The museum is closed
In line with measures taken by the French government to prevent the spread of COVID-19, the Musée du Louvre and Musée National Eugène Delacroix will remain closed up until and including May 18.
The new regulations that apply to the member countries of the European Union reinforce the rights of individuals and the responsibility of those organisations that process personal data.
The Établissement Public du Musée du Louvre ensures that the following principles are respected when collecting and processing personal data.
On 13th March 2019, the law firm Alain Bensoussan Selas was registered by the Établissement Public du Musée du Louvre as its Personal Data Protection Officer with the CNIL, the French Data Protection Authority.
The policy set out below may evolve according to changes in the applicable laws and regulations.
The principles applicable to personal data
Lawfulness and purpose limitation
1. Personal data is collected by the Musée du Louvre as part of its activities. It is only collected for specific, explicit, lawful purposes.
2. The purposes for which personal data is collected by the Musée du Louvre are as follows:
- management of its public service missions, reception of visitors, sale of entry and event tickets;
- management of customer loyalty and relations with sponsors;
- management of its collections, exhibitions and scientific resources;
- protection of its assets;
- management of its commercial and contractual relations;
- management of its events and communication;
- management of its technical equipment;
- carrying out of studies, audits and statistics.
- management of its human resources and recruitment operations;
- management of its financial and accounting obligations;
- respect of any applicable legal obligations.
3. The data collected cannot be used subsequently in any way that is incompatible with the purposes set out above.
4. In each instance, the Musée du Louvre shall only collect and process the data that is strictly necessary to achieve the objective concerned.
Fair, transparent data collection
5. To ensure fairness and transparency with regard to its visitors, website users, donors, partners, suppliers, service providers, customers and agents, the Musée du Louvre issues appropriate warnings to inform the persons concerned of how their data is to be processed. These warnings are issued directly to the persons concerned but can also be obtained by writing to email@example.com.
6. The data is collected fairly; no data is collected without a person’s knowledge or without their being informed.
7. The Musée du Louvre can also be contacted at the following address for more detailed information on its personal data protection policy: firstname.lastname@example.org
Adequacy, relevance and minimisation of data collected
8. The Musée du Louvre does everything possible to minimise data by collecting data that is adequate, relevant and limited to what is necessary to the purposes for which it is processed.
9. The personal data collected is updated regularly and stored by the Musée du Louvre in its databases.
Personal data protection by design and default
10. The Musée du Louvre has adopted internal policies and processes and does everything possible to implement measures that respect the principles of personal data protection by design and default.
11. The right to the protection of data is thus taken into account from the design stage right through the lifecycle of applications (development, selection, use), services and products that are based on personal data processing.
12. If third-party applications, services or products are used, the Musée du Louvre ensures that the publishers meet the legal requirements and can thus provide full protection of the data processed.
Personal data security
13. The Musée du Louvre is particularly attentive to the security of personal data.
14. It implements technical and organisational measures adapted to the sensitivity level of the personal data collected, in order to ensure the integrity and confidentiality of the data and protect it from any malicious intrusion, loss, alteration or disclosure to unauthorised third parties.
15. The Musée du Louvre regularly conducts audits in order to ensure the proper operational application of the rules relating to data security.
16. It shall thus take all physical, technical and organisational measures necessary to:
- protect its activities;
- ensure the security of the personal data of its members, partners, website users, suppliers and service providers;
- prevent any unauthorised access to data and any amendment, distortion, disclosure or destruction of the personal data in its possession.
17. However, the security and confidentiality of personal data rely on the good practices of each individual and the person concerned is invited to remain vigilant with regard to issues that may involve the use of his or her personal data.
18. In accordance with its commitments, the Musée du Louvre chooses its subcontractors and service providers carefully and requires that they respect the following:
- a level of personal data protection equivalent to its own;
- the use of personal data or information solely to ensure the management of the services they are to provide;
- strict compliance with the applicable legislation and regulations on confidentiality, bank secrecy and personal data;
- the implementation of all proper measures to ensure the protection of any personal data they may be required to process;
- the definition of the technical and organisational measures needed to ensure security.
19. The agreements signed by the Musée du Louvre with its subcontractors shall therefore comply with the obligations required by the regulations and precisely define the terms and conditions of personal data processing.