Privacy Policy

Effective Date: 30 November 2022


Welcome to the Sotheby’s group of companies (“Sotheby’s” or “we”). From its beginnings in 1744, Sotheby’s has built its business on the trust of its customers, clients and visitors. We endeavor to understand their interests in art and design and, at the same time, protect their privacy. Those values remain essential to us even as we have grown into a global network of offices in approximately 40 countries. Sotheby’s publishes this Privacy Policy to let you know how we collect, use, and disclose your personal information in the course of operating our business. It also describes your rights in relation to this information. In some circumstances, such as for certain events, we may provide additional information regarding our data practices. This Privacy Policy applies to any Sotheby’s service, event, website, mobile application or other digital or non-digital service, and any hard copy (paper) form which provides a link to or refers to this Privacy Policy.

For those who reside in California, the United Kingdom or the European Economic Area, please see the end of this Policy for additional information regarding our practices.


Personal information is information, or a combination of pieces of information, that could reasonably allow you to be identified. As described in more detail below, we collect personal information about you from a variety of sources, including information we collect from you directly, information we collect about you from other sources, and information we collect automatically from you.

Information We Collect Directly From You

We collect information that you submit to us or provide to us on forms available on third party websites. The types of information that we collect directly from you include: personal details (e.g., name, date of birth, alias and/or avatar alias), contact details (e.g., phone number, email address, postal address), transaction information (e.g., bidding or purchase records, shipping details, information about items you purchase or wish to sell or consign), details about your collection, limited financial information (e.g., tokenized payment information in connection with your purchases, wire instructions, digital wallet details and address), username and password, user ID, unique device ID, information on forms required for certain transactions (e.g social security number), and identification information (e.g. photo ID).

We rely on the information you provide to us or that we collect or observe about your individual interactions with us, for example, if you attend a live event, sell or consign property, participate in one of our auctions, become a client, register or bid online.

Information We Collect From Other Sources

We share information within the Sotheby’s group of companies. We may collect information about you from external sources, including social media sites and data supplementation services. The types of information we collect about you from other sources include your public profile information, family relationships, and organizational affiliations. We may work to expand our customer base by acquiring names, contact data, financial information, affiliations, and demographic information from other sources such as private companies, public registers, and social media sites, where permitted by law. We may also generate information such as appraisals, profiles, and a history of our relationships with you based on the information you have provided or that we have obtained from other sources, as permitted under applicable law.

Information We Collect Automatically

We may make video recordings of our auctions, gallery spaces, and certain live events.

We record calls made to our customer care and telephone bidding lines for quality assurance, compliance purposes, and recordkeeping purposes.

We may use common data collection technologies as you visit our websites or apps or interact with our emails. For example:

– Our logs gather date, time, information about your browser and system or device configuration, information about how you interact with our digital properties, and an IP address for all visitors to our sites.

– If you have registered with us online, we use data collection technologies to collect information that indicates your individual interests in our websites, online platforms and apps, and your response to our emails and marketing campaigns.

– The Cookies and similar technologies on our digital platforms can also read and collect data about your browsers as you visit and interact with those platforms: please read our Cookie Policy for more detailed information about what cookies are, what kinds are used on our sites, and what choices you have. As described further in our Cookie Policy, we use these technologies to enable you to use our digital platforms, learn how you and others interact with our digital platforms, personalize the content on our digital platforms, and to deliver advertising based on your interests, including those inferred from your activities over time and across digital platforms operated by us and others.

– In general, our app will communicate data you provide about yourself, for example, registration, purchase, or bidding data, to our databases and systems. An app may, however, rely on other data collection technologies to recognize the device you use for viewing and to personalize your experience. If our app relies on additional data collection technologies that collect or use data about individual users, we will include additional notice either within the app or in a policy that accompanies it.

– We also use and allow certain other companies to use technologies that are similar to cookies (for example pixels and gifs) when we send you emails.


Sotheby’s uses data about you for the following purposes, as permitted by applicable law:

– To manage and assure the integrity of our auctions.

– To fulfill your orders and purchases, facilitate sales or consignments, provide the services, publications, catalogs, and information you request, and manage your account, enquiries and requests and to manage your relationship with us.

– To send you information about upcoming events and content that you may be interested in.

– To improve and personalize based on your inferred interests from our website and services.

– To match online ads to your interests, arrange for Sotheby’s and other companies’ ads to reach you after you have left our sites, and help advertisers show you ads that are more relevant to your interests.

– To expand our online audiences.

– To provide, maintain, and protect our digital offerings.

– To check and verify your identity and to protect against the risk of fraud and to detect money laundering or other financial crime.

– To carry out anti money laundering checks, risk screening, crypto wallet and transaction screening and monitoring and blockchain analytics.

– To provide you (where required) with a digital wallet to enable you to receive an NFT that you have purchased.

– To protect and defend our rights and property, you, or third parties.

– To comply with legal obligations and regulations to which we are subject and cooperate with regulators and law enforcement bodies.

– To develop, improve and test certain of our products and services.

– For other purposes that we tell you about specifically when you register or provide data about yourself to us.


We share information within the Sotheby’s group of companies for the purposes set out in this privacy policy. Sotheby’s may disclose personal information to other companies or entities as follows:

– To business partners and vendors that work on our behalf to provide services such as item shipments, mailings, customer account and technology support, secure payment processing, fraud prevention, digital marketing management, and data storage.

– To our auction partners in association with auctions.

– To consigners, sellers, buyers, customs authorities and others as needed to facilitate a consignment, sale or purchase, including to arrange the collection, delivery or shipment of property.

– To organizations we partner with to host events.

– To digital wallet and cryptocurrency providers as required to complete your sale or purchase. Please see their privacy policies for details of how they use your personal information. One such provider is Circle Internet Financial, LLC ("Circle") that provides payment processing services on Sotheby's Metaverse. Note that as part of the process of minting NFTs, your digital wallet details will be made available on the public blockchain to enable the NFT to be made available to you and will be a permanent record of the transaction, along with the details of the NFT’s you purchase.

– To law enforcement or other entities that present valid legal process or in our discretion, unless otherwise prohibited by law, to protect human safety, our rights, or the rights of others.

– To meet certain legal compliance requirements, for example under anti-money laundering laws or customs laws and regulations.

– To US, UK, EU and other domestic and overseas regulators, law enforcement agencies and authorities in connection with their duties, such as preventing or detecting crime.

-- To identity checking and verification, AML and risk screening services. One such provider is Refinitiv Limited who check your data against various public data sets. Please see their World-Check privacy policy here. for details of how Refinitiv uses your personal data. Some of these screening services, such as Chainalysis Inc, may aggregate your data (such as cryptocurrency hashes and output addresses which are available publicly and user IDs) with their datasets to enable illicit activity to be identified. Further details can be obtained from Chainalysis’ website here.

– As part of a sale, merger, liquidation, or transfer of our business assets.

– We may disclose information about you to Sotheby’s International Realty, a company outside of the Sotheby’s corporate group and a business partners that we coordinate our activities with from time to time.

– We may share information with digital advertising and analytics firms so that they may recognize your devices and deliver interest-based content and advertisements to you. The information we share may include your name, postal address, email, device ID, or other identifier. These firms may collect additional information from you, such as your IP address and information about your browser or operating system; may combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser. To learn about certain choices you may have with regard to such sharing, please see our Cookie Policy or click here.


You have a choice about and control over:

Receiving marketing messages from us. We may contact you by email, text, or SMS messaging. You may stop email marketing by using the “opt out,” or “unsubscribe” mechanism at the bottom of our email marketing messages. In most cases, we will give you a choice about stopping just one kind of email or opting out of all email marketing from us.

Whether cookies can be set or read on your browser. You can learn more about controlling cookies placed on your device as you visit our sites in our Cookie Policy.

Whether your account is up to date. You may review and edit the personal information that is stored in your user account on our website (e.g., your passwords and other contact information) by visiting the “Profile” area of your account on our website or by contacting Sotheby’s via the email address at the end of this Policy. We will endeavor to respond to your request as soon as practicable. Before we are able to provide you with any information, correct any inaccuracies, or delete any information, however, we may ask you to verify your identity and to provide other details to help us to respond to your request.

Your public profile on Sotheby’s Metaverse and Metaverse notifications. Details of your bidding activity, your collection (i.e. any lots you have won) and your saved items (i.e. saved lots) will be displayed in your public profile on Sotheby’s Metaverse if you are a Metaverse user. These details will be publicly available unless you change your settings. You will also receive notifications regarding saved items and items you have bid on. You can go to your Settings on Metaverse to change your settings in respect of the information that will be displayed as part of your public profile and the notifications you receive in relation to the Metaverse at any time.


Sotheby’s is a global company. We receive data collected locally by members of the Sotheby’s group and collect data online directly from individuals in countries around the world. We may process that data on servers globally. We have put recognized protections in place for the transfer of data from members of the Sotheby’s group in the EU to our servers in the United States (“US”).

We protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure, and alteration. Please be aware, though, that no security measures are perfect or impenetrable. You remain responsible for protecting your username and password and for the security of information you transmit to us over the Internet.

We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:

  • – Maintain business records for analysis and/or audit purposes.
  • – Comply with record retention requirements under the law or other relevant legal or regulatory requirements.
  • – Defend or bring any existing or potential legal claims.
  • – Deal with any complaints regarding the services.
  • – Preserve historical records of transactions and property.

We will delete your personal information when it is no longer required for these purposes.


Our websites are directed to adults. We do not accept children as clients or knowingly collect data about them.


Our websites may contain links to other websites not owned or controlled by Sotheby’s. Those websites may collect information about you. Sotheby’s is not responsible for their practices or content.

Additionally, we may work with auction partners so that you can bid on Sotheby’s items from other sites or platforms. If you participate in an online auction on another company’s site or platform, please note that those companies may transfer data about you to us to fulfill successful bids and that we may use that data in a manner consistent with this Policy. Please note that if you use another company’s auction site, you should review the posted privacy policy applicable to that site.


For questions about this Privacy Policy please email us at or contact:

Attn: Legal and Compliance Department
1334 York Avenue
New York, NY 10021


We may collect the following categories of personal information from and about you:

  • Identifiers: Such as your name, email address, phone number, IP address, device identifier, online identifier, and government-issued identification numbers you provide.
  • Internet activity: Such as browsing history, search history, content or items viewed, account logins, and interactions with emails, digital ads, and other communications.
  • Transactions: Such as bidding and purchase records, items considered for purchase or bidding, items offered for consignment, shipping details, and events attended.
  • Payment information: Such as tokenized payment information or wire instructions.
  • Demographics: Such as information about your gender or age.
  • Location information: Such as the addresses you provide or your general location as inferred from your IP address or other network information.
  • Professional and employment information: Such as information provided on valuation or credit documents.
  • Video and audio: Such as recordings of auctions or client service calls.
  • Inferences: Such as our assessment of the types of art, furniture, objects or jewelry in which you may have an interest.

We share your information for the following business purposes:

  • To obtain services such as item shipments, mailings, customer account and technology support, secure payment processing, fraud prevention, digital marketing management, and data storage;
  • To coordinate auctions with business partners;
  • To coordinate events;
  • For legal and compliance purposes;
  • To cooperate with law enforcement or other reasonable requests for information;
  • To support potential sales, mergers, liquidations, or transfers of our business assets.

We disclose all of the categories of personal information noted above with service providers that process personal information on our behalf (e.g., data storage providers, email services, Internet service providers, and research firms), business partners (e.g., event coordinators, professional advisors and consultants), government and law enforcement entities, advertising and marketing companies, and our affiliates.
We also disclose certain personal information in exchange for services, insights, or other valuable consideration. California law treats such disclosures as “sales” even if no money is exchanged. We may disclose or sell the following categories of information to the third parties listed below:


Categories of personal information disclosed in exchange for valuable consideration
Categories of third parties to whom this information is or was disclosed in the past 12 months
Digital advertising and analytics companies, marketing partners, social media platforms, auction partners and event co-hosts.
Internet activity
Digital advertising and analytics companies, social media platforms, and marketing partners.
Digital advertising and analytics companies, auction partners and event co-hosts, and marketing partners.
Payment information
Digital advertising and analytics companies, marketing partners, social media platforms, auction partners and event co-hosts.
Location information
Digital advertising and analytics companies, auction partners and event co-hosts.
Professional and employment information
Marketing partners, auction partners, and event co-hosts.
Video and audio information
Auction partners and event co-hosts.
Digital advertising and analytics companies, marketing partners, social media platforms, auction partners and event co-hosts.

Residents of California have the following rights:

  • Right to know. You may request that we provide you with information about the categories of your personal information that we collect, the specific pieces of personal information that we hold about you, the categories of sources from which we collected the information, our reasons for collecting and sharing the information, and the types of third parties with which we share the information.
  • Right to deletion. You may ask us to delete your personal information, subject to certain exceptions.
  • Right to opt out of sales. You have the right to opt out of certain disclosures of your personal information for valuable consideration. You can exercise this right through the “Do Not Sell My Personal Information” link.
  • Right to be free from discrimination. You have the right to not be discriminated against for exercising any of the above-listed rights. We may, however, provide a different level of service or charge a different rate reasonably relating to the value of your personal information.

If you are a California resident and would like to exercise any of the above rights, please submit your request at

Please note that we may request specific information from you in order to verify your identity, and there may be circumstances where we will not be able to honor your request. For example, if you request deletion, we may need to retain certain personal information to comply with our legal obligations or other permitted purposes. We will only use personal information provided in a verifiable consumer request to verify your identity or authority to make the request. If you are submitting a request through an authorized agent, the authorized agent must provide us with your signed written permission stating that the agent is authorized to make the request on your behalf. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf.


Who is responsible for your data?

If you transact in an auction or private sale in a Sotheby’s office in the EEA, UK, or Switzerland, then the Sotheby’s entity running the auction will be the data controller for that data. The name and contact details for this entity will be set out in your consignment agreement, private sale agreement, invoice, or Conditions of Business for the auction.

If you visit, another Sotheby’s website (such as Sotheby’s Metaverse) or use a Sotheby’s app, then the data controller will be Sotheby’s, a US entity, and this Policy contains our contact details. Sotheby’s main establishment in the EU is Sotheby’s France. Sotheby’s in London is the Sotheby’s UK-based establishment.

What is the legal basis on which Sotheby’s relies to process your data?

On some occasions, Sotheby’s processes your data with your consent (e.g., when you agree that we may place cookies, or if you ask Sotheby’s to send you information about upcoming events).

On other occasions, Sotheby’s processes your data when we need to do this to fulfill a contract with you (e.g., for billing purposes) or where we are required to do this by law (e.g., where we have to fulfill anti-money laundering requirements). If it is mandatory for you to provide data for these purposes, we will make this clear at the time and will also explain what will happen if you do not provide the data (e.g., that we will not be able to process a bid at auction).

Sotheby’s also processes your data when it is our legitimate interests to do this and when these interests are not overridden by your data protection rights. For example, Sotheby’s has a legitimate interest in ensuring the security and integrity of our auctions, in learning about the interests and preferences of our current and prospective clients, in developing new business opportunities, in maintaining accurate business and provenance records, and in ensuring that our websites and apps operate effectively. When we process personal information to meet our legitimate interests, we put in place robust safeguards to ensure that your privacy is protected and to ensure that our legitimate interests are not overridden by your interests or fundamental rights and freedoms.

Data transfers

Sotheby’s may transfer personal information to countries outside the EEA and the UK, including to countries which have different data protection standards to those which apply in the EEA and the UK. Sotheby’s has put in place European Commission approved standard contractual clauses to protect this data. For more information on the appropriate safeguards in place, please contact us at the details above.

Automatic Decision-Making

The way we analyse personal information for advertising and marketing purposes and for client development, risk assessment, or fraud prevention may involve profiling, which means that we may process your personal information using software that is able to evaluate your personal aspects and predict risks or outcomes. For example, we may use the information we collect (e.g., bidding and purchase information, browsing history, and consignment history) to infer your interests. And we may use those inferences to support automated decisions about the content, recommendations, and offers we present to you on our digital properties. We may use automated tools to flag for further review suspicious activities associated with our services (e.g., multiple logins from different locations within a short period of time or activities associated with suspicious IP addresses). These automated activities will not, in themselves, have legal or similar effects for you.

Your rights

You may ask Sotheby’s for a copy of your personal information, to correct it, erase it, restrict our use of it, or to transfer it to other organizations at your request subject to local law. You also have rights to object to some processing and, where we have asked for your consent to process your data, to withdraw this consent. In particular, you have rights to object to direct marketing at any time.

Where we process your data because we have a legitimate interest in doing so (as explained above), you also have a right to object to this. These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data.

If you would like to discuss or exercise such rights, please contact us at the details below. We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate. We will contact you if we need additional information from you in order to honor your requests.

We hope that we can satisfy queries you may have about the way we process your data. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. However, if you have unresolved concerns and believe that we have not been able to assist with your complaint or concern, you also have the right to complain to data protection authorities.

For questions about this Privacy Policy please email us at or contact:

Attn: Legal and Compliance Department
1334 York Avenue
New York, NY 10021


You may request a copy of this Policy from us using the contact details set out above. We may modify or update this Policy from time to time. If we change this Policy, we will notify you of the changes by updating this Policy on our website. Where changes to this Policy notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights.