Privacy policy
Privacy Policy – Updated 20/02/2025
Musiam Paris takes your personal data very seriously. We are committed to offering personalised services while respecting your privacy and personal choices, whether in terms of processing, confidentiality, or data security.
This document sets out our privacy policy (the “Privacy Policy”). It covers personal data you provide directly, as well as data our group of companies may collect through various interactions with us (such as in-store visits, customer service, restaurants, websites, social media, digital applications, events, or competitions). We aim to inform you transparently, clearly, and comprehensively about how your personal data is processed and any potential transfer to third parties. This Policy also explains your rights and the options available to you to manage your personal data and protect your privacy, in full compliance with applicable regulations.
During your visit, purchase experience, or while browsing the MUSIAM PARIS website, you may transition between Société de Restauration Musées et Lieux Culturels (SRMLC) and Musiam Paris, or vice versa. In such cases, Musiam Paris acts as the data controller under applicable data protection legislation, including Article 24 of Regulation (EU) 2016/679 (“GDPR”).
Who Are We?
Musiam Paris is the trading name of SRMLC, a simplified joint-stock company with a share capital of €8,250,000, registered with the Nanterre Trade and Companies Register under number 822.001.509, with its registered office at 83 Rue de Monceau, 75008 Paris, represented by Mr Tom Lerouge and Mr Alastair Storey, directors.
Musiam Paris includes all affiliated companies and partners of SRMLC with whom you share information:
SRML – Société de Restauration Musée du Louvre
SRMLC – Société de Restauration Musées et Lieux Culturels
SRMO – Société de Restauration Musée d’Orsay et Musée de l’Orangerie
SO.FE.REST – Musée du quai Branly – Jacques Chirac
SO.FE.REST – Bibliothèque Nationale de France
SO.FE.REST – Château de Versailles
SO.FE.REST – Salons Air France Longs Courriers CDG
SO.FE.REST – Hangar Y
SO.FE.REST – DUCASSE Réception
What Data Do We Collect?
Personal data is information relating to an identified or identifiable individual, such as first name, email address, or date of birth.
We may collect your personal data directly with your consent (e.g., when visiting our websites or purchasing a product online or in-store) or indirectly (e.g., via website visits, forms, or digital applications from your computer, tablet, or mobile device).
Data You May Provide Directly
Creating an online account or registering in-store
Booking a table at one of our restaurants
Subscribing to our newsletter
Using our digital platforms
Purchasing products or services online or in-store
Participating in events
This may include:
Identity (first name, surname, gender)
Contact details (postal address, email, phone numbers)
Personal status (civility title)
Purchases (order history, transaction details)
Preferences (dietary requirements, preferred contact method)
Payment data (billing information, payment method, credit/debit card number)
Other information you provide via forms, reviews, or communications
Some information is necessary to process your requests or provide services. Refusal may delay or prevent us from fulfilling your request. Please update your data if changes occur and provide only necessary data. Avoid sensitive data (political opinions, religious beliefs, sexual orientation, race, or ethnic origin).
Indirectly Collected Data
We may collect data such as your IP address, browser, operating system, or device type via cookies or similar technologies. For details, see our Cookie Policy.
We may also collect data from third parties (e.g., gift vouchers, differing billing and delivery addresses). The third party must have the right to share your data and obtain your consent where required.
How Do We Use Your Data?
Your data may be used to:
Manage orders and reservations
Send personalised content and communications
Manage subscriptions and inquiries
Operate our websites and apps
Improve products, services, and reputation
Secure transactions and prevent fraud
Send generic newsletters (opt-out available)
Personalise ads and offers
Analytical Purposes
Analyse brand performance on third-party websites and social media
Study preferences and habits to anticipate your needs
Provide a personalised experience via email, postal mail, SMS, or calls
We may also use profiling or fully automated decision-making to predict behaviour. Article 22 GDPR grants you the right not to be subject to decisions producing legal or similarly significant effects without human involvement.
Rights in Automated Decisions
Transparency: Request from our DPO (musiam.business@musiam-paris.com) the list of automated processing and underlying logic
Human intervention: Request review, explanation, or challenge of decisions
Legal Basis
Processing is based on:
Consent: e.g., personalised marketing, cookies, consumer profiling
Contract performance: e.g., order processing, account access, loyalty programme
Legal obligation: e.g., invoice retention
Legitimate interest: e.g., improving products/services, securing systems
HOW LONG DO WE RETAIN YOUR DATA?
The length of time we retain your personal data depends on the purpose for which it is processed. The retention periods are as follows:
Customer (holding an account on our digital platforms or having purchased in-store) – 5 years from the date of the last purchase interaction.
Prospect (e.g. subscribed to a newsletter without having made a purchase) – 3 years from the date the data was collected. This retention period may be renewed with any consent given during the retention period or upon any interaction with Musiam Paris (such as newsletter subscription or participation in a prize draw).
At the end of the retention periods set out above, your personal data will either be deleted or anonymised so that you can no longer be identified (with the exception of data that must be retained to meet legal and/or regulatory obligations – e.g. transactions, complaints, or disputes).
WHO CAN ACCESS YOUR DATA?
Your data is intended solely for the Musiam Paris departments concerned with handling your requests. We take great care to ensure that only authorised individuals, and only where necessary for the purposes described above, may access your personal data.
We do not share your data with third parties for commercial purposes.
We only disclose your information when necessary, and wherever possible in a form that does not allow you to be directly identified, to:
Other Musiam Paris entities where you may purchase our products, in order to provide you with an optimal and consistent customer experience.
Trusted third-party providers, including other Musiam Paris entities, acting as processors on our behalf and under our instructions only. For example, we may share your personal data with third parties responsible for delivering your products, or those assisting us with customer relationship management and customer service.
Trusted third-party partners who help us process your orders. In particular, we entrust services to third parties handling product delivery, payment processing, and fraud-prevention transaction security. Please note that such partners may act as independent data controllers, in which case they have their own privacy policies.
Third parties seeking to identify audiences with interests similar to yours, so they can build lookalike audiences and target prospects with comparable profiles. In this specific context, we are not the controller for such prospecting, and you will not be directly targeted; your data will only be used to establish anonymised audience profiles.
Examples of our third-party partners include:
The Fork (privacy policy available here)
Facebook (privacy policy available here)
Google (privacy policy available here)
Instagram (privacy policy available here)
Public authorities, in the exercise of their official functions or where necessary for the establishment, exercise, or defence of legal claims.
You may also choose to disclose your personal data directly to our partners, advertisers, or affiliates by following links to and from their websites. Please note that those websites are subject to their own privacy policies.
HOW DO WE PROTECT AND SAFEGUARD YOUR DATA?
Musiam Paris attaches the utmost importance to the security and confidentiality of your data. We implement all necessary and appropriate measures to ensure that your data is not altered, damaged, destroyed, or accessed by unauthorised third parties.
All our partners, as well as Musiam Paris entities, are required to maintain protection levels equivalent to our own with respect to your personal data. Given that risks and threats continually evolve, protective and security measures are regularly updated in compliance with applicable laws and regulations in the countries where we operate.
HOW DO WE HANDLE CROSS-BORDER DATA FLOWS?
Please be aware that data protection and security requirements differ from one country to another and may not offer the same level of protection as in your country of origin. Since some of your data may be collected, accessed, or stored outside your country of residence, Musiam Paris ensures that the necessary safeguards are in place to protect your data, by applying mechanisms approved by the European Commission and/or national data protection authorities.
In this regard:
SRMLC and all Musiam Paris entities have entered into a Personal Data Processing and Transfer Agreement.
HOW ARE CONSUMER PREFERENCES AND INDIVIDUAL RIGHTS HANDLED?
Musiam Paris ensures compliance with best practices in data protection and security as described in this document. This includes respecting the rights granted under the EU General Data Protection Regulation (GDPR) 2016/679 for residents of the European Union/European Economic Area.
Under the GDPR, you have the following rights:
Right to information: to obtain clear, transparent, and understandable information on how we use your personal data and on your rights.
Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
Right of access (Article 15): to access the personal data held about you by Musiam Paris.
Right to rectification (Article 16): to correct or update your personal data at any time if it is incomplete or outdated.
Right to erasure / right to be forgotten (Article 17): subject to any legal grounds or our legitimate interest in retaining your data, you may request that your data be erased.
Right to data portability (Article 20): to move, copy, or transfer your data from our database to another, provided the processing is based on your consent or a contract and is carried out by automated means.
Right to object (Article 21): to object at any time to receiving communications about our offers, news, and events. You may use the unsubscribe link provided in each email or request to receive only non-personalised communications.
Post-mortem directives: you or your legally designated representative may also provide specific or general instructions regarding the retention, deletion, and communication of your data after your death, in accordance with the French Digital Republic Act.
Musiam Paris has adopted practices to avoid collecting or storing information about children under the age of 18 in accordance with the law. If we become aware that we have inadvertently collected such data, we will delete it immediately, except where necessary to respond to a one-off query or request from the child, their parent, or legal guardian.
HOW TO CONTACT US
Please contact us using the details below if you wish to exercise your rights or if you have any questions or complaints regarding the processing of your personal data:
Email: musiam.business@musiam-paris.com
Post:
Musiam Paris
83 rue de Monceau
75008 Paris
France
You also have the right to lodge a complaint with the CNIL, the French Data Protection Authority, using the contact details below:
Commission Nationale de l’Informatique et des Libertés – CNIL
3 Place de Fontenoy
TSA 80715 – 75334 Paris, Cedex 07
Tel. +33 1 53 73 22 22
Fax +33 1 53 73 22 00
Website: www.cnil.fr