Privacy Policy

GENERAL TERMS OF USE AND PROTECTION OF PERSONAL DATA ON THE WEBSITE OF THE PUBLIC INSTITUTION KINO ŠIŠKA CENTRE FOR URBAN CULTURE www.kinosiska.si AND THE WEBSITE OF MENT FESTIVAL www.ment.si

 

Date: 26 SEPTEMBER 2024

 

The notice refers to the home page and all subpages of the web portal www.kinosiska.si and the home page and all subpages of the website www.ment.si

 

OWNER AND ADMINISTRATOR

The Kino Šiška Centre for Urban Culture website www.kinosiska.si (hereinafter also referred to as kinosiska.si) is administered by the public institution Kino Šiška Centre for Urban Culture (hereinafter also referred to as Kino Šiška, the public institution, or the administrator), Trg prekomorskih brigad 3, 1000 Ljubljana, registration number: 3313069000, VAT ID: SI58809015.

GENERAL TERMS OF USE
By using the kinosiska.si website, the visitor or user acknowledges and confirms that they are familiar with these general terms of use of the kinosiska.si web portal and agree to them. By accepting these general terms, the visitor or user also agrees to the specific rules and instructions for individual services found on the subpages of kinosiska.si. All statements that apply to the kinosiska.si website also apply to the MENT festival website www.ment.si.

When publishing information, Kino Šiška ensures its accuracy, completeness, and up-to-dateness and operates with the utmost care. However, Kino Šiška excludes any criminal and civil liability for material and legal errors in the information provided. Kinosiska.si is not responsible for any direct or indirect damage or inconvenience that the user may suffer due to the use of incorrect, incomplete, or inaccurate information found on Kino Šiška’s website.

USE OF COOKIES
The website www.kinosiska.si uses cookies for the proper functioning of the site and to monitor traffic (via Google Analytics).

PROTECTION AND PROCESSING OF PERSONAL DATA
The personal data protection policy of the public institution, which manages the kinosiska.si website, outlines our commitment to respecting your privacy and responsibly handling your personal data.

At the public institution, we recognise the importance of privacy protection. Therefore, all employees who process and use personal data are familiar with the provisions of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council, hereinafter referred to as the “GDPR”), the Personal Data Protection Act (OJ RS, No. 163/22 – ZVOP-2), as well as other applicable national regulations, guidelines, and opinions of competent supervisory authorities regarding data protection in our field of work.

 

  1. MEANING OF GENERAL TERMS
  2. “Personal data” refers to any information relating to a specific or identifiable individual (hereinafter referred to as the “data subject”). An identifiable individual is one who can be identified, directly or indirectly, particularly through an identifier such as a name, identification number, location data, online identifier, or by reference to one or more factors that describe the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
  3. “Specific personal data” refers to data that reveals an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data, data concerning health, social status and welfare, an individual’s sex life, or sexual orientation.
  4. “Processing” refers to any operation or set of operations performed on personal data or sets of personal data, whether by automated or manual means, including collection, recording, editing, structuring, storage, adaptation or modification, retrieval, access, use, disclosure by transmission, dissemination, or otherwise making available, as well as adaptation, combination, restriction, deletion, or destruction.
  5. “Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
  6. “Collection” refers to any structured set of personal data that is accessible based on specific criteria. Such a set may be centralized, decentralized, or dispersed on a functional or geographical basis.
  7. “Controller” means a company or public institution that, alone or jointly with others, determines the purposes and means of processing personal data. Where the purposes and means of processing are determined by European Union law or national regulations, the controller or specific criteria for their appointment may be designated by European Union law or national regulations.
  8. “Processor” means any natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
  9. “User” refers to any natural or legal person, public authority, agency, or other body to whom personal data has been disclosed, whether or not this constitutes a third party. However, public authorities that may receive personal data in the context of a specific inquiry under European Union law or national regulations are not considered users. The processing of data by public authorities is conducted according to the applicable data protection rules relevant to the purposes of processing.
  10. “Third party” refers to any natural or legal person, public authority, agency, or body other than the data subject, controller, processor, or those authorized to process personal data under the direct authority of the controller or processor.
  11. “Consent of the data subject” means any freely given, explicit, informed, and unambiguous indication of the data subject’s will by which they, through a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.
  12. “Breach of personal data protection” refers to a security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data that is transmitted, stored, or otherwise processed.
  13. “Supervisory authority” means an independent public authority. In Slovenia, this is the Information Commissioner (hereinafter referred to as “IC”).

 

  1. THE PRINCIPLES THAT APPLY IN THE PROCESSING OF PERSONAL DATA

 

The principles that apply when complying with the GDPR and national regulations in the public institution are:

The principle of lawfulness, fairness, and transparency, which  means that personal data is processed lawfully, fairly, and in a transparent manner with respect to the data subject.

The principle of purpose limitation, which means that personal data is collected for specific, explicit, and lawful purposes and is not further processed for purposes incompatible with those original purposes, except when required for archiving in the public interest, or for scientific, historical, or statistical research purposes.

The principle of data minimisation, which means that personal data is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

The principle of accuracy, which means that personal data must be accurate and, where necessary, kept up to date. Adequate measures must be taken to delete or correct inaccurate personal data without delay, taking into account the purposes for which it is processed.

 

The principle of storage limitation, which means that personal data is stored in a form that permits the identification of individuals only for as long as necessary for the purposes for which it is processed. However, data may be retained for longer periods if required for archiving in the public interest, or for scientific, historical, or statistical research purposes.

The principle of integrity and confidentiality, which means that personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage, through appropriate organizational and technical measures.

The principle of accountability, which means that the controller is responsible for ensuring that personal data is processed in compliance with these principles and must be able to demonstrate this compliance at any time. 

 

III. CONTROLLER OF PERSONAL DATA

If you cooperate with our public institution, the controller of your personal data is the Kino Šiška Centre for Urban Culture, Trg prekomorskih brigad 3, 1000 Ljubljana.

We handle your personal data with care and have implemented appropriate technical and organizational measures to ensure its protection.

 

  1. PROCESSORS OF PERSONAL DATA

In certain cases, your data may also be processed by our contractual processors. These processors handle data exclusively in accordance with our instructions and on our behalf. They are trusted legal entities or individuals whom we thoroughly vet before entering into a contractual agreement. Both parties commit to processing all personal data they handle with care and in compliance with legal requirements. 

 

  1. TYPES OF PERSONAL DATA AND PURPOSE OF PROCESSING

 

We process your data exclusively based on your prior consent and in accordance with the specific purposes outlined in that consent.

We collect various types of personal data, with the exact categories depending on the nature of your contractual or other forms of cooperation with us. The purpose of processing your personal data is also determined by the type of cooperation. 

  1. SHARING DATA WITH THIRD PARTIES

We share personal data with third parties only when:

– required to do so by legal regulations, or

– we have obtained your consent.

 

 

VII. RETENTION OF PERSONAL DATA

 

We retain your personal data only for as long as necessary to fulfill the purpose for which it was provided, or for as long as required by legal regulations.

 

VIII. RIGHTS OF THE DATA SUBJECT

For any personal data you entrust to us, you have the right to:

  1. a)     access the data,
  2. b)     correction of data,
  3. c)     deletion (“the right to be forgotten”),
  4. d)     restriction of processing,
  5. e)     data portability,
  6. f)    

 

  1. a) The data subject has the right to request confirmation from the controller as to whether any personal data related to them is being processed. If data is being processed, the controller must provide access to that data and inform the data subject about the purpose of processing, the types of data involved, the users to whom the data has been or will be disclosed, the expected retention period or the criteria for determining this period, and the data subject’s right to request correction, deletion, restriction of processing, or to object. The data subject must also be informed of their right to lodge a complaint with the supervisory authority, and of the source of their personal data if it was not collected directly from them.

 

  1. b) The data subject has the right to request the correction of any inaccurate data or the completion of incomplete data related to them, including by providing a supplementary statement, by the controller and without undue delay.  

 

  1. c) The data subject has the right to request the deletion of their personal data without undue delay when one of the following conditions is met: 

    The personal data is no longer necessary for the purposes for which it was collected or processed. 

The data subject withdraws their consent and there is no other legal basis for collecting or processing their personal data. 

  The data subject objects to the processing, and there are no overriding legitimate grounds for continuing the processing.

      The personal data was unlawfully processed.

      The personal data was collected in relation to the offering of information society services.

 

This right does not apply when processing is necessary to ensure the right to freedom of expression and information, to comply with a legal obligation in accordance with European Union law or national regulations, to perform a task in the public interest or when it concerns the exercise of public authority that has been assigned to the controller, for public health reasons, for archiving purposes in the public interest, for scientific, historical or statistical research purposes, or for the establishment, exercise, or defense of legal claims. 

 

  1. d) The data subject has the right to request the restriction of the processing of their personal data in the following cases:

 

  1. The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the data. 
  2. The processing is unlawful, and the data subject opposes the deletion of the personal data, instead requesting a restriction of its use. 
  3. The controller no longer needs the personal data for the purposes of processing, but the data subject requires it for the establishment, exercise, or defense of legal claims.
  4. The data subject has objected to the processing, pending verification of whether the controller’s legitimate grounds override those of the data subject. 
  5. e) The data subject has the right to receive the personal data they have provided to the controller, in a structured, commonly used, and machine-readable format, and has the right to transmit that data to another controller without hindrance from the current controller.
  1. f) The data subject has the right to object at any time to the processing of personal data concerning them.

 

  1. OBLIGATIONS OF THE CONTROLLER

The public institution will decide on your request without undue delay, and no later than one month after receiving the request. If the matter is more complex or if there are numerous requests, the deadline may be extended by a maximum of two additional months. You will be informed of any extension within one month of receiving the request, along with the reasons for the delay and legal guidance.

The public institution may issue its decision in the form of a written notification, which will include an explanation of the reasons behind the decision and information about the right to appeal, in accordance with national regulations.

The public institution bears the responsibility of proving the accuracy and up-to-dateness of the personal data, as well as the legality of its processing, particularly if the personal data was not obtained solely based on the data subject’s statements.

If your request is incomplete or unclear, it cannot be rejected on that basis alone. The public institution is required to ask you to correct the deficiencies within five working days and must instruct you to complete the request within three working days.

If you remedy the deficiencies within the given deadline, the request will be considered as having been submitted on the date the corrected request was received. If you fail to address the deficiencies within this period, the public institution will reject the request by decision. An appeal may be filed against this decision.

If your request is rejected, you have the right to file a reasoned appeal with the public institution within 15 days of receiving the notice or decision.

From the moment your request is received until it is granted, or in the case of rejection, until the final decision is made, the public institution may not destroy, alter, or dispose of the requested personal data, regardless of any prescribed or internally determined retention periods. 

 

  1. DATA PROTECTION OFFICER

 

For any questions regarding the processing of your personal data, or to exercise your rights in relation to personal data, you may contact our Data Protection Officer, Omnimodo, d.o.o., by phone at 01 23 223 47, or via email at dpo@omnimodo.si.

If you believe your data protection rights have been violated in any way, or if we have not responded to your request within the specified time frame, you can file a complaint with the supervisory authority: Information Commissioner, Zaloška 59, 1000 Ljubljana. 

 

  1.   POLICY CHANGES 

 

The personal data protection policy is subject to change. Changes will be posted in the same manner as this policy is posted.

 

 

COPYRIGHT

The content of the kinosiska.si website is original work, with the public institution holding the copyright, and is protected by copyright and other forms of intellectual property law. Copyright-protected content includes texts, images, and data.

Users are permitted to use the published content only for personal and non-commercial purposes. All copyright and intellectual property notices must be strictly observed. Any other use of the content, including but not limited to modifying, copying, or publishing any part of the content on other websites, is prohibited unless expressly authorized in writing by the administrator/public institution. Every user of the website is required to fully comply with the provisions of the Copyright and Related Rights Act (Official Gazette of the Republic of Slovenia S, No. 16/07 et seq.) when using the website.

Use of the website in violation of these rules is prohibited. Users who violate these rules are fully responsible for any material and financial consequences.

 

CHANGES TO THE GENERAL TERMS AND PRIVACY POLICY

Kino Šiška reserves the right to modify these pages at any time without prior notice and assumes no responsibility for any consequences resulting from such changes. The updated notice becomes binding for users each time it is modified, so we recommend regularly reviewing the pages when using the website.

The most recent version of the personal data protection policy will always be available on the website, with the “Date” of publication indicated at the top of the text.

Upon the entry into force of these general terms and the personal data protection policy, all previous versions shall cease to apply.