Policy of personal data protection for professional

THE PERSONAL DATA WE COLLECT 

Personal data is information directly or indirectly relating to an identifiable natural person. 
>> We collect your personal data in four ways:

 *    those that you provide to us:
-    you create a customer account/user space to benefit from our services
-    you make purchases or order services from us 
-    you offer us your services (e.g. email canvassing or presentation of a visiting card on the occasion of a trade show / business or public events)
-    you provide us with products or services
-    you subscribe to our newsletters
-    you contact us for a request or a complaint
-    you visit our websites

*    those that we obtain from third-party sources:
-    companies with which we offer common services or to which we offer services (event organisers, partners, sponsors, patrons etc.) 
-    service providers
-    data suppliers from which we obtain data to validate and complete the information that we have 
-    publicly available sources

*    those that we collect on the occasion of our relationship with you (transactions, purchase history, etc.), 

*    those that we collect through the use you make of our services
Therefore we may collect your data from social media when you sign up to our Facebook, Twitter, Instagram, LinkedIn, Snapchat and YouTube pages via some of our websites in order to follow our news. The data collected in this context is anonymous and processed for purely statistical purposes (in particular to monitor the number of subscribers that follow these pages).  
We are not responsible for the processing which your personal data may undergo by social media websites that have their own data protection policy. Please peruse their policies to find out your rights with respect to each of them, and to manage your privacy settings.

>> In this context, we may collect the following personal data: 

-    your identity: last name, first name, title, date of birth, photocopy of your identity card if necessary;
-    information relating to your company: position, department
-    your contact information: postal address, email address, phone number;
-    your login identifiers and subscriber numbers;
-    your order and payment information;
-    information about your navigation and connection to our Sites that are required for their proper technical operation or to allow us to measure the audience: cookies, hash tags, tags, domain name, type of Internet browser, etc. To learn more, see the cookie management section;
-    any other information that you provide to us directly and voluntarily: comments and opinions, preferences, etc.

We take care to ensure that the collection of this data is relevant, appropriate, non-excessive and strictly needed for our activities. 

Certain information is essential to be able to benefit from the service in question (indicated by an asterisk). If it is not communicated to us, you will be unable to benefit from this service. 
And if you communicate personal data belonging to a third party to us: you must ensure that the data subject accepts his/her personal data being communicated to us.

WHY WE COLLECT YOUR PERSONAL DATA 

The collection and processing of your personal data is only possible for a specific purpose about which you are aware when it is collected and from which you derive an identified and tangible benefit.
We are committed to ensuring that your data is collected and processed for the following purposes: 
    Conclude and perform any contract concluded between you and us and in particular:
-    create and manage our customer accounts,
-    process quotations / orders between you and us,
-    draw up contracts, partnerships/collaborations, in particular for products and services;
-    perform our contractual obligations 
The legal basis in this context is either pre-contractual or contractual performance, or compliance with our legal obligations and our rights (control by the competent authorities, management of unpaid debts and disputes). 

And/or

    Keep you informed of the Rmn-Grand Palais news (press releases, institutional documentation). In this context, the legal basis of the processing is performance of the contract: at your request, we provide you with accurate information within the context of your work (e.g. if you are a journalist).

And/or 

    Invite you to public relations events and operations. In this context, the legal basis of the processing is the legitimate interest of the Rmn-Grand Palais. You may, at any time, ask to be removed from the list of contacts for these invitations.  

And/or

    Send you personalised communications:
-    presenting you with our events and those of our partners. These may include: 
o    the newsletter sent by the Communications Department to its contacts list (journalists, VIPs, patrons, etc.)
o    the mediation newsletter sent to town/city halls, teachers, community associations, etc.
o    the newsletter of the Photo Agency Magazine
-    presenting you with our products and/or our services
-    informing you of our activities and projects and presenting you with bespoke sponsorship/partnership offers.
In this context, the legal basis of the processing is the legitimate interest of the Rmn-Grand Palais. You may, at any time, ask to be removed from the contact lists for these communications.
And/or 
    Manage your online accounts or spaces (e.g. for the site dedicated to resellers and sales to businesses, the Photo Agency site or the press space of the Rmn-Grand Palais). The legal basis in this context is performance of the contract. 
And/or
    Respond to your requests and complaints. In this context, the legal basis of the processing is either the pre-contractual or contractual performance, or the legitimate interest of the Rmn-Grand Palais, more specifically our economic interest in communicating clearly with you and understanding your needs and your requirements. 
And/or
    Use our websites and applications. In this context, the legal basis of the processing is the legitimate interest of the Rmn-Grand Palais, more specifically its economic interest in continuously improving its sites and its services and of understanding your needs to meet your requirements.
And/or

    Compile statistics or carry out surveys. These are carried out using anonymised data allowing us to improve knowledge of our activities. In this context, the legal basis of the processing is the legitimate interest of the Rmn-Grand Palais, more specifically its economic interest in continuously improving knowledge of its customers and their requirements.
And/or

    Ensure the security of the Grand Palais (entry control, access badges, etc.) 
This data is collected to ensure public safety and prevent criminal offences.

WHO HAS ACCESS TO YOUR PERSONAL DATA?  

Your personal data is only intended to be used by the Réunion des Musées Nationaux-Grand Palais and is only accessible by our staff who are empowered to manage it, according to the collection purposes (commercial or administrative departments, departments responsible for the control, marketing departments). 

It may be communicated to:
-    cultural partners;
-    service providers, in particular for computer services (in particular hosting, storage, analysis, data processing, database management or computer maintenance services). These service providers act on instructions of the Rmn-Grand Palais and the terms of intervention and access to the data are strictly regulated by a contract with the Réunion des Musées Nationaux Grand Palais;
-     third parties as part of compliance with a legal obligation or in order to guarantee our rights (authorities and courts, lawyers, tax inspector, etc.)


WHERE ARE YOUR DATA STORED? AND HOW ARE IS IT PROTECTED?  

Your personal data are stored on servers located within the European Union, either internally on our secure servers, or externally by a duly chosen service provider.
As the controller, we implement the security and confidentiality procedures required to prevent any risk of fraudulent access, theft, damage or accidental loss of your data. 
When a service provider is involved in processing personal data, we attach paramount importance to the technical and organisational measures that it undertakes to take to preserve the security and confidentiality of the data. 
We also reserve the right to commission audits of our service providers.

FOR HOW LONG AND HOW DO WE KEEP YOUR DATA?

The retention periods of your data are defined by us in relation to the legal and contractual obligations. These periods are set in accordance with the purposes pursued. When these periods have elapsed, the data are either deleted or retained after having been anonymised, i.e. modified to make their link to a person permanently impossible.

    Data relating to commercial relationships (customer accounts, orders, contracts, etc.)
Data is stored during the commercial relationship and then archived with restricted access and retained for the additional time required for compliance with our legal obligations or for the purposes of defending or asserting our rights. At the end of this period, your personal data is anonymised or deleted.
    Online customer account/spaces
Data collected when creating an online account /personal space is retained for as long as you connect to and use your account/space.
    Data collected for sending our personalised invitations and communications
This data is archived for as long as you have not indicated your objection. 

    Data collected for security reasons
This data is stored for the time required for the security objective in question and no copy of it is retained.

    Data collected via audience and advertising cookies
This data is retained for a maximum period of 13 months from when it is recorded. After this time, it is deleted.

WHAT ARE YOUR RIGHTS? HOW THE EXERCISE THEM?

 What are your rights?

Right to information
You have the right to be informed about why we collect your data, how we process it, the rights that you have and how to exercise them.

Right of access
You have the right to ask us whether we have data about you and to request a copy of it in an understandable format. This right thus allows you to check the accuracy of the data and, as necessary, have it corrected or deleted.
Right to rectification
You may directly correct, update or complete your online data on your account/space. You may also ask us to update or complete the personal data that we have.

Right to withdraw consent 
You may, at any time, unsubscribe from our newsletters by clicking on the link provided for this purpose in the latest communication received, or by contacting the department indicated in the same communication.
You also have the right to withdraw your consent for the placement of analytical and advertising cookies at any time. To do so, you simply have to configure the Internet browser on your computer, tablet or mobile. (For more information see the Cookie management section).

Right to object
When we collect your data for the purpose of performing the contract or on the basis of a legitimate interest, you have the right, for legitimate reasons, to object to your data being disseminated, transmitted or stored. The objection right allows you to object to us using your data for a specific purpose provided you put forward reasons relating to your particular situation.

Right to restriction of processing
If you dispute the accuracy of the data collected or if you object to your data being processed, you may ask us, when making your request to correct data or object to their use, to suspend use of your data pending the processing of your request. 

Right to erasure (right to be forgotten)
You have the right to obtain the erasure of your personal data at any time in the following cases:
-    the data is not or no longer required for the purposes for which we initially collected or processed it;
-    you have withdrawn your consent to the use of your data;
-    your data must be erased to comply with a legal obligation.

We may refuse to erase your data when it is required:
-    to comply with our legal obligations;
-    for noting, exercising or defending rights judicially;
-    for scientific or historical research purposes or for their use for statistical purposes in the public interest.

Right to portability 
You have the right to obtain a copy of the data that you have sent to us within the context of a contract or that we have collected with your agreement, in a structured, commonly used and legible format. This copy may be transmitted or sent to another party, at your request. 
Right to communicate after-death instructions
At any time, you may give instructions regarding the retention, erasure and the communication of your personal data after your death.
   How to exercise your rights
We recommend that you directly contact the department specified in the latest communication that you have received.
In order to enable us to understand your request and to respond to it quickly, please state in your request:
-    the right that you wish to exercise and, where relevant, the reasons for your request (e.g. deletion of a customer account/personal space, update of your data)
-    your last names, first names and email address and postal address (if you wish to receive a reply by postal mail)
The rights from which you benefit are rights of an individual nature and may therefore only be exercised by the owner of the data. To meet this obligation, when making your request, please provide proof of your identity by giving a customer number or via an authentication space whenever possible, or by sending us a copy of a valid identity document. The copy of your proof of identity will of course be deleted by our services as soon as the identity check has been completed.
We will endeavour to reply to your request within a reasonable time, and in any event, in accordance with the legal requirements.

    Right to complain
If you believe that your rights are not being respected or that the protection of your personal data is not provided in accordance with the applicable regulations, you may lodge a complaint with the French National Commission of Data Processing and Freedoms (CNIL). 

COOKIE MANAGEMENT

    What are cookies used for?
Cookies are computer files automatically placed on the hard disk on your computer, tablet or mobile device when you browse our Site. They are managed by your browser (Internet Explorer, Firefox, Safari or Google Chrome).
We use different kinds of cookies on our Sites:
-     cookies are needed for the operation of the Sites: they allow you to use the main features of our Sites. Without these cookies, you will not be able to use our Sites normally. 
-    analytical cookies or audience-measuring cookies of the Sites that allow us to find out the use and audience performances of our Sites and to improve their operation for our visitors; e.g. establish traffic statistics and volumes and the use of the various components of our Sites (sections and content visited, pathways), in order to improve the interest and ease of use of our Sites; 
-     so-called advertising cookies which allow us to choose in real-time what advertising to display on third party sites.
-     social network cookies stored by social media when you share content of our Sites with other people or give them your opinion about this content via an application button. We have no control over the processes used by these social media for collecting information on your browsing of our Sites and associated with the personal data that they have. Please peruse their data protection policies to find out your rights with respect to each of them, and to manage your privacy settings.

cookies_gp.fr_dec2018.png

    How to configure cookies?

You have the choice of setting your browser to accept or reject all cookies, to periodically delete cookies or to see when a cookie is placed, how long it is valid for, what it contains and to refuse it being recorded on your hard disk.
You can choose to block or disable these cookies at any time by changing the settings of your internet browser on your computer, tablet or mobile, in line with the instructions provided by your browser provider as shown by the websites mentioned below:
 

On Internet Explorer

Open the "Tools" menu, then choose "Internet Options"; Click on the "Privacy" tab, then the "Advanced" tab and choose the desired level or click on the following link:
https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

On Mozilla Firefox
Open the “Tools” menu, then choose “Options”; click on the “Privacy” tab, then choose the desired options or click on the link below:
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

On Safari
Choose "Safari > Preferences" then click on "Security"; From the "Accept cookies" section, choose the desired options or click on the link below:
http://support.apple.com/kb/index?page=search&fac=all&q=cookies%20safari

On Google Chrome
Open the configuration menu (the one with the wrench logo), then choose “Options”; click on “Advanced options” then from the “Confidentiality” section, click on “Content settings” and choose the desired options or click on the link below:
https://support.google.com/chrome/answer/95647?hl=en

On iOs
http://support.apple.com/kb/HT1677?viewlocale=en_GB
You can also type “cookies” into your browser's Help page to find setting instructions.

For more information, you can also view the following pages on the CNIL website:
https://www.cnil.fr/cnil-direct/question/198>