PRIVACY POLICY

PRIVACY POLICY

 

Last updated on and effective as of 26.11.2021.

 

Welcome to our Privacy Policy!

 

We are Foundation Novi Sad – European Capital of Culture, with a registered seat on the address Trg slobode 3, Novi Sad, the Republic of Serbia, CIN 28829922, TIN 109849130 (hereinafter: we or Foundation) and we, acting as a data controller, collect and process Personal Data in relation to interactions on our Website and the use of our Service.

We understand and are highly aware that privacy is of great importance to the visitors of our website, so we approach Personal Data processing as a significantly serious matter. By creating this Privacy Policy, we wish to make the processing of your Personal Data clear, transparent, and understandable for you.

In this Privacy Policy we explain:

  • how we collect, share and use your Personal Data,
  • how you can exercise the rights you have as a Data Subject.

This Privacy Policy applies to all individuals who access our Website at https://kulturnestanice.rs/en/ (including Subdomains) send us inquiries via the Website or sign up for our newsletter.

This Privacy Policy, along with our Terms of Use and Cookie Policy, constitutes an Agreement that applies to you. Therefore, please read it carefully in order to receive all the necessary information regarding the protection of your Personal Data.

Any term capitalized but undefined in this Privacy Policy shall have the meaning given to it in our Terms of Use.

In case you have any questions regarding this Privacy Policy, please contact us at gdpr@visitns.rs.

 

  1. Defined terms
  2. Which Personal Data do we collect?
  3. Why do we collect Personal Data?
  4. Persons under the age of 15
  5. How do we use collected Personal Data?
  6. How long do we keep Personal Data?
  7. Who do we share your Personal Data with?
  8. Your rights
  9. How do we maintain the security of Personal Data?
  10. Changes to Privacy Policy
  11. Get in touch

 

Defined terms

 

Term Meaning
Consent Your explicit consent on the processing of your Personal Data. Persons who are 15 years of age or older may give free consent to the processing of their Personal Data.
Cookies

 

Small pieces of data stored on your device (computer or mobile device), used to track your use of the Website and to compile statistical records on Website activity. For a more detailed explanation of the use of cookies and how you can manage them, please go to our Cookie Policy.
Data Processor Any natural or legal subject who processes Personal Data on our behalf. We may use the services of various service providers in order to process your Personal Data more effectively.
Data Subject

or

you

Any natural person who shares their Personal Data with us.
Personal Data Any information relating to an identified or identifiable natural person – Data Subject.

 

Ø  An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier or to one or multiple factors specific to its physical, physiological, genetic, mental, economic, cultural, or social identity.

 

Consequently, data about a legal entity cannot be considered to be Personal Data but registering on behalf of a legal entity may include sharing Personal Data. For instance, information related to one-person companies may constitute Personal Data where it allows the identification of a natural person.

 

These rules also apply to all Personal Data in relation to a natural person in the course of the professional activity, such as the fact of employment in the company or organization, employee’s business telephone number, or a business email address such as “firstname.surname@company.com”.

 

This Privacy Policy does not apply to information that cannot reasonably result in the identification of an individual (anonymized information).

Processing Any activity or set of activities performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Service Making available any content by us on the Website. Service does not include any other (if any) services provided by us without the use of the Website.
Subdomain(s) The following subdomains, that can be reached through the Website:

 

·         https://svilara.kulturnestanice.rs/

·         https://edjseg.kulturnestanice.rs/

·         https://karavan.kulturnestanice.rs/

·         https://bukovac.kulturnestanice.rs/

·         https://mlin.kulturnestanice.rs/

·         https://rumenka.kulturnestanice.rs/

·         https://opens.kulturnestanice.rs/

·         https://barka.kulturnestanice.rs/.

 

All the Subdomains represent an integral part of the Website.

Website   Our website, available at the address https://kulturnestanice.rs/en/.

 

Which Personal Data do we collect?

We may collect and receive your Personal Data in several ways:

  • voluntarily – some Personal Data you share with us on purpose, by the use of our Website or by getting in touch via our general contact email address: gdpr@visitns.rs or via the contact forms for each cultural station separately
  • automatically – some Personal Data we collect when you access our Website
  • through the use of cookies – which is explained in our Cookie Policy

 

All collected Personal Data may be divided into the following groups:

 

  1. Data you provide

Email address

In order to subscribe to our Newsletter, you will be asked to share your email address with us.

Additional information

In case you wish to contact us via the contact forms available on our Website, or by any other email address available on our Website (including our general contact email address: gdpr@visitns.rs ), you will be asked to leave your first and last name, email address, contact telephone, and your message.

These rules only apply to information about natural persons, and they do not govern data about companies or other legal entities. However, the information in relation to one-person companies may constitute Personal Data in case it allows the identification of a natural person. The rules also apply to all Personal Data relating to natural persons in the course of professional activity, such as the fact of employment in a company/organization, employee’s business telephone number, or business email address such as “firstname.surname@company.com”.

All Personal Data you provide to us must be true, complete and accurate. You are obliged to notify us of any changes to such Personal Data.

 

  1. Automatically collected data

 

Technical Data

Some information we collect automatically when you access our Website, such as your IP address, device type and unique identification number, browser, broad geographical location (e.g., country or city) and other similar technical information. Here we include the information we collect about you through the use of cookies and similar tracking technologies, as explained in our Cookie Policy.

We measure traffic and usage trends for our Website by using analytic tools, which collect information sent by your device to our Website. For instance, we analyse the web pages you visit, add-ons you use, as well as other information that helps us improve our Website. Such analytics information is collected and used along with identical information from other users, so it cannot reasonably be used to identify any particular individual.

 

Data on your Usage

We collect and record data and sessions when you access and use our Website. Such information may include Personal Data.

 

Mobile Device Data

In order to provide the best performance of our Website, and to analyze its performance, we collect certain data from your mobile device. Such data includes the type of your mobile device, identification number, date and time stamps of Website use. Additionally, tracking technologies we use within the Website help us gather aggregate, non-personal statistical data.

 

Why do we collect Personal Data?

 

Data we collect Purpose of collecting

 

Legal ground
 

 

 

 

First and last name, email address, contact telephone, other data available on your social media account (if you decide to contact us via Facebook or Instagram), as well as any additional data you decide to share with us.

 

Responding to your inquiries

 

We collect your Personal Data in order to:

 

·         respond to your inquiries sent via our general contact email address:gdpr@visitns.rs, via the contact forms for each cultural station separately, via social networks, or any other email address available on our Website;

 

·         respond to you regarding the other requests you address to us, or when expressing an interest in obtaining information about us.

 

 

 

 

Processing is necessary for the performance of the Agreement, entering into such an Agreement with you, as well as to respond to your questions or requests regarding the use of our Website or the cultural stations.

 

 

Email address.

Newsletter

 

If you decide to subscribe for receiving Newsletter from us, we will collect your email address. This way, we can share important updates with you.

 

 

Processing is based on your consent. You can withdraw such consent at any time, which will not affect the lawfulness of the processing based on your consent prior to such withdrawal.

 

In case you wish to unsubscribe from our Newsletter, you can do so by following the instructions at the end of each email you received from us.

 

 

 

 

 

 

 

Technical Data and Mobile Device Data.

Managing and improving our Website, analyzing the use of Website, improving our Service

 

 

Automatically collected information is used to:

 

·         manage and operate our Website,

·         improve usability and performance of Website, by keeping it updated and relevant,

·         analyze the use of Website and measure interests of visitors of our Website,

·         ensuring that content on the Website is presented most effectively for you and your device.

 

 

 

 

 

 

 

Processing is based on your consent. Unless it is necessary to provide a Service or part thereof, provision of your Personal Data is not a statutory or a contractual requirement and you may refuse to disclose any Personal Data.

 

You can withdraw such consent at any time, which will not affect the lawfulness of the processing based on your consent prior to such withdrawal.

 

 

No Personal Data are processed outside the specific purposes. We do not sell any kind of Personal Data, disclose Personal Data to other marketers, nor do we provide your Personal Data to any third party unless we are strictly compelled to do so by law.

 

Persons under the age of 15

Website is not intended for children and we do not knowingly collect data relating to children. If you are under the age of 15, please do not provide any personal information about yourself to us.

If we detect that we have collected personal information from a person under the age of 15, such information will be deleted promptly.

If you believe we have collected personal information from a person under the age of 15, please contact us at gdpr@visitns.rs.

 

How do we use collected Personal Data?

We will not use any of the collected Personal Data referring to you without your consent or if another legally permitted reason is applicable in accordance with the section “Why do we collect Personal Data” of Privacy Policy.

We will use your Personal Data solely for the purposes it is collected for, and only when we have a reasonable and lawful legal ground to do so.

In order to achieve the highest level of Personal Data security, our staff is legally bound by the professional secret. Additionally, we use different legal, technical and organizational measures to prevent the revealing of any disclosed information beyond the legal purpose for which it is collected.

 

How long do we keep Personal Data?

We keep your Personal Data solely for the time it takes to fulfil the purpose for which it is collected, i.e., for the time for which we have your consent.

In determining data retention periods, we take into consideration local laws, contractual obligations, and the expectations and requirements of our customers and visitors of our Website. Once we no longer need your Personal Data, or upon your request for the deletion of such information, under condition this is legal, we will securely delete or destroy it in accordance with the applicable law and our internal policies.

For instance, if you unsubscribe from our Newsletter, your Personal Data will be erased automatically.

 

Who do we share your Personal Data with?

In order to conduct certain processing activities, we are sometimes required to engage the external processors. We use information audits to identify, categorize and make records of all Personal Data that is processed outside of the Foundation. That way, all the Personal Data, as well as the information on processing activities, processors, legal grounds are recorded, reviewed and easily accessible.

External processing includes, but is not limited to:

  • IT systems and services,
  • Legal services,
  • Human resources,
  • Direct marketing services.

 

The processors and sub-processors with whom we share your Personal Data are:

 

PROCESSOR ROLE SEAT
The Rocket Science Group, LLC (MailChimp) E-mail services based on Cloud USA
 

Google, Inc.

 

Analytics, tracking and advertising USA
Meta Platforms, Inc Analytics and marketing USA
Librafire Website design Serbia

 

We may be legally required to share certain information, including your Personal Data, with e.g., public authorities or governmental bodies on their request; in such case, we will not require your further consent in order to share your Personal Data in accordance with such request.

 

International transfer of Personal Data

We may transfer your personal data to countries other than the one you reside in. In respect of such Personal Data, we maintain appropriate technical and organizational measures to ensure the appropriate level of security.

In case of the international transfer, we ensure that the transfer is conducted in accordance with the Serbian Law on Personal Data Protection, and we therefore transfer your personal data only:

 

  1. to the countries within the EEA;
  2. to the countries which ensure an adequate level of protection;
  3. to the countries which do not belong to those specified under item 1 and 2, but only by applying the appropriate safeguard measures.

 

If you require further information about these protective measures, please contact us at gdpr@visitns.rs.

 

We use servers located in Serbia.

 

Your rights

As a Data Subject whose Personal Data we hold, you have the following rights:

right to be informed about collecting and using your Personal Data,
right to access the Personal Data we hold about you,
right to have your Personal Data rectified if any of them is incomplete or inaccurate,
right to be forgotten, i.e., the right to ask us to delete or dispose of any of your Personal Data that we have,
right to the restriction of processing of your Personal Data,
right to data portability, in case you have provided your Personal Data to us, and that data is processed using automated means, you have the right to ask us for a copy of such Personal Data, as well as to have those data transmitted to a third-party data controller,
right to object to using your Personal Data in case processing is based on our legitimate interest, as well as if the processing is performed with a purpose of direct marketing, which includes profiling.

 

To exercise any of these rights, please contact us at gdpr@visitns.rs.

 

How do we maintain the security of Personal Data?

In order to protect the Personal Data we collect and process, we use appropriate technical and organizational measures designed to provide a level of security appropriate to the risk of processing your Personal Data.

Please have in mind that no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security or confidentiality.

If you have any questions about security on our Website, you can contact us at gdpr@visitns.rs.

 

Changes to Privacy Policy

We keep the right to change our Privacy Policy from time to time at our sole discretion. Any changes shall enter into force upon being published on our Website, so therefore you are cautioned to review our Privacy Policy periodically.

If we have your email address, we may send you the notice of these changes.

In case you do not agree with the changes to our Privacy Policy, please stop using our Website immediately.

 

Get in touch

In case you wish to exercise any of the rights you have as a Data Subject, or you have a question regarding Privacy Policy, please contact us at gdpr@visitns.rs.