Vatican Tickets Privacy Policy


, with Tax ID No. , registered at Calle Balmes nº 32, Principal 2ª, C.P. 08007, Barcelona (Spain) and registered at the Companies House of (Barcelona) under Volume 47314, Page 29 (hereinafter, the “Owner”), is responsible for the processing of data that is collected or generated as a result of access, use and navigation by users of (hereinafter, the “User” or “Users” and the “Website” or the “Web” respectively).

The Owner hereby informs the Users of the Website through this privacy policy (hereinafter, the “Privacy Policy“) about the treatment and protection of their personal data that may be collected through their browsing or contracting of services on the Website. The use of this Website by the User implies their acceptance of this Privacy Policy.


By visiting and browsing this Website, data is not automatically recorded which allows Users to be identified by name. However, certain information is collected and recorded in the Owner’s systems (e.g., type of Internet browser, operating system, IP address from which the Website is accessed) in order to improve the User’s browsing and the management of the Website itself. Likewise, the Website may use cookies and similar technologies whose use is subject to the consent of the Users in accordance with the Cookies Policy.

Notwithstanding the foregoing, for the use of certain content or services offered on the Website, the Owner may require certain personal data from the User (e.g. name, surname, national identity card number or foreigner’s identity number, address, telephone number, mobile phone number, email address, or other data provided by the Users themselves in the open fields of the forms provided on the Website), in which case, the Owner will provide the User with the necessary information before proceeding to process their data.

In the event that the User provides data of third parties, the User declares to have the consent thereof or sufficient legitimacy and undertakes to transfer to the interested party, owner of such data, the information contained in this Privacy Policy, exempting the Owner from any liability in this regard. However, the Data Controller may carry out the necessary verifications to verify this fact, adopting the corresponding due diligence measures, in accordance with the applicable regulations on data protection.

Likewise, the User guarantees that he/she is over eighteen (18) years of age and that the data provided is true, accurate, complete, and up to date. To this effect, the User is responsible for the veracity of all the data provided and will keep the information provided suitably updated, so that it corresponds to reality.

Finally, the User shall be liable for any false or inaccurate information provided through the Website and for any damages, direct or indirect, that this may cause to the Owner or third parties.


The data requested in the forms provided on the Website are, in general, obligatory (unless otherwise specified in the required field) in order to comply with the purposes set out in section 4 below. Therefore, if said data is not provided or is not correct or truthful, the Owner will not be able to accept them.


In addition to managing requests for information and content, or providing the services expressly requested by Users or with their consent, the Owner has a legitimate interest in using the information collected or generated for all of the following:

– To manage their contact request with the Owner through the channels provided for this purpose on the Website.

– To manage the contracting of the services carried out within the framework of the Website, including the management of the payment and the remittance of the order.

– To improve the Website, its management, and security.

– To manage the sending of commercial communications regarding the Owner’s services, unless the User indicates otherwise by ticking the corresponding box, or declares their opposition to such treatment.

– To send commercial communications (offers, promotions, etc.) to the User by electronic and/or conventional means, about products and services of third-party companies with which the Owner collaborates, provided that the User consents to this by ticking the corresponding box.

– To carry out studies to analyze the relevance and use of the Website, including anonymized information.

– To deal with the requests, complaints, and incidents transferred through our contact channels incorporated on the Website.

– To understand the User’s behavior on the Website in order to detect possible computer attacks.

– To comply with the legal obligations that are directly applicable and regulate the activity of the Owner.


One of the purposes for which the Data Controller processes the personal data provided by Users is to send them electronic communications with information relating to services, promotions, offers, events, or news relevant to them. Whenever any communication of this type is made, it will be addressed solely and exclusively to those Users who have not previously expressed their refusal to receive it or who have expressly authorized it.

In order to carry out the aforementioned task, the Data Controller may analyze the data obtained in order to create User profiles that allow for a more detailed definition of the services that may be of interest to the User.

In the event that the User wishes to stop receiving commercial or promotional communications from the Owner, the cancellation of the service made be requested by clicking on the link provided for this purpose in the body of such commercial communications or by sending an email to the following email address: [email protected] and indicating their refusal to receive them, through the box provided in the data collection form or by indicating it through the unsubscribe option provided in each of the commercial communications sent.


The processing of the personal data provided by the User is carried out on the basis of the following legal bases that legitimize it:

– Users’ voluntary access to and browsing of the Website.

– The processing of data for the contracting of the services offered on the Website is necessary for the fulfillment of the contractual relationship between the User and the Owner.

– The request for information or certain content or services by Users.

– Compliance by the Owner of legal obligations.

– The legitimate interest in improving the Website and its security, as well as in carrying out studies and analyses on the operation and use of the Website.

– In the event that a User consents or if the legitimate interest of the Owner is applicable, the sending of information related to the service provided on the Website.

The data will be stored for as long as there are legal obligations arising from the services or content requested by Users and, subsequently, until the extinction of legal or contractual responsibilities that require their storage (e.g., until the extinction of the liability arising from the data protection or cybersecurity regulations). However, the Data Controller may keep the data, duly blocked, in order to comply with possible administrative or jurisdictional responsibilities.


Users of the Website may exercise the following rights at any time, under the terms established by current legislation:

– The right of access to their personal data in order to know what is being processed and the processing operations carried out with them.

– The right to rectify any inaccurate personal data.

– The right to delete their personal data, where possible.

– The right to request the restriction of the processing of your personal data where the accuracy, lawfulness, or necessity of the processing of the data is in doubt, in which case data may be retained for the exercise or defense of claims.

– The right to transfer your personal data, insofar as the legal basis that enables us to process your personal data as indicated in the table above is the contractual relationship or consent.

– The right to object to the processing of your personal data, where the legal basis for us to process your personal data is a legitimate interest. For these purposes, we will stop processing your data unless we have a compelling legitimate interest or for the formulation, exercise, or defense of claims.

– The right to revoke your consent at any time.

In order to effectively exercise these rights, the User, by writing to the following e-mail address: [email protected], must prove their identity by providing their name and surname, a photocopy of their National Identity Card or equivalent identification document that proves their identity, a request specifying the request, address for the purpose of notifications, and the date and signature of the applicant.

Likewise, the User may file a complaint before the Spanish Data Protection Agency (competent Control Authority in this matter in Spain), especially when no satisfactory action in the exercise of his/her rights has been obtained, by writing to C/ Jorge Juan, nº 6, 28001 – Madrid, or via the website:


The Owner will only use data storage and retrieval devices (“Cookies“) when the User has given prior consent to do so in accordance with what is indicated in the User’s browser pop-up window when first accessing the Website and on the other terms and conditions indicated in the Owner’s Cookies Policy.


Data will not be disclosed to third parties except, where appropriate, to competent authorities in the exercise of their functions. As an exception, the Website may use cookies from third-party companies in accordance with the Cookies Policy and the User’s consent.


The Data Controller adopts the necessary measures to guarantee the security, integrity, and confidentiality of the data in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and, were not provided for therein, by Organic Law 3/2018, of 5 December, on the Protection of Personal Data and the guarantee of digital rights, Royal Decree 1720/2007, of 21 December, approving the Regulation implementing the Organic Law on Data Protection, and Law 34/2002, of 11 July, on Information Society Services and Electronic Commerce.

Consequently, the Data Controller shall treat the User’s data at all times in an absolutely confidential manner and shall keep them secret, in accordance with the provisions of the applicable legislation, adopting for this purpose the necessary technical and organizational measures to guarantee the security of the data and prevent their alteration, loss, unauthorized processing or access, taking into account the state of the technology, the nature of the data stored and the risks to which they are exposed.


In order to ensure that the Data Controller’s data protection guidelines always comply with the legal requirements in force from time to time, the Data Controller reserves the right to make changes to this Privacy Policy in order to comply with the legal requirements applicable at any given time.

More information about Vatican Museum



Book your visit to the Vatican Museum and the Sistine Chapel. Find all the information you need for your visit… see more


Skip the line tickets

Get your Vatican Museum & Sistine Chapel tickets here! Book now your tickets and forget about standing in long lines to… see more


Vatican City

Vatican City is an independent city-state located in the heart of Rome, and is the smallest country in the world in terms of both size and… see more