General Information
Galerija „Meno niša“ (hereinafter referred to as “we” or the “Data Controller”) is the operator of this http://www.vilniusbiennial.com/ website (the “Site”). This Privacy Policy (the “Privacy Policy”) determines and explains how we collect and process the personal data of Site’s visitors. The Privacy Policy also provides information on the processing of data of all other data subjects in the course of our activities.
This Privacy Policy shall be applicable to all individuals visiting the Website, and terms and conditions laid down herein shall apply every time when you want to access the content and/or service provided by us irrespective of the fact what kind of a device (computer, mobile phone, tablet, etc.) you use. You can browse this Website without providing your personal data; however, if you provide them, we will ask to confirm that you have read this Privacy Policy and understood provisions hereof.
We process the data of all data subjects in a lawful, transparent and fair manner, for predetermined purposes and only to the extent required to achieve them. We process your personal data in adherence to the General Data Protection Regulation No 2016/679 (hereinafter referred to as the “GDPR”), the Republic of Lithuania Law on Legal Protection of Personal Data, as well as personal data processing requirements set out in other legal acts and recommendations and/or instructions of supervisory authorities.
Persons under the age of 14 cannot submit any personal data. If you are a person under the age of 14, you must obtain the consent of your legal representative (parent, adoptive parent, guardian, curator) prior to submitting your personal information.
Terms used in this Privacy Policy shall be understood as they are defined in the GDPR.
Essential information on the processing of personal data
Data controller: Galerija „Meno niša“
Purposes of data processing: conclusion, execution, and administration of transactions, contracts, and any other agreements; establishment, maintenance, and development of business, professional, and/or other legal relations; smooth organization and administration Galerija „Meno niša“ or related projects and the desire to maintain high standards for artists and their works; the dissemination of contemporary art and the promotion of education and culture; the internal administration and bookkeeping of our administration; determining the quality of online services provided by our administration; pursuing the interests of our administration in court or in another institution; direct marketing.
Your rights as a data subject: to know what data about you is being processed; demand correction of inaccurate data; demand the transfer of data to another controller; object to the processing of data; not consent to the processing of the data or withdraw consent at any time; demand the destruction of data; demand to restrict the processing of data; and the right to submit a complaint to the State Data Protection Inspectorate at ada@ada.lt.
To learn more about how we process your personal information and the specifics of our business, read the full section of our privacy policy below.
Detailed information on the processing of personal data
Data Controller details:
Galerija „Meno niša“
Juridinio asmens kodas: 126055987
Registruotos buveinės adresas: J. Basanavičiaus g. 1/13, LT-01118 Vilnius
Tel.: 8 (5) 2313811
El. paštas: info@menonisa.lt
How Do We Collect Information About You?
Your personal data, i.e. any information about you that allows us to identify you, are obtained in various ways:
- you can submit information (personal data) yourself;
- information about you can be collected automatically;
- in certain cases, we receive information about you from third parties and collect information about you from publicly accessible sources.
You can submit your personal data to us directly. This usually happens in cases when:
- give us charity, sponsorship, gifts or otherwise support us;
- use services provided by us;
- You register and/or participate in our exhibitions, auctions, gallery, programmes, seminars, conferences, symposia, lectures, creative camps or other events/projects organised by us;
- subscribe to our newsletters;
- submit a query, request and/or claim to us by phone, e-mail or post.
Information about you can be collected automatically. This usually happens in cases when:
- you submit queries or make posts on our websites or in our social network (e.g., Facebook, Instagram) accounts;
- you use websites controlled by us (data collected using cookies and similar technologies. Further information about cookies we use is provided below).
To the extend allowed by the applicable legislation, we can obtain information about you from third parties. This may be information submitted by our partners, counterparties, service providers, information from your public profiles or data bases.
We can link your information obtained from you or public and commercial sources with other information obtained from you or about you.
We can also collect information about you in other cases not discussed in this Privacy Policy. However, if that is the case, we will inform you accordingly.
What Information (Personal Data) About You We Process?
Although we try to collect as little information about you as possible, we collect the following information in order to carry out our activities:
- your contact details;
- information required for the conclusion, performance and administration of transactions, contracts and any other agreements;
- information about your achievements, creations, projects, professional or other public activity;
- your image captured in photos;
- information provided by you when you call or write us, submit queries or fill in registration forms;
- information contained in payment orders made by you to us;
- information required for the protection of interests of our institution in courts or other;
- information about the device you use;
- information required for direct marketing.
Information that we collect directly from you is usually as follows:
- name, surname, personal number, gender and other data provided in your ID document (passport or ID card), address of the place of residence, phone number, e-mail address, bank account number, place of employment/professional activity/business, position, education. Also, other information that may be required for the acquisition/provision of goods and/or services.
Information that we collect automatically is usually as follows:
- information about the way you use this Website and/or our other websites (device information: IP address, operating system version and parameters of the device you use to access the content; login information: your session time and duration and any information stored in cookies that we have stored on your device (cookie policy is provided below); location information: device GPS signal or information about the nearest WiFi access points and mobile towers that can be transferred to us when you use the content of our website).
Information received from third parties or public sources is usually as follows:
- name, surname, employment/professional activity/business, education, data on your achievements, creations or projects that are significant for art, education or culture, place of residence, and image captured in photos.
You can choose not to provide us with certain information; however, in this case, it is possible that we will not be able to provide our service to you (e.g., if you do not provide necessary information requested by us in order to reply to your query, we will not be able to answer you).
Important: the staff of the Galerija „Meno niša“ will not ask for any login data, bank card numbers, passwords or any other information which use could cause you financial or any other harm neither in writing, nor by phone or in any other manner.
For What Purposes and on What Grounds Do We Process Your Data?
Data processing purposes, grounds, and processed personal data is indicated in the following table:
Purpose | Legal basis (bases) | Personal data |
Creation, maintenance and development of business, professional and/or other lawful relations | Implementation of requirements provided in the legislation Public interest Legitimate interests of our – to expand our activities, find sponsors | Name, surname, gender, phone number, e-mail address or other contact details, place of employment/professional activity/business, position |
Organisation of our exhibitions, auctions, programmes, seminars, conferences, symposia, lectures, creative camps or other events/projects | Compliance with legal requirements Public interest Legitimate interests of our institution | Name, surname, gender, address of the place of residence, phone number, e-mail address, place of employment/professional activity/business, position, education, data on your achievements, creations or projects significant for art, education or culture, image captured in photos |
Promoting the prosperity of fine crafts and the professional traditions of art and folk art | Public interest Legitimate interests of our institution – to promote art and culture | Name, surname, gender, place of residence, place of employment/professional activity/business, position, education, data on your achievements, creations or projects significant for art, education or culture, image captured in photos |
Implementation of our obligations in adherence to the applicable legislation | Implementation of requirements provided in the legislation | Depending on the requirements provided in the applicable legislation, content of received requests of authorities or other objective circumstances |
Internal administration and keeping of accounts of our institution | Implementation of requirements provided in the legislation Legitimate interests of our institution – quality service for interested parties and customers, timely communication | All of your personal data held by us and indicated in this Privacy Policy may be processed for this purpose |
Establishment of the quality of internet services provided by institution (in order to improve them and create new content) | Legitimate interests of our institution – to provide quality online services, to ensure the operation of the website | IP address, operating system version and parameters of the device you use to access the content, your session time and duration and any information stored in cookies that we have set up on your device, device GPS signal or information about the nearest WiFi access points and mobile towers that can be transferred to us when you use the content of our website |
Protection of interests of our institution in courts or other | Implementation of requirements provided in the legislation Legitimate interests of our institution – to defend against claims Public interest | Depending on the action or claim brought, all of your personal data held by us and indicated in this Privacy Policy may be processed for this purpose |
Direct marketing (only where we have obtained your consent or, respectively, have not received your objection) | Consent Legitimate interest – to increase awareness about us and inform about the news (with regard to existing clients only) | Name, surname, gender, place of residence, place of employment/professional activity/business, position, education, data on your achievements, creations or projects significant for art, education or culture, image captured in photos, e-mail address, phone number, age |
In cases where we cannot use one of the legitimate grounds provided in this table, we will ask your consent prior to starting processing your personal data (such cases will be established according to circumstances and context).
In cases where we will process your personal data for other purposes than indicated in this Privacy Policy, we will inform you thereof in a separate notice.
We would like to inform you that we aim to keep in touch with our customers and provide them with information about the services we offer. To this end, we conduct direct marketing via email by sending notifications and news about our services, the biennial which is organized projects, etc.
We reserve the right to send promotional information about our goods or services to our customers at the e-mail address we received when providing them with services or selling goods, and our customers have the right now or at any time later to opt out of such direct marketing content by notifying us in any convenient way of their choice: by e-mail info@menonisa.lt, by letter to J. Basanavičiaus st. 1/13, LT-01118 Vilnius, or by using the opt-out link in the e-mail with promotional information itself. Such revocation will not affect the processing of your personal data by us prior to it.
In all other cases, we will only process your personal data for the purpose of direct marketing with your explicit consent to the processing of the data for that purpose (e.g., when you subscribe to our newsletters, etc.) You can revoke this consent at any time by notifying us in the ways described above.
Who Do We Transfer Your Personal Data To?
Without your prior written consent, we can transfer your personal data only in the following cases:
- to responsibly selected business partners or companies providing services on our request;
- to law enforcement and state authorities;
- to other subjects when this is important due to the public interest or required under the legislation, or necessary in order to protect our legitimate interests.
The possibilities of recipients of your personal data (individual data processors) to use your data are limited; they cannot use this information for other purposes than for the performance of agreement concluded with us. In order to be able to send direct marketing offers, your separate consent will be requested.
Also, we can transfer your data to data processors who provide services to us (perform works for us). Data processors have the right to process your personal data only on the grounds of a written agreement concluded between us and them, in accordance with our instructions, and only to the extent necessary for the duly implementation of obligations established in the agreement. When engaging processors, we use all means required to ensure that our data processors have implemented appropriate organisational and technical security measures and can ensure the confidentiality of your personal data.
The list of categories of data processors is as follows:
art gallery curators; banks; advertising agencies and companies providing marketing services; company maintaining the IT system of our institution and other software development, installation and support companies; companies providing communication services; security service; companies performing accounting operations for our institution; companies providing postal services and courier services; companies providing legal services; companies providing archiving services; bloggers and representatives of various other media outlets; managers of various galleries.
Where necessary and in order to protect our legitimate interests or for us to adhere to the necessary requirements provided in the legislation, we can transfer information about you held by us to other parties, such as state authorities, pre-trial investigation officers, courts, etc.
For more detailed information about specific companies indicated in this section to which your personal data may be transferred, please contact us using the contact details indicated in this Privacy Policy, in the privacy policies of other websites controlled by us, or notices submitted to you.
To Which Countries Do We Transfer Your Personal Data?
Sometimes we may have to transfer your personal data to other countries, which are applying lower level of protection of personal data. In such cases, we will do everything possible in order to ensure the protection of transferred personal data.
In extremely rare cases, we can send your personal data to countries outside the European Economic Area. In such cases, we will ensure that one of the following security measures is implemented:
- the agreement concluded with the data recipient is based on standard contractual clauses approved by the European Commission;
- binding corporate rules are applied;
- the data recipient is based in the country recognised by the European Commission as implementing adequate data security standards;
- codes of conduct and certification mechanisms are applied;
- the permit of the State Data Protection Inspectorate was obtained.
In cases where none of the aforementioned appropriate security measures are applicable, we can rely on exceptions provided for in Article 49 of the Regulation (e.g., transfer your personal data based on your consent); however, those can be relied on only in cases strictly laid down in the Regulation.
What Do We Do to Protect Your Personal Data?
We have implemented reasonable and appropriate technical and organisational measure in order to protect information that we collect for the purposes of provision of content/services. However, keep in mind that irrespective of the fact that we employ appropriate actions to protect your personal data, none of the websites, internet operations, computer systems or wireless connections are completely safe.
How Long Are We Going to Store Your Personal Data?
We establish personal data storage terms pursuant to the requirements provided in laws and regulations, as well as instructions of supervisory and/or other competent authorities. Where such requirements or instructions are not established, we determine data storage terms in consideration of the public interest or our own legitimate interests; however, we store data no longer than 2 years as of the moment of receipt thereof (unless, as mentioned, longer data storage periods are provided in the legislation).
At the end of the data storage periods, your data will be erased in a way preventing their restoration or anonymised in a way that there is no possibility to identify you.
Usually, personal data are stored for the following terms:
Personal data | Storage period |
Data related to the conclusion and performance of transactions, contracts and any other agreements | 10 years as of the expiry/termination of the transaction, contract or agreement |
Payment data | 10 years as of the date of payment operation |
Data related to registration forms to exhibitions, auctions, programmes, seminars, conferences, symposia, lectures, creative camps or other events/projects organised by us | Up to 2 years as of the date of submission of the registration form |
Data provided in queries, requests and/or claims submitted to us by phone, e-mail or post | Up to 1 year as of the date of receipt or fulfilment of the query/request/claim |
Information about your achievements, creations, projects, professional or other public activity | Data are regularly reviewed and stored as long as they are relevant for the promotion of contemporary art, as well as education and culture. Data can be erased earlier if we receive your objection to the storage of such data (if your interests are prevailing) |
Your image captured in photos | As long as your consent is valid or, if you are a public person, as long as the publication of your image is significant for the promotion of contemporary art, as well as education and culture. Data can be erased earlier if we receive your objection to the storage of such data (if your interests are prevailing) |
Your data related to potential or ongoing protection of our interests in courts or other institutions | Until the expiration of periods for the submission of claim/complaint or action limitation periods provided in the legislation and/or until the final court judgement comes into force |
Personal data processed based on your consent, except for consents to the use of your image captured in photos | Up to 2 years as of the moment of receipt of the consent if the consent was not withdrawn earlier |
IT system logs | 1 year |
Even in cases where you have expressed a wish to terminate the agreement and decline our services, we will have to store some of your personal data until the expiration of terms of storage of certain data due to possible future claims. The information will also be stored so that if required, we are able to provide you with the requested information, have appropriately recorded history of relations with you, and can answer all questions related to your cooperation with us.
What Rights Do You Have?
Your right | Respective limitations |
Right to know | You have the right to obtain before the commencement of processing of your personal data the information about the data processing in concise, plain and easy to understand language. |
Right of access | This right means that you can request us to provide you with the following: – confirmation that we process your personal data; – list of your personal data that is being processed; – list of purposes and legal grounds for the processing of your personal data; – confirmation if we transfer data to third countries, and if so, what security measures have been implemented; – source where we obtain your personal data; – information if profiling is carried out; – indication of data storage period. We will provide the aforementioned information on a condition that the rights and freedoms of other parties are not thus infringed. |
Right to rectification | Applicable if the information held by us and related to your personal data is incomplete or inaccurate. |
Right “to be forgotten” | Applicable in the following cases: – information held by us is not required any more for the achievement of specified purposes; – we process data based on your consent and you withdraw it; – we process data based on the legitimate interests, and after the submission of your request it is established that they are overridden by your private interests; – the information was obtained in an unlawful manner. |
Right to restriction | This right can be implemented for the period while we analyse the situation, i.e.: – if you dispute the accuracy of information; – if you object to personal data processing when the same is carried out on the basis of legitimate interests; – we use information unlawfully, but you object to its erasure; – we do not need information any more, but you require us to store it due to court proceedings. |
Right to data portability | This right can be implemented if you provided your data and we process it in an automated manner, based on your consent or agreement concluded with you. |
Right to object | This right can be implemented when such data processing is carried out in public interest or data processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. When your personal data is processed on such grounds, we bear the burden of demonstrating compelling legitimate grounds for the data processing which override your interests. Also, you can at any time object to the processing of your personal data for the purposes of direct marketing, which includes profiling to the extent that it is related to such direct marketing. |
Right to withdraw your consent | You can withdraw your consent to personal data processing at any time where the data are processed based on consent. |
Right to file a complaint with the State Data Protection Inspectorate | Data subject has the right to contact the authority responsible for the supervision and control of legal acts regulating personal data protection, i.e. the State Data Protection Inspectorate (A. Juozapavičiaus g. 6, 09310 Vilnius, e-mail ada@ada.lt, phone (+370 5) 271 2804). For more information, please visit: www.ada.lt |
We may refuse to ensure you conditions required for the implementation of the aforementioned rights where, in cases provided by laws, it is required to ensure the prevention, investigation and determination of criminal offences or breaches of official or professional ethics, as well as the protection of the data subject or the rights and freedoms of other persons.
We always strive to ensure your rights properly and to react in a timely manner to any possible infringement of fulfilment thereof; therefore, if you have any questions about your personal data processed by us, please contact us at first. Also, please note that, in any case, you have the right to file a complaint with the State Data Protection Inspectorate at any time.
We provide you with a possibility to fulfil your aforementioned rights in a convenient manner. You can do so by calling +370 (5) 2313811, writing us to at info@menonisa.lt or using respective links provided at the bottom of advertising content submitted by us where we submit such advertising content.
Your rights will be fulfilled after the live confirmation of your identity (by submitting an ID document: ID card or passport) or confirmation using electronic means (e.g., by electronic signature).
Cookies, Signals and Similar Technologies
In this Privacy Policy, we use the term “cookies” to indicate cookies and other similar technologies, for example, pixel tags, web beacons, or clear GIFs.
Cookies are small pieces of information stored in your web browser. They help us to:
- recognise you as a returning visitor of the specific website;
- ensure smooth operation of the Website;
- monitor the duration and frequency of visits, as well as collect statistical information about the number of Website visitors.
By analysing these data, we can improve our Website and make it more convenient to use.
Cookies used on our Website are as follows:
Category | Name | Period | Purpose |
Necessary technical cookies | PHPSESSID | Until you close the website. | Ensures the integrity of website functionality |
Functionality cookies | __cfduid | 1 year | Use of Cloudflare system in order to identify secure web traffic |
cf7msm_check | Until you close the website. | Used in forms for browser personalisation | |
Statistical cookies | __utma, __utmt, __utmb, __utmc, __utmz, __utmv | Respectively: 2 years, 30 minutes, Until you close the website, Until you close the website, 6 months | Cookies helping to collect information about the use of website |
When you use a browser to access the content provided by us, you can configure your browser to accept all cookies, reject all cookies or notify when a cookie is downloaded. Each browser is different; therefore, if you do not know how to change your cookie settings, please read its help menu. Operating system of your device can have additional cookie controls. If you do not want information to be collected using cookies, use a simple procedure available in most browsers that allows you disable cookies. For more information on cookie management, please visit: http://www.allaboutcookies.org/manage-cookies/.
Also, you can manage cookies by choosing certain options in our pop-up cookie information banner.
Please keep in mind that some services may be created in a way to function only with cookies, and by disabling all or some of them you will not be able to use those services.
Also, please note that apart from our cookies, the Website allows some third parties (for example, social network controllers) to store and access cookies on your device. Third parties installing such cookies use their own privacy policies and we cannot assume responsibility for them (our Website cannot access the information transferred by them); therefore, we urge you to additionally read the aforementioned policies provided on the websites of these third parties. Our social network accounts (Facebook, Instagram) are operated under the privacy policies of controllers thereof.
External Websites
The Website contains links to external websites, i.e. websites which are integrally linked to contemporary art activities (for example, websites controlled by the participants of the gallery). When clicking such links, please note that these websites and services available through them must have their own separate privacy policies (rules), for which we cannot assume responsibility; therefore, we recommend to read them thoroughly prior to submitting any personal data.
Contact Us
If you have noticed any Privacy Policy discrepancies or security breaches on any of the websites controlled by us or if you have any other questions related to the processing of your personal data, please contact us in any convenient way:
Galerija „Meno niša“
Juridinio asmens kodas: 126055987
Registruotos buveinės adresas: J. Basanavičiaus g. 1/13, LT-01118 Vilnius
Tel.: 8 (5) 2313811
El. paštas: info@menonisa.lt
Final Provisions
The Privacy Policy is reviewed and updated as required, but at least once per two years or in case of any amendments to the legislation regulating the processing of personal data. Having updated the Privacy Policy, we will notify you of, in our opinion, any material changes by publishing a notice on the Website or in any other similar way. If you use the content and/or services provided by us after such notification, we will consider that you agree with the new requirements laid down in the updated Privacy Policy.
The Privacy Policy was last revised on 12 May 2022.