Museums have no borders,
they have a network

Become a member
    • International Council of Museums|Privacy Policy

    Privacy Policy

    Last update: October 2024

    LEGAL NOTICE

    This website is the property of ICOM, a not-for-profit association organised under the laws of France, having its registered office at 15 rue Lasson, 75012 Paris, France and registered under SIREN number 78461781300034.

    Site design, production and hosting: Newp 81 Route Porte Fâche 16100 Boutiers St Trojan, telephone number: 0676924042
    Director of the publication: Emma Nardi, President of ICOM
    ICOM e-mail address: secretariat@icom.museum
    ICOM phone number: +33 1 47 34 05 00

    PRIVACY POLICY

    Latest update: September 2024

    This policy indicates how ICOM (hereinafter “ICOM”, “we”, “us”, “our”), as data controller, uses and protects the personal data that you (hereinafter “you”, “your”) communicate to it when:

    • you visit this website (including the member space area, when applicable) or any website hosted by ICOM,
    • you adhere to ICOM as a member or you apply to become one,
    • you subscribe to our newsletter, or
    • you participate to an event or activity organised by ICOM.

    (together hereinafter referred to as the “ICOM Services”).

    ICOM undertakes to protect personal data and to respect privacy in accordance with the current legislation, and in particular with the provisions of the French Data Protection Act, named “Informatics and Freedom”, No. 78-17 of 6 January 1978 as amended, and of the Regulation (EU) 2016/679 of 27 April 2016, known as “GDPR”.

    ICOM has appointed a Data Protection Officer (DPO) to the CNIL (Commission Nationale de l’Informatique et des Libertés).

    ICOM may amend the present Privacy Policy from time to time and will publish the amended version on its website. ICOM invites you to regularly check this Privacy Policy on this page for updates.

    WHO AND HOW COLLECTS YOUR PERSONAL INFORMATION?

    Your personal data may be collected by ICOM via the membership form, when you consult and interact with the pages of the website “www.icom.museum” or your member space, via the National and International Committees you already are a member of, or when you send us an information request through our contact form or through the online chat (Icom ChatIA), a membership application, a request for subscription to our newsletter or an application.

    Personal data is hosted within the European Union.

    The website “www.icom.museum” may host links to third-party sites, including social network sharing buttons. We draw your attention to the fact that these share buttons allow the collection of information about you. In order to know the conditions of use of this data, we invite you to read the privacy policies of the social networks and of the third-party sites concerned and accessible on their sites.

    WHAT DATA DO WE COLLECT?

    ICOM does not collect data without warning you and only collects personal data strictly necessary for the purposes described below.

    To this end, ICOM collects the following information:

    • during your visit to the website (including the member space area): in general, you can browse the ICOM website without revealing any personal information. The only information that ICOM collects during general browsing of the site is information intended for the server log (IP/Internet protocol, domain name, browser type, operating system, the site from which you are connected, the files you download, the pages visited, the dates and times of those visits, etc.) and the messages or comments you post online;
    • when you apply for membership:
      • Surname, first name, title, gender, date of birth;
      • Membership number, if applicable ;
      • Last institution where you work/have worked, function, professional address, email, phone, fax;
      • Membership Committee;
      • Personal postal address, email, telephone, fax;
      • Membership category: individual (voting), institutional (voting), student (non-voting), supporting (non-voting), honorary (non-voting).
    • when you contribute to the site or to the activity of ICOM (experts, authors, contributors, graphic designers, translators):
      • Name and professional contact details;
      • Function/quality;
      • Type of contribution.
    • when submitting an application :
      • CV, motivation letters, assessment interviews, copy of an identity document and, if necessary, copy of the residence permit.
    • when you apply for a subscription to our newsletters via our website:
      • Your email address.
    • when you submit an information request through the online contact form:
      • Your email address,
      • Name and surname,
      • Member number (optional),
      • Date and content of your request and the personal information you may have transmitted in your request.
    • when you interact with our online chat (Icom ChatIA):
      • Date and content of your message and the personal information you may have transmitted in your message.

    WHAT DO WE USE THE COLLECTED INFORMATION FOR?

    We use the information we collect about you within the framework of the ICOM Services and for the following purposes:

    PURPOSES LEGAL BASIS STORAGE DURATION
     

    To respond to your requests for information and to contact you to respond to your request or suggestion

    		  

    ICOM’s legitimate interest in being able to respond to the request(s) received through its website

    		  

    For the duration necessary to process your request for information. The data is deleted once the request has been processed

     
     

    To facilitate navigation on the  website (including the member space area when applicable)

     

    		  

    ICOM’s legitimate interest in offering a functional and user-friendly service

    		  

    Cookies and other tracers are kept for a maximum of thirteen (13) months
     

    To memorise your personal online user profile

     
     

    To monitor website traffic and for statistical purposes

     
     

    To respond to your request to subscribe to the ICOM newsletter(s)

     

    		  

    ICOM’s legitimate interest in developing and promoting its activity

     

    		  

    Until you unsubscribe or exercise your right to oppose
     

    To inform you of the existence or evolution of our activities

    		  

    ICOM’s legitimate interest in developing and promoting its activity

     

    		  

    For a duration of three (3) years from the last contact
     

    To process a job application

    		  

    ICOM’s legitimate interest in processing applications received via its website

     

    		  

    Maximum duration of two (2) years from the date of application
     

    To manage your contributions within the framework of ICOM

     

    		  

    ICOM’s legitimate interest in developing and carrying out its activity

    		  

    For as long as necessary to achieve the purpose for which the data was collected. The data is then archived for the duration required by applicable regulations

     
     

    To manage memberships in the association and member space areas

     

    		  

    Execution of a contract

    		  

    For the duration of your relationship with ICOM (duration of membership) and then archived for the duration required by applicable regulations
     

    To ensure that the operation of the association is in accordance with its Statutes and Internal Rules

    		  

    ICOM’s legitimate interest in developing and carrying out its activity

     

    Compliance with ICOM’s legal, statutory and regulatory obligations

     

    		  

    For the duration of your relationship with ICOM (duration of membership) and then archived for the duration required by applicable regulations

    We may also use your personal data when necessary to comply with a legal, statutory or regulatory obligation.

    WHO IS YOUR PERSONAL DATA DISCLOSED TO?

    We limit access to your information only to those employees of the ICOM Secretariat and ICOM’s members who need to use it. They have an obligation to protect it and maintain its confidentiality.

    We may also disclose your personal data to our partners to enable us to fulfil the purposes stated above; notably our technical service providers such as our website hosting company or our IT service provider.

    In any case, our partners only receive the personal information necessary to carry out the services concerned and are in no case authorised to use this personal data in a context other than that of the service in question, or for purposes other than those for which the data was collected.

    As such, we transfer your personal data to the board of the International Committees or, if applicable, any designated individual(s) in charge of personal data processing by such Committees – whose identity has been formally communicated to the ICOM Secretariat you expressed an interest for at the time of your membership, enabling you to exercise your right to vote or to receive newsletters from these Committees.

    In any event, we do not transmit your personal data to third parties without your prior authorisation, unless the communication of such data is required by the current regulations, in particular at the request of the judicial authority in compliance with the legal provisions.

    ARE YOUR PERSONAL DATA TRANSFERRED TO THIRD COUNTRIES?

    Your personal data is hosted by ICOM within the European Union.

    Furthermore, your personal data may also be transferred to third countries.

    In accordance with article 49 (1) (b) of the GDPR, these transfers are carried out on the basis of the contract binding us.

    HOW LONG DO WE KEEP PERSONAL DATA?

    The information collected on the ICOM website is kept for a limited period of time to achieve the purposes it was collected for (please see hereabove), and as long as you do not exercise your rights as defined below.

    The storage duration of your personal data varies and is determined by various criteria, including:

    • the nature and level of sensitivity of the data concerned and the purpose for which we use it: ICOM must retain data for the period necessary to fulfil the purpose of the processing; and
    • the legal obligations: legislation or regulation may set a minimum period for which we must retain personal data.

    We organise our data retention policy according to these criteria and will be happy to answer any questions you may have.

    We may retain some of your personal data for a longer period of time, for the sole purpose of complying with any legal obligation, or to answer any questions or complaints that may be addressed to us after you cease using the ICOM Services.

    SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

    We take the security of your data very seriously and strive to protect all data collected. In particular, we strive to prevent your data from being distorted, damaged or accessed by unauthorised third parties.

    Thereby, we have implemented protective measures to ensure the confidentiality, security and integrity of your data. For example, we make sure access to data is restricted to those among our employees who have been trained to observe confidentiality rules. We also commit to store your data in secure operating environments. These measures take into account the sensitivity of the data we collect, process and store and the current state of technology.

    However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, although we make every effort to protect your personal data, we cannot control the risks associated with the operation of the Internet and we draw your attention to possible regarding occasional data loss or breach of confidentiality for data transiting via this network. In any circumstance, we undertake to notify any violation of personal data as soon as possible and, if possible, no later than seventy two (72) hours after becoming aware of it, under the conditions set out in Articles 33 and 34 of the RGPD. Likewise, it is your responsibility to protect the security of your account, your identifier and your password.

    If you think that a third-party knows your password or has changed it, or if you think that a third-party may have access to the e-mail address associated with your account, you are requested to inform ICOM without delay by contacting our Data Protection Officer, by post: ICOM (DPO), 15, rue Lasson, 75012 Paris (France) or by e-mail at the following address: rgpd@icom.museum.

    WHAT ARE YOUR RIGHTS REGARDING ACCESS TO YOUR PERSONAL DATA AND CONTROL OF THEIR USE?

    In accordance with the current legislation, you have the right to access, rectify and delete your personal data, as well as the right to limit the processing and portability of your data.

    You are also entitled to object – on legitimate grounds – to the processing of your data by ICOM, to withdraw your consent when the processing of your personal data is based on this legal basis, and to submit a claim to the CNIL (Commission Nationale de l’Informatique et des Libertés).

    These rights may be exercised by contacting our Data Protection Delegate, by post: ICOM (DPO), 15 rue Lasson, 75012 Paris (France), or by email at the following address: rgpd@icom.museum.

    The user is informed that no phone call requests will be taken into account.

    WHAT ARE YOUR OBLIGATIONS?

    As a user of the ICOM Services, you are bound to comply with the current legislation regarding the protection of personal data. In particular, with regard to the personal information you have access to, you must refrain from any collection, any misuse and, in general, any act likely to infringe on privacy, fundamental rights and freedoms.

    CONTACT

    If you have any questions or complaints about this Privacy Policy, you can contact us online or by mail at the following address: ICOM (DPO), 15 rue Lasson, 75012 Paris (France).

    You can also contact our Data Protection Officer (DPO) by e-email at rgpd@icom.museum.