Privacy Policy


The commitment of the Museo del Baile Flamenco is to be a reference of quality in the Spanish cultural and flamenco offer through a respectful and efficient management. At the same time, another of our main commitments is related to the protection of the information we manage, and specifically the personal data we process, both that provided by our visitors and users, as well as by the museum's own collaborators.

This management extends to compliance with current legislation, specifically the European Regulation on data protection (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC) (General Data Protection Regulation), and therefore through this data protection policy and in compliance with the aforementioned regulation we inform you of the following:

Data controller

This Privacy Policy establishes the basis on which the Museo del Baile Flamenco (hereinafter, "MBF"), in its capacity as Data Controller, with registered office at Calle Manuel Rojas Marcos, 3, 41003 Seville, and Tax Identification Code B91203166, an organisation operating in Spain, processes the personal data of its visitors and users provided through the website www.museoflamenco.com / www.museodelbaileflamenco.com (hereinafter, the Website).

For any additional information, you can make any enquiry by the following means:

Telephone: +34 954 340 311
Contact e-mail address of the Data Protection Delegate (DPD): comunicacion@museoflamenco.com.
We remind you that every time you provide us with or it is necessary for us to access any type of information that due to its characteristics allows us to identify you, such as your name and surname, e-mail, billing or delivery addresses, telephone number, type of device or debit or credit card number, etc. (hereinafter, "Personal Data"), whether to browse the same, buy our products or make use of its services or features, will be under the application of this Privacy Policy, along with the Terms of Use of the Web, as well as other referenced documents in force at all times, and you should review these texts to verify that you are in accordance with them.

This Privacy Policy and our Terms of Use may change from time to time. It is your responsibility to read them periodically, as those in force at the time of use of the Web will be applicable.

Our commitment to privacy

We respect your privacy and your choices.
We ensure that privacy and security are incorporated into all activities carried out by the MBF.
We do not send marketing communications unless you request it. If you do request it, you are entitled to change your mind at any time.
We do not offer or sell user data to third parties.
We are committed to keeping your data safe and secure, which means that we only work with reputable providers with whom we have agreed on the processing of data that they may carry out in the course of providing a service, if applicable.
Transparency data is available on our website for consultation.
We do not use your data for purposes other than those for which we have informed you.
We respect your rights and always try to accommodate your requests in accordance with our own legal responsibilities.
For more information about our privacy practices, we set out below what types of personal data we may collect, how we may use it, with whom we may share it, how we protect it, and how you can exercise your rights in respect of that data, at all times in accordance with the Privacy Policy.

Please read this information carefully. If you have any questions or concerns about your personal data, please contact us at comunicacion@museoflamenco.com.

Collection of personal data and purposes of processing

We remind you that before starting to use any of the services offered by the MBF, you should read this Policy carefully.

Failure to provide certain information indicated as obligatory may mean that it will not be possible to manage your registration as a user or the use of certain functionalities or services available through www.museodelbaileflamenco.com.

The user guarantees that the Personal Data provided are true and accurate and undertakes to notify any change or modification of the same. Any loss or damage caused to the Website, the Data Controllers or any third party through the communication of erroneous, inaccurate or incomplete information in the registration forms shall be the sole responsibility of the user.

What data is collected?

One of MBF's main objectives is to ensure the satisfaction of its visitors, to maintain relations with its collaborators and to ensure that they feel protected when they provide their data in order to operate with MBF. To this end, there are a number of ways in which you can share your personal information with the MBF.

The following aspects of personal data processing are summarised in the scripts at the end of this chapter:

Processing activity and the purpose for which the data have been collected.
Who are the data subjects of the data collection.
Categories of data collected such as identification data, employment and academic details, financial data, among others.
Basis of legitimacy. That is, the legal basis for the collection of the data, such as the fulfilment of a contract, consent of the data subject or a legal obligation.
The recipients of the communications, which are those persons or entities to whom the personal data are to be sent.
Whether international transfers of data to third countries are envisaged.
The period for deletion is regulated, by which the data collected must be deleted. Deadlines are established on the basis of the legal obligations scattered throughout the legal system depending on the subject matter.
The different data processing activities carried out by the MBF are set out below.

- Activity: Visitor services

Purpose: General management of visitor services at the MBF.
Parties concerned: Customers and users; Legal Representative
Categories of data: Data of an identifying nature: DNI/NIF, name and surname, telephone number, postal address and e-mail address.
Legitimation: Execution of an agreement, consent of the data subject. Legal representative
Recipients of communications: Not foreseen
International transfers: Not foreseen
Period of deletion: Minimum 6 years.

- Activity: Educational activities
Purpose: Management of the data of participants in the educational and cultural activities of the MBF, as well as of people who are interested in receiving information about the educational and cultural activities of the MBF.
Stakeholders: Customers and users; Legal representative.
Categories of data: Data of an identifying nature: DNI/NIF, name and surname, telephone, address, e-mail.
Legitimation: Execution of an agreement, consent of the data subject
Recipients of communications: Not foreseen
International transfers: Not foreseen
Time limit for deletion: Minimum 6 years from the date of issue.


- Activity: Web users
Purpose: Management of authorised users to access the restricted contents of the MBF website.
Parties concerned: Customers and users
Categories of data: Data of an identifying nature: DNI/NIF, name and surname, telephone, address, e-mail.
Legitimation: Execution of a contract, consent of the interested party
Recipients of communications: Not foreseen
International transfers: Not foreseen
Time limit for deletion: Cessation of the activity. At the request of the data subject.

- Activity: Access control
Purpose: Control and monitoring of security at the facilities.
Data subjects: Employees; Customers and users; Legal representative.
Data categories: Data of an identifying nature: DNI/NIF, name and surname, address, signature, image/voice.
Legitimation: Legitimate interest of the Controller in ensuring the security of the facilities, execution of a contract (employment relationship).
Recipients of communications: Security forces and law enforcement agencies
International transfers: Not foreseen
Time limit for deletion: 30 days.


- Activity: Video surveillance
Purpose: Management of the maintenance of the security of the Museo del Baile Flamenco through video surveillance systems.
Parties concerned: Employees; Customers and users; Legal representative
Data categories: Identifying data: image / voice
Legitimation: Public interest, legitimate interest of the data subject in protecting the assets of the museum.
Recipients of communications: Law enforcement agencies
International transfers: Not foreseen
Time limit for deletion: 30 days.


- Activity: Lost property
Purpose: Security and control of the collection and delivery of objects lost or forgotten in the museum.
Stakeholders: Employees; Customers and users; Legal representative
Categories of data: Data of an identifying nature: DNI/NIF, name and surname, address, telephone, fax, e-mail.
Legitimation: Execution of an agreement; legitimate interest of the museum in carrying out the identification of the owner.
Recipients of communications: Not foreseen
International transfers: Not foreseen
Time limit for deletion: 1 year.


- Activity: Newsletter users
Purpose: Provision of electronic communications services. Contains the data of the recipients of the newsletter.
Data subjects: Customers and users
Data categories: Identifying data: name and surname, address, e-mail address.
Legitimation: Consent of the interested party
Recipients of communications: Not foreseen
International transfers: Not foreseen
Period for deletion: At the request of the interested party, for as long as the service is offered.

- Activity: Advance ticket sales
Purpose: Management of data of visitors to the MBF who have obtained their tickets in advance through the on-line services or by e-mail.
Stakeholders: Customers and users
Categories of data: Data of an identifying nature: DNI/NIF, name and surname, postal address and e-mail address. Financial and insurance data: credit cards.
Legitimation: Execution of a contract
Recipients of communications: Not foreseen
International transfers: Not foreseen
Time period for deletion: Minimum 6 years from issue.

- Activity: Invitations
Purpose: Sending invitations to events organised by MBF
Parties concerned: Customers and users
Categories of data: Data of an identifying nature: name and surname, address, e-mail address.
Legitimation: Consent of the interested party
Recipients of communications: Not foreseen
International transfers: Not foreseen
Time limit for deletion: At the request of the interested party, for as long as the service is offered.
Who can access your personal data?

Your data will not be passed on to third parties, unless legally obliged to do so. Specifically, they may be communicated to the State Agency for Tax Administration and to banks and financial institutions for the collection of the services provided or products purchased, where appropriate. In case of purchase or payment, if you choose any application, website, platform, bank card, or any other online service, your data will be communicated to that platform or processed in its environment, always with maximum security.

In addition, your personal data may be processed on our behalf by our trusted third party providers. We enter into contracts with them to perform a variety of business operations on our behalf. They are only provided with the information they need to perform the service.

We always do our best to ensure that all third parties we work with maintain the security of your personal data.

International transfers

We do not envisage international transfers of data to countries outside the European Economic Area.

How long do we keep your personal data?

The retention periods are indicated in each treatment, however, in general, we only keep the Personal Data provided for the period established by the legal regulations in order to meet the needs of users or to comply with legal obligations.

To determine the data retention period of your Personal Data, we use the following criteria:

For the duration of our contractual relationship.
When contacting the Museum for an enquiry: for as long as necessary to deal with your enquiry.
Cookies that are installed on your computer: they are stored for as long as necessary to achieve their purpose and for a maximum of 365 days.
As stated above, one of the purposes of data retention is to comply with legal and regulatory obligations. Data will be deleted automatically when it is no longer required for the purpose for which it was collected, and will be automatically deleted from our systems where this is possible.

s my personal data stored securely?

The MBF is committed to storing your personal data securely, taking into account all the precautions laid down in the European Regulation and the law.

Links to third party sites

Our websites and applications may contain links to and from the websites of our partner networks and sponsors. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible for these policies. Please check these policies before you submit any personal data to these websites.

Social media and user-generated content

Some of our websites and applications allow users to submit their own content. Please remember that any content submitted to one of our social media platforms may be viewed by the public, so you should take care when providing certain personal data (for example, financial information or address details). We are not responsible for any actions taken by others if you post personal data on one of our social media platforms and we recommend that you do not share such information.

Do we use cookies?

Yes, our website uses cookies, so we make our Cookie Policy available for you to consult if you would like more information about these devices.

Your rights and options

The MBF, in compliance with the European Regulation and the Law on the Protection of Personal Data, makes it easier for users to exercise the rights set out in the respective regulations mentioned.

These rights are as follows:

Right to information: the right to obtain clear, transparent and easy to understand information about how we use your personal data and about your rights.
Right of access: the right to access the personal data we hold about the data subject.
Right of rectification: the right to have your personal data rectified where it is inaccurate or no longer valid or to have it supplemented where it is incomplete.
Right to erasure / right to be forgotten: the right to have your personal data erased or deleted.
Right to object: the right not to have the processing carried out or to have the processing cease when your consent to the processing is not necessary for a legitimate and justified reason.
Right to portability: the right to move, copy or transfer data from our database to another database. This right can only be exercised with respect to data you have provided, where the processing is based on the performance of a contract or on your consent and the processing is carried out by automated means.
Right of restriction of processing: the right to request the restriction of the processing of your data.
Any person has the right to obtain confirmation as to whether or not MBF is processing personal data concerning them and, if so, to access such data, as well as to request the rectification of inaccurate data or, where appropriate, to request their deletion when, among other reasons, the data are no longer necessary for the purposes for which they were collected and in compliance with current legislation.

In certain circumstances, data subjects may request the limitation of the processing of their data, in which case it will only be kept for the exercise or defence of claims.

In specific cases and for reasons related to their particular situation, data subjects may object to the processing of their data. The MBF will cease to process the data, except for compelling legitimate reasons or for the exercise or defence of possible claims.

The data subject also has the right to receive the personal data he or she has provided to MBF in a structured, commonly used and machine-readable format. This latter right shall be limited by the following exceptions: the data to which this right relates must have been provided by the data subject; the data must be processed by MBF by automated means (computerised means).

To exercise the aforementioned rights, you may use the forms drawn up by the Spanish Data Protection Agency or third parties. These forms must be signed electronically or be accompanied by a photocopy of the user's National Identity Card; in the case of representation, a copy of the user's National Identity Card must be attached, or the user must sign it with his or her electronic signature. The forms can be submitted in person, sent by letter or by e-mail to the contact address of the Data Protection Delegate comunicacion@museoflamenco.com.

We will reply as soon as possible, and at the latest within one month from receipt of the request. If the matter is very complex and we need more time, we will notify you and explain the reasons for this.