Privacy Policy - ICOM DEMHIST

LEGAL NOTICE

This website is the property of ICOM, a non-profit organisation governed by French law, with its registered office located at 15, rue Lasson, 75012 Paris, France, and registered under SIREN number 784617813.

Website design, development and hosting: Newp, 81 Route Porte Fâche, 16100 Boutiers St Trojan, telephone number: 0676924042

Publishing director: Antonio Rodríguez, President of ICOM

ICOM email address: secretariat@icom.museum

ICOM telephone number: +33 1 47 34 05 00

PRIVACY POLICY

Last updated: June 2026

The purpose of this privacy policy is to inform users of the ICOM website and members of the association (hereinafter ‘you’, ‘your’, ‘yours’) about how their personal data is collected, used and protected by ICOM (hereinafter ‘ICOM’, ‘we’, ‘our’, ‘us’).

ICOM attaches particular importance to the protection of personal data and is committed to processing such data in accordance with applicable regulations, in particular:

Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR);
Law No. 78-17 of 6 January 1978, as amended, on information technology, data files and civil liberties.

This privacy policy may be amended at any time to take account of legal, regulatory or technical developments. Any amendments will be published on this page. We encourage you to review it regularly.

DATA CONTROLLER

The data controller is:

ICOM
15, rue Lasson
75012 Paris, France

If you have any questions regarding the protection of personal data, you can contact the Data Protection Officer (DPO) at the following address: rgpd@icom.museum

IN WHAT CIRCUMSTANCES DOES ICOM COLLECT YOUR DATA?

Your personal data may be collected when:

you visit the ICOM website;
you join the association or apply for membership;
you use the members’ area of the website, where applicable;
you subscribe to the newsletter;
you take part in an activity or event organised by ICOM (statutory meetings, the General Conference, webinars, workshops, online or in-person meetings, etc.);
you contact ICOM via the contact form or by email;
you submit an application or a proposal to contribute to the association’s activities.

Your personal data may also be collected via the National and International Committees of which you are a member.

Furthermore, when ICOM organises its annual meetings, its General Conference, in accordance with its statutory and regulatory framework, or any other event related to its activities, the personal data collected as part of your membership may be used for the purposes of organising and managing these events.

WHAT PERSONAL DATA DO WE COLLECT?

ICOM does not collect any personal data without your knowledge and collects only the data strictly necessary for the purposes described in this policy.

The categories of data that may be collected are as follows:

Browsing data:

Generally speaking, you can browse the ICOM website without providing any personal information.
However, certain technical data may be collected automatically for the purposes of the website’s operation and security, in particular:

IP address;
browser type;
operating system;
pages viewed;
date and time of connection;
referring website.

Member data:

As part of membership management, ICOM may collect:

surname and first name;
title and role;
date of birth;
personal contact details (address, telephone number, email, fax);
work contact details (organisation, address, telephone number, email);
membership number;
affiliated committee(s);
membership category (individual, institutional, student, honorary, supporting).

Data relating to contributors:

When you take part in the association’s activities (as an expert, author, translator, graphic designer, etc.), the following data may be collected:

surname and first name;
professional contact details;
role or position;
nature of the contribution.

Data relating to applications:

When applying for a role, the following data may be collected:

curriculum vitae;
cover letter;
interview reports;
copy of an identity document and/or residence permit, where applicable.

Data collected when subscribing to the newsletter:

email address.

Data collected when using the contact form:

surname and first name;
email address;
membership number (optional);
date and content of your enquiry;
any personal information you choose to provide to us.

PURPOSES AND LEGAL BASES FOR DATA PROCESSING

Personal data is processed for the following purposes:

Purpose	Legal basis	Retention period
To respond to your requests for information	ICOM’s legitimate interest	The time required to process the request
To facilitate navigation on the website, remember your personal online user profile and monitor website traffic (cookies and trackers)	ICOM’s legitimate interest	Maximum 13 months
Managing newsletter subscriptions	Consent of the data subject	Until you unsubscribe or exercise your right to object
To keep you informed about ICOM’s activities	ICOM’s legitimate interest	3 years from the date of the last contact
Processing applications	Consent of the data subject	Up to 2 years after receipt of the application
Managing contributions to the association’s activities	ICOM’s legitimate interest	The time required to carry out the activity, followed by archiving in accordance with regulations
Managing memberships and areas reserved for members	Performance of the membership contract	For the duration of the membership, followed by archiving as required by law
Ensuring the smooth running of the association	Compliance with ICOM’s legal, statutory and regulatory obligations	For the duration of the membership and thereafter for statutory retention periods
Organising, managing and monitoring ICOM events	Performance of the membership contract and ICOM’s legitimate interest	For the duration necessary to organise the event, followed by archiving in accordance with regulations
Communicating about ICOM’s activities and events	ICOM’s legitimate interest	For the period necessary to organise the event, followed by archiving in accordance with the regulations, prior to any subsequent retrieval from the archive for commemorative purposes

We may also process certain data where this is necessary to comply with a legal or regulatory obligation.

RECIPIENTS OF THE DATA

Personal data is accessible only to:

the ICOM Secretariat;
members of the association holding a position that requires access to this data.

These individuals are bound by a duty of confidentiality.

Your data may also be passed on to technical service providers involved in the operation of the website and IT systems. These service providers act solely on the instructions of ICOM and are required to ensure the security and confidentiality of the data.

As part of your membership, certain data may be passed on to the contact points of ICOM’s National and International Committees in order to enable:

the exercise of voting rights;
the receipt of communications from the relevant Committee.

Apart from these cases, your personal data will not be disclosed to third parties without your prior consent, except where required by law, in particular at the request of the judicial authorities.

DATA HOSTING AND TRANSFERS OUTSIDE THE EUROPEAN UNION

The personal data processed by ICOM is mainly hosted within the European Union.

However, in the context of the association’s international activities, certain data may be transferred to third countries.

Where such transfers take place, they are carried out in accordance with the provisions of the GDPR.

DATA RETENTION PERIOD

Personal data is retained for a period not exceeding that necessary for the purposes for which it was collected. The retention period depends, in particular, on the purpose of the processing, the nature of the data concerned, and the applicable legal or regulatory obligations.

For guidance:

data relating to requests for information: for the duration of the processing of the request;
data relating to job applications: up to 2 years after receipt;
data relating to communications: 3 years from the date of the last contact;
data relating to membership: for the duration of the membership, followed by archiving in accordance with legal obligations;
browsing data and cookies: for a maximum period of 13 months.

Certain data may be retained for longer for archiving purposes or to enable ICOM to meet any legal obligations or respond to any claims.

DATA SECURITY

ICOM takes the security of your data very seriously and we strive to protect all data collected. To this end, ICOM implements appropriate technical and organisational measures to ensure the integrity, security and confidentiality of personal data.

These measures are designed, in particular, to prevent unauthorised access, loss, alteration or disclosure of data.

For example, ICOM ensures that access to data is restricted to its employees who have been trained in compliance with confidentiality rules. ICOM is also committed to storing your data in secure operational environments. These measures take into account the sensitivity of the data we collect, process and store, as well as the current state of technology.

However, no data transmission over the internet or electronic storage system can be guaranteed to be completely secure. Despite the precautions taken, a residual risk remains.

In the event of a personal data breach, ICOM will notify the CNIL and, where applicable, the data subjects in accordance with Articles 33 and 34 of the GDPR.

It is also your responsibility to ensure the confidentiality of your login details and passwords.

If you believe that a third party knows your password or has altered it, or if you believe that a third party may have access to the email address associated with your account, please inform ICOM without delay by contacting our Data Protection Officer (DPO) by post: ICOM (DPO) 15, rue Lasson 75012 Paris (France) or by email at the following address: rgpd@icom.museum.

YOUR RIGHTS

In accordance with the applicable regulations, you have the following rights:

right to access your personal data;
right to rectification;
right to erasure;
right to restriction of processing;
right to data portability;
right to object to processing on legitimate grounds;
right to withdraw your consent where this forms the legal basis for the processing.

You also have the right to lodge a complaint with the CNIL.

You can exercise these rights by contacting ICOM’s Data Protection Officer (DPO):

ICOM – Data Protection Officer (DPO)
15, rue Lasson,
75012 Paris, France

Or by email at the following address: rgpd@icom.museum

No requests to exercise these rights will be processed over the telephone.

USERS’ OBLIGATIONS

As a user of ICOM’s services, you undertake to comply with the applicable regulations on the protection of personal data.
In particular, you must refrain from any collection, misuse or unauthorised processing of personal data to which you may have access via ICOM’s services.

CHANGES TO THE PRIVACY POLICY

ICOM may amend this privacy policy to reflect changes in regulations or its practices.
The most recent version is available at all times on the association’s website.

COOKIES AND TRACKERS

When you visit the ICOM website, cookies and other trackers may be stored on your device (computer, tablet or smartphone).
A cookie is a text file stored on your device which, amongst other things, enables your device to be recognised during subsequent visits.

The cookies used on this website serve various purposes:

to ensure the website functions properly and to provide access to certain features,
to measure audience figures in order to analyse visitor numbers and improve the services offered, or
to enable content to be shared on social media, which may result in data being collected by the relevant platforms.

ICOM uses the Matomo analytics tool, which complies with the GDPR and is recommended by the CNIL, to track website traffic and produce anonymised statistics. On your first visit, an information banner allows you to accept or refuse the use of certain cookies. You can also configure your browser to refuse all or some cookies.

Cookies and other trackers are retained for a maximum period of thirteen (13) months, in accordance with the CNIL’s recommendations.

LINKS TO THIRD-PARTY WEBSITES

The ICOM website may contain links to websites operated by third parties.
ICOM cannot be held responsible for the data protection practices of these websites. We encourage you to consult the privacy policies of these websites before providing them with your data.

MEMBERS AND USERS LOCATED OUTSIDE THE EUROPEAN UNION

As ICOM is an international organisation, some members, partners or users of the website may be located outside the European Union.

In this context, certain personal data may be transferred to third countries in connection with:

membership management;
participation in the activities of national or international committees;
the organisation of international events or projects.

Where such transfers take place, ICOM ensures that they are carried out in accordance with the requirements of the GDPR, in particular:

where they are necessary for the performance of the contractual relationship between the member and the association;
where appropriate safeguards are in place; or
where the conditions laid down by European regulations are met.

ACCURACY OF DATA

Users and members undertake to provide accurate information and to inform ICOM of any changes to their personal data.
ICOM cannot be held liable for any inaccurate information provided by the user.

CONTACT AND COMPLAINTS

For any queries regarding the protection of your personal data or to exercise your rights, you may contact ICOM’s Data Protection Officer (DPO):

ICOM – Data Protection Officer (DPO)
15, rue Lasson
75012 Paris, France
Email: rgpd@icom.museum

If you feel that your rights have not been respected, you may lodge a complaint with the relevant supervisory authority:

French Data Protection Authority (CNIL)
Website: www.cnil.fr