The Etablissement public du musée du quai Branly - Jacques Chirac (“the museum”) may collect certain personal information concerning users of its website. As the controller of this data processing, the museum located at 222, rue de l’Université - 75343 Paris cedex 07, FRANCE, is committed to the protection of personal data and privacy. With this in mind, the museum has appointed a Data Protection Officer to respond to any requests for the exercise of rights concerning the processing of personal data put in place.
This Policy sets out the way in which the museum collects and processes your personal data. It applies to all of the services proposed on the official website (https://croyan.quaibranly.fr) and on the associated websites (https://www.quaibranly.fr, https://m.quaibranly.fr, https://recrutement.quaibranly.fr, https://quaibranly.tickeasy.com, http://marches.quaibranly.fr, https://collection-lacharriere.quaibranly.fr) and to any other online initiative belonging to the museum and carrying out personal data collection (“website”). Solely the museum’s online store (https://boutique.quaibranly.fr) is excluded from its scope of application, as the museum is not responsible for the processing of this data.
This Policy may be amended in accordance with legal and regulatory changes as well as with regard to the doctrine of the French Data Protection Authority (CNIL).
While browsing the museum Website, you may be asked to provide personal data when completing online forms: creation of a customer account, membership applications, newsletter subscription, customer service (order tracking, information request, etc.), recruitment forms, etc.
Each form contains an information statement concerning your rights in particular, as set out under the amended Act of 6 January 1978, the French Data Protection and Privacy Act, and Regulation (EU) 2016/679 of 27 April 2016, General Data Protection Regulation (GDPR).
Furthermore, the use of social networks on the museum Website (Facebook, Instagram, Twitter, YouTube “share” buttons, etc.) may result in data exchanges between the museum and these social networks.
Furthermore, the use of social networks on the museum Website (Facebook, Instagram, Twitter, YouTube “share” buttons, etc.) may result in data exchanges between the museum and these social networks. You may also use the browser functions that prevent tracking (or download an extension that does the same).
Most Internet browser default settings are configured to accept cookies, but these settings can be modified. For more details on these files, the museum invites you to consult its cookie handling policy.
PURPOSES OF DATA PROCESSING
The museum collects and processes your personal data for specified, explicit and legitimate purposes, which are as follows:
ON THE LEGAL GROUNDS OF THE EXECUTION OF A CONTRACT
- Management of your customer account, your shopping basket and your orders;
- Management of your memberships (Pass quai Branly) ;
Management of deliveries, order tracking and invoicing;
- Provision of a customer service (response to website user requests).
ON THE LEGAL GROUNDS OF YOUR CONSENT
- Sending of information regarding the latest news from the museum (newsletters, annual brochure, etc.) ;
- Management of events organised by the museum (competitions, etc.) ;
- Processing of applications sent to the museum via the dedicated space (https://recrutement.quaibranly.fr) ;
- Measurement of website audience statistics.
You may withdraw your consent to this processing at any time by sending your request to our Data Protection Officer (see contact details at the end of this page).
ON THE LEGAL GROUNDS OF OUR LEGITIMATE INTERESTS
- Commercial solicitation/prospecting: we may use your contact details to send targeted advertising by email or post. The museum undertakes to comply with the rules applicable to each prospecting channel.
Your personal data is not subsequently processed in any way incompatible with the purposes set out above.
The recipients of your personal data are the museum departments concerned:
- The personal data collected via membership forms (digital and paper versions) is intended for those responsible for the transmission of information within the museum ;
- The personal data collected via customer account creation forms is intended for those responsible for audience or sales development within the museum ;
- The personal data collected following responses to job offers and internships on the website (http://recrutement.quaibranly.fr) and to unsolicited applications are intended for those responsible for recruitment within the museum.
The museum may only share the information collected with its service providers and subcontractors if this is necessary to the above-mentioned processing. In this case, rectifications and/or cancellations of personal information shall be notified to said service providers and subcontractors.
The subcontractors used by the museum are involved, under the latter’s instructions, in the following operations in particular:
- Order shipping;
- Stock management;
- Data and website hosting;
- Technical maintenance and development operations on the website;
- Paper and electronic routing;
- Cookies and audience measurement.
In accordance with the GDPR, your data is stored in a form which permits identification for no longer than the time required for the purpose for which it was collected and/or processed.
Your personal data is stored either in the museum databases or in those of its service providers.
As such, customer data is retained for 2 years following the end of the contractual relationship (date of last purchase or last contact with the museum). Data concerning prospective customers is also retained for 2 years as of the last incoming contact.
With regard to recruitment data, this is retained for a maximum of 2 years as of the last contact with the applicant.
As the data controller, the museum takes suitable precautions to ensure the security and confidentiality of your data, and notably to prevent such data from being deformed, damaged or transmitted to any unauthorised parties.
The museum’s IT department is also bound by the French government Information Systems Security Policy (PSSI) which sets out the minimum security measures applicable to government information systems.
In accordance with the French Data Protection Act and the GDPR, you have the right to access, correct limit, and delete any or all of your data and the right to its portability.
You also have the right to oppose, at any moment, the use of your data for commercial prospecting.
Furthermore, you can establish the advance directives regarding the processing of your personal data post mortem.
If you wish to exercise your rights, please contact the museum’s Data Protection Officer by writing to the following addresses:
- By post (accompanied by a photocopy of your ID): Établissement public du musée du quai Branly – Jacques Chirac Service juridique et des achats 222, rue de l’université 75343 Paris cedex 07, FRANCE;
- By email (accompanied by a photocopy of your ID) : firstname.lastname@example.org.
In the event of an unsatisfactory reply, you may lodge a complaint with the CNIL, the authority responsible for overseeing compliance with data protection obligations.