Museums have no borders,
they have a network

Privacy Policy

Last update: September 2020.

This policy indicates how ICOM (hereinafter “ICOM”, “we”, “us”, “our”), as data controller, uses and protects the personal data that you (hereinafter “you”, “your”) communicate to it when you visit the website “” (including the member area), when you adhere to ICOM as a member or when you apply to become one, when you subscribe to our newsletter, or when you participate to an event or activity organized by ICOM (together hereinafter referred to as “ICOM Services”).

ICOM undertakes to protect personal data and to respect privacy in accordance with the current legislation, and in particular with the provisions of the French Data Protection Act, named “Informatics and Freedom”, No. 78-17 of 6 January 1978 as amended, and of the Regulation (EU) 2016/679 of 27 April 2016, known as “GDPR”. ICOM has appointed a Data Protection Officer (DPO) to the CNIL (Commission Nationale de l’Informatique et des Libertés).

ICOM may amend this Privacy Policy from time to time and will publish the amended version on its website. ICOM invites you to regularly check this Privacy Policy on this page for updates.


Your personal data may be collected by ICOM via the membership form, when you consult and interact with the pages of the website “” or ICOMMUNITY, via the national and international committees you already are a member of, or when you send us a membership application, a request for subscription to our newsletter or an application.
Personal data is hosted within the European Union.

The website “” may host links to third party sites, including social network sharing buttons. We draw your attention to the fact that these share buttons allow the collection of information about you. In order to know the conditions of use of this data, we invite you to read the privacy policies of the social networks concerned and accessible on their sites.


ICOM does not collect data without warning you and only collects personal data strictly necessary for the purposes described below. To this end, ICOM collects the following information:

– During your visit to the website (including the members’ area): In general, you can browse the ICOM website without revealing any personal information. The only information that ICOM collects during general browsing of the site is information intended for the server log (IP/Internet protocol, domain name, browser type, operating system, the site from which you are connected, the files you download, the pages visited, the dates and times of those visits, etc.) and the messages or comments you post online.

– When you apply for membership:

  • Surname, first name, title, gender, date of birth;
  • Membership number, if applicable;
  • Last institution where you work/have worked, function, professional address, email, phone, fax;
  • Membership Committee;
  • Personal postal address, email, telephone, fax;
  • Membership category: individual (voting), institutional (voting), student (non-voting), benefactor (non-voting), honorary (non-voting).

– When you contribute to the site or to the activity of ICOM (expert, authors, contributors, graphic designers, translators):

  • Name and professional contact details;
  • Function/quality;
  • Type of contribution.

– When submitting an application:

  • CV, motivation letters, assessment interviews, copy of an identity document and, if necessary, copy of the residence permit.

– When you apply for a subscription to our newsletter via website:

  • Your email address


We use the information we collect about you within the framework of the ICOM Services and for the following purposes:

  • To respond to your requests for information;
  • To contact you to respond to your request or suggestion;
  • To facilitate navigation on the website (including the members’ area);
  • To respond to your request to subscribe to the ICOM newsletter;
  • To inform you of the existence or evolution of our activities;
  • To process a job application;
  • To memorize your personal online user profile;
  • To manage your contributions within the framework of ICOM ;
  • To manage memberships in the association and members’ accounts;
  • To ensure the operation of the association is in accordance with its statutes.

We may use your personal data when necessary to comply with a legal or regulatory obligation.


We limit access to your information only to those employees who need to use it. They have an obligation to protect it and maintain its confidentiality.

We may also disclose your personal data to our partners to enable us to fulfil the purposes stated above. In any case, our partners only receive the personal information necessary to carry out the services concerned and are in no case authorized to use this personal data in a context other than that of the service in question, or for purposes other than those for which the data was collected.

As such, we transfer your personal data to the managers of the international committees you expressed an interest for at the time of your membership, enabling you to exercise your right to vote or to receive newsletters from these committees.

In any event, we do not transmit your personal data to third parties without your prior authorization, unless the communication of such data is required by the current regulations, in particular at the request of the judicial authority in compliance with the legal provisions.


Your personal data is hosted by ICOM within the European Union.

Furthermore, your personal data may also be transferred to third countries.

In accordance with article 49 (1) (b) of the GDPR, these transfers are carried out on the basis of the contract binding us.


The information collected on the ICOM website is kept for a limited period of time to achieve the purposes it was collected for, and as long as you do not exercise your rights as defined below.

We may nevertheless retain some of your personal data for a longer period of time, for the sole purpose of complying with any legal obligation, or to answer any questions or complaints that may be addressed to us after you cease using the ICOM Services.


We take the security of your data very seriously and strive to protect all data collected. In particular, we strive to prevent your data from being distorted, damaged or accessed by unauthorized third parties.

Thereby, we have implemented protective measures to ensure the confidentiality, security and integrity of your data. For example, we make sure access to data is restricted to those among our employees who have been trained to observe confidentiality rules. We also commit to store your data in secure operating environments. These measures take into account the sensitivity of the data we collect, process and store and the current state of technology.

However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, although we make every effort to protect your personal data, we cannot control the risks associated with the operation of the Internet and we draw your attention to possible regarding occasional data loss or breach of confidentiality for data transiting via this network. In any circumstance, we undertake to notify any violation of personal data as soon as possible and, if possible, no later than 72 hours after becoming aware of it, under the conditions set out in Articles 33 and 34 of the RGPD. Likewise, it is your responsibility to protect the security of your account, your identifier and your password.

If you think that a third party knows your password or has changed it, or if you think that a third party may have access to the e-mail address associated with your account, you are requested to inform ICOM without delay by contacting the Data Protection Officer, by post (ICOM (DPD), Maison de l’UNESCO, 1 rue Miollis, 7532, Paris Cedex 15 (France)) or by e-mail at the following address:


In accordance with the current legislation, you have the right to access, rectify and delete your personal data, as well as the right to limit the processing and portability of your data.

You are also entitled to object – on legitimate grounds – to the processing of your data by ICOM, to withdraw your consent when the processing of your personal data is based on this legal basis, and to submit a claim to the CNIL (Commission Nationale de l’Informatique et des Libertés).

These rights may be exercised by contacting the Data Protection Delegate, by post (ICOM (DPD), Maison de l’UNESCO, 1 rue Miollis, 7532, Paris Cedex 15 (France)) or by email at the following address:

The user is informed that no phone call requests will be taken into account.


As a user of the ICOM Services, you are bound to comply with the current legislation regarding the protection of personal data. In particular, with regard to the personal information you have access to, you must refrain from any collection, any misuse and, in general, any act likely to infringe on privacy, fundamental rights and freedoms.


If you have any questions or complaints about this Privacy Policy, you can contact us online or by mail at the following address: ICOM (DPO), Maison de l’UNESCO, 1 rue Miollis, 7532, Paris Cedex 15 (France). You can also contact our Data Protection Officer (DPO) at