PERSONAL DATA PROTECTION POLICY
The Réunion des musées nationaux – Grand Palais builds with its visitors and its customers, strong, long-lasting relationships, based on mutual trust. Guaranteeing the security and confidentiality of your personal data is a strong commitment on our part.
We apply a personal data management policy that complies with the Computing and Freedoms Act of 6 January 1978 amended and the (EU) General Data Protection Regulation of 27 April 2016 (or GDPR). Our policy is based on the following principles:
- You stay in control of your data
- Your data are processed in a clear, confidential and protected way
- We commit ourselves to ensuring continuous protection of your data
- The services providers involved in processing your data all meet our level of requirement in managing personal data
This protection policy sets out our commitments regarding your personal data collected on our rmngp.fr, grandpalais.fr, histoire-image.org, art.rmngp.fr panormadelart.com and photo-arago.fr websites (hereinafter the “Websites”) and from our paper forms, when subscribing to our magazines and newsletters or using our applications.
Its purpose is to inform you about:
- the data we collect
- the reasons why we need it
- the way we process your personal data
- the rights you have in this regard and how to exercise them
It may be amended at any time to take account of any regulatory, editorial or technical change. We invite you to consult it regularly in order to take note of the most recent version.
WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA?
The public institution of the Réunion des musées nationaux et du Grand Palais des Champs-Élysées
Head Office: 254/256 rue de Bercy – 75570 Paris cedex 12 – France
Paris Trade and Companies Register B 692 041 585
HOW DO WE COLLECT YOUR PERSONAL DATA?
Personal data is information directly or indirectly relating to an identifiable natural person.
We collect your personal data in four ways:
those that you provide to us:
- you create a customer account/user space to benefit from our services
- you make purchases or order services from us
- you offer us your services (e.g. email canvassing or presentation of a visiting card on the occasion of a trade show / business or public events)
- you provide us with products or services
- you subscribe to our newsletters
- you contact us for a request or a complaint
- you visit our websites
those that we obtain from third-party sources:
- companies with which we offer common services or to which we offer services (event organisers, partners, sponsors, patrons etc.)
- service providers
- data suppliers from which we obtain data to validate and complete the information that we have
- publicly available sources
those that we collect on the occasion of our relationship with you (transactions, purchase history, etc.),
those that we collect through the use you make of our services
Therefore we may collect your data from social media when you sign up to our Facebook, Twitter, Instagram, LinkedIn, Snapchat and YouTube pages via some of our Websites in order to follow our news. The data collected in this context is anonymous and processed for purely statistical purposes (in particular to monitor the number of subscribers that follow these pages).
PERSONAL DATA WE COLLECT
In this context, we may collect the following personal data:
- your identity: last name, first name, title, date of birth, photocopy of your identity card if necessary;
- information relating to your company: position, department
- your contact details: postal address, email address, telephone number;
- your login identifiers and subscriber numbers;
- your order and payment information;
- your browsing and connection information on our Website that is necessary for its proper technical functioning or that allows us to measure its audience, or to offer you targeted advertising: cookies, hash tags, domain name, type of Internet browser, etc. For more information, see the section on cookie management
- any other information that you provide to us directly and voluntarily: comments and opinions, preferences, etc.
We ensure that the collection of this data is relevant, adequate, not excessive and strictly necessary for our activities.
Some information is required to benefit from the service concerned (indicated by an asterisk). If you do not provide us with them, we will not be able to provide you with this service.
In case you provide us with personal data belonging to a person, you must ensure that the person concerned agrees that his or her personal data may be communicated to us.
WHY WE COLLECT YOUR PERSONAL DATA
The collection and processing of your personal data is only possible for a specific purpose of which you are aware at the time of collection and from which you derive an identified and tangible benefit.
We undertake that your data will be collected for the following purposes:
Conclude and perform any contract concluded between you and us and in particular:
- create and manage our customer accounts,
- process quotations / orders between you and us,
- draw up contracts, partnerships/collaborations, in particular for products and services;
- perform our contractual obligations
The legal basis in this context is either pre-contractual or contractual performance, or compliance with our legal obligations and our rights (control by the competent authorities, management of unpaid debts and disputes).
Send you personalised communications or newsletters presenting you with our products and/or our services
In this context, the legal basis of the processing is the legitimate interest of the Rmn-Grand Palais. You may at any time ask to be removed from the contact lists for these communications.
Manage your online accounts /personal spaces within the context of our activities.
The legal basis in this context is performance of the contract.
Respond to your requests and/or complaints (e.g. request for information, printing incident etc.). In this context, the legal basis of the processing is either the performance of the contract if the request is linked to a contractual relationship, or the legitimate interest of the Rmn-Grand Palais, more specifically our economic interest in communicating clearly with you and in understanding your needs and expectations. The collection and use of your data for this purpose does not require the collection of your consent.
Improve our Websites. In this context, the legal basis of the processing is the legitimate interest of the Rmn-Grand Palais, more specifically its economic interest in continuously improving its Websites and its services and of understanding your needs to meet your requirements.
Perform statistics or surveys. These are based on anonymous data that allows us to improve our knowledge of our activities. In this context, the legal basis for the processing operations is the legitimate interest of the Rmn-Grand Palais, more specifically its economic interest in constantly improving its customer knowledge and expectations.
Meet our legal obligations and assert our rights (in the event of a control by the competent authorities, management of unpaid debts and/or disputes). The legal bases in this context are, according to the case, either compliance with a legal obligation, or legitimate interest (retention for purposes of evidence). The collection and use of your data for these purposes do not require your consent.
Ensure the security of the Grand Palais (entry control, access badges, etc.)
data are collected to ensure public safety and prevent criminal offences.
WHO HAS ACCESS TO YOUR PERSONAL DATA?
Your personal data are solely intended for the Rmn-Grand Palais and are only accessible by our employees authorised to manage them, according to the purposes of collection (commercial, administrative, control and marketing services).
By exception, they can be sent to:
- partners as soon as you have explicitly and clearly given your agreement to be contacted by them (consent to receive their offers via an opt-in partner): cultural institutions (museums, cinemas, theatres, concert halls), events and media (written press, radio, television).
- service providers, in particular for IT services (hosting, storage, analysis, data processing, database management or IT maintenance services). These service providers act on instructions from the Rmn-Grand Palais and the procedures for intervention and access to data are strictly regulated by a contract.
- third parties in the context of compliance with a legal obligation or in order to guarantee our rights (authorities and courts, lawyers, tax auditors, etc.)
WHERE YOUR DATA ARE STORED AND HOW WE PROTECT THEM
Your personal data are stored on servers located within the European Union, either internally on our secure servers or externally by a duly chosen service provider.
As data controller, we implement the necessary security and confidentiality procedures to prevent any risk of fraudulent access, theft or accidental damage or loss of your data. When a service provider is involved in the processing of personal data, we attach great importance to the technical and organisational measures it undertakes to take to preserve the security and confidentiality of the data.
We also reserve the right to conduct audits of our service providers.
FOR HOW LONG AND HOW DO WE KEEP YOUR DATA?
We define the retention periods of your data in relation to our operational, legal and contractual obligations. These periods are set in accordance with the purposes pursued. When these periods have elapsed, the data are either deleted or retained after having been anonymised, i.e. modified to make their link to a person permanently impossible.
Data relating to commercial relationships (customer accounts, orders, contracts, etc.)
Data are stored during the commercial relationship and then archived with restricted access and retained for the additional time required for compliance with our legal obligations or for the purposes of defending or asserting our rights. At the end of this period, your personal data is anonymised or deleted.
Online customer account/spaces
Data collected when creating an online account /personal space are retained for as long as you connect to and use your account/space.
Data collected for sending our personalised invitations and communications
Data are archived for as long as you have not indicated your objection.
Data collected for security reasons
Data are stored for the time required for the security objective in question and no copy of it is retained.
Data collected via audience and advertising cookies
Data are stored for a maximum period of 13 months from when it is recorded. After this time, we delete them.
WHAT RIGHTS DO YOU HAVE AND HOW YOU CAN EXERCISE THEM
Right of information
You have the right to be informed about why we collect your data, how we process them, the rights you have and how to exercise them.
Right of access
You have the right to ask us if we have any data about you and to request a copy in an understandable format. This right thus allows you to control the accuracy of the data and, if necessary, to have them rectified or deleted.
Right of rectification
You can correct, update or complete your data directly online on your account/space. You may also ask us to update or supplement the personal data we hold.
Right to withdraw consent
You may unsubscribe from our newsletter at any time by clicking on the link provided for this purpose in the last communication received, or by contacting the department indicated in the same communication.
You also have the right to withdraw your consent to the placement of analytical and advertising cookies at any time. To do this, simply set up your computer's internet browser, tablet or mobile phone. (For more information, see the section on cookie management).
Right of opposition
When we collect your data for the purpose of performing the contract or on the basis of legitimate interest, you have the right, for reasons connected with your particular situation, to object to the dissemination, transmission, storage or use of your data for a specific purpose.
Right to limitation of processing
If you dispute the accuracy of the data collected or if you object to the processing of your data, you may ask us, when you request rectification or opposition, to freeze the use of your data until your request is examined.
Right to erase your data (right to forget)
You have the right to have your personal data deleted at any time in the following cases:
- the data are not or no longer necessary for the purposes for which we initially collected or processed them;
- you have withdrawn your consent to the use of your data;
- your data must be deleted to comply with a legal obligation.
We may refuse to delete your data when it is necessary:
- the respect of our legal obligations;
- the recognition, exercise or defence of legal claims;
- for scientific or historical research or statistical purposes for use in the public interest.
Right to portability
You have the right to obtain a copy of the data that you have provided us with under a contract or that we have collected with your consent in a structured, commonly used and readable format. This format may be sent to you or to another party at your request.
Right to communicate post-mortem instructions
You may at any time issue instructions regarding the storage, erasure and communication of your personal data after your death.
How to exercise your rights
You can exercise your rights by contacting the Data Protection Officer (DPO):
- by using the form for managing requests to exercise your rights available here
- by email at the following address: email@example.com
- by post to the following address: To the attention of the Data Protection Officer, Réunion des musées nationaux et du Grand Palais des Champs-Élysées (Rmn-Grand Palais) - 254-256 rue de Bercy 75577 Paris Cedex 12, France.
In order to allow us to understand your request and to answer it promptly, we thank you for clarifying in your request:
- the right you wish to exercise (e.g. unsubscription, deletion of the customer account/personal space, update of your data)
- your surname, first name and email and any information that would allow us to be able to easily identify you in our systems (account number, customer/subscriber number, website involved etc.)
The rights you enjoy are individual rights and can therefore only be exercised by the owner of the data or his authorised representative.
In case of reasonable doubt about your identity and depending on the nature of your request, we may ask you for a copy of a valid identity card. The copy of your identity card will of course only be made available to the persons in charge of processing your request and will be kept for the period during which your request is being processed.
We will endeavour to deal with your request within a reasonable time and in any circumstances in accordance with the applicable law.
You can also contact the department with which you are interacting directly or the address specified in the latest communication that you received.
Right of complaint
If you believe that your rights are not being respected or that the protection of your personal data is not provided in accordance with the applicable regulations, you may lodge a complaint with the French National Commission of Data Processing and Freedoms (CNIL) by post to the following address : CNIL – 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07 ; or on the Cnil website : https://www.cnil.fr/fr/plaintes.
How do cookies work?
Cookies are computer files that are automatically placed on your computer's hard drive, tablet or mobile device when you visit our Website. They are managed by your internet browser (Internet Explorer, Firefox, Safari or Google Chrome).
On our Websites, we use different types of cookies:
- cookies necessary for the operation of the Websites: they allow you to use the main features of our Websites. Without these cookies, you will not be able to use our Websites normally.
- Analytical cookies or website audience measurement cookies that allow us to know the use and audience performance of our Websites and to improve the way it works for our visitors; for example, to establish statistics and volumes of visits and use of the various elements composing our Websites (sections and content visited, browsing), in order to improve the interest and ergonomics of our Website;
- so-called advertising cookies, which allow us to choose in real time which advertising to display on third party websites.
- social network cookies (Facebook and Twitter) placed by them when you share content from our Websites with others or let them know your opinion of such content via a plug-in button.
How to set cookies?
You have the choice of configuring your browser to accept or reject all cookies, delete cookies periodically or see when a cookie is issued, how long it is valid, and what it contains, and refuse to save it on your hard drive.
You can choose at any time to block or disable these cookies by setting your computer's web browser, tablet or mobile phone, in accordance with the instructions set by your web browser provider and listed on the websites listed below:
On Internet Explorer
Open the "Tools" menu, then choose "Internet Options"; Click on the "Privacy" tab, then the "Advanced" tab and choose the desired level or click on the following link:
On Mozilla Firefox
Open the “Tools” menu, then choose “Options”; click on the “Privacy” tab, then choose the desired options or click on the link below:
Choose "Safari > Preferences" then click on "Security"; From the "Accept cookies" section, choose the desired options or click on the link below:
On Google Chrome
Open the configuration menu (the one with the wrench logo), then choose “Options”; click on “Advanced options” then from the “Confidentiality” section, click on “Content settings” and choose the desired options or click on the link below:
You can also type “cookies” into your browser's Help page to find setting instructions.