At the Museum and Galleries of Ljubljana (MGML) we are aware of the importance of privacy and strive to protect your personal data in accordance with the applicable laws and regulations.
Within this Personal Data Protection Policy (hereinafter referred to as Policy), all the information on how personal data is processed at the Museum and Galleries of Ljubljana, Gosposka 15, 1000 Ljubljana (firstname.lastname@example.org), who is also the controller of your personal data.
1. Which personal data is processed and how is it acquired
1.1 Personal data that you provide us with by filling in the form consenting to publicity on our webpage, or the printed version of the same form, available at our locations, and sent to us through e-mail or by other means. The data shared with us includes your e-mail address and, in case you want to receive the bimonthly MGML programme to your home address, also your name, surname, and postal address.
1.2 Personal data automatically collected with each visit to our webpage:
- Technical information, including the Internet Protocol (IP) address of your internet-connected device, login information, browser type and version, time zone setting, browser types and versions, operating system and platforms.
- Information regarding your visit, including the full Uniform Resource Locators (URLs), circuit to, through and from our webpage (including the time and date), products that you viewed or searched for, page response time, uploaded errors, length of visits to specific pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse page from page, and any telephone number used to call our costumer service number.
2. Personal data shared with us will be processed:
- to guarantee that you shall receive e-mail notifications regarding the MGML programme, as per your application;
- to guarantee e-mail invitations to exhibitions and events at our locations, as per your application;
- to guarantee that you shall receive a printed version of the MGML programme, as per your application;
- to manage our webpage and internal operations, including troubleshooting, data analysis, testing, research, statistical and research purposes;
- to improve our webpage in order to ensure its content is presented in the most effective way for your viewing.
Personal data is not shared with persons outside the organisation or with other organisations and/or unauthorised persons. With external workers with whom we cooperate for the needs of undisturbed operation (ensuring IT services and maintenance/services of the applied software, the agency for the optimisation of our webpage), we have concluded contracts in compliance with the legislation, our internal rules and procedures, and with appropriate safeguards for the protection of personal data. External workers may only use your personal data for the purposes defined by the contract and in compliance with our instructions.
3. Transfer of personal data to third countries
Any personal data that we collect from you will shall be processed and retained within the European Economic Area (EEA) and in the USA. Data will only be transferred to the USA if you are sharing your data through social networks (more on this in Chapter 5), if you consent to the installation of cookies for tracking statistics and marketing (more on this link) and if you are subscribed to e-notifications, which are sent through the integrated platform Mailchimp, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. Only your first and last name, home and e-mail addresses will be transferred in this case. By submitting your personal data, you agree to this transfer, storing or processing. We will take all necessary steps to ensure that your personal data is treated securely and in agreement with the applicable law, regulations and our internal policies. The transmission of information via the internet is not completely safe. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted on our webpage; any transfer is at your own risk. Once we have received your data, we will use strict procedures and safety precautions to prevent unauthorised access to it.
4. How we protect your personal data
We maintain legal, technical and organisational processes and safeguards designed to protect your data, in accordance with the applicable law. Employees that use or in some other way process your data are contractually obliged to keep such data in confidence, in accordance to the applicable law and our internal rules. All of our external workers are also contractually obliged to adhere to these rules.
5. Sharing personal data over social networks
Our website is also includes integrated buttons for sharing on social networks. Only if and when you click a particular share button on our website, a direct link is established between your browser and the server of the operator’s specific social network. According to the statements of the operators of these social network sites, no personal data is obtained from social networks without clicking on a particular share button. Such data, which also includes the IP address, is acquired and processed only with registered members. If you do not want to list a visit on our site to your individual social network user account, log out of the individual social network user account. Hereby, we draw attention to the fact that we are not informed of the content of the data transmitted and its use by the social network from their operators. Further information regarding the use of data by social networks can be found in their data protection statements.
6. Your rights
At any time you may unsubscribe from receiving our notifications, or request a rectification to your personal information: through our webpage, the web application Mailchimp or at the e-mail address email@example.com.
It is always possible to appeal against our decision by making a request to the supervisory authority.
In case of violation of personal data protection, MGML shall immediately conduct all internal and external proceedings and measures (also technical and organisational) to protect the rights of the individual person. The supervisory authority and the individual person shall also be informed thereof in the manner and under the terms of the applicable legislation.
7. Amendments and supplements of this policy
All amendments and supplements to this Policy shall be published on our webpage, and whenever appropriate, also sent to you by e-mail.
8. Do you have any additional questions?
All additional questions in relation to the process of your personal data, or for the realisation of your rights regarding their process, can be sent to our data protection officer, Tamara Bregar: firstname.lastname@example.org.