Normally you should be disabling whois privacy when the domain sells, as it can't be transferred to another registrar until so. Pushes on the other hand (account to account within same registrar) might not need this, but I still disable whois privacy anyways before the push.
It's a good question because there are some registries whom automatically update the whois to reflect the current owner after the transfer, but there are also some that don't. And it is somewhat of an annoyance seeing your info displayed after the domain has sold and been transferred and the new owner hasn't bothered to update with their own. This could be problematic especially if waiting for a payout and the marketplace is looking to the whois ownership change as proof of the transfer.
So basically, yes, if upon transfer completion the whois isn't automatically filled and must be done manually by the new owner, then they can see your info. A total whois privacy isn't a given on the the transfer, normally it has to be activated by the new owner- however I think with the new GDPR rules there should be some sort of partial privacy enabled automatically.