★ 06.JUN · PREMIERE SCREENING OF “SOUNDS FROM THE CANOPY 2026” ★ 13.JUN · DEATH TRIBUTE VEČE / NEAR DEATH EXPIRIENCE, ARSON, STAVROS ★ 14.JUN · VEDAN KOLOD / SUBOTICA ★ 19.JUN · AB RE - SERBIAN JAZZ IN OPOSSITION ★ 25.JUN · PUTAN CLUB ★ 09.JUL · GNEZDO FEST 2026 ★ 12.AVG · FORTRESS UNDER SIEGE (GR) ★ 03.NOV · METANIKA ★★ 06.JUN · PREMIERE SCREENING OF “SOUNDS FROM THE CANOPY 2026” ★ 13.JUN · DEATH TRIBUTE VEČE / NEAR DEATH EXPIRIENCE, ARSON, STAVROS ★ 14.JUN · VEDAN KOLOD / SUBOTICA ★ 19.JUN · AB RE - SERBIAN JAZZ IN OPOSSITION ★ 25.JUN · PUTAN CLUB ★ 09.JUL · GNEZDO FEST 2026 ★ 12.AVG · FORTRESS UNDER SIEGE (GR) ★ 03.NOV · METANIKA ★★ 06.JUN · PREMIERE SCREENING OF “SOUNDS FROM THE CANOPY 2026” ★ 13.JUN · DEATH TRIBUTE VEČE / NEAR DEATH EXPIRIENCE, ARSON, STAVROS ★ 14.JUN · VEDAN KOLOD / SUBOTICA ★ 19.JUN · AB RE - SERBIAN JAZZ IN OPOSSITION ★ 25.JUN · PUTAN CLUB ★ 09.JUL · GNEZDO FEST 2026 ★ 12.AVG · FORTRESS UNDER SIEGE (GR) ★ 03.NOV · METANIKA ★
AKC Gnezdo
SREN

Your privacy

Privacy Policy

How we collect, store and protect your personal data.

Who we are and who processes your data

The data controller is Alternativni kulturni centar Gnezdo (Gnezdo Cultural Centre), Kruševac, Republic of Serbia (hereinafter: "Gnezdo", "we", "us").

For all data protection enquiries, please contact us at: info@gnezdo.rs

This Privacy Policy describes what data we collect through the akcgnezdo.rs website, how we use it, with whom we may share it, and what rights you have as a data subject — in accordance with the Serbian Law on Personal Data Protection (LPDP, Official Gazette RS, No. 87/2018) and, where applicable, the EU General Data Protection Regulation (GDPR).

What data we collect and how

1. Contact form

When you send us a message via the contact form, we collect your name, email address, and the content of your message. We use this data solely to respond to your enquiry.

2. Event registration (RSVP)

When you register for one of our events, we collect your name, email address, number of guests and any optional notes. We use this data to organise the event and to send a registration confirmation.

3. Volunteer application

When you complete the volunteer form, we collect your name, email address and your motivation note. We use this data to assess and contact prospective volunteers.

4. Site analytics

We use Google Analytics to anonymously track site visits — number of visitors, most popular pages, session duration. Google does not receive your name, address or other directly identifying data. IP addresses are anonymised before transmission. You can opt out by installing the Google Analytics Opt-out Browser Add-on.

Legal basis for processing

We process your data on the following legal bases (Art. 12 LPDP):

  • Performance of a contract or pre-contractual measures (Art. 12(1)(3)) — for processing RSVP registrations and volunteer applications.

  • Legitimate interests (Art. 12(1)(6)) — for responding to contact messages and ensuring the security and proper functioning of the site.

  • Consent (Art. 12(1)(1)) — for analytics cookies and any marketing communications, where you have expressly permitted this.

Cookies

Our site uses the following types of cookies:

  • Strictly necessary (functional) cookies — required for the site to function correctly (session management, security tokens). These cannot be disabled without impairing site functionality.

  • Analytics cookies — Google Analytics (_ga, _gid) to understand how visitors use our site, in order to improve content and user experience.

You can refuse or delete cookies at any time through your browser settings. Please note that disabling certain cookies may affect site functionality.

Sharing data with third parties

We do not sell or rent your personal data. Some data may be processed by the following trusted data processors, solely for the purposes described in this Policy:

  • Supabase Inc. (US / EU region) — database and hosting provider. Data is stored on servers in Europe. Supabase is GDPR-compliant and a signatory to EU Standard Contractual Clauses for international data transfers.

  • Google LLC — Google Analytics for anonymous site analytics. Further details: Google Privacy Policy.

  • Resend Inc. — transactional email service (RSVP confirmations, enquiry responses).

We may disclose data to competent public authorities solely on the basis of a legal obligation or court order.

Data retention

  • Contact messages — retained for 2 (two) years from receipt, then permanently deleted.

  • RSVP registrations — retained for 1 (one) year from the date of the event.

  • Volunteer applications — retained for 1 (one) year from submission or until active collaboration ends.

  • Analytics data — Google Analytics retains aggregated data for 14 months under the default configuration.

Your rights as a data subject

Under the LPDP, you have the following rights:

  • Right of access (Art. 26) — you may request confirmation of whether we process your data and obtain a copy of the data being processed.

  • Right to rectification (Art. 29) — you may request correction of inaccurate or completion of incomplete data.

  • Right to erasure (Art. 30) — you may request deletion of your data if it is no longer necessary for the purpose for which it was collected, if you withdraw consent, or if it was processed unlawfully.

  • Right to restriction of processing (Art. 31) — you may request temporary suspension of processing in certain circumstances provided by law.

  • Right to data portability (Art. 36) — you may receive your data in a structured, commonly used, machine-readable format and transfer it to another controller.

  • Right to object (Art. 37) — you may object to processing based on the controller's legitimate interests.

  • Right to withdraw consent — you may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

To exercise any of these rights, please contact us in writing at info@gnezdo.rs. We will respond within 30 days of receiving your request. In complex cases the deadline may be extended by a further 60 days, of which we will notify you in advance.

If you believe that the processing of your data is contrary to the law, you have the right to lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection: www.poverenik.rs

Data security

We implement appropriate technical and organisational security measures: encryption of data in transit (TLS/HTTPS), role-based access control and regular security reviews. Despite these efforts, no digital system can guarantee absolute security. In the event of a personal data breach likely to result in a high risk to the rights and freedoms of individuals, we will notify you and the competent authority within the timeframes prescribed by the LPDP.

Changes to this Policy

We may periodically update this Privacy Policy to reflect changes in legislation or our data processing practices. Changes take effect upon publication of the updated version on this page, with the date of last revision clearly indicated. We recommend checking this page periodically.

Last updated: April 2026.

Contact

For all questions regarding the processing of your personal data: