1. Introduction

Sothebys (\"we,\" \"us,\" \"our,\" or \"Company\"), operating the website located at worldsoth.auction (the \"Website\"), is committed to protecting your privacy and ensuring you have a positive experience on our Website. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal data in connection with our Website and the services we provide.

This Privacy Policy applies to all visitors and users of our Website, regardless of how you access or use it. By accessing and using our Website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our privacy practices, please do not use our Website.

We operate in compliance with applicable European privacy laws, including the General Data Protection Regulation (GDPR), the ePrivacy Directive (2002/58/EC), and equivalent data protection legislation in other European jurisdictions where we conduct business.

2. Data Controller and Contact Information

Sothebys is the Data Controller responsible for processing personal data collected through our Website. If you have questions about this Privacy Policy or our privacy practices, you may contact us at:

3. What Personal Data We Collect

We collect personal data in various ways to provide and improve our services. The categories of personal data we collect include:

3.1 Data Provided Through Contact Forms

When you submit a contact form on our Website, we collect the following information:

• Name: Your full name as provided in the form
• Email Address: Your email address for communication purposes
• Phone Number: Your telephone number (optional, where provided)
• Message Content: The content of your inquiry, feedback, or communication
• Timestamp: The date and time when you submitted the form

3.2 Automatically Collected Data

When you visit our Website, certain information is automatically collected without explicit action on your part:

• IP Address: Your internet protocol address
• Browser Information: The type and version of your web browser
• Device Information: The type of device you use to access the Website (desktop, tablet, mobile)
• Operating System: Information about your device's operating system
• Referring URL: The webpage from which you accessed our Website
• Pages Visited: Information about which pages you visit and for how long
• Interaction Data: How you interact with our Website content and features
• Cookies and Similar Technologies: Data collected through cookies, web beacons, and similar tracking technologies

3.3 Third-Party Service Providers

We use certain third-party services that may collect data about your interactions with our Website:

• Google Fonts: We use Google Fonts to deliver typography to our Website. Google may collect limited data about your access to these resources
• Analytics Services: We may use analytics tools to understand user behavior and improve our Website performance
• Content Delivery Networks: We may use CDN services (such as Tailwind CDN if applicable) to optimize Website performance

4. How We Use Your Personal Data

We process personal data only for specified, explicit, and legitimate purposes. The purposes for which we use your personal data include:

4.1 Primary Uses

• Communication: To respond to your inquiries, feedback, or communications submitted through our contact forms
• Service Provision: To provide and maintain our Website and associated services
• Customer Support: To offer technical support and assistance related to your use of our Website
• Request Fulfillment: To process and fulfill any requests you submit to us
• Notification: To send you important notices regarding changes to this Privacy Policy or our Website terms

4.2 Secondary Uses (with Your Consent)

• Marketing Communications: To send promotional materials, newsletters, or information about new services (only with your express consent)
• Website Improvement: To analyze Website usage patterns and improve user experience
• Analytics: To understand how visitors interact with our Website and optimize content delivery

4.3 Legal and Compliance Uses

• Legal Compliance: To comply with applicable laws, regulations, court orders, or government requests
• Fraud Prevention: To detect, prevent, or address fraud, security issues, or technical problems
• Rights Protection: To protect the rights, property, and safety of Sothebys, our users, and the public
• Dispute Resolution: To establish, exercise, or defend legal claims and disputes

5. Legal Basis for Processing

Under the GDPR and similar European data protection laws, we process personal data only when we have a valid legal basis. The legal bases for our processing include:

5.1 Contract Performance

We process personal data as necessary to fulfill contractual obligations and provide requested services.

5.2 Legitimate Interests

We process personal data for legitimate interests, including: improving our Website, understanding user behavior, preventing fraud, and protecting our legal interests. We balance these interests against your fundamental rights to privacy.

5.3 Consent

Where required by law, we process personal data based on your explicit, informed, and freely given consent. You may withdraw consent at any time by contacting us.

5.4 Legal Obligation

We process personal data when necessary to comply with applicable laws, regulations, legal proceedings, or government requests.

6. Cookies and Similar Technologies

Our Website uses cookies and similar tracking technologies to enhance your experience, analyze usage, and provide personalized services.

6.1 Types of Cookies We Use

Essential/Functional Cookies

These cookies are necessary for the Website to function properly. They enable core functionality such as page navigation, security, and access to secure areas. These cookies cannot be disabled without impairing Website functionality.

Analytical Cookies

We use analytical cookies to understand how visitors interact with our Website. These cookies collect aggregated, anonymized data about page visits, traffic sources, and user behavior. This information helps us improve our Website design, content, and user experience. These cookies are optional and require your consent.

Marketing Cookies

We may use marketing cookies to track your interactions and serve targeted advertisements relevant to your interests. These cookies require your explicit consent.

6.2 Cookie Management

Most web browsers allow you to control cookies through their settings. You can:

• Delete cookies from your device
• Block specific types of cookies
• Receive warnings before cookies are stored
• Disable all cookies (which may affect Website functionality)

Please note that disabling certain cookies may prevent the Website from functioning optimally. Refer to your browser's help documentation for instructions on managing cookies.

6.3 Third-Party Cookies

Third-party service providers may set their own cookies on our Website. These include analytics providers, advertising networks, and content delivery services. We do not control these third-party cookies, and their use is governed by their own privacy policies.

7. Third-Party Services and Integrations

Our Website may integrate with or use services provided by third-party vendors. When you interact with these services, your data may be shared with or collected by these third parties.

7.1 Google Fonts

We use Google Fonts to deliver typography resources to our Website. When you access our Website, your browser may request font files from Google's servers. Google may collect limited information about your access to these resources, including your IP address and requested URLs, in accordance with Google's Privacy Policy.

7.2 Content Delivery Networks

We may use Content Delivery Network (CDN) services to optimize Website performance and ensure fast content delivery. CDN providers may collect technical data about your interactions.

7.3 Email Services

When you submit a contact form, your data may be processed through email services used by Sothebys. These services comply with applicable data protection regulations.

7.4 Analytics and Measurement

We may use analytics platforms to measure Website performance and user engagement. These platforms may collect data such as pages visited, time on site, and user demographics. We ensure all analytics implementations comply with GDPR and ePrivacy requirements.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations. The retention periods for different categories of data are:

8.1 Contact Form Submissions

Personal data submitted through contact forms is retained for 24 months from the date of submission, unless a longer retention period is required by applicable law or for legitimate business purposes. After this period, data is securely deleted.

8.2 Automatically Collected Data

Technical data such as IP addresses, browser information, and interaction logs are retained for 12 months for security and analytics purposes. After this period, data is anonymized or deleted.

8.3 Cookie Data

Cookies are retained for the duration specified by their purpose. Functional cookies may be retained as long as necessary for Website operation. Analytical and marketing cookies are typically retained for 12-24 months.

8.4 Legal Hold

Notwithstanding the above, we may retain personal data for longer periods if required by applicable laws, regulations, legal proceedings, or to establish, exercise, or defend legal claims.

9. Data Sharing and Disclosure

We do not sell, trade, or rent your personal data to third parties for marketing purposes. However, we may share your personal data in the following circumstances:

9.1 Service Providers

We may share personal data with trusted third-party service providers who assist us in operating our Website, conducting our business, or providing services to you. These service providers are contractually obligated to use your data only as necessary to provide services to Sothebys and must maintain appropriate data security measures.

9.2 Legal Requirements

We may disclose personal data when required by law, court order, government request, or to protect legal rights. We will provide notice of such disclosure where legally permitted.

9.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, dissolution, or similar corporate event, personal data may be transferred as part of that transaction. We will provide notice and obtain consent where required by applicable law.

9.4 Safety and Rights Protection

We may disclose personal data when we believe in good faith that disclosure is necessary to: protect the safety of individuals, prevent fraud or security incidents, protect Sothebys's legal rights and property, or enforce our terms and conditions.

9.5 Anonymized Data

We may share anonymized, aggregated data that cannot be used to identify individuals without restriction. This data may be used for research, analytics, marketing, and other purposes.

10. Your Privacy Rights Under European Law

Under the GDPR and equivalent European data protection legislation, you have the following rights regarding your personal data:

10.1 Right of Access

You have the right to request access to the personal data we hold about you. Upon receipt of a valid request, we will provide you with a copy of your personal data in a structured, commonly used, and machine-readable format within 30 days.

10.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. We will correct such data without undue delay.

10.3 Right to Erasure (\"Right to be Forgotten\")

You have the right to request deletion of your personal data in certain circumstances, including when: the data is no longer necessary for the original purpose, you withdraw consent, you object to processing, or the processing is unlawful. We will delete your data within 30 days of receiving a valid request, except where legal obligations require retention.

10.4 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, including when you contest accuracy, processing is unlawful, or data is no longer needed. During the restriction period, we will store your data but not actively process it.

10.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance from Sothebys. We will provide your data in a portable format within 30 days of request.

10.6 Right to Object

You have the right to object to processing of your personal data for direct marketing, profiling, or other purposes based on legitimate interests. We will cease processing for such purposes upon receipt of a valid objection.

10.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw consent at any time. Withdrawal does not affect the validity of processing undertaken before withdrawal.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the relevant data protection authority in your jurisdiction if you believe we have violated your privacy rights. Each European country has a designated Data Protection Authority that oversees GDPR compliance.

10.9 Exercising Your Rights

To exercise any of the above rights, please submit a written request to:

We will verify your identity before processing your request. We may ask for additional information to confirm your identity and locate relevant data. Requests will be processed within 30 days unless a longer period is justified by the complexity of the request.

11. Data Security

Sothebys implements comprehensive technical, organizational, and administrative security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

11.1 Security Measures

• Encryption: We use industry-standard encryption protocols (HTTPS/TLS) to protect data transmitted between your device and our servers
• Access Controls: Personal data is accessible only to authorized personnel who require access for legitimate business purposes
• Data Minimization: We collect and retain only the minimum personal data necessary for specified purposes
• Regular Audits: We conduct regular security audits and vulnerability assessments to identify and remediate risks
• Incident Response: We maintain an incident response plan to address potential data breaches promptly and effectively
• Staff Training: Our employees receive regular training on data protection, privacy practices, and security protocols
• Secure Deletion: When personal data reaches the end of its retention period, it is securely deleted using industry-standard methods

11.2 Data Breach Notification

In the event of a data breach affecting personal data, we will notify affected individuals and relevant authorities as required by law. Notifications will be provided without undue delay and will include information about the nature of the breach, the categories and approximate numbers of affected individuals, the likely consequences, and measures taken or proposed to address the breach.

12. Children's Privacy

Our Website is not intentionally directed to children under the age of 16, nor do we knowingly collect personal data from children under 16 without verifiable parental consent. If we become aware that we have collected personal data from a child under 16 without proper consent, we will delete such data immediately.

For children between 13-16 in certain EU jurisdictions where higher consent age thresholds apply, we require verifiable parental or guardian consent before processing their personal data. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected].

13. International Data Transfers

Sothebys is based in Europe and primarily processes personal data within the European Economic Area (EEA). However, your personal data may be transferred to and processed in jurisdictions outside the EEA.

13.1 Transfer Mechanisms

Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

• Adequacy Decisions: Transfer to countries recognized by the European Commission as having adequate levels of data protection
• Standard Contractual Clauses: Transfer based on Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules: Transfer within organizations bound by Binding Corporate Rules (BCRs)
• Your Consent: Transfer based on your explicit informed consent

13.2 Third-Country Data Controllers

Some third-party services we use, such as Google Fonts, may process data in the United States or other countries. These transfers are justified under transfer mechanisms compliant with GDPR, including Standard Contractual Clauses and adequacy decisions.

14. ePrivacy Compliance

In addition to GDPR compliance, we comply with the ePrivacy Directive (2002/58/EC) and national ePrivacy laws in European jurisdictions where we operate.

14.1 Cookie Consent

In compliance with ePrivacy requirements, we obtain your prior explicit consent before storing or accessing cookies and similar technologies on your device (except where strictly necessary for service provision). Consent is obtained through clear, affirmative action via our cookie consent banner.

14.2 Electronic Marketing Communications

We will not send you marketing emails, SMS, or other electronic communications unless you have explicitly consented to receive such communications. You may withdraw consent and unsubscribe from marketing communications at any time by clicking the unsubscribe link in our messages or contacting us directly.

15. Jurisdiction-Specific Privacy Rights

Certain European jurisdictions have implemented GDPR at the national level with specific provisions. Depending on your location, you may have additional rights under local privacy laws. We comply with all applicable national implementations of the GDPR.

15.1 Your Location

Please note that the privacy rights and protections described in this Privacy Policy apply to all users in European jurisdictions. If you reside outside the EEA, different privacy laws may apply to your personal data.

16. Changes to This Privacy Policy

Sothebys reserves the right to modify this Privacy Policy at any time. Changes will be effective immediately upon posting to our Website, with the updated \"Last Updated\" date reflected above. Material changes will be communicated to you by:

• Prominent notice on our Website
• Email notification to the email address associated with your account (if applicable)
• Explicit notification through our Website interface

Your continued use of our Website following the posting of revised Privacy Policy terms means you accept and agree to the changes. If you do not agree with the revised policy, you should discontinue use of our Website.

We encourage you to periodically review this Privacy Policy to stay informed of how we protect your information.

17. Legal Basis for Email Communications

When you submit your email address through our contact form, you consent to receiving responses to your inquiry. Any subsequent communications related to your request will be based on this consent and our legitimate interest in providing customer service.

If you wish to receive additional communications, promotional materials, or newsletters, we will obtain your explicit opt-in consent before adding you to any marketing lists. You may withdraw consent for promotional communications at any time.

18. Data Protection Impact Assessment

Sothebys conducts Data Protection Impact Assessments (DPIA) for processing activities that pose high risks to the rights and freedoms of individuals. These assessments inform our privacy and security measures and ensure our processing is consistent with GDPR requirements.

19. Data Protection Officer and Privacy Team

While Sothebys does not currently appoint a designated Data Protection Officer (unless required by applicable law), we maintain a privacy-conscious approach and have designated personnel responsible for privacy and data protection matters. You may contact our privacy team with questions or concerns:

20. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: