Osor Musical Evenings (hereinafter: OGV); OIB: 81918486607, based in Zagreb, Ozaljska 12, and a subsidiary in Osor (Osor bb, 51554 Nerezine), as the controller of your personal data, uses and protects all information you provide to us when using the website www.osorfestival.eu.

Personal data is any information relating to a specific natural person or natural person that can be determined. In particular, personal data are considered to be all data establishing the identity of the user (e.g. first and last name, e-mail address, residential address, etc.).

The processing of personal data is any action or set of actions performed on personal data, whether by automatic means or not, such as collecting, recording, organizing, saving, adapting or modifying, withdrawing, viewing, using, detecting through transmission, publishing or otherwise made available, classifying or combining, blocking, deleting or destroying, and carrying out logical, mathematical and other operations with that data.

How do we collect personal information?

We collect your personal data, among other things, in the following cases:

- if you contact us directly through our website to request information and inquiries through the ticket booking forms for our programs

- if you are under the age of 16, please do not provide us with any information without the approval of your parents or guardians.

How your data can be used

The use of personal data in accordance with personal data protection regulations must be justified on the basis of one of the legal grounds. Reasonable grounds for data processing are, inter alia, legitimate interest, contractual obligation, legal basis and consent. We use processing based on legitimate interest to promote and provide information about our services, for the purpose of maintaining the highest standards of sales of services from our offer. The fundamental rights and freedoms of existing and potential customers are measured against our interest in processing data for the stated purpose.

Personal data may be transferred to third parties provided that there is a reasonable basis for the transfer, such as the fulfilment of the service or the performance of a contractual or legal obligation.

We are subject to the laws of the Republic of Croatia, as well as supranational regulations, and we are obliged to comply with them, including the provision of your data to law enforcement, regulatory and judicial authorities and third parties in connection with proceedings or investigations anywhere in the world where required. Where permitted, we will make such a request directly to you or notify you before responding, unless it might affect the prevention or detection of a crime.

The provision of personal data in order to comply with binding requirements for your data constitutes a legal obligation that depends on the specific request.

How we keep your data secure

We use a variety of security measures, including encryption and authentication, to protect and maintain the security, integrity and availability of your data.

Among other things, we use the following measures:

– severely restricted personal access to your data on the principle of 'necessary access'

– secure transfer of collected data.

All your data is stored on our secure servers and accessed and used in accordance with our policies and security standards. Protecting the privacy of your data is permanent, and we take all measures necessary to protect it. We process personal data securely, including protection against unauthorized or unlawful processing and loss.

By fulfilling the contact form for booking tickets on the www.osorfestival.eu website, the User gives consent (consent) for the processing of his personal data specified in the registration form for a specific purpose (that is, exclusively for booking tickets for concerts).

We undertake to protect the privacy of the personal data of all Users and will treat them in accordance with the EU General Data Protection Regulation (679/2016) and other applicable national applicable regulations. We may not and will not unauthorisedly use or make the collected personal data of registered users and website visitors available to third parties, except in cases where a special law allows it, if it does so by our legal obligation or is necessary for the purpose of realizing contractual obligations.

We undertake not to misuse personal data from ticket booking forms or collected through cookies, nor to leave it to third parties without your permission, except in cases where so explicitly required by law and in cases where this is necessary to fulfil the obligations. Personal data are considered to be all data establishing the identity of the User (e.g. name and surname, e-mail address, etc.), which are used for the purpose of executing the contract, statistics and the possible sending of special offers and newsletters for registered users, and upon specially obtained consent.

All your data is strictly kept and is only available to employees who need this information to do their job. All our employees and business partners are responsible for respecting the privacy principles. We undertake to protect your personal data by collecting only basic information about users and potential customers who are necessary for the fulfillment of obligations, i.e. the performance of the contract. We will use the data that is automatically recorded by accessing the website (IP address, domain name, browser types, number of visits, time spent on the site, etc.) solely to evaluate the website's visit and to improve its content and functionality, i.e. for statistical and security purposes.

According to the General Data Protection Regulation, the Law on the Implementation of the General Data Protection Regulation and other regulations relating to data protection, in order to protect the confidentiality of personal data, we undertake in particular to treat the User's data in accordance with the law and good faith, to collect data exclusively for specific and legitimate purposes, not to forward data to any third party without your prior consent , do not forward your personal data to countries outside the EU territory unless that country ensures an adequate level of data protection; ensure adequate, secure storage of your personal data, in such a way that it does not go beyond the purpose for which the data was collected and for which it is processed; ensure the accuracy of your personal data; ensure the processing of personal data only for the time and purpose for which it is necessary; take all necessary and appropriate technical and organisational measures to prevent the destruction, damage or loss of personal data.

In case you no longer want us to process your data in any way, request the deletion, correction or transfer of your data, let us know by e-mail to osorskeveceri@gmail.com

We may contact you to authenticate the request. Those data that are mandatorily kept after the termination of any subscription under the regulations in the field of accounting and tax law will not be deleted.

The retention period of the User's data lasts 5 (in letters: five) years from the date of completion of the business relationship or until the receipt of the request for deletion by the individual to whom the personal data relate, after which the personal data is deleted. We keep personal data longer than the specified deadline only if it is binding on applicable regulations in the Republic of Croatia or supranational legislation.

If you object to the processing of your data, you can file your complaint with the competent state authority, in accordance with the General Data Protection Regulation and national legislation.