1. BASIC AND CONTACT INFORMATION

Data controller information:

Title CELJE CENTRAL LIBRARY
Address, postcode and city Museum Square 1a, 3000 Celje
Registration number 5055601000
Identification number SI 50396714
Responsible person Polonca Bajc Napret

Data Protection Officer (DPO) details:

First and last name LEA OCKO
Workplace librarian
Email address data.protection@knjiznica-celje.si
Phone number 03 426 17 20

2. PRIVACY POLICY

If you are a user of library services, as defined in the Rules of Operation of the Central Library of Celje and the Librarianship Act (Official Gazette of the Republic of Slovenia, No. 87/01, 96/02 – ZUJIK and 92/15), we collect various types of your data, but we attach great importance to the protection of your privacy and private data, which is why we collect and process your data to the minimum extent necessary and only for the purpose for which there is an explicit legal basis. We process your data for our own purposes as their controller. We may, on the basis of a data processing agreement, forward the data to our contractual processors, who process it in accordance with our instructions, over which we perform periodic supervision.

We only collect personal data directly from you – through completed forms or when communicating with you.

We do not perform profiling or automated decision-making based on the collected personal data, and we do not transfer the data to third countries.

Legal basis, type of data and purpose of collection and processing
As part of our library activities, we process personal data for various purposes and to varying extents, namely:

1. without your consent, to perform a task in the public interest, which is carried out as a library activity necessary for the performance of a public service in the field of education, which is assigned to us as the administrator under the law of the Republic of Slovenia, on the basis of:

  • Librarianship Act (Official Gazette of the Republic of Slovenia, No. 87/01, 96/02 – ZUJIK and 92/15),
  • Rules of Operation of the Central Library of Celje, adopted on 17 December 2024

2. based on the explicit consent of users of library services, to process personal data for one or more specific purposes.

Data transmission

We carefully protect your personal data and do not share it with third parties, except in accordance with applicable law. If personal data is shared with external processors for the purpose of carrying out our activities, we ensure that we have concluded appropriate data processing agreements with them and that the processors also comply with applicable data protection standards.

Retention time

We only store your data for as long as we are required to do so by law or as long as it is necessary to achieve the purpose for which the data was collected and used. If we have collected the data on the basis of consent, we store it until its revocation, unless the purpose for which it was collected has already been fulfilled. After the purpose of processing has been fulfilled, we delete or destroy the data, except when it concerns data that is stored permanently by law or is part of archival material.

1. Membership – library registration

A member who is an individual - a natural person, or a person who has been granted custody of a child under the age of fifteen (15), is obliged to provide the administrator, pursuant to Article 15 of the Librarianship Act:

  • first and last name,
  • date and place of birth,
  • address of permanent or temporary residence,
  • member category,
  • information for notification (contact telephone number or email address).

In order to ensure the accuracy of the data upon registration, the controller has the right to inspect a valid personal document with a photo (identity card, passport, driving license) and a certificate of temporary residence in the Republic of Slovenia, if the person is a foreign citizen with temporary residence in the Republic of Slovenia.

The purpose of collecting the above data is to register an individual in the library so that they can use services that the library provides only to members, namely to ensure traceability of borrowed library materials, restore damaged library materials, fulfill contractual obligations related to the use of certain types of library materials, fulfill obligations related to copyright and related rights, etc. The data is also necessary to ensure statistical monitoring and transmission to state authorities and other authorized users.

With the explicit consent of the member, the controller may collect:

  • data on educational level.

The purpose of collecting the above data is the need to plan the acquisition of library materials and organize services for target groups.

A member who is a legal entity shall provide the library with data that is accessible from public records and, based on the Business Rules, also:

  • name and surname of the person authorized to borrow the material,
  • contact telephone number of the authorized person,
  • contact email address of the authorized person.

An authorized person is an individual - a natural person who is the contact person and acts in the name and on behalf of a legal entity that is a member of the library.
The purpose of collecting the above data is to communicate with the person authorized to borrow materials within the framework of library services.

2. Membership fee

The controller may, based on the Business Rules, inspect:

  • unemployment certificate from the Employment Service of the Republic of Slovenia, which must not be older than one month,
  • certificate of receipt of financial social assistance from the Social Work Center with a recommendation from the Social Work Center,
  • a valid membership card of the Celje Librarians' Association,
  • decision on the degree of disability,
  • European Disability Card,
  • a valid certificate of education at the secondary, undergraduate or postgraduate level for the current school or academic year or a student ID card with a valid sticker for the current school or academic year.

The purpose of reviewing the above official documents is to acknowledge the application of a lower membership fee or exemption from paying membership fees upon proof of appropriate status.

3. Informing library members

The library collects and processes:

  • information for notification (contact telephone number or email address), which the member provides to the library upon registration.

The purpose of collecting the above data is to inform the member about the received or prepared material that the member reserved via the Internet in the My Library program or with the mCOBISS mobile device application (notification to email address, SMS notification) and to inform the member about outstanding claims.
Within "My Library", a member can also independently subscribe to other electronic notifications that help them in maintaining their own records. A member can request changes to their settings when visiting the library. For minors and persons assigned guardianship, the addressing of these notifications is determined by parents or guardians.

The library also collects and processes:

  • address of permanent or temporary residence, which the member provides to the library upon membership.

The purpose of collecting the aforementioned information is to inform or remind the member of undelivered materials by sending reminders by mail. For minors and persons assigned guardianship, reminders are addressed to parents or guardians.

4. Using computers in the library

The controller may, based on the Business Rules, inspect:

  • card number and membership password, if the person is a library member;
  • a valid personal identification document with a picture (ID card, passport, driver's license), if the person is not a library member.

The purpose is to ensure the right to use computer equipment owned by the library and to enable access to the Internet via the library network.

5. Video surveillance system in the library premises

The controller may, based on the Business Rules and the Personal Data Protection Rules, collect the following after a previously published notice of the implementation of video surveillance, which the individual must see no later than the moment when video surveillance begins:

  • snapshot (image),
  • recording date,
  • recording time.

Only authorized library employees can access personal data, and in the event of incidents, we may forward recordings to external parties who demonstrate an appropriate legal basis for this.

The purpose of collecting the above data is to ensure the safety of people and library property, to ensure control over entry and exit to or from the premises, and to monitor the nature of work that may pose a threat to employees.

Notice on the implementation of video surveillance

6. Photographing and recording events in the library

For the purpose of informing the public about the work of the library, events organized by the library itself or co-organized by the library may be partially or fully recorded or photographed. The personal data thus obtained may be processed (including their publication) when they concern events organized by the library within the scope of its tasks, responsibilities or activities, unless the individual has prohibited such processing.

7. Visit the library website

Our website uses cookies. The basis for this notice is the Electronic Communications Act (Official Gazette of the Republic of Slovenia, No. 109/12, 110/13, 40/14 – ZIN-B, 54/14 – dec. US, 81/15 and 40/17), which sets out rules regarding the use of cookies and similar technologies for storing information or accessing information stored on the user's computer or mobile device.

A cookie is a small text file that is important for the functioning of websites and is transferred to the user's computer when visiting the website, with prior consent. It usually contains:

  • the name of the server from which the cookie was sent;
  • the lifespan of the cookie;
  • value – usually a randomly generated unique number.

A cookie usually contains a sequence of letters and numbers that is downloaded to the user's computer when they visit a particular website. With each subsequent visit, the website will obtain information about the downloaded cookie and recognize the user. In addition to the function of improving the user experience, their purpose is different. Cookies can also be used to analyze behavior or recognize users. Therefore, we distinguish between different types of cookies.

The Central Library of Celje, as the operator of the website https://www.knjiznica-celje.si, for its own purposes, before a cookie is loaded onto the user's equipment, informs the user about this:

  • that the sole administrator of the website and its content is the Central Library of Celje, Mestni trg 1a, 3000 Celje, represented by the responsible person Polonca Bajc Napret;
  • that the controller uses the following cookies:
Cookie name Purpose Duration Owner
session id current number of visitors
on the page, login to the website administration		 until the browser is closed Celje Central Library
_it user differentiation 2 years Google Analytics
_gid user differentiation 24 hours Google Analytics
_gat speed of user requests 1 minute Google Analytics

We will not share the information we collect through cookies with unauthorized parties. If you do not want us to store cookies on your device, please choose the option to opt out or contact us for assistance.

8. Advertising

With the explicit consent of the individual, the controller may collect:

  • first and last name,
  • information for notification (contact telephone number or email address).

The purposes of collecting the aforementioned data are different and you can choose between them voluntarily:

  • informing you about our training courses and events and
  • maintaining contact with you regarding our business and
  • informing about services related to our activity and
  • any other purpose, which is more precisely defined in the consent.

Change of personal data

The member is obliged to notify the library of any changes to personal data within fifteen (15) days.

Individual consent or consent

We will not make any automated decisions based on the processing of your data. We undertake to use only personal data for which you have given your express, voluntary, unambiguous and affirmative consent. For personal data of children under the age of fifteen (15), the consent of the person who has custody of the child is required.

Before giving consent, the individual is always clearly and unambiguously informed that he or she can revoke the given consent at any time in the same manner as the consent was given, whereby the revocation of consent does not affect the lawfulness of the data processing that was carried out on the basis of the given consent until the revocation.

Categories of users to whom personal data will be disclosed

Personal data will only be processed by those persons at the controller who have a basis for processing in an individual case:

  • in the case of events and training: event or training managers and everyone who is responsible for the implementation of the event and for reporting and fulfilling other obligations related to the event or training;
  • in the event of an event: event managers and all those responsible for the implementation and reporting and for fulfilling other obligations related to the event;
  • for other library activities: all those who are responsible for implementation and reporting, as well as for fulfilling other obligations related to the specific activity;
  • for notifications related to our activity: the person who, by order of the director in a specific case, is obliged to send notifications and the persons who carry out supervision;
  • for the preparation of statistics: a person who, by order of the director in a specific case, is obliged to produce statistics and send notifications to the competent authorities;
  • for another legitimate and legal purpose: the person or persons who must fulfill this purpose.

In accordance with the General Data Protection Regulation, the Data Protection Officer will also have access to all data when performing prescribed tasks.

If we transfer personal data to external contractual processors for a specific case, we will ensure, taking into account your security, that we have an appropriate data processing agreement with the contractual processor and that the external processor complies with personal data protection regulations.

Information on the transfer of personal data to a third country

We store all personal data and personal data collections in the Republic of Slovenia. We undertake not to transfer your personal data outside the European Union or the European Economic Area.

Intended data retention and deletion periods

Member data is stored and processed for as long as the membership at the Celje Central Library is active.
In accordance with the Librarianship Act, the Administrator shall keep personal data about members in the Member Register for a maximum of one (1) year from the expiration of the membership in the library. After the expiration of the period, the data of inactive members, provided that their obligations have been settled, shall be appropriately deleted or anonymized. If the member still has outstanding obligations to the library at this time, their personal data shall be deleted or anonymized when the obligations have been settled.
A library member who no longer wishes to be a member may request the deletion of their data and library records by completing a withdrawal form, which must be completed in writing. Deletion is possible on the condition that the user has settled their obligations to the library in all departments.

We store an individual's personal data that we have obtained based on consent or consent until the consent is revoked.

The retention periods for other personal data are, in accordance with relevant legislation, set out in the internal acts of the Central Library of Celje and are limited to the shortest possible time. After this period, the data is appropriately deleted, destroyed or anonymised, except in cases where the law provides otherwise.

Validity of the personal data protection statement

The status of the personal data protection statement is indicated by the date below the text. In the event of a change in the regulations in the field of personal data protection, the controller undertakes to act in accordance with the change in the regulations. We reserve the right to change the personal data protection statement at any time with future effect. The current version will always be available on our website https://www.knjiznica-celje.si/. We ask you to visit our website regularly and inquire about the current personal data protection statement.

Status of this data protection declaration: July 2025

3. LEGAL NOTICE AND REQUESTS

At the Celje Central Library, we are aware of the responsibility of handling personal data, therefore we ensure that all personal data is managed, maintained, stored and controlled in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: the General Data Protection Regulation) and in accordance with the Personal Data Protection Act (ZVOP-2).

  • Rights of the data subject

The General Data Protection Regulation protects the personal data of every individual (natural person), with personal data being any information relating to an identified or identifiable individual.

An individual has the right to confirmation of whether personal data concerning him or her are being processed, and where this is the case, to access personal data and to be informed in a clear and understandable manner of the purpose of collection and the manner in which personal data are processed, as well as the significance and intended consequences of such processing for him or her.

At the Central Library of Celje, we want to ensure that the individual whose personal data we process has all the rights arising from the General Data Protection Regulation. The right to rectification is the right of the individual to whom personal data are processed to obtain from the controller, without undue delay, the rectification of inaccurate personal data concerning him or her. The individual to whom personal data are processed has the right, taking into account the purposes of the processing, to have incomplete personal data completed, including by submitting a supplementary statement.

The right to erasure is the right of the data subject to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller has an obligation to erase personal data without undue delay where one of the following reasons applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • the data subject withdraws the consent on the basis of which the processing is taking place;
  • the data subject objects to the processing and there are no overriding legitimate grounds for the processing;
  • the personal data has been processed unlawfully;
  • the personal data must be erased for compliance with a legal obligation under Union law or the law of the Republic of Slovenia;
  • personal data were collected in connection with the provision of information society services.

The right to restriction of processing is the right of the data subject to obtain from the controller restriction of processing where one of the following applies:

  • the data subject disputes the accuracy of the data, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of their use;
  • the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims;
  • the data subject has lodged an objection to the processing, pending verification whether the legitimate grounds of the controller override those of the data subject.
  • The Central Library of Celje will communicate any corrections or erasures of personal data or restrictions on processing to any user to whom personal data have been disclosed. In addition, we undertake to enable the data subject to exercise the right to data portability, in such a way that he or she will receive the personal data concerning him or her, which he or she has held, in a structured, commonly used and machine-readable format, and the right to transmit those data to another controller without hindrance, where the processing is based on consent or a contract, or where it is carried out by automated means. The individual has the right to one free copy of his or her personal data or to a printout in electronic form.
  • Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing purposes, including profiling to the extent that it is related to such direct marketing.

At the Celje Central Library, we are committed to doing everything in our power to help you as an individual exercise your rights, so in order to exercise the rights of individuals, we have prepared the following request forms that you can use as an individual:

  1. Request for access to personal data,
  2. Request for correction, deletion, portability or restriction of processing of personal data,
  3. Request for the provision of personal data.

Request forms for exercising your rights can be obtained free of charge on our website https://www.knjiznica-celje.si/ or at the loan counter.

The process of exercising individual rights

With this legal notice, we would like to inform individuals that they can submit the above-mentioned requests regarding the exercise of rights in relation to personal data in writing to us via e-mail. data.protection@knjiznica-celje.si or deliver them in person to the lending desk at the headquarters of the Celje Central Library, Muzejski trg 1a, 3000 Celje.

The individual is aware that the Celje Central Library may request additional information from him/her for the purposes of reliable identification in the event of exercising rights related to personal data, and may refuse the implementation procedure for exercising rights only if it proves that it cannot reliably identify the individual.
The individual is aware that the Central Library of Celje, as the controller, must respond to the individual's request to exercise rights in relation to the above-mentioned personal data without undue delay and no later than within one (1) month of receiving the request.

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
An individual has the right to lodge a complaint against the controller with the Information Commissioner if they believe that the processing of personal data violates the General Data Protection Regulation.

In Celje, on 25. 5. 2018
received by the director of the Celje Central Library, Polona Rifelj, MSc.

If you have any questions, problems or comments regarding the protection of personal data, you can always contact our data protection officer at the following email address: data.protection@knjiznica-celje.si and you will receive an answer as soon as possible.

Last updated: 21. 7. 2025

Polonca Bajc Napret, director

Navigation