Data Protection Policy

In compliance with that established in Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (the General Data Protection Regulation, GDPR), and in Organic Law 3/2018, of 5 December, on Personal Data Protection and the Guarantee of Digital Rights (LOPDPGDD), listed below is information related to the processing of this data.

This data protection policy may be amended to adapt to the activities and services of the Museo Reina Sofía, in addition to the existing regulations. We remind you that it is your responsibility to check this periodically.

The responsible party

Museo Nacional Centro de Arte Reina Sofía
Calle Santa Isabel, 52
28012, Madrid (Spain)
+34 91 774 1000

Data Protection Officer

Museo Nacional Centro de Arte Reina Sofía
Data Protection Officer
Calle Santa Isabel, 52
28012, Madrid (Spain)
+34 91 774 1000

Data processing aims

Your data will be processed for the following purposes:

  • To manage to Museo's services and activities
  • To send out information on the Museo Reina Sofía and to draw up profiles to improve the quality of the Museo’s service

Personal data will be processed exclusively for the aforementioned purposes and shall be kept until the interested party requests the withdrawal of this information. Under such circumstances, the said information will only be kept for the possible formulation, exercise or defence of claims, or, if applicable, on compelling legitimate grounds. Under no circumstances will this information be subsequently processed in a way that is incompatible with these aims.  


Internationally, the Museo Reina Sofía is a reference point and one of the foremost institutions, with aims and objectives that include promoting knowledge of and public access to modern and contemporary art in its different forms, thereby fostering the social communication of visual arts, photography, audiovisuals, live performance and design. Equally, it is entrusted with the mission of promoting access to its collections and activities for Spanish and overseas visitors alike, encouraging the knowledge, dissemination and communication of works of art. 

Below are the legal grounds for the personal data processing carried out by the Museo in the fulfilment of its aims and objectives, according to the type of data processing:

  • GDPR: 6.1.a) The data subject has given consent to the processing of his or her personal data for one or more specific reasons
  • GDPR: 6.1.b) Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • GDPR: 6.1.e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authorities vested in the controller

In all notifications, the Museo Reina Sofía offers you the chance to cancel the corresponding service and withdraw your personal data. 

Your data must be processed in order to benefit from the following services and activities offered by the Museo. These include:

  • Requesting a Library Card for accessing and using the Library and Documentation Centre and other facilities
  • Booking and ticket purchase services
  • Using the Museo’s Wi-Fi network
  • Subscribing online to the Museo’s newsletters
  • Submitting positive feedback, suggestions and complaints

Recipients and international transfers

Data will not be disclosed to third parties, except under legally established circumstances. Data will only be handled by third parties in charge of processing data in order to maintain and ensure the proper operation of the Museo's activities and services. The legitimacy of data processed by these companies is related to the execution of the commissioned contract entered into with the Museo, in accordance with Article 28 of the General Data Protection Regulation.  

The Museo Nacional Centro de Arte Reina Sofía hires its data management structure according to the cloud computing model through the company Salesforce EMEA Ltd., and pursuant to the EU-U.S. Privacy Shield Framework. Further information is available at: The Museo can hire services from other European suppliers, and other non-EU suppliers provided they are pursuant to the EU-U.S. Privacy Shield Framework.

Rights of the interested parties 

The personal data provided by the interested party is correct and accurate, and the interested party must provide notification of any change or modification to the said data. Any loss of damage to the Museo by third parties through incorrect, inaccurate or incomplete information will be the sole responsibility of the interested party. 

You can exercise the following rights at all times, in accordance with that stipulated in the GDPR:

  • The right to request the access to your personal data and all information related to the data processed
  • The right to request the rectification of your personal data
  • The right to request the withdrawal of your personal data
  • The right to request the restrictions to the processing of your data
  • The right to oppose the processing of your personal data
  • The right to transfer your personal data
  • The right to withdraw consent, at all times, without any effect on the legality of data processing based on the consent prior to its removal

With regard to any of the circumstances mentioned above, the Museo will access the data at the owner’s request, and will only conserve data for the sole purpose of formulating, exercising or defending complaints, or, if applicable, for imperative legal reasons.

If you wish to exercise your rights or require information to process the corresponding procedure, please submit a written request, either to or by post, for the attention of the Data Protection Officer and enclosing a copy of a valid form of ID, to: Museo Nacional Centro de Arte Reina Sofía, C/ Santa Isabel, 52. Madrid 28012, Spain.

To exercise your rights, please attach a copy of your ID document.

Additionally, any claims must be made to the Spanish Data Protection Agency via their electronic office: