Privacy Policy

Chamber of Commerce of the Federation of Bosnia and Herzegovina (KFBiH)
Updated: 20 October 2025.

1. Who we are and how to contact us

Controller: Chamber of Commerce of the Federation of Bosnia and Herzegovina (KFBiH)
Address: Branislava Đurđeva 10, 71000 Sarajevo, Bosnia and Herzegovina
Email: info@kfbih.com
Web: https://staging.kfbih.com

This policy explains how we collect, use, share and protect personal data when you visit our website and use related features (e.g. embedded YouTube videos, Facebook Page plug-in, event/conference registration forms, analytics and advertising).

2. What the policy applies to

This policy applies to data processing via the website kfbih.com and related subdomains, including:

  • basic page display and security,

  • contact and/or registration forms for events/conferences,

  • third-party embeds (YouTube video, Facebook Page plug-in),

  • traffic measurement (Google Analytics 4),

  • marketing measurement and remarketing (Meta Pixel),

  • consent management via Real Cookie Banner (RCB).

The cookie policy is a separate document and supplements this policy: kfbih.com/pravila-o-kolacicima.

3. What data we process

  1. Technical and security data
    IP address, URL, date and time, user-agent (browser/device), basic data from server logs – for website display, troubleshooting and system security.

  2. Data from forms (e.g. event/conference registration, contact inquiry)
    Name and surname, organization/position, email, phone, event name and selected sessions, any notes (e.g. dietary notes or preferences), and other data you voluntarily provide in the form fields.

  3. Data from cookies and similar technologies

  • Necessary (e.g. Real Cookie Banner – recording consents),

  • Functional (e.g. settings in the YouTube player, Facebook Page plug-in),

  • Statistical (Google Analytics 4 – aggregated visit metrics),

  • Marketing (Meta Pixel – conversion measurement/remarketing).
    A detailed and up-to-date list of cookies and their duration is available in the Cookie Policy.

  1. Third-party embeds

  • YouTube (video content) – IP address, technical data and cookies/storage related to the player (activated only with consent),

  • Facebook Page plug-in (embedded display of the FB page/posts) – technical identifiers and Facebook cookies (activated only with consent).

We do not collect medical documentation through the website, nor do we process special categories of personal data, unless the user explicitly and voluntarily provides them in a form (e.g. an accessibility note). Please do not share such information if it is not necessary.

4. Purposes and legal basis of processing

PurposeExamples of dataLegal basis
Website display, security and maintenanceIP, server logsLegitimate interest (Art. 6(1)(f) GDPR)
Response to inquiries / registration and event organizationcontact details, registration dataContract/pre-contractual steps (Art. 6(1)(b) GDPR)
Traffic statistics (GA4)aggregated events and technical identifiersConsent (Art. 6(1)(a) GDPR)
Marketing measurement and remarketing (Meta Pixel)web interactions, online identifiersConsent (Art. 6(1)(a) GDPR)
Content embeds (YouTube, Facebook Page plug-in)IP, player/plug-in settingsConsent (Art. 6(1)(a) GDPR)
Compliance with legal obligations (e.g. event accounting)identification and transaction dataLegal obligation (Art. 6(1)(c) GDPR)

Providing data is voluntary, but in the case of event registration forms it is necessary to process the registration. Without providing basic data, we will not be able to process your inquiry/registration.

5. Recipients and international transfers

Data may be processed by:

  • our authorized employees and contractual processors (hosting/IT support, email providers),

  • third-party service providers we use on the site: Google Ireland/Google LLC (GA4, YouTube), Meta Platforms Ireland/Meta Platforms, Inc. (Meta Pixel, Facebook Page plug-in).

If an international transfer occurs (e.g. to the US), it is based on appropriate safeguards (e.g. Standard Contractual Clauses – SCC) and additional organizational/technical measures. Non-essential services (statistics/marketing/embeds) are activated only after your consent via the banner.

6. Retention periods

  • Server logs and security records: up to 30 days, unless longer retention is needed for investigating a security incident.

  • Forms (contact/events): up to 12 months after the end of communication or the event, after which they are deleted or anonymized, unless a longer period is required by law.

  • GA4 (statistics): according to our GA4 retention settings (e.g. 2 or 14 months).

  • Consents (RCB): as long as necessary to prove lawfulness (e.g. up to 10 years for audit purposes).

When the retention period expires, we delete or anonymize the data.

7. Your rights

You have the right to request:

  • access to personal data,

  • rectification of inaccurate/incomplete data,

  • erasure (“right to be forgotten”) where applicable,

  • restriction of processing,

  • portability of data,

  • objection to processing based on legitimate interest,

  • withdrawal of consent at any time (without affecting the lawfulness of processing before withdrawal).

Send your request to: info@kfbih.com.
You also have the right to lodge a complaint with the competent supervisory authority in BiH: Agency for Personal Data Protection in BiH (AZLP BiH)www.azlp.ba, email: azlpinfo@azlp.ba.

8. Cookies, Real Cookie Banner and consent management

For displaying service information, categorization and consent management we use Real Cookie Banner.

  • All non-essential scripts (GA4, Meta Pixel, YouTube, Facebook Page plug-in) are blocked until your consent.

  • You can change or withdraw settings at any time via the “Privacy settings” link on the page and/or in the footer.

Read the details about cookie types, duration and purpose at: kfbih.com/pravila-o-kolacicima.

9. Google Analytics 4 (GA4)

We use GA4 for aggregated visit statistics (visited pages, events, traffic source, device/browser).

  • GA4 loads only after your consent.

  • Where applicable, we apply Google Consent Mode signals (analytics_storage, ad_storage = denied until you give consent).

  • We retain data according to GA4 retention settings (2 months).

10. Meta Pixel and social networks

We use Meta Pixel to measure campaign performance and, with your consent, for remarketing.

  • Meta Pixel is activated only after consent.

  • If you are logged in to Meta platforms (Facebook/Instagram), the processor may link visits to your account according to its privacy rules.

Our presence on social networks (Facebook, Instagram, LinkedIn) means that when you interact (messages, comments, event registrations via posts), your data may also be processed according to those platforms’ rules. We recommend reviewing their privacy policies.

11. YouTube and Facebook Page plug-in (embedded content)

Embedded YouTube videos and the Facebook Page plug-in may place third-party cookies/storage and process your IP address and technical data.
These contents load only after your consent in the banner. If you do not consent, a replacement “placeholder” will be shown with the option to activate later.

12. Minors

Our web content is not directed at children under 16 years of age. We do not knowingly collect data about children without the consent of the holder of parental responsibility, where required.

13. Data security

We apply technical and organizational safeguards (TLS/HTTPS, access control, data minimization, backups and audits). In the event of a data breach, we will take measures in accordance with applicable regulations.

14. Document changes

We may update the policy from time to time to comply with the law and/or changes in our processes. Significant changes will be clearly highlighted on this page with the effective date.

Date of last update: 20 October 2025.