General terms of use and protection of personal data at

Date of first publication: May 2024

Date of current valid version: 27 May 2024

This notice applies to the home page and all subpages of

Owner and controller

The MGLC website (hereinafter referred to as is managed by the public institute International Centre of Graphic Arts (MGLC), Pod turnom 3, 1000 Ljubljana, Slovenia, registration number: 5269903000, tax number: 39110079.

General terms of use

By using the website, the visitor or user declares and confirms that they are aware of the general terms and conditions of use of the website and that they agree to them. By accepting the general terms and conditions, the visitor or user also accepts the specific rules and instructions of the individual services as written on the subpages of

MGLC takes the utmost care to ensure that it posts information that is correct, complete and up-to-date. Its criminal and civil liability for factual and legal errors in the information is completely excluded and MGLC shall not be liable for any direct or indirect damage or inconvenience that may be caused to the user as a result of the use of any incorrect, incomplete or inaccurate information that may appear on the website.

Content unsuitable for minors

The website presents a wide variety of artworks that are not censored. Such works may include nudity or other content that some people may find objectionable. Parents or guardians of minors and children are solely responsible for the content their child accesses at

Use of cookies

The website uses cookies. These are used for the proper functioning of the website and to monitor traffic (Google Analytics).

Protection and processing of personal data

The Personal Data Protection Policy of the public institute International Centre of Graphic Arts (hereinafter referred to as the public institute), which operates the website defines our commitment to respecting your privacy and handling your personal data responsibly.

We are aware of the importance of privacy protection in the public institute, therefore all employees who process and use personal data in their work are familiar with the provisions of the General Regulation of the European Parliament and of the Council 679/2016 on the protection of personal data (hereinafter after referred to as GDPR), the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 163/22 – ZVOP-2), applicable national regulations and guidelines, as well as the opinions of the competent supervisory institutions for the protection of personal data in the area of our work.

I. The meaning of general terms

  1. "Personal data" means any information relating to an identified or identifiable individual (hereinafter: the data subject); an identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
  2. "special personal data" means data revealing racial or ethnic origin, political opinion, religious or philosophical belief or trade union membership, and the processing of genetic data, biometric data, data concerning health, social situation and protection, an individual's sex life or sexual orientation;
  3. "processing" means any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise enabling access, alignment or combination, restriction, erasure or destruction;
  4. "restriction of processing" means the marking of stored personal data in order to restrict their processing in the future;
  5. "collection" means any structured set of personal data which are accessible in accordance with specific criteria and which may be centralised, decentralised or dispersed on a functional or geographical basis;
  6. "controller" means the company or institution – the public institute, which alone or jointly with others determines the purposes and means of the processing; when the purposes and means of the processing are determined by European Union law or by national rules, the controller or the specific criteria for their designation may be determined by European Union law or by national rules;
  7. "processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
  8. "user" means the natural or legal person, public authority, agency or other body to whom the personal data have been disclosed, whether or not a third party. However, public authorities which may receive personal data in the context of a particular enquiry pursuant to European Union law or national rules shall not be considered as users. The processing of data by public authorities is carried out in accordance with the applicable data protection rules in relation to the purposes of the processing;
  9. "third party" means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons authorised to process personal data under the direct authority of the controller or processor;
  10. "data subject consent" means any voluntary, explicit, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by clear affirmative action, signify their agreement to the processing of personal data concerning them;
  11. "personal data breach" means a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;
  12. "supervisory authority" means an independent public authority, in Slovenia the Information Commissioner (the "IC").

II. The principles we follow when processing personal data

The principles that apply to compliance with the GDPR and national regulations in the public institute are:

The principle of lawfulness, fairness and transparency means that the data is processed lawfully, fairly and in a transparent manner and in relation to the data subject.

The principle of limitation means that the personal data of the data subject shall be collected for specified, explicit and legitimate purposes and shall not be further processed for purposes incompatible with those purposes, with the exception of archiving purposes in the public interest, scientific research purposes, historical research purposes or statistical purposes.

The principle of data minimisation means that personal data must be adequate, relevant and limited to the purpose for which it is collected, i.e. the purpose for which it is processed.

The principle of accuracy means that the personal data collected is accurate and, where necessary, kept up to date. It must be ensured that appropriate measures are taken to erase or rectify inaccurate personal data at any time, taking into account the purposes for which it is processed.

The principle of storage limitation means that personal data shall be stored in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the data is processed. Only personal data relating to individuals may be stored for a longer period where the archiving is in the public interest, for scientific research, historical research or statistical purposes.

The principle of integrity and confidentiality means that personal data shall be processed in a way that ensures adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by means of appropriate organisational and technical measures.

The principle of accountability means that the data controller is responsible for the processing of personal data in accordance with these principles and is able to demonstrate this at all times.

III. Personal data controller

In case of cooperation with our public institute, the controller of your personal data is the public institute International Centre of Graphic Arts (MGLC), Pod turnom 3, 1000 Ljubljana, Slovenia.

We treat your personal data with care and have appropriate technical and organisational measures in place to protect your personal data.

IV. Personal data processors

In certain cases, your data may also be processed by our contractual processors. The processors process the data exclusively on our instructions and on our behalf. They are trusted legal entities or individuals who are properly vetted before entering into a contract processing agreement, whereby both parties to the contract undertake to process all personal data with which they come into contact in a careful and lawful manner.

V. Types of personal data and purpose of processing

We process your data exclusively on the basis of your prior consent and in accordance with the purpose of the consent.

We collect different types of personal data, and what exactly depends on the type of contractual or other relationship we have with you. The type of contractual relationship also determines the purpose for which we process your personal data.

VI. Disclosure of data to third parties

We only disclose personal data to third parties if:

  • we are required to do so by law, or
  • have your consent to do so.

VII. Storage of personal data

We only keep your personal data until the purpose for which it was provided has been fulfilled or for as long as we are required to do so by law.

VIII. The rights of the data subject

You have the right at any time to:

a) access to data,

b) correction of data,

c) erasure ("right to be forgotten"),

d) processing restrictions,

e) data portability,

f) objection.

a) The data subject shall have the right to request the controller to provide him or her with an explanation as to whether any personal data concerning him or her are being processed. Where the data of that data subject are being processed, the controller shall be obliged to give the data subject access to the personal data and to inform the data subject of the purpose of the processing of the personal data, the types of data concerned, the users to whom the data are or will be disclosed, the envisaged period of retention of the personal data or the criteria for determining the period of retention of the personal data, and the right of the data subject to request rectification, erasure or restriction of, or to object to, the processing. It must also inform the data subject that they have the right to lodge a complaint with a supervisory authority and any other available information on the source of the collection of their personal data, where the personal data are not collected from the data subject.

b) The data subject shall have the right at any time to have inaccurate data concerning him or her rectified or to have incomplete data completed by the controller, including by means of a supplementary declaration, without undue delay.

c) Where one of the following conditions is met:

  • the personal data of the data subject are no longer necessary for the purposes for which they were collected or otherwise processed,
  • the data subject withdraws the consent or acquiescence given to the collection and processing of their personal data and there is no other legal basis for the collection of personal data,
  • the data subject objects to the processing of personal data and there are no overriding legitimate grounds for the processing,
  • the personal data have been unlawfully processed,
  • personal data collected in connection with the offer of information society services,

the data subject shall have the right to have personal data concerning him or her erased by the controller without undue delay.

That right of the data subject shall not apply where the processing of personal data is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation to process under European Union or national law, or for the performance of a public task carried out in the public interest or in the exercise of official authority, which has been attributed to the controller, for reasons of public interest in the field of public health and for archiving purposes in the public interest, scientific research, historical research or statistical purposes, or for the establishment, exercise or defence of legal claims.

d) The data subject shall have the right to request the controller to restrict the processing of their personal data. The restriction of processing may apply where:

  1. the data subject contests the accuracy of the data for a period which allows the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of their use;
  3. the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims;
  4. the data subject has raised an objection to the processing, pending verification of whether the legitimate grounds of the controller override those of the data subject.

e) The data subject shall have the right to receive personal data concerning them which they have provided to the controller and the right to communicate that data to another controller without being hindered by the controller to whom the personal data has been provided.

f) The data subject shall have the right to object at any time to the processing of personal data concerning them.

IX. The obligations of the controller

The public institute will decide on your request without undue delay, but no later than one month after receiving it. In the case of a more complex matter or where there are a large number of requests, the time limit may be extended by up to two additional months, which we will inform you of no later than one month after receipt of the request, together with the reasons for the delay and a legal notice.

The public institute may decide on your application by written notification, which must include an explanation of the reasons for the controller's decision and information about your right to appeal under national law.

The public institute shall bear the burden of proving the accuracy and up-to-dateness of personal data and the lawfulness of the processing of personal data unless the personal data was obtained solely on the basis of the data subject's representations.

If your request is incomplete or incomprehensible, it cannot be rejected for that reason alone. The public institute must request that the deficiencies be corrected within five working days and indicate that the applicant should complete the application within three working days.

If you remedy the deficiencies within the time limit, the application is deemed to have been lodged when the request remedying the deficiencies was made. If you fail to remedy the deficiencies within that period, the public institute shall reject the application by decision. This decision may be appealed.

If your request is refused, you can lodge a reasoned appeal with the public institute within 15 days of receiving the notification or decision of the public institute.

From the receipt of your request until it is granted or, in the case of a refusal of your request, until its final conclusion, the public institute may not destroy, alter or dispose of the personal data requested, irrespective of the expiry of the statutory or internally established retention periods for personal data.

X. Data protection officer

If you have any questions regarding the processing of your personal data or to exercise your rights in relation to your personal data, you can contact our Data Protection Officer, Omnimodo, d.o.o., telephone: +386 1 23 223 47, e-mail:

If you believe that your rights to the protection of your personal data have been violated in any way or that we have not decided on your request within the specified time limit, you can complain to the supervisory authority: the Information Commissioner, Dunajska cesta 22, 1000 Ljubljana, Slovenia.

XI. Policy changes

The Privacy Policy is subject to change. Changes will be published in the same way as this policy is published.


The content of the website is a work of authorship, the copyright owner of which is the controller, and as such is subject to copyright protection or other forms of intellectual property protection. Content protected by copyright, legal and other intellectual property rights includes text, images and data.

Users or visitors are only allowed to use the published content for personal and non-commercial purposes. All copyright and other intellectual or other proprietary rights notices must be strictly observed. Any other disposition of the content is prohibited, including, but not limited to, modification, copying or republication of any content in whole or in part on other sites, unless expressly permitted in writing by the controller.

Use of the Site in contravention of these rules is prohibited. Any user who uses the Site in a manner contrary to these rules shall be held fully liable for damages.

Terms and conditions and purchase information

Certificate of Authenticity

Artworks on sale are certified with the artist's signature. MGLC guarantees the authenticity of the artwork and can issue a certificate at the buyer's request.

Payment options

You can pay for your order with Eurocard (Mastercard), Visa, Diners, American Express, Magna, Maestro and Activa credit cards.

Order acceptance and confirmation

After placing an order, the user (hereinafter referred to as the buyer) receives an e-mail notification that the order has been accepted.

Upon receipt of the order, MGLC (hereinafter referred to as the seller) shall inspect the order, check the deliverability of the products ordered and confirm or reject the order with a reason. The seller may also contact the customer by telephone on the contact telephone number provided to verify the information or to ensure the accuracy of the delivery. Upon confirmation of the order, MGLC shall inform the buyer by e-mail of the estimated delivery time. The Sales Contract between the buyer and the seller for the purchase of the products ordered is irrevocably concluded at this stage (see Sales Contract).

Order processing time

The time it takes the MGLC online shop to prepare an order for dispatch is not always the same. Shipments are dispatched within 5 working days. In exceptional cases and during the annual public holidays, MGLC reserves the right to make certain works available for sale only physically in the MGLC Museum Shop.

Collection of purchased goods and postage

Purchases can be picked up in person at MGLC (Pod turnom 3, 1000 Ljubljana) – there is no charge for pick-up – or can be dispatched by postal mail. Shipments are sent to most European countries and worldwide. The delivery time depends on the time required by the delivery service and the location and distance of the shipping address.

Postage is charged as a single amount including VAT:

Slovenia: €8.95
International: €30

Publications and products
Slovenia: €3.95
International: €10.80

Package insurance during transport

The International Business Package is insured against loss, theft, damage or pillage. The user is entitled up to the amount of the marked value, up to a maximum of EUR 4,200, or the actual damage incurred if this is less than the marked value.

Claims in case of damage during shipment

We pack our goods with care and mark our shipments with the "Handle with Care" symbol. However, it is still possible that goods may incur damage. In this case, please inform us of the situation at and

Sales Contract

The MGLC online shop will issue an invoice to the customer who purchases a product from the online shop. The Sales Contract between the seller and the buyer is concluded at the moment the MGLC online shop confirms the order (see Order Confirmation). From that moment on, all prices and other terms and conditions of purchase are fixed and apply to both MGLC and the buyer.

Return of goods

Refunds are accepted in the following cases:

  • we are notified about the goods within 14 days of delivery,
  • the goods are sent back within 21 days of delivery,
  • the goods are returned undamaged,
  • a complaint procedure is initiated with the postal service if the goods are damaged and the damage is not the fault of the buyer,
  • the Certificate of Authenticity is returned with the artwork.

Due to their nature, we cannot accept refunds for digital downloads.

The buyer has the right to withdraw from the Sales Contract within 14 days from the date of receipt of the ordered products by sending an email to and, without having to provide a reason for such a decision. The return of the purchased goods to the MGLC online shop within the withdrawal period shall also be deemed to be a withdrawal. The only cost to be borne by the buyer as a result of the withdrawal from the Sales Contract shall be the cost of returning the products to MGLC. The purchased goods must be returned to the MGLC online shop no later than 21 days from the date of the cancellation notice.

The goods may not be used by the buyer in the event of withdrawal from the purchase. If the returned goods are not returned in their original condition, the buyer shall be liable for any loss of value.

Purchased goods must be returned undamaged in their original packaging and unchanged in quantity, unless the products are destroyed, spoiled, lost or reduced in quantity, without any fault on the part of the buyer. If the postal package with which the buyer received the products ordered is physically damaged, is missing contents or shows signs of opening, the buyer must initiate a complaint procedure with the postal service (Pošta Slovenije) and notify the MGLC online shop at and

For returned products, the MGLC public institute shall refund the buyer the amount paid or the gift voucher redeemed as soon as possible, but at the latest within 30 days of receipt of the notice of cancellation. The refund shall be made by the MGLC public institute to the buyer's personal or business account. Redeemed gift voucher shall be refunded as credit.

If you have any problems with your order, please write to and

Dispute resolution

Any disputes will be settled by mutual agreement between the controller and the user or, in the event of failure, before a court of competent jurisdiction in Ljubljana.

Changes to the general terms and conditions and the personal data protection policy

MGLC may make changes to these pages at any time without notice and accepts no responsibility for the consequences of such changes. Users are bound by the notice as modified from time to time and are advised to monitor these pages if they are used.

The latest version of the Privacy Policy will always be published on the website, with the "Effective Date" date appearing at the top of the text.

Upon the entry into force of these General Terms and Conditions, the previous General Terms and Conditions shall cease to apply.