Personal data protection policy
The new regulatory framework that applies within the territory of the European Union strengthens the rights of individuals and the responsibilities of institutions that process personal data.
The Louvre Museum Public Institution is committed to comply with the following principles when collecting and using personal data.
On 13 March 2019, it appointed the law firm Alain Bensoussan Selas as the Louvre Museum Public Institution’s data protection officer (DPO) with the French Data Protection Authority (CNIL).
The policy set out below may change depending on the applicable legal and regulatory context.
2. Principles applicable to personal data
2.1 Legitimate and proportionate use
1. The Louvre Museum collects personal data as part of its activities. This collection is only carried out for specified, explicit and legitimate purposes.
2. The purposes of collecting personal data within the Louvre Museum include:
- managing its public service work, welcoming visitors, selling entrance tickets and activities;
- managing the loyalty of its audiences and relations with its sponsors;
- managing its collections, exhibitions and scientific resources;
- protecting its assets;
- managing its commercial and contractual relationships;
- managing its events and communications;
- managing its technical equipment;
- performing studies and audits and gathering statistics;
- managing its human resources and recruitment;
- managing its financial and accounting obligations; and
- complying with its legal obligations.
3. This data may not be used subsequently in a manner incompatible with these purposes.
4. For each processing operation, the Louvre Museum undertakes to collect and process only such data as is strictly necessary for the purpose pursued.
2.2 Fair and transparent collection
5. To ensure fairness and transparency, particularly with regard to its visitors, Internet users, donors, partners, suppliers and service providers, customers and agents, the Louvre Museum informs data subjects of each processing operation it implements through appropriate information notices. These information notices are sent to the data subjects but may also be obtained from this address: email@example.com.
6. These data are collected fairly; no collection is carried out without a person’s knowledge and without that person being informed.
7. The Louvre Museum is also available at the following address to provide any details required regarding its personal data protection policy: firstname.lastname@example.org
2.3 Relevance, adequacy and minimisation of the data collected
8. The Louvre Museum is committed to minimise data by collecting data that is adequate, relevant and strictly necessary for the purpose of the processing.
9. The personal data collected are regularly updated and stored by the Louvre Museum in its databases.
2.4 Protection of personal data by design and by default
10. The Louvre Museum has adopted internal policies and processes and is committed to implementing measures that comply with the principles of personal data protection by design and by default.
11. The right to data protection is therefore taken into account at all stages of the implementation of an application (development, selection, use), services and products based on the processing of personal data.
12. In the event that applications, services or products provided by third parties are used, the Louvre Museum will ensure that their publishers comply with the legal requirements and ensure the protection of the data processed by them.
3. The security of personal data
13. The Louvre Museum places particular importance on the security of personal data.
14. It implements technical and organisational measures adapted to the degree of sensitivity of personal data, with a view to ensuring the integrity and confidentiality of data and protecting them against any malicious intrusion, loss, alteration or disclosure to unauthorised third parties.
15. The Louvre Museum regularly carries out audits to verify the proper operational application of the rules relating to data security.
16. It therefore undertakes to take the physical, technical and organisational security measures necessary to:
‐ protect its activities;
‐ preserve the security of the personal data of its members, partners, Internet users, suppliers and service providers; and
‐ prevent any unauthorised access to the data, any modification, distortion, disclosure or destruction of the personal data it holds.
17. Nevertheless, the security and confidentiality of personal data are based on individual best practices and data subjects are invited to remain vigilant regarding issues that may involve the use of their personal data.
18. In accordance with its commitments, the Louvre Museum carefully selects its subcontractors and service providers and requires them to:
‐ provide a level of personal data protection equivalent to its own;
‐ use personal data or information solely to manage the services they must provide;
‐ strictly comply with the applicable legislation and regulations on confidentiality, banking secrecy and personal data;
‐ implement all appropriate measures to ensure the protection of the personal data that they may be required to process; and
‐ define the technical and organisational measures necessary to ensure security.
19. The Louvre Museum therefore undertakes to conclude, with its subcontractors, contracts that comply with the obligations imposed by the regulations and which precisely define the terms and conditions of the processing of personal data.
In line with the measures taken by the government to prevent the spread of COVID-19, the Musée du Louvre and Musée National Eugène Delacroix are closed until further notice.
All those who have purchased a ticket for this period will automatically receive a refund—no action is required.
Thank you for your understanding.
The Tuileries and Carrousel gardens remain open.