Last updated on and effective as of 29.11.2021.
Welcome to our Privacy Policy!
We are Foundation Novi Sad – European Capital of Culture, with a registered seat on the address Trg slobode 3, Novi Sad, the Republic of Serbia, CIN 28829922, TIN 109849130 (hereinafter: we or Foundation).
This Privacy Policy is meant to enable you to better understand what information we collect, share, and use, and why we do that. In addition, our Privacy Policy will demonstrate you how you can exercise the rights you have as a Data Subject.
Our Privacy Policy applies to all user who access our Website at https://visitdistrikt.rs/, or sign up for our newsletter. The privacy of our website visitors is important to us; thus, our goal is to make the processing of your Personal Data clear, transparent, and understandable for you.
We have a role of data controller. That means we collect and process Personal Data in relation to interactions on our Website and the use of our Service. Together with our Terms of Use and Cookie Policy, this Privacy Policy makes an integral part of the Agreement that we have created, and that applies to you.
Therefore, we kindly ask you to read this document carefully, in order to understand all the necessary information about the protection of your Personal Data.
Any term capitalized but undefined in this Privacy Policy shall have the meaning given to it in our Terms of Use.
In case you have any questions regarding this Privacy Policy, please contact us at gdpr@visitdistrikt.rs.
- Defined terms
- Which Personal Data do we collect?
- Why do we collect Personal Data?
- Persons under the age of 15
- How do we use collected Personal Data?
- How long do we keep Personal Data?
- Who do we share your Personal Data with?
- Your rights
- How do we maintain the security of Personal Data?
- Changes to Privacy Policy
- Get in touch
1. Defined terms
Term | Meaning |
Consent | Your explicit consent on the processing of your Personal Data. Persons who are 15 years of age or older may give free consent to the processing of their Personal Data. |
Cookies | Small pieces of data stored on your device (computer or mobile device), used to track your use of the Website and to compile statistical records on Website activity. For a more detailed explanation of the use of cookies and how you can manage them, please go to our Cookie Policy. |
Data Processor | Any natural or legal subject who processes Personal Data on our behalf. We may use the services of various service providers in order to process your Personal Data more effectively. |
Data Subject or you | Any natural person who shares their Personal Data with us. |
Personal Data | Any information relating to an identified or identifiable natural person – Data Subject. Ø An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier or to one or multiple factors specific to its physical, physiological, genetic, mental, economic, cultural, or social identity. Consequently, data about a legal entity cannot be considered to be Personal Data but registering on behalf of a legal entity may include sharing Personal Data. For instance, information related to one-person companies may constitute Personal Data where it allows the identification of a natural person. These rules also apply to all Personal Data in relation to a natural person in the course of the professional activity, such as the fact of employment in the company or organization, employee’s business telephone number, or a business email address such as “firstname.surname@company.com”. This Privacy Policy does not apply to information that cannot reasonably result in the identification of an individual (anonymized information). |
Processing | Any activity or set of activities performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. |
Service | Making available any content by us on the Website. Service does not include any other (if any) services provided by us without the use of the Website. |
Website | Our website, available at the address https://visitdistrikt.rs/. |
2. Which Personal Data do we collect
In our role of data controller, we can collect and receive your Personal Data in different ways:
- voluntarily – the data you decided to share with us, by using our Website or subscribing to our newsletter
- automatically – the data we collect when you access our Website
- through the use of cookies – find out more about it in our Cookie Policy
Depending on how it is collected, Personal Data may fall into two categories:
Email address
To join our email list and receive our newsletter content occasionally, we will ask you to share your email address with us.
Additional information
In case you wish to contact by an email address available on our Website (including our general contact email address: gdpr@visitdistrikt.rs), you will be asked to enter your name, email address, and your message.
These rules on data processing apply only to information about natural persons. In other words, they do not apply to data about legal entities (such as companies).
However, there are some exceptions. If the information refers to one-person companies and data allows the identification of a natural person, it may constitute Personal Data. The same applies to all Personal Data relating to natural persons in the course of professional activity (for example, employment in a company/organization, employee’s business telephone number, or business email address such as “firstname.surname@company.com”).
Please be aware that all Personal Data you provide to us must be true, complete and accurate. As a Data Subject, you have an obligation to notify us of any changes to such Personal Data.
- Data collected automatically
Technical Data
Some information about you will be collected automatically when you access our Website. The scope of that automated collection includes your IP address, device type and unique identification number, browser, broad geographical location (e.g., country or city) and other similar technical information. Information collected through the cookies and similar tracking technologies is also considered technical data. If you would like to find out more about it, check our Cookie Policy.
We measure traffic and usage trends for our Website by using analytic tools, which collect information sent by your device to our Website. For instance, we analyse the web pages you visit, add-ons you use, as well as other information that helps us improve our Website. Such analytics information is collected and used along with identical information from other users, so it cannot reasonably be used to identify any particular individual.
Data on your Usage
We collect and record data and sessions when you access and use our Website. Such information may include Personal Data.
Mobile Device Data
With the aim to improve the performance of our Website, we also collect certain data from your mobile device. Such data may refer to the type of your mobile device, identification number, date, and time stamps of Website use. These tracking technologies that we have implemented in our Website help us gather aggregate, non-personal statistical data for further analysis.
3. Why do we collect Personal Data
Data we collect | Purpose of collecting | Legal ground |
First and last name, email address, other data available on your social media account (if you decide to contact us via Facebook, Instagram or Twitter), as well as any additional data you decide to share with us. | Responding to your inquiries We collect your Personal Data in order to: · respond to your inquiries sent via our general contact email address: gdpr@visitdistrikt.rs, or via social networks. · respond to you regarding the other requests you address to us, or when expressing an interest in obtaining information about us. | Processing is necessary for the performance of the Agreement, entering into such an Agreement with you, as well as to respond to your questions or requests regarding the use of our Website or the cultural stations. |
Email address. | Newsletter If you decide to subscribe for receiving Newsletter from us, we will keep your email address. This way, we can share important updates with you. | Processing is based on your consent. You can withdraw such consent at any time, which will not affect the lawfulness of the processing based on your consent prior to such withdrawal. In case you wish to unsubscribe from our Newsletter, you can do so by following the instructions at the end of each email you received from us. |
Technical Data and Mobile Device Data. | Managing, analyzing and improving our Website and Service Automatically collected information is used to: · manage and operate our Website, · improve usability and performance of Website, by keeping it updated and relevant, · analyse the use of Website and measure interests of visitors of our Website, · ensure that content on the Website is presented most effectively for you and your device. | Processing is based on your consent. Unless it is necessary to provide a Service or part thereof, provision of your Personal Data is not a statutory or a contractual requirement and you may refuse to disclose any Personal Data. You can withdraw such consent at any time, which will not affect the lawfulness of the processing based on your consent prior to such withdrawal. |
No Personal Data are processed outside the specific purposes. We do not sell any kind of Personal Data, disclose Personal Data to other marketers, nor do we provide your Personal Data to any third party unless we are strictly compelled to do so by law.
4. Persons under the age of 15
Our Website is not intended for children and we do not knowingly collect data relating to persons under the age of 15. In case you are under the age of 15, we kindly ask you to not provide any personal information about yourself to us.
We will promptly delete any information from a person under the age of 15 in case we detect that we have collected such personal information.
If you believe we have collected personal information from a person under the age of 15, please contact us at gdpr@visitdistrikt.rs.
5. How do we use collected Personal Data?
In accordance with the section “Why do we collect Personal Data” of Privacy Policy, we will not use any of the collected Personal Data related to you without having your consent or an adequate legal basis.
We will use your Personal Data exclusively for the purposes it is collected for, and only in cases when we have a reasonable and lawful legal ground to do so.
Additionally, our staff members are legally bound by the professional secret to maintain an adequate level of Personal Data security. Also, we use different measures (legal, technical and organizational) to prevent the disclosure of any information beyond the legal purpose for which it is collected.
6. How long do we keep Personal Data?
We keep your Personal Data solely for the time it takes to fulfil the purpose for which it is collected, i.e., for the time for which we have your consent.
In order to determine the necessary period of data retention, we take into account: domestic laws, contractual obligations, expectations and requirements of our users and any other Website visitors.
We will securely delete or destroy your Personal data, upon your request for the deletion of such information pursuant to the law, or when we no longer require your data, in accordance with the applicable law and our internal policies.
Therefore, if you change your mind and wish to unsubscribe from our Newsletter, your Personal Data will be erased without delay.
7. Who do we share your Personal Data with?
To conduct some processing activities, we may engage external processors. We use information audits to identify, categorize and make records of all Personal Data that is processed outside of the Foundation. That way, all the Personal Data, as well as the information on processing activities, processors, legal grounds are recorded, reviewed, and easily accessible.
In case of the international transfer, we ensure that the transfer is conducted in accordance with the Serbian Law on Personal Data Protection, and we therefore transfer your personal data only:
1. to the countries within the EEA;
2. to the countries which ensure an adequate level of protection;
3. to the countries which do not belong to those specified under item 1 and 2, but only by applying the appropriate safeguard measures.
External processing includes, but is not limited to:
- IT systems and services,
- Legal services,
- Human resources,
- Direct marketing services.
The processors and sub-processors with whom we share your Personal Data are:
PROCESSOR | ROLE | SEAT |
The Rocket Science Group, LLC (MailChimp) | E-mail services based on Cloud | USA |
Google, Inc. | Analytics, tracking and advertising | USA |
Under the law, we may be required to share certain information, including your Personal Data, with e.g., public authorities or governmental bodies on their request. In that case, your further consent will not be required, in order to share your Personal Data in accordance with such request.
International transfer of Personal Data
In specific situations, we may transfer your Personal Data to countries other than the one you reside in. In respect of such Personal Data, we maintain appropriate technical and organizational measures to ensure the appropriate level of security.
If you require further information about these protective measures, please contact us at gdpr@visitdistrikt.rs.
We use servers located in Germany. In accordance with the Law on Data Protection (“Official Gazette of the Republic of Serbia”, no. 87/2018), it is considered that adequate data protection standards are implemented in this case and that the transfer of data to Germany is not subject to the prior approval.
8. Your rights
As a Data Subject whose Personal Data we process, you have the following rights:
| right to be informed about collection and usage of your Personal Data, |
| right to access the Personal Data we hold about you, |
| right to have your Personal Data rectified if any of them is incomplete or inaccurate, |
| right to be forgotten, i.e., the right to ask us to delete or dispose of any of your Personal Data that we have, |
| right to the restriction of processing of your Personal Data, |
| right to data portability, in case you have provided your Personal Data to us, and that data is processed using automated means, you have the right to ask us for a copy of such Personal Data, as well as to have those data transmitted to a third-party data controller, |
| right to object to using your Personal Data in case processing is based on our legitimate interest, as well as if the processing is performed with a purpose of direct marketing, which includes profiling. To exercise any of these rights, please contact us at gdpr@visitdistrikt.rs. |
9. How do we maintain the security of Personal Data?
We use suitable technical and organizational measures designed to provide a level of security appropriate to the risk of processing your Personal Data.
Please have in mind that no method of transmission over the internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security or confidentiality.
If you have any questions related to security on our Website, you can reach us through gdpr@visitdistrikt.rs.
10. Changes to Privacy Policy
Please be informed that we may update our Privacy Policy from time to time. The changes shall enter into force upon being published on our Website, so we recommend you to review our Privacy Policy periodically.
However, in case you have provided us with your email address, we may send you the notice of these changes.
In case you do not agree with the changes to our Privacy Policy, please stop using our Website immediately.
11. Get in touch
If you would like to exercise any of the rights you have as a Data Subject, or you have a question regarding Privacy Policy, please contact us at gdpr@visitdistrikt.rs.