Privacy policy

The new regulatory framework that applies throughout the European Union reinforces the rights of individuals and the responsibilities of institutions that process personal data.

The Paris Musées public institution is committed to complying with the following principles when collecting and using personal data.

Principles applicable to personal data

Legitimate, proportionate use

Personal data is collected as part of the activities of the Palais Galliera. Data is only collected for specific, explicit, legitimate purposes.

Personal data is mainly collected by Paris Musées for:

  • managing its public service missions, receiving visitors, selling admission and activity tickets;
  • managing its audience loyalty and relations with its patrons (when subscribing to the newsletter or
  • sending a contact form);
  • managing its collections, exhibitions and scientific resources;
  • protecting its heritage;
  • managing its business and contractual relationships;
  • managing its events and its communication;
  • managing its technical equipment;
  • carrying out studies, audits and creating statistics;
  • managing its human resources and its recruitment campaigns;
  • managing its financial and accounting obligations;
  • complying with its legal obligations.


This data cannot be used subsequently in any way that is incompatible with these purposes.

When processing, Paris Musées undertakes to only collect and process data that is strictly required for the purpose concerned.

Relevance, appropriateness and reducing the data collected

Paris Musées strives to reduce what data it collects by only collecting data that is appropriate, relevant and strictly required for the purpose for which it is processed.

Collected personal data is regularly updated and stored by the Palais Galliera in its databases. It is retained for three (3) years.

Personal data security

Paris Musées pays particular attention to personal data security. It implements technical and organizational measures tailored to the level of sensitivity of the personal data, to ensure data integrity and privacy and to protect it from malicious intrusion, loss, alteration or disclosure to unauthorized third parties.

These security measures include regular audits, access to user data by a restricted number of administrators and the updating and compliance of the software and programmes.