We may also disclose this to other members of our group, specifically any senior management for the department and for the Christie’s Group company that is relevant in order to make decisions around hiring and remuneration.

Access to your personal data and other rights

We try to be as open as we reasonably can about personal data that we process. If you would like specific information, please speak to one of our recruiters. You can also contact us at dataprivacy@christies.com.

You also have a legal right to make a “subject access request”. If you exercise this right and we hold personal data about you, we are required to provide you with information, including a description of the personal data, and an explanation of why we are processing it.

If you make a subject access request and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.

As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing or to have its processing restricted. If you have provided us with data about yourself (for example your address or bank details), you have the right to be given the data in machine readable format for transmitting to another data controller. This only applies if the ground for processing is Consent or Contract.

If we have relied on consent as a ground for processing, you may withdraw consent at any time – though if you do so that will not affect the lawfulness of what we have done before you withdraw consent.

Complaints

If you have complaints relating to our processing of your personal data, you should raise these with one of our recruiters or contact us at dataprivacy@christies.com. You may raise a complaint with the UK Information Commissioner (https://ico.org.uk) or your local regulator if you consider that we have infringed applicable data privacy laws when processing your personal data. This right is without prejudice to any other administrative or judicial remedy you might have.

Scope

This notice does not form part of any contractual relationship between the Company and a job applicant. This notice can be changed at any time.