Personal Data Protection Policy. The purpose of the Personal Data Protection Policy is to inform individuals, service users, employees and other persons (hereinafter referred to as "the individual") who interact with the Minoriti Cultural Quarter, an operating unit of the Maribor Puppet Theatre (hereinafter referred to as "the organisation"), about the purposes and legal bases, security measures and the rights of individuals with regard to the processing of personal data carried out by our organisation.
We value your privacy, so we always protect your data carefully.
We process your personal data in accordance with European legislation (Regulation (EU) 2016/697 on the protection of individuals with regard to the processing of personal data and on the movement of such data ("General Regulation")) and the applicable legislation in the field of personal data protection (Personal Data Protection Act (ZVOP-1, Official Gazette of the Republic of Slovenia, No. 94/07)) and other legislation that provides us with a legal basis for processing personal data.
The Personal Data Protection Policy contains information for individuals on how our organisation, as the controller, processes the personal data it receives from an individual on the basis of the legal grounds described below.
The controller of personal data is the organisation:
Maribor Puppet Theatre
Vojašniški trg 2 A
Tina Kren Mihajlović
02 22 81 970
In accordance with Article 37 of the General Regulation, we have appointed the following company as our Data Protection Officer:
Tržaška cesta 85
02 620 4 300
Personal data means any information relating to an identified or identifiable natural or legal person (hereinafter referred to as 'data subject'); an identifiable natural or legal person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural or legal person.
Purposes of processing and grounds for processing
The Organisation collects and processes your personal data on the following legal bases:
The processing is necessary for compliance with a legal obligation to which the controller is subject.
The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
The processing is necessary for the performance of a contract to which the data subject is a party or for the performance of measures at the request of such data subject prior to the conclusion of the contract.
The processing is necessary for the legitimate interests pursued by the controller or by a third party.
The data subject has consented to the processing of his or her personal data for one or more specified purposes.
The processing is necessary for the protection of the vital interests of the data subject or of another natural person.
Compliance with a legal obligation or the performance of a task carried out in the public interest
Based on the provisions in the law, the organisation primarily processes data about its employees, as allowed by the labour law. Thus, on the basis of a legal obligation, the organisation processes in particular the following types of personal data: name and surname, sex, date of birth, registration number, tax number, place, municipality and country of birth, nationality, place of residence for the purposes of the performance of the employment contract and the obligations arising therefrom.
The legal basis for the processing of personal data of individuals is also: the Act on the Exercise of the Public Interest in Culture, the Act on the Protection of Documentary and Archival Material and Archives, the Act on the Provision of Funds for Certain Urgent Programmes of the Republic of Slovenia in the Field of Culture and other legislation in the field of culture.
In limited cases, the processing of personal data in the organisation is also permissible on the basis of public interest.
Implementation of the contract
If you enter into a specific contract with an organisation, this constitutes the legal basis for the processing of personal data. We are therefore allowed to process your personal data for the conclusion and performance of the contract, such as the sale of tickets, subscriptions, library membership, etc. If you do not provide personal data, the organisation cannot conclude the contract, nor can the organisation perform the service or deliver goods or other products to you in accordance with the contract, as it does not have the necessary data to perform the contract. The organisation may, by virtue of carrying out a lawful activity, inform individuals and users of its services of its services, events, training, offers and other content by sending an email to their email address. The individual may at any time request to stop such communication and processing of personal data and to cancel the receipt of communications via the unsubscribe link in the communication received, or as a request by email to email@example.com or by regular mail to the address of the organisation.
The assertion of the legitimate interest ground is otherwise limited to processing by public authorities in the performance of their duties. However, an organisation may also process personal data on the basis of a legitimate interest pursued by the organisation to a limited extent. The latter is not permissible where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. In the case of the application of legitimate interest, the organisation shall always carry out an assessment in accordance with the GDPR.
As a result, we may from time to time inform individuals about services, events, training, offers and other content via email, telephone calls and ordinary mail. An individual may at any time request to cease such communications and processing of personal data and to opt-out of receiving communications via the unsubscribe link in the communication received, or as a request by email to firstname.lastname@example.org or by regular mail to the organisation's address.
Processing based on consent
If the organisation does not have a legal basis demonstrated by law, the performance of a public task, a contractual obligation or a legitimate interest, it may ask the individual for consent. In this way, it may also process certain personal data of the data subject for the following purposes where the data subject has given his or her consent:
Residential address and e-mail address for the purposes of information and communication.
Tax identification number or EMN for the purposes of possible enforcement in the event of default (e.g. non-payment of a bill).
Photographs, videos and other content relating to an individual (e.g. recordings at public events) for the purposes of documenting activities and publicising the work and events of the organisation.
Other purposes for which the individual has consented.
If an individual has given consent to the processing of personal data and at some point no longer wishes to do so, he or she may request that the processing of personal data be discontinued by sending a request by email to email@example.com or by regular mail to the organisation's address.
Retention and deletion of personal data
The organisation will keep personal data only for as long as necessary to fulfil the purpose for which the personal data were collected and processed. If the organisation processes the data on the basis of the law, the organisation will keep the data for the period prescribed by the law. In this respect, some data will be kept for the duration of the cooperation with the organisation and some data must be kept permanently.
Personal data processed by the organisation on the basis of a contractual relationship with an individual will be kept by the organisation for the period necessary for the performance of the contract and for 6 years after its termination, except in cases where there is a dispute between the individual and the organisation in relation to the contract. In such a case, the organisation shall keep the data for 5 years after the final decision of a court, arbitration or court settlement or, if there has been no court settlement, for 5 years from the date of amicable settlement of the dispute.
Those personal data processed by the organisation on the basis of the individual's personal consent or legitimate interest will be retained by the organisation until the consent is withdrawn or until the data are requested to be erased. Upon receipt of a revocation or a request for erasure, the data shall be erased within a maximum of 15 days. The organisation may also delete the data prior to revocation where the purpose of the processing of personal data has been achieved or where required by law.
Exceptionally, an organisation may refuse a request for erasure on the grounds set out in the General Regulation, such as: the exercise of the right to freedom of expression and information, compliance with a legal obligation to process, grounds of public interest in the field of public health, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, the exercise or defence of legal claims.
After the retention period has expired, the controller shall erase or anonymise the personal data effectively and permanently so that they can no longer be associated with a specific individual.
Contractual processing of personal data and data export
The contractual processors with which the Provider cooperates are, in particular:
Accounting services and other providers of legal and business advice.
Infrastructure maintainers (video surveillance, security services).
Information systems maintainers.
Email service providers and software, cloud service providers (e.g. Arnes, Microsoft, Google).
Social networking and online advertising providers (Google, Facebook, Instagram, etc.).
Under no circumstances will the organisation share personal data of an individual with unauthorised third parties.
Contracted processors may only process personal data within the framework of the instructions of the organisation and may not use personal data for any other purposes.
The Organisation, as controller, and its employees do not export personal data to third countries (outside the Member States of the European Economic Area - EU Member States plus Iceland, Norway and Liechtenstein) and to international organisations, except to the USA, where the relationship with US contract processors is governed by standard contractual clauses (standard contracts adopted by the European Commission) and/or binding corporate rules (adopted by the Organisation and approved by the supervisory authorities in the EU).
The use of the Cookies
Type of Cookies We Use
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close your web browser.
We use both session and persistent Cookies for the purposes set out below:
Necessary / Essential Cookies Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
Functionality Cookies Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
Your Choices Regarding Cookies
If You do not accept Our Cookies, You may experience some inconvenience in your use of the Website and some features may not function properly.
For the Chrome web browser, please visit this page from Google.
For the Internet Explorer web browser, please visit this page from Microsoft.
For the Firefox web browser, please visit this page from Mozilla.
For the Safari web browser, please visit this page from Apple.
For any other web browser, please visit your web browser's official web pages.