With these General Terms and Conditions, Museum of Architecture and Design, Rusjanov trg 7, 1000 Ljubljana, company number: 5052106000, e-mail: firstname.lastname@example.org, phone no. +386 1 548 42 70 (hereinafter referred to as MAO), as processor and controller of personal data, provides users with information on the processing of personal data in accordance with the provisions of the applicable Slovenian Personal Data Protection Act (hereinafter ZVOP-1) and Electronic Communications Act (hereinafter ZEkom-1), and in accordance with the provisions of EU General Data Protection Regulation (hereinafter GDPR).
These General Terms and Condition govern the collection, processing and transfer of personal data, and measures to protect personal data and rights of users to personal data protection.
Personal data obtained through a sign-up form by means of which the user also confirms the acceptance of these General Terms and Conditions will be processed by MAO for the purpose of:
– distributing e-news,
– selling tickets,
– selling products in online store,
– viewing museum collections.
2. PERSONAL DATA COLLECTED
For the purpose of sending e-news, MAO collects the following obligatory user data through e-news sing-up forms:
– e-mail address,
– name and surname,
– telephone number,
Personal data collected by the data collector MAO are obtained exclusively by way of voluntarily given information upon signing up to e-news. By giving an unequivocal consent or permission when entering his/her electronic address, the user agrees to the collecting and processing of personal data for the purpose of receiving e-news. After entering the electronic address for receiving e-news, and giving consent, the user will receive a confirmation message to that same address. By confirming this message and activating the consent, the user will remain subscribed to MAO e-news until cancellation. Personal data for the subscription to e-news will be stored in a data base located on a secure server. Access to this data will be granted only to MAO Data Protection Officer.
2.2. VIEWING OF MUSEUM COLLECTIONS
MAO collects the following data on visitors who want to view museum collections:
– name and surname,
– permanent/temporary address,
– e-mail address,
– telephone number.
2.3. ONLINE STORE OR TICKET SALES
2.3.1. REGISTRATION AT MAO WEBSITE
Upon registering at MAO web site, you have the right to access specific services offered to you by MAO (online selling).
For the purpose of creating a personal account, MAO collects and processes the following personal data:
– name and surname,
– state / region,
– street name and number,
– postal code,
– telephone number,
– e-mail address,
– company name (option),
– apartment no., floor, etc. (option).
All information shall be treated confidentially and shall be used solely for the purpose of creating a user account. By registering your profile, you have also given us consent to the processing of your personal data and have accepted these General Terms and Conditions.
Access to the provided personal data will be given only to persons duly authorized by MAO, who will use personal data only for the purpose for which the data has been given.
The user may at any time request rectification of inaccurate personal data, request the erasure of personal data or restrict the processing of personal data relating to him/her.
MAO will store your data until you delete your account or until you request the deletion of individual data (you must send a written request to email@example.com), on the basis of which the individual user is removed from the user interface.
The permission or consent you have given constitutes the legal basis for the processing of your personal data.
Your personal data will be stored on computer equipment located in MAO premises. Access to data will be provided only for duly authorized persons who will receive only the data they need for the execution of a process or activity. The data is stored securely using appropriate software and hardware safeguards.
MAO hereby informs you that you can withdraw your consent to the collection and processing of your personal data at any time. You can also request the rectification of your personal data, their deletion or restriction of processing of collected personal data.
2.3.2. DELIVERY SERVICE
We do not use your telephone number for the purpose of telemarketing. We will only contact you by phone if there is a problem with your order or if you have request additional information about the delivery of your products.
MAO will provide the delivery service only with the information relating to the delivery, namely name and surname, address, telephone number, apartment floor number. MAO does not transfer or sell personal data nor gives access to buyers’ personal data to unauthorized persons including other partner companies, except companies through which we process our payments (Stripe).
The delivery service will receive your personal data only for the purpose of delivering the ordered goods; the delivery service will destroy the data as soon as the condition for which it has received personal data has been fulfilled, i.e., the goods have been delivered. MAO will keep a register of personal data transfers. By signing the consent form or by registering a profile on the website, the consumer or buyer gives his/her consent to the transfer of personal data.
Your personal data can be used in case of a police investigation as we report all cases of payment fraud to the police. We will grant access to your account and other personal data if we consider this necessary to comply with applicable laws and to prevent theft and fraud, such as credit card transactions. Any access we may grant in this regard is based on applicable legislation (Criminal Procedure Act, Prevention of Money Laundering and Terrorist Financing Act, Criminal Code, and others).
The processing of your personal data is necessary to complete your order. Your personal data will be stored on our website servers until your profile has been erased. Alternatively, you can request the erasure of your data via e-mail, in which case we recommend that you contact us at firstname.lastname@example.org.
2.3.3. CREDIT CARD PAYMENT
In order to process payments, any data provided while buying with a credit card will be transferred to the third-party provider, Stripe online payments platform. In such cases, the following data will be transferred to Stripe:
– card number,
– card expiry date,
– security code.
You can read more about the terms and conditions of the platform here [https://stripe.com/en-si/privacy]. MAO does not store users’ credit card data.
Because we want to offer our users a friendly website with all the relevant information we use technology that enables us to collect, process and classify the data relating to the use of our website. This data is collected using cookies. In order to process this data, we need your consent; if you do not give us your consent while browsing the website, we will not collect and process your data.
A cookie is a small piece of information stored on your computer. This enables the website to remember and recognize you on your next visit. Cookies enable MAO to statistically monitor how you and other visitors use our website.
||Cookies with woocommerce_ prefix
||These are cookies necessary for the operation of the store. They are used to update the shopping cart and to monitor the number of selected items.
||Cookies with yith_ prefix
||Cookies used to create a wish list
||Cookies with wp-wpml prefix
||These cookies are used to save preferred language settings to ensure a better user experience.
||These cookies are used to save credit card as preferred payment method.
||These cookies are used to follow online statistics and user activity on the website (first visit, page viewed, browsing time, entry and exit point). More about individual cookies and their function, and the purpose for which collected data is used is available here.
You can delete cookies at any time (instructions for more popular browsers: Google Chrome: https://support.google.com/chrome/answer/95647 , Mozzila Firefox: https://support.mozilla.org/sl/kb/izbrisite-piskotke-podatke-strani, Microsoft Edge: https://support.microsoft.com/sl-si/microsoft-edge/brisanje-pi%C5%A1kotkov-v-brskalniku-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09) , however if you set your browser not to accept cookies, you may not be able to use some parts of our website. A part of data collected by MAO may become public but only in anonymous from, e.g., as an information about the number of visitors to the website. Information about customers is an important part of our operations and we do not sell it or exchange it with others. If at any time we need to share your information with a third person, you will have the option to decline this. We will not transfer your personal data to third persons without your explicit consent.
We hereby also inform you that apart from the rights in the paragraph above you have the explicit right to object to the processing of personal data for the purpose of automated data processing or for the purpose of direct marketing.
4. BASIS FOR THEPROCESSING OF PERSONAL DATA
The permission or consent given by the user constitutes the fundamental legal basis for the processing of his/her data.
MAO hereby ensures that the information obtained from users for the purpose of sending e-news shall not be sold, lent, disclosed, or otherwise forwarded to third persons without users’ permission.
In the case of obtaining consent from the user, MAO shall process personal data only for the purpose for which the consent has been given. By giving consent, the user agrees for MAO to process personal data or categories of personal data it has on the user and was given upon subscribing.
When processing personal data, MAO takes care to protect such data and performs relevant data protection activities.
4.1.1. WITHDRAWAL OF CONSENT
- If personal data processing is based on consent, the user has the right to withdraw this consent at any time. The withdrawal shall have no effect on the lawfulness of data processing based on the consent before it has been withdrawn.
- The consent can be withdrawn:
- by writing to MAO at Muzej za arhitekturo in oblikovanje, Rusjanov trg 7, 1000 Ljubljana,
- in person by submitting a written request at the registered office of the museum,
- by submitting a written request by e-mail to email@example.com.
- If the user decides to withdraw the consent by using the sing-up form on the website, then the electronic address used for giving consent must be entered again in order to receive the confirmation message. After confirming the electronic address, the consent withdrawal will be activated.
In the case of consent withdrawal, MAO will stop processing personal data collected on the basis of consent and for the purpose for which the consent has been given and shall delete such data.
4.2. DATA PROCESSING
MAO collects and processes personal data in accordance with the provisions of ZVOP-1, ZEkom-1, and GDPR.
MAO shall disclose personal data if there is explicit basis in any of the laws. In other cases, a written consent by the data subject is necessary.
MAO shall protect personal data and prevent any misuse. Personal data shall be used only for the purpose of sending e-news, executing online purchases, viewing of museum collections and for other purposes for which the user has given consent.
Transferring personal data to third parties or institutions without user’s consent represents is not permitted.
4.3. DATA PROCESSING METHOD
MAO has an effective method of anonymising personal data by sending e-news through a web application that provides for a complete anonymisation of personal data of e-news recipients, and, in accordance with the minimization principle, enables access to personal data only for authorized persons on the basis of request for correction, access to, limitation, objection, transfer or deletion of personal data.
The web application provides for a complete traceability of authorized application users (access to application is user-name and password protected) as it automatically records access of authorized users and their activities in the application.
MAO shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures which are designed to implement effective data protection principles, such as data minimisation, and integrate the necessary safeguards into the processing, in order to protect the rights of data subjects.
5. RIGHTS OF USERS
MAO shall, upon request by the data subject and without undue delay, enable the exercise of following rights:
- – right to request from controller access to personal data, where an individual has the right to be informed about what kind of data are being collected and processed by the company, about the purpose of processing, the type of personal data, the retention period, and, in case of transmission of personal data, whom the data was transformed to and for what purpose;
- – right to rectification of personal data, where an individual has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her;
- – right to erasure or the right to be forgotten, where an individual has the right to obtain from MAO the erasure of personal data concerning him or her;
- – right to restriction of processing of personal data relating to the data subject, where an individual has the right to request MAO to restrict the processing of personal data if the individual disputes the accuracy of the data;
- – right to object to the processing of personal data;
- – right to data transfer;
- – right to withdraw the consent for processing;
- – right to lodge a complaint with a supervisory authority.
- When lodging a complaint to exercise his/her rights, the user must provide suitable identification and clearly state his/her request.
- Corrections of data can be communicated to MAO in writing:
– by mail to Muzej za arhitekturo in oblikovanje, Rusjanov trg 7, 1000 Ljubljana;
– in person by lodging a written complaint at the registered office of the company;
– by sending a written complaint by e-mail to firstname.lastname@example.org.
5.1. EXERCISING OF RIGHTS
A request for the exercise of above stated rights must be addressed in writing to MAO through the following e-mail address: email@example.com.
A user may lodge his/her request for the exercise of above stated rights electronically to the e-mail address given in the previous paragraph, by ordinary mail or in person at the seat of MAO. MAO shall accept and process the request without undue delay and act on it within 1 month from its receipt. MAO shall inform the user of its decision as soon as the decision has been made and notify the user whether his/her request has been granted or, if it has not been granted, state the grounds for refusal and also inform him/her of measures undertaken and of all important facts influencing the decision.
If MAO does not act upon or comply with the user’s request, it shall inform the user within one month of the reasons for not taking action, and of the possibility of lodging a complaint with the Information Commissioner and seeking a judicial remedy.
The decision-making period may, where necessary, be extended by a maximum of two additional months, under the consideration of the complexity and number of requests. In this case, too, MAO shall notify the data subject about any deadline extension within one month after the receipt of request and state reasons for the delay.
The response to the request shall be sent to the user by mail to the address given by the user in his/request, or to the e-mail address from which the request has been sent. If the response is sent by e-mail, MAO shall take steps that the request is in an encrypted form.
5.1.1. RIGHT TO APPEAL
If the user considers that MAO has violated his/her rights in the course of processing personal data, he/she may lodge a complaint with MAO. Such complaint shall be:
- sent by mail to Muzej za arhitekturo in oblikovanje, Rusjanov trg 7, 1000 Ljubljana,
2. sent by email to firstname.lastname@example.org, or
3. delivered in person at MAO office.
Users may also lodge a complaint with the supervisory authority for the protection of personal data. In Slovenia, the supervisory authority for the protection of personal data is the Information Commissioner.
The user may at any time, by writing to the e-mail address email@example.com or by clicking the UNSUBSCRIBE button in e-news, request from MAO, as the personal data controller, to stop using or otherwise processing, either permanently or temporarily, his/her personal data for the purpose of direct marketing, sending e-news or target marketing. The request for unsubscribing shall be granted within the statutory period of 15 days from the receipt of the request. Within further five days, the user shall receive notification of termination of processing of personal data by e-mail.
6. PROTECTION OF PERSONAL DATA
MAO ensures the safety of personal data by protecting the software used for the processing of personal data. Unauthorized persons have no access to personal data. MAO provides an effective way of blocking, destruction, deletion or anonymisation of personal data.
Security of personal data involves legal, organizational, logistical, and technical procedures and measures, in order to:
- – protect premises, devices and system software,
- – protect the application software used for the processing of personal data,
- – ensure safe transmission and transfer of personal data,
- – prevent unauthorized persons from accessing the devices used for the collection and processing of personal data,
- – allow subsequent determination of the time when personal data were entered into the personal data collection, used or otherwise processed, and by whom – the personal data were entered, used or processed.
Access to personal data is granted to persons authorized by MAO, but only to the extent necessary for the performance of their duties.
Authorized persons may not communicate users’ personal data to third parties, except in cases specified by the law which constituted the basis for collecting the data, or with the consent of the data subject, nor may they use the data themselves or allow third parties to use them.
The obligation to protect the personal data of which employees become aware during their employment at MAO lasts also after the termination of the employment relationship with the company.
MAO works only with those data processors who are able to provide sufficient guarantee with regard to the execution of organisational measures in such a way that the processing complies with the provisions of GDPR and ZVOP-1 and ensures the protection of data subject’s rights.
External natural or legal persons may perform activities associated with processing of personal data only within the scope of the client’s authorization and may not process or use data for any other purpose.
External persons are liable to MAO for payment of compensation for any unauthorized sharing or other processing of personal data. In case of detected violation, either intentional or out of gross negligence, of provisions of these Terms and Conditions, General Data Protection Regulation, or Personal Data Protection Act, the external person shall be held fully liable to the injured party.
MAO may, if this is compatible with the purpose for which personal data are processed under EU and Slovenian law, transfer personal data to persons who carry out specific processing tasks for MAO, such as preparation and sending of invoices or data analytics, maintenance and development of services and including software where these tasks, as far as required for the respective purpose, include the processing of personal data to the extent necessary for such tasks and based on purposes and bases laid down in these General Terms and Conditions.
6.1. RETENTION PERIOD
MAO shall retain user’s personal data until the user has withdrawn his/her consent or unsubscribed from receiving e-news.
6.2. DATA DELETION
After the purpose of processing has been fulfilled or the retention period has expired, personal data shall be deleted, destroyed, blocked, or anonymised, unless they are identified as archival records based on the law governing archives, or unless there is a different legal provision for individual types of personal data.
Personal data collected on the basis of user’s consent shall also be deleted or destroyed based on user’s express withdrawal of consent.
Personal data on paper carriers (documents, files, lists, etc.) shall be destroyed in a manner that prevents reading of all or parts of destroyed data, i.e., by shredding.
The deletion of personal data from computer media shall be done in a manner, procedure and method that prevent the restoring of all or parts of deleted data. The deletion of such personal data shall be performed by MAO.
7. DATA PROTECTION AND PROCESSING OFFICER
The controller of personal data under these General Terms and Conditions is MAO unless otherwise determined in documents governing individual contractual relationships.
A secure access to users’ personal data is granted solely to the controller’s authorized person whose obligation is to treat the data with due diligence in accordance with the applicable legislation of the Republic of Slovenia and the legislation of the European Union.
Access to personal data in the extent necessary for the performance of tasks is with MAO, available at the e-mail address firstname.lastname@example.org.
Questions concerning the protection of personal data can be sent to the e-mail address email@example.com.
The sender of e-news and the controller of personal data is: MAO.
22. 02. 2021, Ljubljana