Skip to main content

Privacy Policy

1. GENERAL INFORMATION

As the creators and organizers of the prestigious event BALKAN SECURITY EXPO (hereinafter referred to as “BSE”), we declare that your privacy is of utmost importance to us. We take all personal data we come into contact with seriously, acting in accordance with the Law on Personal Data Protection of the Republic of Serbia (“Official Gazette of RS”, No. 87/2018), which fully reflects the best practices of the GDPR regulation – (General Data Protection Regulation – EU 2016/679). This privacy policy (hereinafter referred to as “Policy”) applies to the use of your personal data by (“BSE”, “we”, “us”, or “our”), the event organizer, across all our platforms and in all our services including events, fairs, websites, applications, and additional or related services (hereinafter referred to as “Service”). Terms and definitions:

  • Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia (hereinafter: “Commissioner”) – is an independent and autonomous government body established by law, responsible for supervising the implementation of the Personal Data Protection Act and performing other duties prescribed by law (https://www.poverenik.rs/en/);
  • Personal data is any data related to an identified or identifiable natural person, directly or indirectly, particularly based on an identity marker such as name and identification number, location data, identifier in electronic communication networks, or one or more characteristics of their physical, physiological, genetic, mental, economic, cultural, or social identity;
  • Data subject is a natural person whose personal data is being processed;
  • Special categories of personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, sexual life, or sexual orientation of a natural person;
  • Processing of personal data is any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction (hereinafter: processing);
  • Controller is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing. The law specifying the purposes and means of processing may also designate the controller or set out the criteria for its nomination;
  • Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
  • Profiling is any form of automated processing used to evaluate certain personal aspects, especially to analyze or predict aspects concerning a natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
  • Pseudonymization is the processing in such a manner that personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person;
  • Anonymization means processing personal data in a way that irreversibly prevents identification of the data subject. Data can be considered anonymized when it does not allow identification of individuals to whom it relates and when an individual cannot be identified from the data by any further processing of those same data or by processing those same data together with other data that are available or likely to become available;
  • Public authority is a state body, body of territorial autonomy and local self-government, public enterprise, institution and other public service, organization, and other legal or natural person performing public authority;
  • Competent authorities are government bodies responsible for the prevention, investigation, and detection of criminal offenses, as well as prosecution of offenders or execution of criminal sanctions, including protection and prevention of threats to public and national security;
  • Consent of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, consent to the processing of personal data relating to them;
  • Personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed;
  • Biometric data is personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that person, such as facial images or dactyloscopic data;

2. YOUR INFORMATION

2.1. How we collect it: (a) We collect your Information when you:

  • Contact us;
  • Visit our websites or applications;
  • Register to participate in the Event;
  • Apply for a stand;
  • Attend the Event;
  • Download content from our website;
  • Register for a newsletter;
  • Subscribe to a publication;
  • Subscribe to an “on-demand” service. (b) We automatically collect your Information (for example, as specified in section 2.2(f) (“What we collect”)) when you use our websites and/or applications, including through the use of cookies. Please refer to our Cookie Policy for more details. (c) We may collect your Information from publicly available sources and selected third parties such as analytical, technical, and aggregator service providers, in accordance with this Policy.

2.2. What we collect: (a) Contact details, such as your name, email address, postal address, social media username, and phone number; (b) Your job title and organization; (c) Account login credentials; (d) Other event registration and profile information, such as educational, business, and professional data, attendance requirements for B2C events, panels, discussions; (e) Payment information; (f) Comments, feedback, and other information you provide to us, including when you contact our customer support team; (g) Interests and communication preferences; (h) Information about how you and your device(s) interact with our service(s), including technical identifiers, usage data, and location analytics.

2.3. How we use it:

Depending on the Service you use, your relationship with us, and how you interact with us, we use your Information as specified below, which also sets out the legal basis for using your Information. When we use your Information for a legitimate interest, we balance this interest against your privacy rights to ensure it does not override or significantly impact your privacy rights. Services requested by you may involve the processing of personal data; therefore, our legal basis is the execution of a service contract. This includes the following:

  • Managing your access to and use of Services;
  • For our legitimate interest in monitoring your use of and improving Services;
  • For implementing and complying with our legal obligations;
  • Providing technical and customer support as well as private security services;
  • For complying with our legal obligations;
  • Providing notifications, current information, and other news related to the event organization;
  • Delivering targeted ads, promotional campaigns, notifications, and other information related to the services we provide to our exhibitors, sponsors, and media partners as highlighted in section 2.4 (Direct Marketing); for the legitimate

GDPR Compliance

interests of us and certain third parties in providing additional or new services to you;

  • Inviting you to participate in exhibitor or our organized surveys, competitions, and promotions;
  • Identifying usage trends and developing data analysis, including for research, auditing, reporting, and other business purposes;
  • Disclosing data to selected third parties in accordance with this Policy;
  • In certain circumstances, we may use your data in accordance with your consent, which will be transparently presented to you with an option for agreement;
  • Sending notifications and other communications related to the event we organize and our accompanying services (for example, for billing) and for the execution of other contractual obligations;
  • For our legitimate interest in resolving disputes and enforcing our agreements.

2.4. Direct Marketing

We will contact you with direct marketing communications (“Direct Marketing”) only when we are legally permitted to do so, or have a legal basis because you have contacted us requesting information or used our Services unless you have opted out of receiving Direct Marketing. At any time, you can opt out of our Newsletter by using the “unsubscribe” link. Specifically, you can choose to no longer receive marketing emails from us by contacting us or clicking unsubscribe from a marketing email. Please be aware that it may take a few days for us to update our records to reflect your request. If you ask us to remove you from our marketing list, we will retain a record of your name and email address to ensure we do not send you marketing information in the future.

3. Third Parties

3.1. Service Providers We use a variety of third-party service providers to enable the operation of our business. They process your Information on our behalf where necessary in relation to:

  • Facilitating services you have requested from us;
  • Data storage and web hosting;
  • IT security;
  • Workplace productivity and email;
  • Customer relationship management;
  • Marketing automation, solutions, and analytics;
  • Communication services;
  • Project management and event planning systems;
  • Event sponsorship for the purpose of enhancing visitor and exhibitor experience;
  • Event experience services, including analytics;
  • Website and application development and hosting;
  • Billing for ordered services, online payments, and debt control;
  • Professional individuals with whom we have contracts (e.g., provided by accounting, tax auditors, financial advisors, lawyers, and other similar executors).

3.2. Other Third Parties

We may share your information for our legitimate interests with: (a) Our working groups participating in the event organization: our affiliated legal entities to better develop, modify, enhance our services and/or communications for the benefit of our clients, exhibitors, and visitors. (b) Buyers or sellers of a business or asset: in the context of a sale, merger, or acquisition, to facilitate such a transaction and/or enable your interaction with the Event despite any change in ownership. (c) Business partners: we collaborate with our strategic partners to provide goods and services that complement and enhance our event. Information is shared with them only when (i) you have requested services from us that they provide, or (ii) you have expressly consented. (d) Google Inc.: as part of the Google Analytics service, information is shared with Google on an aggregated and anonymized level. For more information, please visit Google’s privacy policy partners page here: https://policies.google.com/privacy/partners?hl=en-GB&gl=uk. (e) Event participants, exhibitors, partners, and/or other attendees where you have specifically requested a networking service from us in relation to the Event, including sharing your Information with these third parties. (f) Event sponsors when you register for, or attend a session or another part of our Event(s) sponsored by them. (g) Event exhibitors when you visit the exhibitor’s stand and allow your visitor badge to be scanned at their stand. (h) Event service providers, such as suppliers of the following services: show guide production, creative design for stand graphics, furniture rental, and accommodation.

3.3. Third-Party Websites

If you decide to visit a third-party website in relation to our services, please be aware that your Information will be used in accordance with the privacy policy of that third party as published on their website, over which we have no control.

4. Data Retention

We retain your Information no longer than necessary in relation to the purpose(s) for which it was collected. Our data retention procedures consider the extent to which retaining your information is necessary to provide you with and enhance our service and products, manage our transparent communication with You, fulfill our legal, contractual, legal, accounting, and audit obligations. After we anonymize your Information, we may continue to use it indefinitely while implementing all organizational-technical measures that are the best practice in GDPR regulation implementation.

How long we keep your data

We only keep your personal data for as long as necessary to fulfill the purpose for which it was collected. This includes keeping it for legal, accounting, or reporting needs.

  • Inquiry data is deleted after the inquiry is processed.
  • Contractual data is kept for 5 years after the end of the contractual relationship for tax and legal purposes.
  • Business development data is kept for two years after the development activity but may be kept longer in an anonymized format to provide historical insight into the business
  • Direct marketing data is kept until you unsubscribe from our marketing lists
  • If you have not unsubscribed from our marketing lists and do not participate in any of our content, we reserve the right to remove you from our marketing lists after 3 years.
  • At this point, your personal data will be anonymized within our database, and you will only be contacted again if you re-subscribe to our marketing list and/or register for any of our live or online events
  • Recruitment data is kept for one year for unsuccessful candidates
  • In some circumstances, you may ask us to delete your data: see below section 7. Your Rights.

5. Transferring Your Information Outside of the Republic of Serbia

The information you provide to us may be transferred outside of the Republic of Serbia, for example, if our servers or our service providers are occasionally located in other countries. If we transfer your information outside of the Republic of Serbia, it will be exclusively to countries of the European Union and will always take appropriate security and other measures aiming to protect your privacy rights as described in this Policy and as required by the Personal Data Protection Law and GDPR regulation.

6. Data Security

We implement appropriate technical and organizational security measures to protect your Information, including risks from accidental loss, unauthorized use, or disclosure.

These security measures include: (a) Limiting access to your Information to those who have a genuine business need to access it, who do so in an authorized manner and are subject to a duty of confidentiality. (b) Maintaining the integrity and availability of our technical and IT systems; (c) Ensuring adequate data and disaster recovery processes; and (d) Monitoring the effectiveness of our security measures. We have procedures in place to deal with any suspected data security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

7. Your Rights

When we process your personal data, you have the right to:

  • Access and obtain a copy of your data on request;
  • Require us to correct inaccurate or incomplete data;
  • Require us to delete or stop processing your data, for example, when

GDPR Compliance

the data is no longer necessary for the purposes of processing;

  • Request that we restrict the processing of your personal data;
  • Request the transfer of your personal data to another party;
  • Object to the processing of your data where we rely on our legitimate interests as the legal ground for processing;
  • Withdraw your consent.

You can help us keep your personal data accurate and up to date by informing us of any changes to your personal information.

If you wish to exercise any of these rights or to inquire about the status of your personal data, please contact us at [email protected]. You are not required to pay any fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your access request is excessive, unfounded, or if you request additional copies. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to verify your identity before we can grant your right to access the information (or to exercise any of your other rights). This is to ensure that personal information is not disclosed to any person who has no right to receive it.

In addition to your ability to prevent Direct Marketing in accordance with section 2.4 (“Direct Marketing”), you can exercise your rights by writing to us at the email: [email protected].

For more details on how to object to our use of information collected from cookies and similar technologies, please refer to our Cookie Policy.

8. Sensitive Information

We do not knowingly or on any basis collect sensitive information and ask that you do not send us such types of data. If you inadvertently or intentionally send sensitive information to us, we will consider that you have explicitly consented to its processing for the purpose of its immediate deletion. In this Section 8, “Sensitive Information” refers to information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying an individual, information concerning health, or information concerning a natural person’s sex life or sexual orientation.

9. Minors

We do not knowingly contact or collect Information from individuals under the age of 18 (“minors”) and minors will not be allowed entry to the event. If we learn that a minor has provided us with certain Information, we will take steps to promptly delete such information.

10. Complaints and Questions

If you wish to make a complaint or have a question about how we use your Information, please contact us at [email protected], and we will strive to assist you as soon as possible. If you have complaints about the way your personal data is processed, you may also contact the office of the Commissioner for Information of Public Importance and Personal Data Protection at the following contacts: Bulevar kralja Aleksandra 15, Belgrade 11120 Tel: +38111 3408 900, Fax: +38111 3343 379 Email: [email protected]

11. Changes to this Policy

We will update this Policy as necessary and publish a revised version on our website. We encourage you to periodically review our website and this Policy to be informed about how we use your personal data.

This Policy was last updated on March 22, 2024.