Privacy policy

For the purpose of this privacy policy, terms hereafter, if not defined elsewhere in this privacy policy, shall have the meanings set forth below:

1. Definitions

“Company”: shall mean Agence France Muséums, simplified joint stock company with a capital of 335,000.00€ having its registered office located at 20, rue Bachaumont, 75002 Paris, registered with the Trade and Corporations Register of Paris under identification number 499 510 451, duly represented by its chief executive officer, Hervé BARBARET.

Controller“: means the Company which determines the purposes and means of the Processing of Personal Data.

GDPR“: Regulation (EU) 2016/679 on the protection of individuals regarding the Processing of Personal Data and on the free circulation of such data.

Loi Informatique et Libertés”: means law of January 6, 1978, relating to data processing, files and freedoms, as amended.

“Personal data”: shall mean any personal data identifying the User directly (in particular his or her surname, first name, postal, electronic or telephone contact details) or indirectly.

“Purposes”: means the aim/purpose of the Processing (e.g. employees administrative management, payroll management, evaluation management, etc.).

“Site”: shall mean the website www.francemuseums.fr where the Company presents its activity to the Users and Service Providers.

Service Providers”: refers to the Company’s suppliers and service providers, whether independent or individual contacts within a company.

“User(s)”: shall mean a person who has access to the Site.

Processing“: means any operation or set of operations performed or not by means of automated processes and applied to data or sets of Personal Data, such as collection, recording, organizing, structuring, storage, adaptation or modification, retrieval, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, erasure or destruction.

Transfer“: means any Transfer of Personal Data from one entity to another. A Transfer may be any act of communicating, copying, transferring, or disclosing Personal Data over a network, including remote access to a database, or transferring from one medium to another, regardless of the type of medium used (e.g., from a computer hard drive to a server).

2. Purpose
This privacy policy governs the terms and conditions of collection and processing by the Company of the Personal Data of the Users of the Site (I) and the Company’ Service Providers (II), in application of the GDPR.
Its purpose is to inform the Users and the Service Providers of the Processing and collect of Personal Data by the Company.
This Policy may change. If so, we will notify its Users and Service Providers by email of any material changes and the revised version will become effective when posted.

The Company to ensure the security and the confidentiality of the Users and Service Providers’ Personal Data, undertakes to process those Personal Data in a manner that is:
– Lawful;
– Fair;
– Transparent;
– Proportionate;
– Relevant;
– Within the strict framework of the purposes pursued and announced;
– For the duration necessary for the processing operations put in place;
– In a secured way.

The Company implements and updates the appropriate technical and organizational measures to ensure the security and confidentiality of the Users and Service Providers’ Personal Data, preventing them from being distorted, damaged or communicated to unauthorized third parties. For any questions concerning the Processing of Personal Data, Users and Service Providers may contact the dedicated service at the following address: contact@francemuseums.fr

3. User and Service Providers’ rights on Personal Data
As part of the right of access, the User and the Service Providers are authorized, in accordance with article 15 of the GDPR, to question the Company in order to obtain: (i) communication of the Personal Data concerning them in an accessible form; (ii) confirmation that their Personal Data is or is no longer being processed; (iii) communication of the purposes of the processing, the categories of Personal Data processed and the recipients to whom their Personal Data are potentially communicated; and (iv) the duration of the storage of their Personal Data or the criteria used to determine this duration.

In accordance with article 16 of the GDPR, the right of rectification gives the User and the Service Providers the right to require the Company to rectify their Personal Data when it is inaccurate.

Under the conditions set forth in article 17 of the GDPR, the User and the Service Providers have a right to the deletion of their Personal Data, allowing them to ask the Company to delete their Personal Data as soon as possible, in particular when it is no longer necessary with regards to the purposes for which it was collected.

The User and the Service Providers also have the right to limit the processing of their Personal Data in the cases listed in article 18 of the GDPR.

In the circumstances provided for in article 20 of the GDPR, the User and the Service Providers have a right to the portability of their Personal Data, allowing them to recover from the Company the Personal Data they have provided, in a structured, commonly used, and machine-readable format, for the purpose of forwarding them to another data controller.

In accordance with article 21 of the GDRP, the User and the Service Provider have the right to object, at any time, to the processing of their Personal Data.

The User and the Service Provider, to exercise their aforementioned rights of access, rectification, deletion, limitation, portability and opposition, can send their request by mail to the following address: Legal Department, Agence France-Muséums , 20 rue Bachaumont, 75002 Paris, France – Email : contact@francemuseums.fr.

The Company has appointed an external Data Protection Officer whom you the User and the Service Providers can contact through the Company’s Legal Department.

4. Remedies in case of Personal Data’s violation
In the event of a violation of its Personal Data that may create a risk to its rights and freedoms, the Company shall notify the CNIL, French independent administrative authority on personal data, of the violation as soon as possible, and, if possible, seventy-two (72) hours at the latest after becoming aware of it. The Company will also inform the User and the Service Providers as soon as possible in accordance with the provisions of article 34 of the GDPR.

Without prejudice to any other administrative or jurisdictional remedies, the User and Service Providers who consider that the Processing of their Personal Data constitutes a violation of the provisions of the legislation in force may file a complaint with a competent supervisory authority such as the CNIL.

I. Processing of Users’ Personal Data

1. Personal data likely to be collected
When browsing the Site and using the various services offered by the Company, the User agrees that the Company may collect, in accordance with this privacy policy, the following categories of data: surname, first name, title, e-mail address.

Newsletter subscription – The Company collects, store and process your personal data (last name, first name, e-mail address and, if applicable, job title and company name) in accordance with this privacy policy and in the context of the relationship between the Company and your organization. We would like to inform you that the Company uses this data for the sole purpose of providing the User with information about its activities, whether for institutional or commercial purposes. If you do not wish to receive such communications, you may opt out by clicking on the “unsubscribe” link in each Newsletter.

The User undertakes to provide updated and valid Personal identification data, within the framework of the information required on the Site and guarantees not to make any false declaration or provide any erroneous information.

2. Method and legal ground of Personal Data’s collection
The User consents to the collection of his/her Personal Data by the Company when he/she fills in the contact form available in the Site (hereinafter, “the Contact form”) and/or the newsletter subscription form (hereinafter the “Newsletter Subscription Form”).

Pursuant to the Article 6.1.1.a GDPR, this collection is based on the specific, free and informed consent of the User when filling the Contact form. This collection is necessary to process the User’s request. Thus, in the absence of communication by the User of his Personal Data (the mandatory nature of which is specified by the presence of an asterisk), the Contact form cannot be filled out.

3. Purposes of Personal Data processing
Personal Data is collected and processed for the following purposes:

– Treatment of the request formulated by the User within the framework of the Contact form;
– Contact and assistance;
– Sending of institutional publications;
– Sending of content related to France Muséums news in the framework of the newsletter subscription form;
– Individualized and personalized commercial prospecting in the framework of the newsletter subscription form.

4. Retention period of Personal Data
Personal Data is kept only for the time necessary for the purposes for which it was collected, and in compliance with the legislation in force. In any event, Personal Data is deleted after a period of three (3) years following the last use of the Site by the User.

Personal Data is kept only for the time necessary for the purposes for which it was collected, and in compliance with the legislation in force. In any event, Personal Data is deleted after a period of three (3) years following the last use of the Site by the User.

If the User no longer wishes to receive mail from the Company, specifically in the context of the Newsletter, he/she may unsubscribe by following the unsubscribe links on each newsletter or by writing to the following e-mail address: contact@francemuseums.fr.

5. Recipient of Personal Data
The User’s Personal Data is intended for use by the persons duly authorized to process it within the Company, in particular, and depending on the nature of the processing and the type of data, the human resources department or the departments of development and communication. The Personal Data collected is not subject to any cross-border flow.

II. Processing of the Service Providers’ Personal Data

Please note that the information provided below by the Company may be supplemented by other specific information and the obtaining of expressly formulated consent, such as the Processing of Personal Data of Service Providers for their travel to the Louvre Abu Dhabi

1. Personal data likely to be collected
When establishing a business relationship and/or signing the Company’s General Terms and Conditions and/or entering into a contract with the Company, the Service Provider consents to the Company collecting the following Personal Data under the terms of this privacy policy: surname, first name, title, professional e-mail address.

2. Method and legal ground of Service Providers’ Personal Data collection
The Processing Purposes listed below are implemented in order for the Company to comply with its contractual obligations under the GTC/Contract entered into or on the basis of its legitimate interest in monitoring and fostering the best relationships with the professional contacts it works with within the entities acting as Service Provider.

3. Purposes of the Service Providers’ Personal Data processing
The Company process Personal Data of its Service Providers for the purposes of managing business relations, for its internal operations and as part of its activities on behalf of its customers and, in particular for:

– Managing the selection and recruitment of Service Providers;
– Management of Service Providers’ contractual relations;
– Management of the Company’s invoicing/accounting.

This Personal Data is required to manage the Company’s commitments. If the Service Provider does not provide his or her Personal Data, or if he or she objects to their collection and use, this will make the management of the commercial relationship difficult or impossible.

In all cases, the Company undertakes to collect and process the Personal Data of the Service Providers in accordance with the applicable regulations on the protection of Personal Data, in particular in accordance with the GRPR and the “Informatique et Libertés” law.

The Company ensures that the Personal Data processed is adequate, relevant, and not excessive with regard to the Purposes for which it is collected and/or further processed.

4. Retention period of the Service Providers’ Personal Data
The Service Providers’ Personal Data are kept in a form that allows them to be identified for no longer than is necessary to achieve the Purposes for which they are processed. At the end of this period, they are deleted or archived in accordance with the applicable retention obligations and legal requirements.

5. Recipient of the Service Provider’s Personal Data

The Company undertakes to maintain the confidentiality of the Personal Data of the Service Providers and to comply with all legal requirements concerning the sharing and disclosure of those Personal Data. In this respect, the Personal Data of the Service Providers will only be accessible by a limited list of recipients, depending on the Company’s needs and on a case-by-case basis.

The Company also uses service providers acting on its behalf (e.g., for administration, hosting and IT maintenance purposes) who may have access to the Personal Data of the Service Providers.

Please note that the Company only shares the Personal Data of Service Providers when such recipients have a legitimate need to access it.

The Company may transfer the Personal Data of Service Providers outside the European Union, but only to the United Arab Emirates when the assignment entrusted to them is related to its activities there, in particular to its employees working from its offices in Abu Dhabi.