ADMISS General Terms of Use and GDPR
I. These General Terms and Conditions of Use of ADMISS (hereinafter: the “Terms and Conditions”) govern the use of the ADMISS portal and its administrative web interface, operated by IPF, as well as the services available through the portal and the related rights and obligations of ADMISS users.
II. Access credentials (username and password) for the ADMISS portal may be obtained by any rights holder who has authorized IPF to manage related rights, which IPF administers on the basis of authorization granted by the competent authority. Such rights holders must also provide their contact details and any other information necessary for the management of their rights, including an email address (hereinafter: the “User”).
III. The user agrees not to use the ADMISS portal or its services for any purposes or activities that violate the applicable laws of the Republic of Slovenia or IPF’s internal regulations.
IV. By using their assigned username and password, the user may:
review and update their personal data submitted to IPF,
access the list of registered works in which they participate as a rights holder,
complete and submit electronic forms for the registration of new works or amend existing registrations,
review records of the use of works (both registered and unregistered),
access information on royalty calculations and review payments,
access relevant documentation,
consult the register of rights holders and members,
submit inquiries and requests to IPF.
V. The user must not use, disclose, or otherwise exploit for personal purposes any data, procedures, documentation, or other information obtained through ADMISS. In particular, the disclosure of any documentation obtained via ADMISS to third parties is strictly prohibited, as is the publication of such documentation in any physical or digital form on any platform. Any breach of this obligation or misuse of data or documentation shall result in the user’s civil and criminal liability.
VI. The user is obliged to protect all personal data accessed through ADMISS, regardless of the individual to whom such data relates, in accordance with applicable legislation. Failure to do so shall result in civil and criminal liability.
VII. The user must handle their username and password with due care and must not disclose or provide them to any third party. In the event of loss or theft of login credentials, the user must immediately notify IPF in writing and request the deactivation of their password. Such deactivation shall take effect on the first working day after IPF receives the notification.
VIII. IPF maintains records of all ADMISS logins and stores user-related data. The user bears full civil and criminal responsibility for the accuracy, content, and consequences of any entries, modifications, or corrections made using their username.
IX. The system administrator of IPF may restrict or revoke access credentials if the user acts in violation of these Terms and Conditions or misuses data and/or documentation, resulting in potential civil or criminal liability.
X. The ADMISS system will automatically disable a user account after multiple unsuccessful login attempts. To reactivate the account, the user must submit a written request to IPF to obtain a new password.
XI. IPF reserves the right to collect anonymous user data for statistical purposes and to improve the performance of ADMISS.
XII. These Terms and Conditions are published on the IPF website. By accessing and using ADMISS, the user confirms that they have read, understood, and accepted these Terms and Conditions.
XIII. IPF reserves the right to amend and/or supplement these Terms and Conditions at any time. Any such changes will be published on the IPF website and shall enter into force on the date of publication.
GDPR
PRIVACY NOTICE: Information on the processing of personal data by IPF, k.o., provided to data subjects pursuant to Articles 13 and 14 of GDPR – administration of rights under the CMCRRA (ZKUASP)
Data controller contact details:
IPF, k.o., Argentinska ulica 17, 1000 Ljubljana
E-address: info@ipf.si, pooblascenec.gdpr@ipf.si
Tel: +386 1 52 72 930
Web page: www.ipf.si
Collective management organisation of performers and phonogram producers of Slovenia, k.o. (hereinafter referred to as IPF, k.o. (short company name)) is a collective management organisation, its head office located at Argentinska ulica 17, 1000 Ljubljana, its registration number 1531964000, registered in Slovenian Business Register and Court Register, the submission number 13339200, and is the controller of your personal data.
IPF, k.o. processes personal data according to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – hereinafter referred to as GDPR), according to the relevant Personal Data Protection Act, and other personal data protection regulations. IPF, k.o. follows the principles of transparency and careful handling of personal data, respects your right to privacy and protects personal data with the greatest possible care. Your personal data shall be used solely for the purposes it is collected and processed for. IPF, k.o. will take all steps reasonably necessary to protect personal data against any kind of violations and misuse. The technical and organisational measures to protect personal data are further detailed in the internal acts IPF, k.o.
I. Contact information
If you have any kind of questions regarding personal data processing or you wish to exercise your rights in respect to the personal data processed by IPF, k.o., kindly write to the following address: IPF, k.o., Argentinska ulica 17, 1000 Ljubljana. In case of reasonable doubts regarding your identity, IPF, k.o. may ask for additional information. For further information regarding exercising your personal data rights you may also contact our Data Protection Officer (DPO) via e-address: pooblascenec.gdpr@ipf.si. Our DPO will also answer any questions regarding your data confidentiality, the manner of data collecting and processing, or your request to exercise your personal data rights.
II. Sources of personal data processed by IPF, k.o.
IPF, k.o. obtains individuals’ personal data from publicly available sources, such as public databases or public registers; from other collective management organisations with which it has entered into representation agreements; on the basis of notifications and/or the use of protected works by natural and legal persons; from legal entities or organisations authorised to represent rightholders; and from other legal entities for which the data subjects act as representatives and/or in whose interests they act.
III. Purposes and legal bases for the processing of personal data
1. Personal data of rightholders
The legal bases for the processing of rightholders’ personal data are Articles 6(1)(c), 6(1)(b) and 6(1)(f) of the GDPR. Rightholders’ personal data (e.g., first name, surname, date and place of birth, gender, citizenship, country of residence, data required for payments, etc.) shall be used exclusively for the purposes for which it was provided and/or is otherwise processed, namely:
• compliance with IPF, k.o.’s statutory obligations as a collective management organisation, as laid down in the Collective Management of Copyright and Related Rights Act (Official Gazette of the Republic of Slovenia No. 63/2016; CMCRRA (ZKUASP)) (Article 6(1)(c) GDPR), for the collection, allocation and payment of remuneration to rightholders;
• performance of a representation agreement with another collective management organisation and/or an entity acting on behalf of a rightholder, for the collection, allocation and payment of remuneration (Article 6(1)(b) GDPR); and, to the extent that the processing goes beyond the contractual relationship, on the basis of IPF, k.o.’s legitimate interests (Article 6(1)(f) GDPR);
• disclosure of personal data to contractual partners in order to ensure effective management, administration and safeguarding of operations, and the lawful functioning of IPF, k.o. (Article 6(1)(f) GDPR);
• the establishment, exercise and/or defence of legal claims by or against IPF, k.o., which constitutes IPF, k.o.’s legitimate interest (Article 6(1)(f) GDPR);
• compliance with statutory record-keeping and retention obligations arising from accounting and tax legislation (Article 6(1)(c) GDPR).
IPF, k.o. does not carry out automated decision-making, including profiling, within the meaning of Article 22 of the GDPR.
2. Personal data of other subjects
If you represent, or otherwise act in the interest of, a legal entity or other subject, your personal data (first name, surname and contact details) shall be processed on the following legal bases:
• an agreement with IPF, k.o., for its implementation or the implementation of measures before and for the purpose of concluding the agreement (Articles 6(1)(b) and 6(1)(f) GDPR);
• compliance with statutory record-keeping and retention obligations arising from accounting and tax legislation (Articles 6(1)(c) and 6(1)(f) GDPR);
• IPF, k.o.’s legitimate interests arising from the need to correctly identify persons authorised to represent right holders, parties to agreements, and/or other entities, for the purpose of contacting such persons (Article 6(1)(f) GDPR);
• the establishment, exercise and/or defence of legal claims by or against IPF, k.o. (Article 6(1)(f) GDPR).
IV. Personal data users/transferring personal data to other subjects
Personal data shall be used by the authorised IPF, k.o. employees only. When necessary, personal data of a data subject will be disclosed to the (contractual) data processors (accounting, IT providers for the purpose of software service and maintenance, law firms, auditors, postal operators and courier services, etc.) only. For the purposes of rights administration and the claiming and/or payment of remuneration, personal data shall be disclosed to other collective management organisations with which IPF, k.o. has concluded representation agreements, as well as to organisa¬tions of which IPF, k.o. is a member that provide international databases for the exchange of data between collective management organisations. Furthermore, the data may be shared with other subjects only when their obligation to ensure derives from legal provisions or in case of a legiti¬mate interest of IPF, k.o. or a third party. IPF, k.o. shall ensure the scope of information disclosed to such subjects is adequate and necessary to deliver its objectives.
In the course of rights administration and the performance of IPF, k.o.’s tasks, personal data may also be disclosed to collective management organisations and other entities in third countries outside the European Union or the European Economic Area with which IPF, k.o. has concluded bilateral or other representation and/or cooperation agreements.
In such cases, IPF, k.o. shall ensure that any transfer of personal data is carried out in accordance with Cahapter V of the GDPR, on the basis of an adequacy decision of the European Commission, appropriate safeguards such as standard contractual clauses adopted or approved by the Euro¬pean Commission, or other appropriate mechanisms permitted under the GDPR. IPF, k.o. ensures an adequate level of personal data protection and implements all necessary technical and organisational measures to safe¬guard the rights and freedoms of individuals.
V. Retention period
IPF, k.o. stores personal data and documentation in compliance with legal requirements or until the purpose of data retention is satisfied. After such purpose is satisfied, IPF, k.o. will stop processing and delete the personal data not needed to meet the legal obligations or for establishment, exercise or defence of legal claims.
VI. Your personal data processing rights
In accordance with the GDPR, IPF, k.o. ensures the exercise of the rights to which data subjects are entitled in relation to the processing of personal data. A data subject may request that IPF, k.o.: (1) issue a confirmation as to whether or not data relating to you is being processed, (2) grant access to your personal data, (3) provide information regarding the data processing (e.g. the purpose of the processing, the type of personal data, the users, the personal data was disclosed to, the expected retention period, technical and organisational measures for data safety, etc.), (4) ensure your inaccurate data be corrected and incomplete personal data be completed, (5) ensure the right to erasure of data, (6) ensure the right to have the processing restricted, (7) ensure the right to data portability and provide data in commonly-used, machine-readable format or provide the data to another controller directly, (8) ensure your right to object to such processing at any time if personal data is processed on the basis of legitimate interests (Article 6(1)(f) GDPR), unless IPF, k.o. demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, (9) offer further details regarding the right to lodge a complaint with a supervisory authority.
Data subjects may exercise all rights by submitting a written request to IPF, k.o., the data controller, by e-mail to pooblascenec.gdpr@ipf.si or by post to IPF, k.o., Argentinska ulica 17, 1000 Ljubljana. IPF, k.o. undertakes to respond to the data subject’s request without undue delay and, in any event, within the time limits prescribed by law.
Data subjects have the right to lodge a complaint with the competent supervisory authority in the event of an infringement of personal data protection, at the following address: Informacijski pooblaščenec, Zaloška 59, 1000 Ljubljana, or by e-mail to: gp.ip@ip-rs.si.