This store requires javascript to be enabled for some features to work correctly.

New items

Publications

Prints

Exhibitions

Discover our categories

Arts & Crafts

Collaborations

Privacy policy

Who is responsible for processing personal data?

In accordance with current regulations, we inform you that any personal data you may provide while using the website https://tienda. museothyssen.org/ (hereinafter “the Website”) will be processed as Data Controller by Fundación Colección Thyssen-Bornemisza, F.S.P (hereinafter, the “FOUNDATION”), C.I.F G-79015251, registered on March 3, 1989, in the Registry of Private Cultural Foundations of the Ministry of Education, Culture, and Sport under number 225, folio 24, with registered office at Paseo del Prado 8, 28014 Madrid, with contact email mtb@museothyssen.org and telephone number (+34) 914 203 944.

Are you required to provide personal data?

Visiting the website does not imply that the user is required to provide any information about themselves. However, the use of some of the services available on the website depends on the completion of personal information forms.

The data requested in the various forms on the website is necessary to provide the requested services. Refusal to provide the data indicated as necessary may make it impossible to provide these services adequately. Likewise, you may provide data voluntarily in order to ensure that these services are provided optimally.

Similarly, certain features of the website depend on you authorizing the processing of your personal data.

For what purpose will the FOUNDATION process the user's personal data and for how long?

The personal data you provide for the provision of the various services made available through the Website will be processed by the FOUNDATION for the following purposes:

● To create and manage a user account in the store and to manage the orders you place in it, including shipping, payment, and billing. In this case, the processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures (Article 6.1.b of the GDPR).

● If you request information through the contact forms, we will use your data to respond to your request and provide you with the information or resolve the issues raised based on your consent (Article 6.1.a of the GDPR).

● When you give your consent (Article 6.1.a of the GDPR) to receive information about products, activities, campaigns, news, and promotions carried out by the Museum and its Shop, including tracking your interactions with such communications and profiling based on your interests.

Likewise, we inform you that certain features of the website depend on the use of COOKIES. Such processing will be carried out in the legitimate interest of the FOUNDATION (Article 6.1.f of the GDPR) in the proper functioning of the website when it comes to strictly necessary technical cookies and with your consent (Article 6.1.a of the GDPR) for all other cookies. You may withdraw this consent at any time without affecting the lawfulness of the processing carried out prior to its withdrawal. You can obtain more information about the cookies used in the Cookies Policy.

For how long will the FOUNDATION process personal data?

User data will be kept for as long as necessary to provide the requested services and, once this service has been provided, your data will be kept for the legally required periods for any liabilities arising from the service provided.

Data relating to requests for information will only be kept for the time necessary to process and respond to the query made.

In the case of processing necessary for sending information about products, activities, campaigns, news, and promotions, including the monitoring of such communications and profiling, the data will be processed indefinitely, unless the data subject requests its deletion or withdraws their consent.

What categories of user data will the FOUNDATION process? FOUNDATION?

The personal data required to provide the various services available on the Website will be those provided on the corresponding form provided for this purpose.

To which recipients will the user's data be communicated?

The personal data provided by the user will not be disclosed to third parties, unless this is necessary for the provision of the requested services or when the user has expressly agreed to its disclosure. In both cases, the user will be duly informed of this possibility before proceeding with the disclosure of their personal data.

What is the user's responsibility?

The user shall be responsible for ensuring that the data provided to the FOUNDATION is true, accurate, complete, and up to date. To this end, the user shall be responsible for the accuracy of all data provided and shall keep the information provided duly updated so that it reflects their actual situation.

Likewise, they shall be responsible for any false or inaccurate information provided through the Website and for any direct or indirect damages this may cause to the FOUNDATION or to third parties.

If the user provides data from third parties, they declare that they have a legitimate basis for doing so and undertake to pass on the information contained in this privacy policy to them, exempting the FOUNDATION from any liability in this regard. The FOUNDATION reserves the right to take any action it deems necessary to verify the above, carrying out the appropriate measures in accordance with data protection regulations.

What rights does the user have?

You may exercise your rights of access, rectification, deletion and portability of your data, restriction of processing and objection to its processing, as well as the right not to be subject to decisions based solely on the automated processing of your data, where appropriate, before the Fundación Colección Thyssen-Bornemisza, F.S.P., Paseo del Prado No. 8, - Madrid or to the email address rgpd@museothyssen.org. Likewise, you have the right to file a complaint with the corresponding supervisory authority.

Is data processing secure?

The FOUNDATION is committed to storing your personal data securely, taking into account all the precautions established by the GDPR and the Law.

Contracting with third parties that handle personal data requires the signing of confidentiality clauses when processing said data.

In order to guarantee the security of personal data, the FOUNDATION follows the principles established by the National Security Scheme (ENS), regulated by Royal Decree 3/2010, of January 8, which determines the security policy to be applied in the use of electronic media.

The Foundation's websites and digital applications may contain links to and from the websites of our partner networks and sponsors. If you follow a link to any of these websites, please note that they have their own privacy policies and that the Foundation is not responsible for them or for any incidents that may occur as a result of using third-party websites. Please check the policies of each website before submitting or publishing personal data.

Can the privacy policy change?

The Foundation reserves the right to modify this Privacy Policy to adapt it to any new legislation.

Last update: September 2024