Last updated: 28/03/2022

This policy indicates how ICOM (hereinafter “ICOM”, “we”, “us”, “our”), as data controller, uses and protects the personal data that you (hereinafter “you”, “your”) communicate to it when you register and use the platform AGORA (hereinafter referred to as the “Platform”).
ICOM undertakes to protect personal data and to respect privacy in accordance with the current legislation, and in particular with the provisions of the French Data Protection Act, named “Informatics and Freedom”, No. 78-17 of 6 January 1978 as amended, and of the Regulation (EU) 2016/679 of 27 April 2016, known as “GDPR”. ICOM has appointed a Data Protection Officer (DPO) to the French data protection authority (CNIL – Commission Nationale de l’Informatique et des Libertés).
ICOM may amend this Privacy Policy from time to time and will publish the amended version on the Platform. ICOM invites you to regularly check this Privacy Policy on this page for updates.

WHO COLLECTS YOUR PERSONAL INFORMATION?
Your personal data may be collected by ICOM to provide you with the services performed by and through the Platform, such as events or meetings management, notably :
– Events or meetings registration;
– Events or meetings reminder;
– Documents sharing services;
– Access to videoconference services;
– Attendance counter (quorum) and attendance certification services;
– Access to a voting platform;
– Access to a streaming platform to replay meetings or events.
Personal data collected and processed by and through the Platform is hosted within the European Union.
The Platform may host links to third-party services, including videoconference services, online vote services, streaming services. We draw your attention to the fact that the use of such services may allow the collection of personal data. To know the conditions of use of this data, we invite you to read the privacy policies of the concerned service providers, which are accessible on their websites.

WHAT DATA DO WE COLLECT?
ICOM does not collect data without warning you and only collects personal data strictly necessary for the purposes described in this Privacy Policy. To this end, ICOM collects the following information:
– During your use of the Platform (including the members’ area): only the date and time of your last visit will be collected.

– When you register to the Platform :
• Surname, first name ;
• Function/quality within ICOM;
• ICOM Membership number;
• Membership working group;
• Professional contact details : email;
– When you use the Platform :
• Surname, first name ;
• Function/quality within ICOM;
• ICOM Membership number;
• Membership working group;
• Professional contact details : email;
• Registration to events, attendance to events;
– Technical support:
• Information related to troubleshooting tickets or feedback submission regarding the Platform.
• Data related to the use of the Platform (performance monitoring, connexion and access data etc.)

WHAT DO WE USE THE COLLECTED INFORMATION FOR?
We use the information we collect about you to provide the services offered by the Platform and for the following purposes:
• To manage events and meetings organized by the ICOM: Registration to events or meetings, communication of details on the events or meetings you have registered for (date, topics, agendas, working documents, if a vote is planned or not, link to connect to videoconference and/or voting platform etc.), sending of reminders (emails) on the events or meetings you have registered for, sharing of documents in relation with the events or meetings you have registered for;
• To provide you with access to third-parties services related to ICOM’s events and meetings and to facilitate your access to such services (videoconference services, online voting platform, streaming platform);
• To measure attendance to events or meetings (quorum count);
• To respond to your requests for information and contact you to respond to your request or suggestion;
• To offer technical support ;
• To manage members’ accounts of the Agora platform;
We may use your personal data when necessary to comply with a legal or regulatory obligation.

WHO IS YOUR PERSONAL DATA DISCLOSED TO?
We limit access to your information only to those employees who need to use it. They have an obligation to protect your data and maintain confidentiality.
We may also disclose your personal data to our partners to enable us to fulfil the purposes stated in this Privacy Policy, in particular our IT service provider. In any case, our partners only receive the personal information necessary to carry out the services concerned and are in no case authorized to use this personal data in a context other than that of the service in question, or for purposes other than those for which the data was collected.
In any event, we do not transmit your personal data to third parties without your prior authorization, unless the communication of such data is required by the current regulations, in particular at the request of the judicial authority in compliance with the legal provisions.

ARE YOUR PERSONAL DATA TRANSFERRED TO THIRD COUNTRIES?
Your personal data is hosted by ICOM within the European Union.
However, your personal data may be transferred to our authorised partners and technical service suppliers which may be located outside the European Economic Area. In this case, ICOM ensures that such recipients offer an adequate level of protection concerning data protection and that appropriate safeguards are put in place, prior to any transfer.

HOW LONG DO WE KEEP PERSONAL DATA?
The information collected on the Platform is kept for a limited period of time to achieve the purposes it was collected for, and as long as you do not exercise your rights as defined below.
We may nevertheless retain some of your personal data for a longer period of time, for the sole purpose of complying with any legal obligation, or to answer any questions or complaints that may be addressed to us after you cease using the Platform.

SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
We take the security of your data very seriously and strive to protect all data collected. In particular, we strive to prevent your data from being distorted, damaged or accessed by unauthorized third parties.
Thereby, we have implemented protective measures to ensure the confidentiality, security and integrity of your data. For example, we make sure access to data is restricted to those among our employees who have been trained to observe confidentiality rules. We also commit to store your data in secure operating environments. These measures take into account the sensitivity of the data we collect, process and store and the current state of technology.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, although we make every effort to protect your personal data, we cannot control the risks associated with the operation of the Internet and we draw your attention to possible occasional data loss or breach of confidentiality for data transiting via this network. In any circumstance, we undertake to notify any violation of personal data as soon as possible and, if possible, no later than 72 hours after becoming aware of it, under the conditions set out in Articles 33 and 34 of the GDPR. Likewise, it is your responsibility to protect the security of your account, your identifier and your password.
If you think that a third party knows your password or has changed it, or if you think that a third party may have access to the e-mail address associated with your account, you are requested to inform ICOM without delay by contacting us a the following address: by post (ICOM (DPD), 15 rue Lasson, Paris (France)) or by e-mail at the following address: rgpd@icom.museum.

WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA
In accordance with the current legislation, you have the right to access, rectify and delete your personal data, as well as the right to limit the processing and the right to portability of your data.
You are also entitled to object – on legitimate grounds – to the processing of your data by ICOM, to withdraw your consent when the processing of your personal data is based on this legal basis, and to submit a claim to the French data protection authority (CNIL – Commission Nationale de l’Informatique et des Libertés).
These rights may be exercised by contacting us at the following address: by post (ICOM (DPD), 15 rue Lasson, 75012 Paris (France)) or by e-mail at the following address: rgpd@icom.museum.

WHAT ARE YOUR OBLIGATIONS?
As a user of the ICOM’s Platform, you are bound to comply with the current legislation regarding the protection of personal data. In particular, with regard to the personal information you have access to, you must refrain from any collection, any misuse, and, in general, any act likely to infringe on privacy, fundamental rights, and freedoms.

CONTACT ICOM
If you have any questions or complaints about this Privacy Policy, you can contact us online or by mail at the following address: by post (ICOM (DPD), 15 rue Lasson, 75012 Paris (France)) or by e-mail at the following address: rgpd@icom.museum.