{"id":9613,"date":"2023-05-30T13:15:26","date_gmt":"2023-05-30T11:15:26","guid":{"rendered":"https:\/\/dd-trbovlje.si\/?page_id=9613"},"modified":"2026-04-03T13:36:48","modified_gmt":"2026-04-03T11:36:48","slug":"privacy-policy","status":"publish","type":"page","link":"https:\/\/dd-trbovlje.si\/en\/legal-information\/privacy-policy\/","title":{"rendered":"Privacy policy"},"content":{"rendered":"\n<blockquote class=\"wp-block-quote has-m-font-size is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Following is an unofficial machine translation of Privacy policy. Official version in Slovene is the only one legally binding.<\/p>\n<\/blockquote>\n\n\n\n<p>The purpose of the privacy policy is to inform individuals, service users, associates, employees, and other persons (hereinafter: &#8220;individual&#8221;) who cooperate with the Delavski dom Trbovlje Cultural Center (hereinafter: &#8220;organization&#8221;) about the purposes, legal bases, security measures, and rights of individuals regarding the processing of personal data carried out by our organization.<\/p>\n\n\n\n<p><strong>We value your privacy, which is why we always carefully protect your data.<\/strong><\/p>\n\n\n\n<p>We process personal data in accordance with the applicable legislation in the field of personal data protection and other legislation that provides us with a legal basis for processing personal data.<\/p>\n\n\n\n<p>Any changes to this document will be published on our website. By using the website, you confirm that you are familiar with the entire content of the privacy policy.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Controller<\/h2>\n\n\n\n<p>Personal data controller: <br>Zavod za kulturo Delavski dom Trbovlje<br>Trg svobode 11a<br>1420 Trbovlje<\/p>\n\n\n\n<p>phone: 03 56 33 481<br>e-mail: info@dd-trbovlje.si<br>Website: https:\/\/dd-trbovlje.si\/<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Data Protection Officer<\/h2>\n\n\n\n<p>DATAINFO.SI, d.o.o.<br>Tr\u017ea\u0161ka cesta 85<br>SI-2000 Maribor<\/p>\n\n\n\n<p>www.datainfo.si<br>e-mail: dpo@datainfo.si <br>phone: +386 (0) 2 620 4 300<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Personal Data<\/h2>\n\n\n\n<p>Personal data means any information relating to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2. Purposes of processing and bases for data processing<\/h2>\n\n\n\n<p>The organization collects and processes your personal data on the following legal bases:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>processing is necessary for compliance with a <strong>legal obligation<\/strong> to which the controller is subject;<\/li>\n\n\n\n<li>processing is necessary for the <strong>performance of a contract<\/strong> to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;<\/li>\n\n\n\n<li>processing is necessary for the purposes of the <strong>legitimate interests <\/strong>pursued by the controller or by a third party;<\/li>\n\n\n\n<li>the data subject has given <strong>consent<\/strong> to the processing of their personal data for one or more specific purposes;<\/li>\n\n\n\n<li>processing is necessary in order to <strong>protect the vital interests<\/strong> of the data subject or of another natural person.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2.1 Compliance with a legal obligation or performance of a task in the public interest<\/h3>\n\n\n\n<p>Based on the provisions in the law, the organization processes data about its employees, which is enabled by labor and social security legislation. Based on legal obligations for employment purposes, the organization primarily processes the following types of personal data: name and surname, gender, date of birth, EM\u0160O (Personal Identification Number), tax number, place, municipality, and country of birth, citizenship, residence, etc. The legal basis for processing the personal data of individuals is also: the Act Restoring Value to the Public Interest in Culture, the Protection of Documents and Archives and Archival Institutions Act, the Act on the Provision of Funds for Certain Urgent Programs of the Republic of Slovenia in Culture, and other legislation in the field of culture. In limited cases, the processing of personal data is also permissible in the organization on the basis of public interest. All valid sectoral regulations from the field are collected on the website of the competent ministry: https:\/\/www.gov.si\/drzavni-organi\/ministrstva\/ministrstvo-za-kulturo\/zakonodaja\/.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2.2 <strong>Performance of a contract<\/strong><\/h3>\n\n\n\n<p>In the event that an individual concludes a specific contract with the organization, this represents the legal basis for the processing of personal data. We may thus process personal data for the conclusion and execution of a contract, such as the sale of tickets, subscriptions, etc. If the individual does not provide personal data, the organization cannot conclude the contract, nor can the organization perform the service or deliver the goods or other products in accordance with the concluded contract, as it does not have the necessary data for execution. Based on the performance of a lawful activity, the organization may inform individuals and users of its services at their e-mail address about its services, events, training, offers, and other content. An individual can at any time request the termination of such communication and processing of personal data and cancel the receipt of messages via the unsubscribe link in the received message, or as a request by e-mail or by regular mail to the organization&#8217;s address.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2.3 <strong>Legitimate interest<\/strong><\/h3>\n\n\n\n<p>The organization may also process personal data on the basis of a legitimate interest it pursues. The latter is not permissible when such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. In the case of using a legitimate interest, the organization always conducts an assessment in accordance with the General Data Protection Regulation. The processing of personal data of individuals for direct marketing purposes is considered to be carried out for a legitimate interest. The organization may process the personal data of individuals collected from publicly accessible sources or within the framework of the lawful performance of activities, also for the purposes of offering goods, services, employment, informing about benefits, events, etc. To achieve these purposes, the organization may use regular mail, telephone calls, electronic mail, and other means of telecommunication. For direct marketing purposes, the organization may process the following personal data of individuals: name and surname of the individual, address of permanent or temporary residence, telephone number, and e-mail address. The organization may also process the stated personal data for direct marketing purposes without the explicit consent of the individual. An individual can at any time request the termination of such communication and processing of personal data and cancel the receipt of messages via the unsubscribe link in the received message, or as a request by e-mail or by regular mail to the organization&#8217;s address.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2.4 Processing based on consent or agreement<\/h3>\n\n\n\n<h3 class=\"wp-block-heading\"><p class=\"MsoNormal\" style=\"margin-bottom:3.0pt\"><\/p><p class=\"MsoNormal\" style=\"margin-bottom:3.0pt\"><span style=\"font-size:12.0pt;mso-ascii-font-family:Calibri;mso-ascii-theme-font:\nminor-latin;mso-hansi-font-family:Calibri;mso-hansi-theme-font:minor-latin;\nmso-bidi-font-family:Calibri;mso-bidi-theme-font:minor-latin\"><\/span><\/p><p><\/p><\/h3>\n\n\n\n<p>If the organization does not have a legal basis demonstrated on the basis of law, contractual obligation, or legitimate interest, it may ask the individual for consent or agreement. Thus, it can also process certain personal data of an individual for the following purposes when the individual gives their consent:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>residence address and e-mail address for notification and communication purposes;<\/li>\n\n\n\n<li>telephone number for notification via SMS messages or notification by call,<\/li>\n\n\n\n<li>photographs, video recordings, and other content relating to the individual (e.g., publication of pictures of individuals on the organization&#8217;s website) for the purposes of documenting activities and informing the public about the work and events of the organization;<\/li>\n\n\n\n<li>other purposes for which the individual agrees with consent.<\/li>\n<\/ul>\n\n\n\n<p>If an individual gives consent for the processing of personal data and at some point no longer wishes to do so, they can request the termination of the processing of personal data with a request by e-mail or by regular mail to the organization&#8217;s address. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2.5 Processing is necessary to protect the vital interests of the individual<\/h3>\n\n\n\n<p>The organization may process the personal data of the data subject if it is strictly necessary to protect their vital interests. In emergencies, the organization can look for the individual&#8217;s personal document, check if this person exists in its database, examine their medical history, or contact their relatives, for which the organization does not need the individual&#8217;s consent. The above applies when it is strictly necessary to protect the vital interests of the individual.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Retention and deletion of personal data<\/h2>\n\n\n\n<p>The organization will keep personal data only for as long as necessary to achieve the purpose for which the personal data were collected and processed. If the organization processes data on the basis of law, it will keep them for the period prescribed by law. Some data is kept for the duration of cooperation with the organization, while some data must be kept permanently. Personal data processed by the organization on the basis of a contractual relationship with an individual is kept by the organization for the period necessary for the execution of the contract and for 6 years after its termination, except in cases where a dispute arises between the individual and the organization in connection with the contract. In such a case, the organization keeps the data for 10 years after the finality of the court decision, arbitration, or court settlement, or, if there was no court dispute, 6 years from the day of the peaceful resolution of the dispute. Those personal data that the organization processes on the basis of the personal consent of the individual or legitimate interest will be kept by the organization until the revocation of consent or until the request for data deletion. Upon receipt of a revocation or request for deletion, the data is deleted without undue delay. The organization may also delete this data before revocation when the purpose of processing personal data has been achieved or if so required by law. In case of exercising the rights of an individual, the organization keeps the personal data of this individual until the matter is finally decided, and after finality in accordance with the final decision in the matter.<br>Exceptionally, the organization may refuse a request for deletion for reasons from the General Regulation, as listed: exercising the right of freedom of expression and information, compliance with a legal obligation to process, reasons of public interest in the area of public health, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, and the establishment, exercise, or defense of legal claims. After the retention period expires, the organization must effectively and permanently delete or anonymize personal data so that they can no longer be linked to a specific individual.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">4. Contractual processing of personal data and data export<\/h2>\n\n\n\n<p>The organization may entrust specific personal data to a contractual processor on the basis of a contract on contractual processing. Contractual processors may process entrusted data exclusively on behalf of the controller, within the limits of its authorization, which is written in a written contract or other legal act, and in accordance with the purposes defined in this privacy policy.<br>Contractual processors with whom the organization cooperates are primarily:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u00ad accounting services and other providers of legal and business consulting;<\/li>\n\n\n\n<li>\u00ad infrastructure maintainers (video surveillance, security services);<\/li>\n\n\n\n<li>\u00ad information systems maintainers;<\/li>\n\n\n\n<li>\u00ad e-mail service providers and software providers, cloud services (e.g., Microsoft, Google);<\/li>\n\n\n\n<li>\u00ad providers of social networks and online advertising (Google, Facebook, Instagram, etc.).<\/li>\n<\/ul>\n\n\n\n<p>Under no circumstances will the organization forward the personal data of an individual to unauthorized third parties. Contractual processors may only process personal data within the framework of the organization&#8217;s instructions and may not use personal data for any other purposes.<\/p>\n\n\n\n<p>The organization as a controller and its employees do not export personal data to third countries (outside the Member States of the European Economic Area &#8211; EU members plus Iceland, Norway, and Liechtenstein) and to international organizations, except to the USA, where relations with contractual processors from the USA are regulated on the basis of standard contractual clauses (standard contracts adopted by the European Commission) and\/or binding corporate rules (adopted by the organization and confirmed by supervisory authorities in the EU).<\/p>\n\n\n\n<p>For the purposes of a better overview and control over contractual processors and the orderly nature of the mutual contractual relationship, the organization maintains a list of contractual processors, which lists all specific contractual processors with whom the organization cooperates.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">5. Forwarding of personal data<\/h2>\n\n\n\n<p>The organization as a personal data controller forwards these personal data to other public sector bodies or other natural or legal persons provided that an appropriate legal basis for data forwarding is established and on the basis of a justified written request, according to the applicable personal data protection legislation. The request for forwarding data must contain: data and signature of the applicant or the authorized person of the applicant, a concrete legal basis for acquiring data, the purpose and reasons for acquisition, the types of data requested, the form and method of acquiring data, and identification of the matter for which the data is needed, as well as an indication of the authority handling it. The organization will forward personal data to the applicant within 15 days of receiving a complete request or will inform the applicant within this period of the reasons for refusing to forward the data.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">6. Cookies<\/h2>\n\n\n\n<p>The organization&#8217;s website operates with the help of so-called cookies, which are important for providing web services, and are used to store data on the status of individual web pages, to help collect statistics on users and site traffic, etc. Upon entering the website, only those cookies that are strictly necessary for the operation of the website are loaded onto the device. Other cookies will be loaded only with the individual&#8217;s consent, which the individual gives in the notification upon entering the website. An individual can change the settings at any time and delete cookies (instructions are located on the websites of individual browsers).<\/p>\n\n\n\n<p>The cookie policy is created separately for each website, namely:<\/p>\n\n\n\n<p>for https:\/\/dd-trbovlje.si the cookie policy is located at: <a href=\"https:\/\/dd-trbovlje.si\/cookie-policy-eu\/\">https:\/\/dd-trbovlje.si\/cookie-policy-eu\/<\/a><\/p>\n\n\n\n<p>for https:\/\/speculumartium.si the cookie policy is located at: <a href=\"https:\/\/speculumartium.si\/wp21\/cookie-policy-eu\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/speculumartium.si\/wp21\/cookie-policy-eu\/<\/a><\/p>\n\n\n\n<p>for https:\/\/digitalbigscreen.si the cookie policy is located at: <a href=\"https:\/\/digitalbigscreen.si\/wp21\/cookie-policy-eu\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/digitalbigscreen.si\/wp21\/cookie-policy-eu\/<\/a><\/p>\n\n\n\n<p>for https:\/\/4dritl.si the cookie policy is located at: <a href=\"https:\/\/4dritl.si\/pravilnik-o-piskotkih-eu\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/4dritl.si\/pravilnik-o-piskotkih-eu\/<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">7. Video surveillance<\/h2>\n\n\n\n<p>Video surveillance is regulated by the internal Rules on the Implementation of Video Surveillance.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">8. Data protection and data accuracy<\/h2>\n\n\n\n<p>The organization takes care of information security and infrastructure security (premises and application system software). Our information systems are protected, among other things, by antivirus programs and a firewall. We have implemented appropriate organizational and technical security measures intended to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful and unauthorized forms of processing. In the case of transmitting special types of personal data, we transmit them in encrypted form and protected by a password. The individual is solely responsible for providing their personal data securely and ensuring that the provided data is accurate and authentic.<\/p>\n\n\n\n<p>The individual is solely responsible for providing their personal data securely and ensuring that the provided data is accurate and authentic. The organization will strive to ensure that the personal data it processes is accurate and, if necessary, updated, and may occasionally contact the individual to confirm the accuracy of personal data.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">9. Rights of the individual regarding data processing<\/h2>\n\n\n\n<p>The data subject has the right to request access to personal data and the rectification or erasure of personal data or restriction of processing concerning them, as well as the right to object to processing and the right to data portability. The individual&#8217;s request is handled in accordance with the provisions of the General Data Protection Regulation and the applicable personal data protection legislation.<\/p>\n\n\n\n<p>An individual can exercise all the stated rights and direct all questions with a request sent to the organization&#8217;s address. The organization will decide on a request relating to an individual&#8217;s rights based on the law governing general administrative procedure within one month of receiving the request. This period may be extended by up to two further months where necessary, taking into account the complexity and number of the requests, about which the individual will be informed, along with the reasons for the delay. Exercising rights is free of charge for the individual, however, the organization may charge a reasonable fee if the request is manifestly unfounded or excessive, in particular because of its repetitive character. In such a case, the organization may also refuse the request. In case of doubt concerning the identity of the individual, additional information necessary to confirm the identity may be requested.<\/p>\n\n\n\n<p>If the individual&#8217;s request is justified, the organization will comply with the request and inform the individual of the decision. In the event that the individual&#8217;s request is not granted, the organization will issue a decision in accordance with the law governing general administrative procedure. In the decision, the organization will also inform the individual about the right to lodge a complaint with a supervisory authority within 15 days of being served the decision.<\/p>\n\n\n\n<p>The right to lodge a complaint with a supervisory authority can be exercised by the individual at: The Information Commissioner of the Republic of Slovenia at Dunajska 22, 1000 Ljubljana (e-mail: gp.ip@ip-rs.si, website: www.ip-rs.si).<\/p>\n\n\n\n<p>The privacy policy was adopted by the responsible person of the organization, Director \u0160pela Pavli Perko, on November 19, 2025, in Trbovlje.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Following is an unofficial machine translation of Privacy policy. Official version in Slovene is the only one legally binding. The purpose of the privacy policy is to inform individuals, service users, associates, employees, and other persons (hereinafter: &#8220;individual&#8221;) who cooperate with the Delavski dom Trbovlje Cultural Center (hereinafter: &#8220;organization&#8221;) about the purposes, legal bases, security [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"parent":9620,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"class_list":["post-9613","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/dd-trbovlje.si\/en\/wp-json\/wp\/v2\/pages\/9613","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dd-trbovlje.si\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/dd-trbovlje.si\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/dd-trbovlje.si\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/dd-trbovlje.si\/en\/wp-json\/wp\/v2\/comments?post=9613"}],"version-history":[{"count":1,"href":"https:\/\/dd-trbovlje.si\/en\/wp-json\/wp\/v2\/pages\/9613\/revisions"}],"predecessor-version":[{"id":9614,"href":"https:\/\/dd-trbovlje.si\/en\/wp-json\/wp\/v2\/pages\/9613\/revisions\/9614"}],"up":[{"embeddable":true,"href":"https:\/\/dd-trbovlje.si\/en\/wp-json\/wp\/v2\/pages\/9620"}],"wp:attachment":[{"href":"https:\/\/dd-trbovlje.si\/en\/wp-json\/wp\/v2\/media?parent=9613"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}