Our privacy policy sets out the basis on which we will collect, use and process personal data. To ensure that you feel confident about providing us with your personal information when communicating with us and using our services, we outline below our practices in relation to the collection and use of personal data.
Introduction
Christie’s Education holds and processes a wide range of information about its students, prospective students and other persons who may be interested in its services.
This privacy notice applies to all Christie’s Education operations in the UK, US, and Hong Kong and other global locations where we organise courses or promote services. The notice explains the type of information that we process, why we are processing it and how that processing may affect you.
The privacy notice is split into the sections listed below. The Glossary section explains what we mean by “personal data”, “processing”, and other terms used in this notice.
We may update this privacy notice from time to time, and will post any revised notice on this webpage. Where appropriate we may notify you by email or by a notice on our website that our privacy notice has changed but we recommend that you check this page regularly. Any changes will be immediately effective on posting.
Contents
Who we are
How and when do we collect your personal data?
What personal data do we process and why?
Who gets to see your personal data?
Is your personal data transferred out of the EEA?
How long do we keep your personal data?
What steps do we take to keep your personal data secure?
Third party websites
Access to your data and other rights
Contact Information
Complaints
Glossary
Who we are
Christie’s Education is part of the Christie’s group of companies.
Christie’s Education Limited (UK company number 01344504) of 8 King Street, St James’s, London SW1Y 6QT, is the primary Data Controller for the purposes of EU Data Protection Legislation. Christie’s Education Inc. (New York company number 2527480) of 1230 Avenue of the Americas, 20th Floor New York, NY, 10020, United States may also control your data if you interact with Christie’s Education in the Americas, and Christie’s Hong Kong Limited (Hong Kong company number 172080) of 22nd Floor, Alexandra House, 18 Chater Road, Central, Hong Kong may also control your data if you interact with Christie’s Education in Asia.
Christie Manson & Woods Limited (UK company number 01128160) of 8 King Street, St James, London, SW1Y 6QT will control your data if you enrol on one of Christie’s Education’s online courses.
How and when we collect your personal data
Collection directly from you in response to our request
Most of the personal data we process about you comes directly from you (whether face to face, over the telephone, on a paper form, by email or online) for example:
• when you apply for or enrol on one of our courses;
• when you call us, email us or meet with one of our staff;
• when you sign up on https://education.christies.com/ or https://www.christies.com/, or while attending an event or student recruitment fair, to receive news about upcoming courses and events relating to particular areas of interest
Automatic collection when you call us, visit our premises or our website, or take one of our online courses
Your image may be collected by Christie’s Education if you attend our premises. We use CCTV at our premises for the protection of our staff, our students, and our visitors.
We also sometimes video or record our lectures or other events, and may make these videos and recordings available through facebook live, but we will inform you on arrival at the lecture or event if we intend to do this. If you have enrolled on one of our online courses, we also collect certain data about your progress through the course, such as which modules you have completed, the results of any test.
We collect data about your computer when you visit our website which includes your internet address, your operating system and browser type. We use this information for our internal system administration, to help diagnose problems with our servers, to administer our website and monitor and improve the user experience.
We also collect data about you through cookies. A cookie is a simple text file that is stored on your computer or mobile device by our website’s server which allows our website to remember your preferences or transactions that are in progress. You can see more detail on cookies by clicking on Cookie Settings.
Collection of data from other sources
We may also obtain information about you from other sources, for example when we verify your academic qualifications with a prior educational institution, when we seek information about the equivalence of your academic qualification from World Education Services or your language ability from Educational Testing Services, when we obtain references from a previous employer or letters of recommendation.
What personal data do we process and why?
We have set out below the types of personal data that we process, the purposes for which we use it and the legal grounds on which we process it. The Glossary contains more information about the legal grounds for processing.
|
Purpose |
Examples of personal data (please note that the list is not exhaustive)
|
Legal grounds for processing |
|
To provide you with requested services (for example assessing eligibility for a course and/or scholarship, enrolling you on a course, assessing fitness to study, delivering teaching to you)
|
|
Performance of a contract
|
|
To evidence our compliance with legal requirements, (for example, verifying your identity, monitoring for the purposes of equal opportunities) |
|
Compliance with a legal obligation |
|
To keep you, our staff, and property on our premises secure |
|
Legitimate Interests
|
|
To provide you with details about upcoming courses and events
|
|
Legitimate Interests (for past students)
Consent (for individuals who have signed up online, at an event, by talking to a member of staff) |
|
To monitor the performance of our website and online course platform and make your user experience better |
|
Legitimate Interests |
|
To monitor your use of our services, train our staff and improve your student or website experience |
|
Legitimate Interests |
Who gets to see your personal data?
Christie’s Education and the wider Christie’s group
Your personal data will be processed by the Christie’s Education entity that initially receives it (see Who we are), and may also be transferred to and processed by other Christie’s Education locations. Christie’s uses EU Commission approved standard contractual clauses to regulate the transfer and processing of data between group companies.
We do not transfer your personal data to Christie’s auction business or other parts of the Christie’s group unless you indicate you wish to sign up for news or updates from those parts of the business.
Outside the Christie’s Group
We do not transfer your personal data to organisations who wish to use it for their own marketing promotions or other purposes. We only transfer your personal data to other organisations where it is necessary to enable us to provide you with the services you have requested (for example: we may transfer your data to our bank, payment card acquirers, library service providers, travel agents, transport and accommodation companies in relation to trips forming part of your course, course venues, caterers, institutions who evaluate the equivalence of your existing overseas qualifications, and direct marketing fulfilment and distribution). We also transfer your data to any organisations that validate our course provision and award your qualification, such as the Open University for courses run by Christie’s Education Limited. Where we do so it will be on the basis that these organisations are required to keep the information confidential and secure, and they will only use the information to carry out the instructed services. Some of these organisations may be located outside the EEA and you should refer to the section Is your personal data transferred out of the EEA? for more information.
References
For students of Christie’s Education in London and Hong Kong and students of our online courses, we release information about you and your studies with Christie’s Education (such as dates of attendance and qualifications or awards achieved) only when you request that we provide such information to future employers, educational bodies or other persons.
For students of Christie’s Education Inc, we will disclose certain information known as “Directory Information” to anyone who requests it unless you instruct us not to do so by completing a FERPA Hold Directory Information Form (you can complete this form at any time). By contrast, we will not release non-directory information to third parties unless you have specifically authorised us to do this by completing a FERPA Non-Directory Information Release Form. Our FERPA Policy (which forms part of the Christie’s Education Inc. student handbook) explains your rights in more detail.
Student Loan organisations
Where you have a student loan we will share your data with the relevant body, for example Student Finance England for students of Christie’s Education Limited, and Boston Educational Network for students of Christie’s Education Inc.
Education Regulators and Visa authorities
We are legally required to disclose certain information about students to:
• Education Regulators such as the Higher Education Statistics Agency (HESA), Office for Students (OFS), UK Department of Education, the New York State Education Department, the New York State Board of Regents and the US Department of Education
• Visa Issuing bodies such as UK Visas and Immigration and the Department of Homeland Security
• Certain federal, state and local authorities (or third parties appropriately designated by them) under FERPA – please see Christie’s Education Inc.’s FERPA Policy for more detail.
Where we receive a request from other types of government or law enforcement authorities to provide your data, we will only disclose such information where we are ordered to do so by a court or we are otherwise satisfied after internal review that the body making the request has both the right to seek disclosure and has followed the correct process.
Is your personal data transferred out of the EEA?
Christie’s Education may in the normal course of its business transfer your personal data outside of the EEA to individuals and organisations who need to process your data in connection with the services that Christie’s provides to you (see Who gets to see my data?). Your data will also be held on Christie’s servers located in the USA.
Non- EEA countries offer varying standards for the protection of personal data and your privacy rights and in some cases, these standards are lower than equivalent EEA standards. When we send your personal data outside the EEA, we have in place the EU Commission approved standard contractual clauses in the form of an appropriate data transfer agreement. More details about typical standard clauses can be found here: https://edps.europa.eu/data-protection/data-protection/reference-library/international-transfers_en.
If you have any questions or would like further information about how we make personal data available to non-EEA countries please contact us (see Contact Information below).
How long will we keep your personal data?
We will retain your personal data for as long as is necessary to provide the relevant services, maintain business records or educational records to satisfy tax, legal and other regulatory requirements, and protect and defend against potential legal claims.
What steps do we take to keep your personal data secure?
We will take all reasonable and appropriate steps to protect the security and integrity of all personal information provided via our website, or by any other means electronic or otherwise.
We use a variety of security technologies and procedures to help protect your personal details from unauthorised physical and electronic access.
As effective as modern security practices are, we cannot guarantee the complete security of personal data held in our systems, nor that that information you supply through the internet or any computer network is entirely safe from unauthorised intrusion, access or manipulation during transmission. Any transmission is at your own risk. We will not be liable for any resulting misuse of your personal data.
Third party websites
Christie’s websites may contain links to other websites not operated by Christie’s. The information you provide to us will not be transmitted to other websites, unless we clearly say so, but these other websites may collect personal information about you in accordance with their own privacy notice. Christie’s cannot accept any responsibility for the privacy practices or content of those websites.
Access to your data and other rights
We try to be as open as we can about the data that we process and recommend you ask us if you have questions about the data we hold on you.
EU residents
If you are a resident of the EU, you have the legal right to make a “subject access request”. If you exercise this right and we process personal data about you by automated means or as part of a Filing System, we are required to provide you with a description and copy of that personal data, and tell you why we are processing it.
As well as your subject access right, you may have a legal right to have your personal data rectified or erased, to object to its processing, or have its processing restricted.
If you have provided us with data about yourself and the grounds for processing is Contract or Consent (see What personal data do we process and why?), you have the right to be given the data in machine readable format for transmitting to another data controller.
If we are relying on Consent as the grounds for processing your data (see What personal data do we process and why?), you may withdraw consent at any time. This will not affect the lawfulness of Christie’s processing of your data prior to your withdrawal.
Please contact us at dataprivacy@christies.com if you would like to exercise any of your rights explained above in relation to your personal data.
FERPA rights for students of Christie’s Education Inc
If you are a student of Christie’s Education Inc., you have certain rights under FERPA. These are:
• The right to inspect and review certain educational records within 45 days of Christie’s Education’s receipt of written request;
• The right to seek to amend educational records if you believe they are inaccurate or misleading through formal and informal hearings; and
• The right to have some control over the release of information about educational records.
You can find more information about these rights in the FERPA Policy which forms part of the Christie’s Education Inc. student handbook.
If you wish to exercise these rights, please contact us at shortcoursesus@christies.com
Rights for California residents
If you are a resident of California you may have a right pursuant to Section 1798.83 of the California Civil Code to obtain certain information about the types of personal data that we have shared with third parties for direct marketing purposes during the preceding calendar year, including the names and addresses of those third parties, and examples of the types of services or products marketed by those third parties.
If you wish to exercise this right, please contact us at dataprivacy@christies.com.
Contact Information
If you have any queries in relation to Christie’s Education’s processing of your personal data please contact us at dataprivacy@christies.com. You can also contact Christie’s Education in New York at shortcoursesus@christies.com or on +1 212 355 1501, and Christie’s Education in London on shortcoursesuk@christies.com or on +44 7824 47419.
Complaints
If you have any complaints relating to the processing of your personal data, please contact us at dataprivacy@christies.com. You can also contact Christie’s Education in New York at shortcoursesus@christies.com or on +1 212 355 1501, and Christie’s Education in London on shortcoursesuk@christies.com or on +44 7824 47419.
You may raise a complaint with the UK Information Commissioner (https://ico.org.uk/) or your local regulator if you consider that we have infringed applicable EU data privacy laws when processing your personal data.
You may raise a complaint about Christie’s Education Inc.’s compliance with FERPA by writing to Family Policy Compliance Office, U.S. Department of Education, 400 Maryland Avenue, S.W., Washington, DC 20202-4605.
Your right to complain is without prejudice to any other administrative or judicial remedy you might have.
Glossary
Compliance with a legal obligation - processing is necessary to ensure we comply with our legal and regulatory obligations.
Consent – you have given specific consent to the processing of your personal data.
Data Controller – the person who determines the purposes and means of processing personal data.
Directory Information – for the purposes of FERPA, a student’s name, address, email address, telephone number, date of birth, enrolment status (full/part time), field of study, dates of attendance, degree and date of graduation (including anticipated graduation date), awards received, previous institutions attended.
EEA – the European Economic Area which comprises countries that are members of the European Union and Norway, Iceland and Liechtenstein.
FERPA – the Family Educational Rights and Privacy Act of 1974
Filing System – a structured set of personal data that is accessible according to specific criteria.
Legitimate Interests - processing is necessary for our or a third party’s legitimate interests in carrying on, managing and administering our respective businesses effectively and properly (except where our or the third party’s interests are overridden by your own interests, rights and freedoms).
Performance of a contract – processing is necessary to carry out our contractual duties, exercise our contractual rights or otherwise perform our contract with you, or to take steps at your request to enter a contract.
Personal Data - any data relating to an identified or identifiable natural person. This can include names, user ID, location data, email addresses, photographs, job applications, purchase history, user account information, opinions, and correspondence to and from an individual.
Processing - any operation performed on personal data, such as collection, recording, storage, retrieval, use, combining it with other data, transmission, disclosure or deletion.
Public Interest – processing is necessary for the performance of a task carried out in the public interest.
