The personal data controller is:

The Paris Opera
120 rue de Lyon
75576 PARIS Cedex 12.

The Paris Opera has appointed a Data Protection Officer (DPO) whose contact details are as follows:

AESATIS
Bernadette LEROY
79 bis, avenue de l'Europe
13127 Vitrolles
France    

The Paris Opera may collect and process some or all of the following data:

Personal data

• Email address (User ID)
• Password
• Title
• First name
• Last name
• Date of birth
• Preferred language
• Postal addresses
• Telephone numbers
• Credit Card Number (Encrypted)
• Bank details (IBAN)
• Claims
• IP address
• Disability type
• Photo ID

Other data

• Order history
• Browsing data on the website

• Newsletter subscription

When you create an account or place an order, you may choose to register as an individual or as a professional.

If you register as a professional, you will be asked for additional information, some of which is mandatory and allows you to activate all the associated features.

• Name of the organisation or company name
• Type of organisation
• Number of employees
• Position within the organisation

The data comes from the recording of information:

• Entered when creating an account on one of the Paris Opera's digital platforms (website, Aria, POP streaming platform, etc.).
• Entered when placing an order or a request for any type of service (shows, visits, online videos, waiting lists, etc.) online, by telephone, by mail or at our theatre box offices of our theatres.
• Entered when subscribing to a newsletter
• Entered when taking part in a competition on the Opera website
• Captured in connection with the use of a photo booth installed in our theatres
• Collected automatically via Piano Analytics or Imagino Tags, when you use the website
• Collected on the websites of official Opera service providers
• Entered when connecting to public Wifi in our theatres

Online, the mandatory nature of the data is indicated by an asterisk at the time it is collected.

• First and last names are mandatory for generating tickets, for issuing sales summaries and for identifying the beneficiaries of commercial offers,in particular those based on the age of the persons.
• The e-mail address is mandatory for the creation of the online account (login), as well as for the reception of the newsletter and access to electronic tickets
• The postal address is mandatory for the receipt of loyalty cards and physical tickets (non-electronic).

Some data may be processed automatically, in particular for:

• Eligibility for promotions or certain benefits
• Personalization of the online personal space

The data processing concerns:

• Any person who has created an online account on one of the Paris Opera's digital platforms (website, Aria, POP streaming platform, etc.).
  
  The person guarantees to be at least 15 years old when the account is created.

• Any person who has made a purchase on the Paris Opera website, by telephone, by mail or at the box offices of the Paris Opera's theatres.

Processing of personal data is intended for the following purposes:

• Management of relations with spectators, visitors and customers, which may include telephone calls
• Management of customer files, which includes technical operations such as uniformisation, enrichment and de-duplication
• Order management and after-sales service
• Management of payments, refunds and credit notes
• Issue and availability of tickets
• Waiting list management (seat availability alerts)
• Creation of online accounts and management of their access
• Sending order-related information: performance cancellation, change of time, change of programme or cast, closure of the theatre, practical information about visiting our theatres etc.
• Sponsorship management
• Management of unsettled ticket payments and litigation
• Management of claims
• Sending out a satisfaction survey after the show and visit
• Sending communications/requests relating to the philanthropic projects of the Association pour le Rayonnement de l'Opéra de Paris (AROP)

• The sending of documents (brochures, subscriber or membership cards.)
• The sending of communications relating to programming such as the announcement of future events in connection with your order or browsing history.
• The sending of newsletters
• The creation and sending of promotional or loyalty offers. In this context, your data may be subject to automated processing or profiling in order to provide you with personalised benefits.
• The promotion of related products in connection with your order: programmes, catering, etc.
• The carrying out of surveys

• The average number of performances seen per season
• · The loyalty rate of spectators and visitors
• The average price
• The geographical origin of spectators and visitors
• Age of spectators and visitors

In this context, your data may be subject to automated processing or profiling in order for you to benefit from personalised advantages and personalised content on the website and the application.

The data processing carried out by the Paris Opera is based on the following articles of the General Data Protection Regulation (GDPR):

• 6.1.a (consent) for marketing purposes
• 6.1.b (necessary for fulfilling a contract) for purposes relating to the processing and tracking of orders
• 6.1.e (mission of public interest) for statistical purposes related to the public survey mission on behalf of the Ministry of Culture

The personal data collected is destined:

• Spectator experience
• Marketing
• Press
• Protocol
• Communication
• Academy
• Accounting agency

• AROP: association for the promotion of the Paris Opera (sponsorship)
• Le Cercle Carpeaux: association supporting choreographic and lyrical art at the Paris Opera
• SecuTix: provider of the Paris Opera's IT ticketing solution
• WorldLine: credit card payment provider
• KPC: provider of the Imagino marketing platform
• Imagino: publisher of the Paris Opera's marketing solution
• Konecta: call centre operator
• SPB, WAKAM et AVI : cancellation insurance providers
• Common Cents: service provider in charge of collecting donations
• Cultival: service provider in charge of tours of the Palais Garnier
• Arteum Services: service provider in charge of managing the theatres' shops and the online shop
• Mazarine: service provider in charge of developing the Paris Opera website and the Aria application
• Typeform: company specialising in the creation of online forms and surveys
• SOFAG: company responsible for routing services (brochures, cards, etc.)
• Fastory : company specialising in the creation of online competitions

(list as of October 2025, subject to change)

Personal data may be transmitted to SecuTix, a company established in Switzerland, which maintains and hosts the ticketing solution and acts as a subcontractor on behalf of the Paris Opera

The adequacy of personal data protection in Switzerland was recognised by Commission Decision No. 2000/518/EC of 26 July 2000.

Personal data is kept for the time required to manage the commercial relationship and to compile statistics, intended in particular for the Ministry of Culture.

Personal data relating to bank cards is kept encrypted for 18 months by our payment service provider, WorldLine, in particular with the aim of facilitating reimbursements by crediting the bank card used for the purchase.

After identification on www.operadeparis.fr, you have the possibility of deleting your account, in the "My details" section. By choosing to delete your account, no claim can be made in case of loss or non-receipt of your tickets.

The Paris Opera has implemented technical and logistical measures to guarantee the protection of your data, and in particular:

Your data is stored:

• on the Paris Opera's internal servers located in France
• on the servers of the service provider Secutix SA, based in Switzerland, and using the OCI services of the Oracle group whose secure data warehouses are located in Germany. This service provider is contractually bound to comply strictly with the General Data Protection Regulation (GDPR) and in particular to implement everything necessary to secure and protect your data.

To secure your data, the Paris Opera and SecuTix SA, which guarantees to meet the requirements and to have obtained the certificates of compliance with the ISO/IEC 27001:2013 and PCI DSS v3.2 standards, take all the necessary technical and operational measures, in particular access controls, the use of firewalls and current anti-virus software, SSL encryption and log files during manual changes to the databases. The monetary aspect (credit card transactions) is PCI DSS certified and audited once a year.

Passwords used by the Paris Opera and SecuTix SA must meet complexity requirements to be valid.

Physical access to data warehouses is strictly controlled by codes, tracking, alarms, badges and video surveillance.

You may exercise your rights with the Data Protection Officer (DPO) and lodge a complaint, if necessary, with the Commission Nationale de l'Informatique et des Libertés (CNIL).

Identification will be required to exercise these rights. This identity document is:

•  immediately deleted in the event that the Data Protection Officer is not legally competent or if the properly addressed request to the Officer did not require the transmission of an identity document;
• deleted 1 year after receipt of the request in other cases.

Under this procedure, data are kept for the calendar year of the request, plus five years.

The Paris Opera's Data Protection Officer (DPO) is your contact for any request to exercise your rights.

You may contact him/her:

You have the following rights in particular:

• A right to information (articles 13 and 14 of the RGPD): you may exercise your right to information in order to know what personal data is processed by the Opera, for whom this information is intended, what are the purposes of the processing, how long your data is kept and what are your rights.
• A right of access (article 15 of the GDPR): you may exercise your right of access to obtain the personal data concerning you. In this case, you may be asked to provide proof of identity in order to verify its accuracy.
• A right of rectification (article 16 of the RGPD): if the personal data held is inaccurate, you may request that your information be updated.
• A right to deletion or "right to be forgotten" (Article 17 of the GDPR): you can request the deletion of your personal data.
• A right to processing restrictions (Article 18 of the GDPR): you have the right to request to restrict the processing of your personal data in accordance with the assumptions set out in Article 18 of the GDPR and to provide instructions on what to do with your data in the event of your death
• A right to data portability (article 20 of the GDPR): you may ask the Paris Opera to return your data to you for transmission to a third party.
• A right to object (article 21 of the RGPD): you may object to your data being processed in accordance with the conditions set out in article 21 of the RGPD.

You have the right to make a complaint to the Commission Nationale de l'Informatique et des Libertés (CNIL), in particular:

• If you believe, after contacting the DPO, that your rights regarding your data are not respected
• In the event of a violation of rights noted in the processing of your personal data