Personal Data Processing Notice

In accordance with the provisions of Article 15 of the Law on Personal Data Protection ("Official Gazette of the RS", No. 97/2008, 107/2012) - hereinafter: ZZPL) Bitef Theater, Belgrade, Terazije 29/1 as Data Manager, before the commencement of the collection and further processing of personal data of persons who subscribe to the mailing list for the purpose of obtaining information on performances, prices and discounts, as well as persons who book tickets through the website, informs these persons with the following information:

1. Data processing

The data handler will collect and further process the following personality data

  • Name and surname
  • email address,
  • phone number - only in case of reservation

The data handler will perform the following personal data processing operations: collecting, recording, transcribing, aggregating, securing, using, organizing, storing

2. The purpose of collecting and further processing the data

The data controller shall process the personal data referred to in item 1 of this notice solely for the purpose of informing about the activity and program of the theater and informing about current discounts, buying tickets online and changes in the repertoire.

3. The way data is used

The data controller shall collect personally identifiable information referred to in point 1 of this Notice only from the data subject.

4. Data users

The user of the information referred to in point 1 of this notice will be Bitef Theater.

5. Legal basis for the collection and further processing of data

The data controller shall collect the personal data referred to in point 1 of this notice from the data subjects on the basis of the valid consent of those persons.

6. Right of revocation

A person who has given a valid consent to the processing may revoke his / her valid consent. A valid recall may be given by the person in writing or orally on the record. No data processing is allowed after revocation of consent. In the event of revocation, the consenting party is obliged to compensate the operator for justified costs and damages, in accordance with the regulations governing liability for damages.

7. Rights of persons with regard to data processing

The data subject of which the Data Controller processes has the right to request from the Data Controller:

  • to truthfully and completely inform him of the processing of his data within the meaning of the provisions of Article 19 of the LPPC;
  • the right to notice, access and / or copy of the data relating to it, as well as the rights based on the performed insight into the data (correction, amendment, updating, deletion of data, as well as interruption and temporary suspension of processing).

The person has the right to delete the data if the purpose of the processing is not clearly defined and / or that the purpose of the processing has been changed and the conditions for processing for that changed purpose have not been fulfilled and / or the purpose of the processing has been fulfilled, that is, the data are no longer needed to achieve the purpose ; and / or that the processing method is illegal; and / or that the data belongs to a number and type of data whose processing is disproportionate to the purpose; and / or that the information is incorrect and cannot be replaced by correct information; and / or that the data are processed without consent or authorization based on the law and in other cases where the processing cannot be carried out in accordance with the provisions of the Law.

8. Unauthorized data processing

The data controller will not process the data unless:

  1. the individual did not give consent for processing,
  2. for a purpose other than that for which it was designated, whether exercised on the basis of a person's consent or statutory authorization for processing without consent, unless performed for the purpose of raising funds for humanitarian purposes referred to in Article 12, item 2a) and Article 12a of ZZPL ;
  3. the purpose of the processing is not clearly defined, if it has been modified, tampered with or already achieved;
  4. is the data subject identified or determinable even after the purpose of the processing has been achieved;
  5. processing is prohibited;
  6. is data that is processed unnecessarily or inappropriately for the purpose of processing;
  7. are the number or type of data processed that is disproportionate to the purpose of the processing;
  8. the information is false and incomplete, that is, when it is not based on a credible source or is out of date.

9. Data retention period

The data controller shall store and store the personal data referred to in point 1 of this notice until the revocation of the consent.

10. Data security

In accordance with the provisions of Article 47 of ZZPL, the data controller shall appropriately protect the personal data referred to in item 1 of this notice from misuse, destruction, loss, unauthorized changes or access, or undertake all necessary technical, personnel and organizational data protection measures, in in accordance with established standards and procedures necessary to protect the data against loss, destruction, unauthorized access, alteration, disclosure and any other misuse, as well as to determine the obligation of persons employed to process, to safeguard coincidence data.