“Company”: shall mean Agence France Muséums, simplified joint stock company with a capital of 335,000.00€ having its registered office located at 20, rue Bachaumont, 75002 Paris, registered with the Trade and Corporations Register of Paris under identification number 499 510 451, duly represented by its chief executive officer, Hervé BARBARET.
“GDPR” : shall mean the regulation (EU) 2016/679 related to the protection of individuals with regard to the processing of personal data and the free movement of such data.
“Personal data”: shall mean any personal data identifying the User directly (in particular his or her surname, first name, postal, electronic or telephone contact details) or indirectly.
“Site”: shall mean the website www.francemuseums.fr where the Company presents its activity to the Users.
“User(s)”: shall mean a person who has access to the Site.
3. Identification of the Controller
The controller which collects and processes the User’s data on the Site is the Company.
4. Personal data likely to be collected
5. Method and legal ground of Personal Data’s collection
The User consents to the collection of his/her Personal Data by the Company when he/she fills in the contact form available in the Site (hereinafter, “the Contact form”). This collection is based on the specific, free and informed consent of the User when filling the Contact form. This collection is necessary to process the User’s request. Thus, in the absence of communication by the User of his Personal Data (the mandatory nature of which is specified by the presence of an asterisk), the Contact form cannot be filled out.
6. Purposes of Personal Data processing
Personal Data is collected and processed for the following purposes:
– Treatment of the request formulated by the User within the framework of the Contact form;
– Contact and assistance;
– Sending of institutional publications.
7. Retention period of Personal Dataµ
Personal Data is kept only for the time necessary for the purposes for which it was collected, and in compliance with the legislation in force. In any event, Personal Data is deleted after a period of three (3) years following the last use of the Site by the User.
8. Recipient of Personal Data
The User’s Personal Data is intended for use by the persons duly authorized to process it within the Company, in particular, and depending on the nature of the processing and the type of data, the human resources department or the departments of development and communication. The Personal Data collected is not subject to any cross-border flow.
9. Measures implemented by the Company to ensure the security and confidentiality of Personal Data
The Company undertakes to process Personal Data in a manner that is:
– Within the strict framework of the purposes pursued and announced;
– For the duration necessary for the processing operations put in place;
– In a secured way.
The Company implements and updates the appropriate technical and organizational measures to ensure the security and confidentiality of the Personal Data, preventing them from being distorted, damaged or communicated to unauthorized third parties.
10. User’s rights on Personal Data
As part of the right of access, the User is authorized, in accordance with article 15 of the GDPR, to question the Company in order to obtain: (i) communication of the Personal Data concerning him/her in an accessible form; (ii) confirmation that his/her Personal Data is or is no longer being processed; (iii) communication of the purposes of the processing, the categories of Personal Data processed and the recipients to whom his/her Personal Data is communicated; and (iv) the duration of the storage of his/her Personal Data or the criteria used to determine this duration.
In accordance with article 16 of the GDPR, the right of rectification gives the User the right to require the Company to rectify his/her Personal Data when it is inaccurate.
Under the conditions set forth in article 17 of the GDPR, the User has a right to the deletion of his/her Personal Data, allowing him/her to ask the Company to delete his/her Personal Data as soon as possible, in particular when it is no longer necessary with regards to the purposes for which it was collected.
The User also has the right to limit the processing of his/her Personal Data in the cases listed in article 18 of the GDPR.
In the circumstances provided for in article 20 of the GDPR, the User has a right to the portability of his Personal Data, allowing him/her to recover from the Company the Personal Data he/she has provided, in a structured, commonly used and machine-readable format, for the purpose of forwarding them to another data controller.
In accordance with article 21 of the GDRP, the User has the right to object, at any time, to the processing of his Personal Data. In order to exercise the aforementioned rights of access, rectification, deletion, limitation, portability and opposition, the User need only send his/her request by e-mail to the following address: firstname.lastname@example.org.
11. Remedies in case of Personal Data’s violation
In the event of a violation of its Personal Data that may create a risk to its rights and freedoms, the Company shall notify the CNIL, French independent administrative authority on personal data, of the violation as soon as possible, and, if possible, seventy-two (72) hours at the latest after becoming aware of it. The Company will also inform the User as soon as possible in accordance with the provisions of article 34 of the GDPR.
Without prejudice to any other administrative or jurisdictional remedies, the User who considers that the processing of his/her Personal Data constitutes a violation of the provisions of the legislation in force may file a complaint with a competent supervisory authority such as the CNIL.
12. Request for information
For any questions concerning the processing of their personal data and the exercise of their rights, Users may contact the dedicated service by e-mail at the following address: email@example.com.