Policy of personal data protection for particular

THE PERSONAL DATA WE COLLECT 

Personal data is information directly or indirectly relating to an identifiable natural person. 
>> We collect your personal data in three ways:

You may communicate personal data to us, in particular, in the following cases:

-    you create a customer account or a personal space;
-    you make purchases on our Sites;
-    you visit our Sites;
-    you use our applications;
-    you subscribe to our newsletters;
-    you subscribe to our magazines;
-    you contact us for a request or a complaint;
-    you take part in public relations events or operations;
-    your take part in a prize contest;
-    you take part in a study / survey.

We also collect information about you on the occasion of our relationship with you (transactions, purchase history, statistics), via our partners (ticket sales distributors) or automatically when you visit the Sites.

Finally we may collect your data from social media when you sign up to our Facebook, Twitter, Instagram, LinkedIn, Snapchat and YouTube pages from some of our Sites in order to follow our news. The data that we may collect in this context is anonymous and processed for purely statistical purposes (in particular to monitor the number of subscribers that follow these pages).
We are not responsible for the processing which your personal data may undergo by social media websites that have their own data protection policy. Please peruse their policies to find out your rights with respect to each of them, and to manage your privacy settings.
>> In this context, we may collect the following personal data: 

-    your identity: last name, first name, title, date of birth, photocopy of your identity card if necessary;
-    your contact information: postal address, email address, phone number;
-    your login identifiers and subscriber numbers;
-    your order and payment information;
-    information about your navigation and connection to our Sites that are required for their proper technical operation or to allow us to measure the audience: cookies, hash tags, tags, domain name, type of Internet browser, etc. To learn more, see the cookie management section;
-    any other information that you provide to us directly and voluntarily: comments and opinions, preferences, etc.

We take care to ensure that the collection of this data is relevant, appropriate, non-excessive and strictly needed for our activities. 

Certain information is essential to be able to benefit from the service in question (indicated by an asterisk). If it is not communicated to us, you will be unable to benefit from this service. 
And if you communicate personal data belonging to a third party to us: you must ensure that the data subject accepts his/her personal data being communicated to us.

DO WE COLLECT PERSONAL DATA FROM INDIVIDUALS UNDER 18? 

In principle, our products and services are for adult individuals with the legal capacity to commit themselves. 

As an exception, for signing up to our newsletters, for the use of some free-of-charge services and for obtaining a Pass Sésame Jeune (Sesame Youth Pass card), 15 years of age is accepted. In this case, the owner of the data, 15, 16 or 17 years of age, has a specific right enabling him or her to obtain the erasure of his or her data promptly.

WHY WE COLLECT YOUR PERSONAL DATA 


The collection and processing of your personal data is only possible for a specific purpose about which you are aware when it is collected and from which you derive an identified and tangible benefit.
We are committed to ensuring that your data is collected and processed for the following purposes: 
    Processing of your orders (purchases, transactions and information messages for preparation of a visit or cancellation of a visit for example). The legal basis in this context is performance of the contract.  The collection and use of your data for these purposes do not require your consent to be obtained.

And/or

    Management of your online customer accounts /personal spaces within the context of our activities. The legal basis in this context is performance of the contract. The collection and use of your data for this purpose does not require your consent to be obtained.

And/or

    Sending personalised communications presenting our offers and services and those of our partners. 

These may include: 
    the Sésame newsletter, which presents current offers and promotions to its subscribers
    the Auditorium newsletter, which presents the programme of the Auditorium of the Grand Palais
    The Grand Palais newsletter, which presents the news surrounding the exhibitions of the Grand Palais
    notifications sent on the mobile application
These communications are only sent if you have clearly given your consent for each communication. Your consent is obtained in a clear and unequivocal way.

And/or

    Processing of your requests and/or complaints received by our services (request for information, printing incident, etc.). In this context, the legal basis of the processing is either the contractual performance if the request is related to a contractual relationship, or the legitimate interest of the Rmn-Grand Palais, more specifically our economic interest in communicating clearly with you and understanding your needs and your requirements. The collection and use of your data for this purpose does not require your consent to be obtained.

And/or

    Meet our legal obligations, to assert our rights (in the event of a control by the competent authorities, management of unpaid debts and/or disputes) and/or the fight against fraud (checking of tickets and passes on entry). The legal bases in this context are, according to the case, either compliance with a legal obligation, or legitimate interest (retention for purposes of evidence). The collection and use of your data for these purposes do not require your consent to be obtained.
And/or

    Improvement of our Sites and our applications. In this context, the legal basis of the processing is the legitimate interest of the Rmn-Grand Palais, more specifically its economic interest in continuously improving its Sites and its services and of understanding your needs to meet your requirements.

And/or

    Compile statistics or carry out surveys. These are carried out using anonymised data allowing us to improve knowledge of our activities. In this context, the legal basis of the processing is the legitimate interest of the Rmn-Grand Palais, more specifically its economic interest in continuously improving knowledge of its customers and their requirements.
And/or
    Management of your participation in a prize contest. The legal basis in this context is performance of the contract. The collection and use of your data for this purpose does not require your consent to be obtained.

WHO HAS ACCESS TO YOUR PERSONAL DATA?

Your personal data is only intended to be used by the Réunion des Musées Nationaux-Grand Palais and is only accessible by our staff who are empowered to manage it, according to the collection purposes (commercial or administrative departments, departments responsible for the control, marketing departments). 
As an exception, it may be communicated to:
-    partners when you have explicitly and clearly given your agreement to being contacted by the latter (consent to receive their offers via an opt-in partner): cultural institutions (museums, cinemas, theatres, concert halls), events and media (written press, radio, television).
-    service providers, in particular for computer services (hosting, storage, analysis, data processing, databases management or computer maintenance services). These service providers act on instructions of the Rmn-Grand Palais and the terms of intervention and access to data are strictly regulated by a contract.
-    third parties as part of compliance with a legal obligation or in order to guarantee our rights (authorities and courts, lawyers, tax inspector, etc.)

WHERE ARE YOUR DATA STORED? AND HOW ARE IS IT PROTECTED?  

Your personal data are stored on servers located within the European Union, either internally on our secure servers, or externally by a duly chosen service provider.
As the controller, we implement the security and confidentiality procedures required to prevent any risk of fraudulent access, theft, damage or accidental loss of your data. 
When a service provider is involved in processing personal data, we attach paramount importance to the technical and organisational measures that it undertakes to take to preserve the security and confidentiality of the data. 
We also reserve the right to commission audits of our service providers.

FOR HOW LONG AND HOW DO WE KEEP YOUR DATA?

The retention periods of your data are defined by us in relation to the legal and contractual obligations. These periods are set in accordance with the purposes pursued. When these periods have elapsed, the data are either deleted or retained after having been anonymised, i.e. modified to make their link to a person permanently impossible.
    Online customer account/personal space
Data collected when creating an online account /personal space on one of our Sites is retained for as long as you connect to/use your account/space. 
    Data relating to the commercial relationship  
The data is stored during the commercial relationship (including exercise of the legal guarantees ) and then archived with restricted access and retained for the additional time required for compliance with our legal obligations or for the purposes of defending or asserting our rights. At the end of this period, your personal data is anonymised or deleted.
    Data collected within the context of our newsletters
This data is stored in a current archive for 3 to 5 years, depending on the newsletter, from the sign-up date or from the latest positive response from you. After this time, we anonymise it unless you have clearly and expressly expressed your wish to sign-up again.

    Data collected via audience and advertising cookies
This data is retained for a maximum period of 13 months from when it is recorded. After this time, it is deleted.

WHAT ARE YOUR RIGHTS? HOW THE EXERCISE THEM?

 What are your rights?

Right to information
You have the right to be informed about why we collect your data, how we process it, the rights that you have and how to exercise them.

Right of access
You have the right to ask us whether we have data about you and to request a copy of it in an understandable format. This right thus allows you to check the accuracy of the data and, as necessary, have it corrected or deleted.
Right to rectification
You may directly correct, update or complete your online data on your account/space. You may also ask us to update or complete the personal data that we have.

Right to withdraw consent 
You may, at any time, unsubscribe from our newsletters by clicking on the link provided for this purpose in the latest communication received, or by contacting the department indicated in the same communication.
You also have the right to withdraw your consent for the placement of analytical and advertising cookies at any time. To do so, you simply have to configure the Internet browser on your computer, tablet or mobile. (For more information see the Cookie management section).

Right to object
When we collect your data for the purpose of performing the contract or on the basis of a legitimate interest, you have the right, for legitimate reasons, to object to your data being disseminated, transmitted or stored. The objection right allows you to object to us using your data for a specific purpose provided you put forward reasons relating to your particular situation.

Right to restriction of processing
If you dispute the accuracy of the data collected or if you object to your data being processed, you may ask us, when making your request to correct data or object to their use, to suspend use of your data pending the processing of your request. 

Right to erasure (right to be forgotten)
You have the right to obtain the erasure of your personal data at any time in the following cases:
-    the data is not or no longer required for the purposes for which we initially collected or processed it;
-    you have withdrawn your consent to the use of your data;
-    your data must be erased to comply with a legal obligation.

We may refuse to erase your data when it is required:
-    to comply with our legal obligations;
-    for noting, exercising or defending rights judicially;
-    for scientific or historical research purposes or for their use for statistical purposes in the public interest.

Right to portability 
You have the right to obtain a copy of the data that you have sent to us within the context of a contract or that we have collected with your agreement, in a structured, commonly used and legible format. This copy may be transmitted or sent to another party, at your request. 
Right to communicate after-death instructions
At any time, you may give instructions regarding the retention, erasure and the communication of your personal data after your death.
   How to exercise your rights
We recommend that you directly contact the department specified in the latest communication that you have received.
In order to enable us to understand your request and to respond to it quickly, please state in your request:
-    the right that you wish to exercise and, where relevant, the reasons for your request (e.g. deletion of a customer account/personal space, update of your data)
-    your last names, first names and email address and postal address (if you wish to receive a reply by postal mail)
The rights from which you benefit are rights of an individual nature and may therefore only be exercised by the owner of the data. To meet this obligation, when making your request, please provide proof of your identity by giving a customer number or via an authentication space whenever possible, or by sending us a copy of a valid identity document. The copy of your proof of identity will of course be deleted by our services as soon as the identity check has been completed.
We will endeavour to reply to your request within a reasonable time, and in any event, in accordance with the legal requirements.

    Right to complain
If you believe that your rights are not being respected or that the protection of your personal data is not provided in accordance with the applicable regulations, you may lodge a complaint with the French National Commission of Data Processing and Freedoms (CNIL). 

COOKIE MANAGEMENT

    What are cookies used for?
Cookies are computer files automatically placed on the hard disk on your computer, tablet or mobile device when you browse our Site. They are managed by your browser (Internet Explorer, Firefox, Safari or Google Chrome).
We use different kinds of cookies on our Sites:
-     cookies are needed for the operation of the Sites: they allow you to use the main features of our Sites. Without these cookies, you will not be able to use our Sites normally. 
-    analytical cookies or audience-measuring cookies of the Sites that allow us to find out the use and audience performances of our Sites and to improve their operation for our visitors; e.g. establish traffic statistics and volumes and the use of the various components of our Sites (sections and content visited, pathways), in order to improve the interest and ease of use of our Sites; 
-     so-called advertising cookies which allow us to choose in real-time what advertising to display on third party sites.
-     social network cookies stored by social media when you share content of our Sites with other people or give them your opinion about this content via an application button. We have no control over the processes used by these social media for collecting information on your browsing of our Sites and associated with the personal data that they have. Please peruse their data protection policies to find out your rights with respect to each of them, and to manage your privacy settings.

cookies_gp.fr_dec2018.png

    How to configure cookies?

You have the choice of setting your browser to accept or reject all cookies, to periodically delete cookies or to see when a cookie is placed, how long it is valid for, what it contains and to refuse it being recorded on your hard disk.
You can choose to block or disable these cookies at any time by changing the settings of your internet browser on your computer, tablet or mobile, in line with the instructions provided by your browser provider as shown by the websites mentioned below:
 

On Internet Explorer

Open the "Tools" menu, then choose "Internet Options"; Click on the "Privacy" tab, then the "Advanced" tab and choose the desired level or click on the following link:
https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

On Mozilla Firefox
Open the “Tools” menu, then choose “Options”; click on the “Privacy” tab, then choose the desired options or click on the link below:
https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

On Safari
Choose "Safari > Preferences" then click on "Security"; From the "Accept cookies" section, choose the desired options or click on the link below:
http://support.apple.com/kb/index?page=search&fac=all&q=cookies%20safari

On Google Chrome
Open the configuration menu (the one with the wrench logo), then choose “Options”; click on “Advanced options” then from the “Confidentiality” section, click on “Content settings” and choose the desired options or click on the link below:
https://support.google.com/chrome/answer/95647?hl=en

On iOs
http://support.apple.com/kb/HT1677?viewlocale=en_GB
You can also type “cookies” into your browser's Help page to find setting instructions.

For more information, you can also view the following pages on the CNIL website:
https://www.cnil.fr/cnil-direct/question/198>