Protection policy

PERSONAL DATA PROTECTION POLICY

This policy applies to processing (use) of any personal data, carried out by the public research institution Institute of Ethnic Studies (manager)

Manager data:

Name: Institute of Ethnic Studies

Address: Erjavčeva 26, SI-1000 Ljubljana

Internet: www.inv.si

Phone number: +386 (1) 200 18 72

Fax: +386 (1) 251 09 64

E-mail: INV@inv.si

Which personal data are processed:

basic contact data (name, surname, e-mail).

Legal bases for personal data processing

Your personal data can be processed on the following legal bases: in cases when you gave permission for your personal data processing for single processing purpose, whereby you are always free to recall the given permission, and in cases of legal interest in your personal data processing.

Purposes of personal data processingv

Your personal data can be used for one or several stated purposes:

  • for sending weekly/monthly article selections to subscribers via e-mail;
  • for communication regarding our services and your questions;

For how long your personal data are kept

Your personal data are kept for as long as you remain our subscribers and until we have received your demand for data erasure. Personal data processed on the basis of your permission are kept permanently until recall of permission from your side.

Voluntariness of data submission:

personal data submisssion is voluntary.

Who has access to your personal data

Your personal data are neither given nor available to third persons (outside the public research institution IES), the only exception being persons with a valid written contract entitling them to certain tasks related to data processing, who are obliged to respect legislation on personal data protection and processing (contract data processors). Data processors with access to personal data are:

– supplier of e-mail messages (Mailchimp);Contract data processors are only allowed to process personal data within our instructions and not for their own purposes. They are bound, together with their employees, to protect your personal data.Contract data processor (Mailchimp) exports personal data into third countries (outside European Economic Space members). It respects the demands of the Privacy Shield EU-USA and strives for the highest security of stored data with different physical, technical and organizational measures, like coding of website links, prevention of access to non-authorized persons, password use and prevention of violation. The Mailchimp service monitors delivery efficiency of the sent e-mails by gathering data on open messages, link clicks, e-mail users and browsers, location, IP-address, submissions, cancellations and failed deliveries.

How to recall permission for data processing and consequences

You have the following rights regarding your personal data:

  1. to claim anytime:
  • confirmation of your personal data processing;
  • access to personal data and the following information: purpose of processing, kinds of personal data, users or user categories who will have or have had access to your personal data, especially users in third countries and international organizations, anticipated time of personal data storage or, if this is not possible, standards in use for determination of this period;
  • one (free) copy of personal data in your preferred form (if the claim is given electronic communication device and you do not claim otherwise, the copy is provided in electronic form); any extra copies you may demand will be charged a reasonable fee in accordance with costs;
  • correction of inaccurate personal data;
  • limitation of processing whenever you dispute the personal data accuracy, but only for sufficient time needed to verify accuracy of your personal data, in case of illegal processing when limitation of personala data use is claimed instead of erasure, and when personal data are no longer needed for processing, while you need them for implementation or defence of your legal demands;
  • erasure of all personala data (right of oblivion) if stipulations from Article 17 of the General decree on data protection are fulfilled, and especially if permission for personal data processing has been recalled;
  • copy of personal data in structured, generally used and machine readable form, at discretion to submit your data to another service without any hindrance from our part;
  • termination of personal data use for direct marketing;

 

1. to file complaint against us with Information Commissioner if you believe your personal data processing is not in conformity with the General Decree on data protection.

Rights implementation procedure

Your demands regarding implementation of personal data processing rights can be addressed in written form to any contact given on top of this document under Personal data manager and contacts.

Additional data can be claimed from you for purpose of reliable identification in case of rights enforcement; action can only be refused upon proof of inability of reliable identification.

Your demand for implementation of your rights regarding personal data processing should be answered without unnecessary postponement within one months after reception of your claim.