Privacy Policy

Chamber of Economy of the Federation of Bosnia and Herzegovina (KFBiH)
Updated: 20 October 2025.

1. Who we are and how to contact us

Data controller: Chamber of Economy of the Federation of Bosnia and Herzegovina (KFBiH)
Address: Branislava Đurđeva 10, 71000 Sarajevo, Bosnia and Herzegovina
E-mail: info@kfbih.com
Web: https://kfbih.com

This policy explains how we collect, use, share and protect personal data when you visit our website and use related functionalities (e.g. embedded YouTube videos, Facebook Page plug-in, event/conference registration forms, analytics and advertising).

2. What the policy applies to

This policy applies to data processing through the website kfbih.com and related subdomains, including:

  • basic page display and security,

  • contact and/or registration forms for events/conferences,

  • third-party embeds (YouTube video, Facebook Page plug-in),

  • traffic measurement (Google Analytics 4),

  • marketing measurement and remarketing (Meta Pixel),

  • consent management via Real Cookie Banner (RCB).

The cookie policy is a separate document and supplements this policy: kfbih.com/pravila-o-kolacicima.

3. What data we process

  1. Technical and security data
    IP address, URL, date and time, user-agent (browser/device), basic server log data – for website display, troubleshooting and system security.

  2. Data from forms (e.g. event/conference registration, contact inquiry)
    Name and surname, organization/position, e-mail, phone, event name and selected sessions, any notes (e.g. dietary notes or preferences), and other data you voluntarily provide in the form fields.

  3. Data from cookies and similar technologies

  • Necessary (e.g. Real Cookie Banner – consent documentation),

  • Functional (e.g. settings in the YouTube player, Facebook Page plug-in),

  • Statistical (Google Analytics 4 – aggregated visit metrics),

  • Marketing (Meta Pixel – conversion measurement/remarketing).
    A detailed and updated list of cookies and durations is available in the Cookie Policy.

  1. Third-party embeds

  • YouTube (video content) – IP address, technical data and cookies/storage related to the player (activated only with consent),

  • Facebook Page plug-in (embedded display of the FB page/posts) – technical identifiers and Facebook cookies (activated only with consent).

We do not collect medical documentation through the website, nor do we process special categories of personal data, unless the user explicitly and voluntarily states them in a form (e.g. accessibility note). Do not share such information if it is not necessary.

4. Purposes and legal basis of processing

PurposeExamples of dataLegal basis
Website display, security and maintenanceIP, server logsLegitimate interest (Art. 6(1)(f) GDPR)
Response to inquiries / registration and event organizationcontact details, registration dataContract/pre-contractual steps (Art. 6(1)(b) GDPR)
Traffic statistics (GA4)aggregated events and technical identifiersConsent (Art. 6(1)(a) GDPR)
Marketing measurement and remarketing (Meta Pixel)web interactions, online identifiersConsent (Art. 6(1)(a) GDPR)
Content embeds (YouTube, Facebook Page plug-in)IP, player/plug-in settingsConsent (Art. 6(1)(a) GDPR)
Compliance with legal obligations (e.g. event accounting)identification and transaction dataLegal obligation (Art. 6(1)(c) GDPR)

Providing data is voluntary, but in the case of event registration forms it is necessary to process the application. Without providing basic data, we will not be able to process your inquiry/application.

5. Recipients and international transfers

Data may be processed by:

  • our authorized employees and contractual processors (hosting/IT support, e-mail providers),

  • third-party service providers we use on the site: Google Ireland/Google LLC (GA4, YouTube), Meta Platforms Ireland/Meta Platforms, Inc. (Meta Pixel, Facebook Page plug-in).

If an international transfer occurs (e.g. to the USA), it is based on appropriate safeguards (e.g. Standard Contractual Clauses – SCC) and additional organizational/technical measures. Non-essential services (statistics/marketing/embeds) are activated only after your consent via the banner.

6. Retention periods

  • Server logs and security records: up to 30 days, unless longer retention is needed for investigating a security incident.

  • Forms (contact/events): up to 12 months from the end of communication or event delivery (basic organizational trace), after which they are deleted or anonymized, unless a longer period is required by law.

  • GA4 (statistics): according to our GA4 retention settings (e.g. 2 or 14 months).

  • Consents (RCB): as long as necessary to prove lawfulness (e.g. up to 10 years for audit purposes).

When the period expires, we delete or anonymize the data.

7. Your rights

You have the right to request:

  • access to personal data,

  • rectification of inaccurate/incomplete data,

  • erasure (“right to be forgotten”) where applicable,

  • restriction of processing,

  • portability of data,

  • objection to processing based on legitimate interest,

  • withdrawal of consent at any time (without affecting the lawfulness of processing before withdrawal).

Send your request to: info@kfbih.com.
You also have the right to lodge a complaint with the competent supervisory authority in BiH: Agency for Personal Data Protection in BiH (AZLP BiH)www.azlp.ba, e-mail: azlpinfo@azlp.ba.

8. Cookies, Real Cookie Banner and consent management

For displaying service information, categorization and consent management we use Real Cookie Banner.

  • All non-essential scripts (GA4, Meta Pixel, YouTube, Facebook Page plug-in) are blocked until your consent.

  • You can change or withdraw settings at any time via the “Privacy settings” link on the page and/or in the footer.

Read the details about cookie types, duration and purpose in: kfbih.com/pravila-o-kolacicima.

9. Google Analytics 4 (GA4)

We use GA4 for aggregated visit statistics (visited pages, events, traffic source, device/browser).

  • GA4 is loaded only after your consent.

  • Where applicable, we apply Google Consent Mode signals (analytics_storage, ad_storage = denied until you give consent).

  • We retain data according to GA4 retention settings (2 months).

10. Meta Pixel and social networks

We use Meta Pixel to measure campaign performance and, with your consent, for remarketing.

  • Meta Pixel is activated only after consent.

  • If you are logged into Meta platforms (Facebook/Instagram), the processor may link visits to your account according to its own privacy rules.

Our presence on social networks (Facebook, Instagram, LinkedIn) means that when interacting (messages, comments, event registrations via posts) your data may also be processed according to those platforms’ rules. We recommend reviewing their privacy policies.

11. YouTube and Facebook Page plug-in (embedded content)

Embedded YouTube videos and Facebook Page plug-in may set third-party cookies/storage and process your IP address and technical data.
These contents are loaded only after your consent in the banner. If you do not consent, a replacement “placeholder” will be shown with the option for later activation.

12. Minors

Our web content is not directed at children under 16 years of age. We do not knowingly collect data about children without the consent of the holder of parental responsibility, where required.

13. Data security

We apply technical and organizational protection measures (TLS/HTTPS, access control, data minimization, backups and audits). In the event of a data breach, we will take measures in accordance with applicable regulations.

14. Document changes

We may update the policy from time to time to comply with the law and/or changes in our processes. Significant changes will be clearly highlighted on this page with the effective date.

Date of last update: 20 October 2025.