Last Revised: July 20, 2025
This Privacy Policy explains how Association “Digital Fabrication Laboratory” (operating as FabLab.ba, “we,” “us,” or “our”) collects, uses, stores, and protects your personal data when you visit our website at www.FabLab.ba (the “Platform”), sign up for our newsletter, or register for trainings, events, or other activities via our forms. We are committed to protecting your privacy and handling your personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.
Important Note: This policy reflects that FabLab.ba does not currently offer a user account system. Your data is primarily collected when you voluntarily provide it through forms (e.g., newsletter sign-ups, event registrations) or automatically through your website visit (e.g., cookies for analytics).
1. Who We Are (Data Controller)
The data controller responsible for your personal data under this Privacy Policy is:
Association “Digital Fabrication Laboratory”
Legal Short Name: Association FabLab
Address: Braće Begić 42, 71000 Sarajevo, Bosnia and Herzegovina
Email: info@fablab.ba
2. What Personal Data We Collect and When
“Personal data,” as defined by GDPR, means any information relating to an identified or identifiable natural person. We collect the following types of personal data:
Information you provide to us directly (via forms):
Newsletter Sign-ups: Primarily your email address, and sometimes your name (if requested on the form).
Training/Event Registrations: Your name, email address, and any other details specifically requested on the registration form (e.g., affiliation, dietary requirements, phone number) necessary for organizing and conducting the training/event.
General Inquiries/Contact Forms: Your name, email address, and the content of your message.
Data collected automatically (via cookies and similar technologies):
Usage Data: Information about your interaction with our website (e.g., pages visited, time spent, features used, links clicked).
Technical Data: Your IP address, browser type and version, operating system, device information, and referral URLs.
We collect information from you when you voluntarily submit it through forms on our site and automatically as you visit and interact with our Platform.
3. How We Use Your Personal Data and Our Legal Basis for Processing
We process your personal data only when we have a valid legal basis to do so under GDPR. Here’s how we use your information and the legal bases for each purpose:
To send you newsletters and marketing communications:
Purpose: To inform you about FabLab.ba news, events, and relevant updates.
Personal Data Used: Email address, name (if provided).
Legal Basis: Consent (GDPR Article 6(1)(a)) – obtained when you explicitly sign up for our newsletter. You can withdraw your consent at any time via the unsubscribe link in the newsletter or by contacting us.
To manage your registration for trainings, events, or other activities:
Purpose: To process your registration, facilitate your participation in the activity, send you relevant information about the activity (e.g., reminders, materials), and manage logistics.
Personal Data Used: Name, email address, and any other details provided on the specific registration form (e.g., affiliation, dietary requirements, phone number).
Legal Basis: Performance of a contract (GDPR Article 6(1)(b)) – necessary to fulfill our obligations related to your registration and participation in the specific training/event. For any optional data collected (e.g., non-essential preferences), the legal basis may be consent (GDPR Article 6(1)(a)).
To respond to your inquiries and provide customer support:
Purpose: To communicate with you and address your questions, requests, or issues submitted via contact forms or direct email.
Personal Data Used: Name, email address, content of correspondence.
Legal Basis: Legitimate interests (GDPR Article 6(1)(f)) – our legitimate interest in providing effective customer service and communicating with individuals who contact us.
To personalize your experience and improve our Platform:
Purpose: To analyze website traffic, understand user preferences (based on general Browse patterns, not individual identification), and enhance website functionality and user experience.
Personal Data Used: Usage Data, Technical Data, preferences (derived from aggregate site activity).
Legal Basis: Legitimate interests (GDPR Article 6(1)(f)) – our legitimate interest in understanding how our Platform is used to improve our services and offer a better user experience. For certain analytics cookies, your consent (GDPR Article 6(1)(a)) may also be required (see Section 5 on Cookies).
To comply with legal obligations:
Purpose: To meet legal, regulatory, or judicial requirements.
Personal Data Used: Any data required by law.
Legal Basis: Legal obligation (GDPR Article 6(1)(c)).
To protect our legal interests:
Purpose: To enforce our Terms of Use, protect our rights, privacy, safety, or property, and prevent fraud.
Personal Data Used: Relevant data collected.
Legal Basis: Legitimate interests (GDPR Article 6(1)(f)) – our legitimate interest in protecting our business and users.
4. How We Protect Your Personal Data
We are committed to maintaining the security of your personal data. We implement a variety of technical and organizational measures designed to protect your information from unauthorized access, alteration, disclosure, or destruction. These measures include:
Regular Security Scans: Our website is regularly scanned for security holes and known vulnerabilities.
Malware Scanning: We use regular Malware Scanning to protect against malicious software.
Secured Networks: Your personal information is contained behind secured networks.
Limited Access: Access to personal information is restricted to a limited number of persons who have special access rights to such systems and are required to keep the information confidential.
Encryption: All sensitive information you supply is encrypted via Secure Socket Layer (SSL) technology during transmission.
Physical Security: All data is stored on dedicated servers located and locked within physically secured areas. No data is saved in the cloud.
5. Do We Use ‘Cookies’ and Similar Technologies?
Yes, we use cookies and similar tracking technologies to enhance your experience and understand how our Platform is used. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser (if you allow) that enable the site’s or service provider’s systems to recognize your browser and capture and remember certain information.
We use cookies for the following purposes:
To understand and save user’s preferences for future visits.
To compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future.
For advertising purposes (e.g., Google AdSense).
We use Google AdSense Advertising on our website. Google, as a third-party vendor, uses cookies (like the DART cookie) to serve ads based on your visits to our site and other sites on the Internet. We, along with third-party vendors such as Google, also use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to collect statistics to improve our service and customer experience.
Your Choices Regarding Cookies: You have the option to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. You can also choose to have your computer warn you each time a cookie is being sent. If you turn cookies off, some of the features that make your site experience more efficient may not function properly.
For specific control over Google’s advertising, you may opt-out of the use of the DART cookie by visiting the Google Ad and Content Network privacy policy. Users can set preferences for how Google advertises to you using the Google Ad Settings page. Alternatively, you can opt out by visiting the Network Advertising Initiative Opt Out page or by using the Google Analytics Opt Out Browser add-on.
For non-essential cookies (e.g., analytics, advertising), we will seek your explicit consent through a clear consent mechanism (e.g., a cookie banner) before placing these cookies on your device.
6. Third-Party Disclosure and Links
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information.
We do not include or offer third-party products or services on our website in a direct manner that would involve transferring your PII to them for their independent use, except as explicitly disclosed (e.g., Google AdSense/Analytics, where data processing is governed by their terms and our agreements with them).
7. International Data Transfers
As Association “Digital Fabrication Laboratory” is based in Bosnia and Herzegovina, your personal data will primarily be processed and stored within Bosnia and Herzegovina.
If your personal data is transferred to a country outside the European Union (EU) or European Economic Area (EEA) that has not been deemed to provide an adequate level of data protection by the European Commission, we ensure that appropriate safeguards are in place to provide a similar level of protection. This typically involves:
Implementing Standard Contractual Clauses (SCCs) approved by the European Commission.
Relying on Binding Corporate Rules (BCRs), if applicable.
Relying on explicit consent of the data subject for the proposed transfer, after they have been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards.
By using our Platform or providing your data, you acknowledge and agree to such transfers as described in this Privacy Policy, where applicable safeguards are in place.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The criteria used to determine our retention periods include:
The length of time we have an ongoing relationship with you (e.g., for as long as you are subscribed to our newsletter, or until an event/training you registered for has concluded and related administrative tasks are complete).
Whether there is a legal obligation to which we are subject (e.g., certain laws may require us to keep records for a specific period).
Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Upon expiration of the retention period, your personal data will be securely deleted or anonymized.
9. Your Data Protection Rights (GDPR Rights)
Under the GDPR, you have the following rights regarding your personal data:
The Right to Be Informed: You have the right to be informed about the collection and use of your personal data. This Privacy Policy serves to fulfill this right.
The Right to Access: You have the right to request copies of your personal data we hold about you.
The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
The Right to Erasure (“Right to be Forgotten”): You have the right to request that we erase your personal data under certain conditions (e.g., if the data is no longer necessary for the purposes for which it was collected, or if you withdraw consent).
The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions (e.g., if you contest the accuracy of the data).
The Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The Right to Object: You have the right to object to our processing of your personal data under certain conditions, particularly where the processing is based on legitimate interests or for direct marketing purposes.
Rights in relation to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain conditions are met. We do not currently engage in such automated decision-making.
To exercise any of these rights, please contact us at info@fablab.ba. We will respond to your request without undue delay and in any event within one month of receipt of the request. We may need to verify your identity before fulfilling your request.
10. Children’s Privacy
Our Platform is not directed at, nor intended for use by, children under the age of 16. We do not knowingly collect personal data from children under 16. If you are under 16, please do not provide any personal data on our Platform. If we learn that we have inadvertently collected personal data from a child under 16 without verifiable parental consent, we will take immediate steps to delete that information from our servers.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the “Last Revised” date at the top. We encourage you to review this Privacy Policy periodically for any changes.
12. Contacting Us
If you have any questions or concerns regarding this Privacy Policy or our data protection practices, or if you wish to exercise your data protection rights, please contact us:
Association “Digital Fabrication Laboratory”
FabLab.ba
Address: Braće Begić 42, 71000 Sarajevo, Bosnia and Herzegovina
Email: info@fablab.ba
Right to Lodge a Complaint: You also have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.