Rights of individuals in the management of personal data
In the public institution, we are aware of the responsibility of handling personal data, therefore we manage, maintain, store and control all personal data collections in accordance with the General Data Protection Regulation1, the Personal Data Protection Act (ZVOP), and we provide the following rights to the individual whose personal data we process:
- confirmation of whether personal data are being processed in relation to him or her, and where this is the case, access to the personal data and the following information:
- the purposes of the processing;
- the types of personal data concerned;
- the users or categories of users to whom the personal data have been or will be disclosed, in particular users in third countries or international organisations;
- the retention period for the personal data or, if this is not possible, the criteria used to determine this period;
- The public institution must provide individuals with access to and a copy of their personal data no later than 15 days from the date of receipt of the request or inform them in writing within the same period of time of the reasons for not providing access to and a copy of their personal data.
The public institution must provide individuals with a printout or copy of personal data from personal data files or other documentation within 30 days of the date of receipt of the request or inform them in writing within the same period of time of the reasons for not providing the printout. - the existence of automated decision-making, including profiling, the reasons for the processing, as well as the significance and intended consequences of such processing for the individual;
- one copy of personal data in electronic form (free of charge);
- if the individual requests additional copies, the controller may charge a reasonable fee, taking into account the costs;
- restriction of processing where:
- the data subject contests the accuracy of the data, for a period enabling the controller to verify the accuracy of the personal data;
- the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
- the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims;
- rectification of inaccurate or incorrect personal data;
- erasure of all personal data on the basis of the conditions of Article 17 of the General Regulation, in particular if the data subject withdraws consent to the processing of personal data;
- The data subject has the right to receive the personal data concerning him or her, which he or she has held from the controller, in a structured, commonly used and machine-readable format, and to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided;
- to object to the use of personal data for direct marketing purposes, including profiling;
- the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her in accordance with Article 22 of the General Data Protection Regulation.
The data subject has the right to lodge a complaint with the Information Commissioner against the controller if he or she considers that the processing of personal data infringes the General Data Protection Regulation.
Procedure for exercising rights:
An individual may submit all of the above-mentioned requests regarding the exercise of rights in relation to his/her personal data in writing to the head office of the public institution, namely
- in person at the location of the public institution, submit the form Request for access to personal data or Request for correction, deletion, transfer or restriction of processing of personal data,
- send the Request for access to personal data or Request for correction, deletion, transfer or restriction of processing of personal data by regular mail to the head office of the public institution,
- send the Request for access to personal data or Request for correction, deletion, transfer or restriction of processing of personal data by e-mail to the e-mail address of the public institution.
The public institution may, for the purposes of reliable identification in the event of exercising rights in relation to personal data, request additional information from the applicant, and may refuse the implementation procedure for exercising rights only if it proves that it cannot reliably identify the individual.
The public institution must respond to the request of an individual exercising his/her rights in relation to the abovementioned
personal data without undue delay and no later than within one month of receipt of the request.
Controller details:
| Title | Muzej Vrbovec - Muzej gozdarstva in lesarstva, |
| Address, postcode and city | Savinjska cesta 4, SI - 3331 Nazarje |
| Tax number | 17881447 |
| Registration number | 1534807000 |
Information of the person authorized for personal data protection:
Email: dpo@virtuo.si
Current Museum opening hours
- Tuesday - Friday:
9.00 - 16.00 - Saturday, Sunday, national days:
9.00 - 17.00 - Mondays:
closed
By prior arrangement, visits are also possible outside opening hours.
muzej.vrbovec@siol.net
+386 (0)3 839 16 13
+386 (0)40 345 630
Museum of Forestry and Carpentry Vrbovec
Savinjska cesta 8
3331 Nazarje
Tel: +386 (0)3 839 16 13
Fax: +386 (0)3 839 16 25
Gsm: +386 (0)40 345 630
Personal data protection
In accordance with point 7 of Article 37 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, the Vrbovec Museum has appointed the company Virtuo d.o.o. as the data protection officer.
Virtuo d.o.o.,
Prušnikova ulica 4,
1000 Ljubljana,
www.virtuo.si
dpo@virtuo.si
Personal data protection policy
Rights of individuals in the management of personal data
