Privacy Policy

Effective Date: June 11, 2025

Your privacy is important to us. This Privacy Policy explains how Wine Vision by Open Balkan (“we” or “us”) collects, uses, and protects your personal data when you use our website (currently accessible at winevisionfair.com and formerly at fair.openbalkan.com), our mobile application (if any), and any related services (collectively, the “Services”). It also outlines your rights under the EU General Data Protection Regulation (GDPR) and Serbia’s Law on Personal Data Protection (which is largely harmonized with the GDPRdlapiperdataprotection.com), as well as relevant e-commerce and marketing laws. Please read this policy carefully to understand our practices regarding your information.

By accessing or using our Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please refrain from using the Services. We may provide translations of this policy in other languages for convenience, but the official language of our Privacy Policy is English (the language of our Site).

1. Data Controller and Contact

For the purpose of data protection laws, the Data Controller of your personal data is the organizing entity behind Wine Vision by Open Balkan. (In practice, this is the Belgrade Fair management for the Wine Vision event, located at Bulevar Vojvode Mišića 14, Belgrade, Serbia.) If you have any questions or wish to exercise your rights, you may contact us at:

  • Address: Bulevar Vojvode Mišića 14, 11030 Belgrade, Serbia
  • Email: [email protected]
  • Phone: +381 11 26 55 239 or +381 11 26 55 113

We are committed to handling your information responsibly and in compliance with applicable laws, including the GDPR and Serbian data protection lawdlapiperdataprotection.com. If we appoint a Data Protection Officer (DPO) or specific privacy contact, we will update this section with their contact details.

2. Information We Collect

We collect several types of information from and about users of our Services. This includes information that you provide directly, information collected automatically, and information we obtain from third parties. The types of personal data we collect include:

  • Personal Identification Information: Such as your full name, title, date of birth (where necessary, for example if verifying age for certain activities). We may collect this when you register as an exhibitor, buyer, or visitor on our Site or appfair.openbalkan.com.
  • Contact Details: Including your email address, telephone number (mobile or landline), and postal address. For example, when you fill out our contact form or registration forms, we ask for your email and phone number so we can correspond with youfair.openbalkan.com.
  • Professional and Company Information: If you are registering as an exhibitor or professional, we will collect your company or organization name, company address, your job title/position, and information about your business (such as the industry, brands, or products you represent). We may also ask for your professional experience or qualifications if relevant to certain applications (e.g., if applying as a wine expert or competition jury).
  • Financial and Billing Information: When you make a purchase (for example, booking a stand or advertising space), we (or our payment processor) collect information such as billing name and address, VAT number (if you are a business in applicable jurisdictions), and payment details. Payment card information (credit/debit card number, expiration date, CVV) is collected directly by our secure payment gateway (Raiffeisen Bank) and is not stored on our servers. If you pay via bank transfer, we may collect your bank account details (IBAN, SWIFT, account name) to match your payment. We also maintain records of transactions (amount paid, date, services ordered) for accounting and audit purposes.
  • Identification Numbers: In certain cases (especially for exhibitors or vendors), we might collect official identification numbers such as your company registration number, tax ID, or personal identification number if required for contract or invoicing purposes (e.g., for Serbian participants we might request a JMBG or PIB, and for EU participants a VAT ID). This is to comply with legal and tax requirements in handling the event transactions.
  • Uploaded Files and Content: Our forms may allow or require you to upload files. For example, exhibitors might upload their company logo, product photos, or brochures, and competition entrants might upload submissions. These files could contain personal data (e.g., an exhibitor list might include a representative’s name or an ID scan). We only use these uploads for the purposes for which you provide them (e.g., to feature your brand in event materials or to evaluate your competition entry).
  • Social Media and Web Presence: Some registration forms ask for your social media profiles or website URL (for instance, LinkedIn profile, Facebook page, Instagram handle, etc.). Providing these is optional. If you share these, we will use them to better understand your profile (e.g., for vetting Pro Buyer applications) or to connect with or promote your participation on social media.
  • Communications: Records of correspondence between you and us. If you contact us by email, through the Site’s contact form, or via phone, we may keep a record of that communication and any personal information you provide during it (such as your questions or feedback).
  • Event Preference Information: We may ask questions related to your preferences for the event, such as which seminars you’re interested in, dietary preferences (if we were to organize a dinner), or accessibility requirements. This helps us tailor the event experience for you. Providing such preference information is usually optional.
  • Automatically Collected Data (Usage Data): When you visit our Site or use the app, we automatically collect technical information about your device and usage of our Services:
    • Device and Browser Information: We collect data like your IP address, device type (e.g., desktop or mobile), browser type and version, operating system, and platform.
    • Usage Details: We log how you interact with our Site, such as the pages you viewed, the time and date of your visit, the time spent on those pages, click-stream data, and referring/exit pages. This data is collected via cookies and similar tracking technologies (see the Cookies Policy section below). It helps us analyze trends and improve our website’s design and functionalityfair.openbalkan.com.
    • App Data: If our mobile application is used, it might collect device identifiers and usage statistics specific to app performance (such as app crashes, features used, etc.). Any mobile app would adhere to this same policy regarding data collection.
  • Location Data: We may derive approximate location from your IP address or from information you provide (like your country of residence on a form). This is typically at country or city level and is used to understand our user demographics (e.g., how many users visit from various regions). For exhibitors and buyers, knowing your country helps us facilitate international participation (like visa letters if needed or grouping delegations by region). We do not typically collect precise GPS location unless you use an app feature that requires it (and even then, we would ask permission).

We do not systematically collect any sensitive personal data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or data concerning sexual orientation) unless you choose to provide such information for a specific purpose. We ask that you do not send us sensitive data unless absolutely necessary (for example, if you have a disability and share health information for accommodation purposes, we will handle it with special care and only use it for that purpose).

Children’s Data: Our Services are not primarily directed to children under 16. However, we do allow minors (under 18) to register for certain aspects of the event (like as visitors) with appropriate consent. If you are under the age of 15 (in Serbia) or under the minimum digital consent age in your country, you should not provide personal data without verifiable parental consentgchrj.net. We do not knowingly collect personal data from children under 15 without such consent. If we become aware that we have inadvertently collected personal information from a child without proper consent, we will delete it or seek parental permission to retain it.

3. How We Use Your Information

We use personal data for various purposes necessary to run our event, provide our Services to you, and fulfill legal obligations. The primary purposes for which we process your information include:

  • Providing and Managing the Event Services: We use data like your contact and identification details to process your registrations and applications. For example, if you apply to become an exhibitor, we use your provided information to evaluate and register your company for the fair, allocate booth space, issue invoices, etc. If you register as a professional buyer or visitor, we use your information to issue entry passes or tickets (if applicable) and to plan accommodations like B2B matchmaking sessions.
  • Communication: We use your email and phone number to communicate with you about your participation and our Services. This includes sending confirmations, invoices, and important announcements (e.g., event updates, schedules, logistics). We may also respond to your inquiries or support requests using these contact details.
  • Marketing and Updates: With your permission or as otherwise permitted by law, we will use your contact details (primarily email) to send you newsletters, promotional communications, and marketing messages about Wine Vision by Open Balkan and related events. For example, after you register or attend, we might email you about next year’s fair or related wine & food events in the region. Note: We operate a policy of auto-enrolling event participants into our mailing list, under the principle of legitimate interest in keeping you informed of similar events. However, you always have the right to opt out of these emails easily (see Section 7, “Your Rights,” below). Each marketing email will contain an “unsubscribe” link for your convenience.
  • Processing Payments: We use financial and personal information to process transactions for purchases of event-related services. For instance, we share necessary details with Raiffeisen Bank’s payment gateway to complete credit card charges, and we use your billing information to generate receipts or invoices. We might also confirm payment status and send payment reminders if needed.
  • Facilitating Networking and B2B Activities: One purpose of our event is to connect exhibitors, buyers, and visitors. If you opt into our B2B matchmaking or networking services, we might use your profile information (such as name, company, country, and interests) to introduce you to other participants or display on attendee lists. We will do this in a controlled manner (e.g., via a secure app or platform), and you will be informed and have the choice to participate.
  • Event Operations and Improvements: We analyze usage data and feedback to improve our website, app, and event planning. For example, usage data (page views, clicks) helps us understand which information pages are most popular or if users are encountering navigation problems, so we can enhance the user experience. We may also use aggregated data to measure the success of our marketing campaigns (e.g., how many people visited after a social media announcement) and improve our outreach.
  • Personalization: To the extent allowed, we might use cookies and data to personalize content for you. For example, remembering if you started filling a form so we can remind you to complete it, or showing relevant event content based on your role (exhibitor vs. visitor). This is generally done via functional cookies or similar technology (see our Cookies Policy).
  • Security and Fraud Prevention: We process certain data to maintain the security of our Site and Services, and to prevent fraud or abuse. For instance, we may use IP address and other automatically collected data to detect unusual activity (such as repeated failed login attempts or potential bot activity). We also might use personal data to verify identities (for example, verifying exhibitor identities to prevent impersonation or ensure only legitimate businesses exhibit).
  • Legal Compliance: We use and retain personal data as needed to comply with our legal obligations. This includes maintaining records for tax and accounting purposes (e.g., keeping invoicing records as required by law), and responding to lawful requests by public authorities (e.g., for security or regulatory compliance). If required, we might process personal data to comply with consumer protection laws, data protection regulations, or to satisfy legal reporting obligations (for example, attendance numbers to government bodies under the Open Balkan initiative).
  • Enforcement of Terms and Policies: We may process data (such as investigating logs or user communications) to enforce our Terms of Use and other policies, to ensure all participants adhere to event rules, and to protect our legal rights. For example, if there is a dispute or a breach of contract, we will use relevant personal information as evidence and for resolving the issue.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for a related purpose that is compatible with the original purpose. If we need to use your personal data for an unrelated new purpose, we will notify you and explain the legal basis that allows us to do so, or request your consent if required.

4. Legal Bases for Processing (EU/UK users)

For individuals in the European Union, United Kingdom, or jurisdictions with similar laws, we must inform you of the lawful bases on which we process your personal data under the GDPR (or equivalent legislation). We ensure that at least one of the following legal grounds applies to each use of your information:

  • Contractual Necessity: Many of our data uses are to fulfill our contract with you or to take steps at your request prior to entering into a contract. For example, when you register as an exhibitor or buy a service, we must process your personal data to provide that service (e.g., setting up your exhibitor profile, processing payment, granting access to the event). Without this data, we cannot perform the contract with you.
  • Consent: We rely on your consent for certain processing activities. Notably, we will ask for your consent for sending marketing emails if required (for instance, if you sign up for updates via our website without yet being a participant, we will only add you to marketing communications if you opt-in). We also obtain consent via our cookie consent banner for using analytics and similar cookies (except strictly necessary cookies). If we ever process sensitive personal data (e.g., health info for accessibility at the event), we will do so based on your explicit consent. You have the right to withdraw consent at any time (e.g., unsubscribe from marketing emails or disable non-essential cookies) – withdrawal of consent will not affect the lawfulness of processing before the withdrawal.
  • Legitimate Interests: We process certain data as necessary for our legitimate interests, provided those are not overridden by your data protection rights. Our legitimate interests include: improving and ensuring the security of our Services; promoting our events to previous participants; facilitating networking among participants; and running a successful international fair that benefits the industry. For example, using exhibitors’ contact info to inform them of future fairs is in our legitimate interest to maintain engagement, and we believe it aligns with their interest as well. When we rely on this basis, we consider any potential impact on you (positive and negative) and your rights, and we will not use data for activities where our interests are outweighed by the potential impact on you (you always have the right to object to processing based on legitimate interests – see Section 7).
  • Legal Obligation: In some cases, we need to process personal data to comply with a legal obligation. For example, retaining transaction records for the legally required period (e.g., for tax audits or financial reporting) is a legal obligation. Also, if authorities require certain participant information for safety or regulatory reasons (like lists of foreign exhibitors for visa support letters or customs clearance of exhibition goods), we process data to comply with those requirements.
  • Vital Interests: This is likely not applicable in the normal course of our business, but if ever there is an emergency at the event and processing personal data could protect someone’s life or health (vital interests), we would do so.
  • Public Interest: If any processing is necessary for a task carried out in the public interest, we would rely on that legal basis. (For instance, since the event is under the patronage of multiple governments as part of the Open Balkan initiative, there may be public interest elements; however, any personal data processing we do is primarily covered by the bases above, rather than needing to rely on public interest.)

If you have questions about the specific legal basis for any particular processing of your personal data, please contact us (see Contact section).

5. Disclosure of Your Information (Data Sharing)

We treat your personal information with care and confidentiality. We do not sell your personal data to third parties. However, in the course of running our event and services, we do share personal data with certain categories of recipients as necessary. These include:

  • Service Providers (Processors): We employ trusted third-party companies and individuals to facilitate our Services (“processors”). These third parties perform tasks on our behalf and under our instructions, and they are contractually obligated to keep your information secure and use it only for the purposes we specify. Key service providers include:
    • Payment Processors: As mentioned, Raiffeisen Bank processes online payments for us. When you enter payment details, that information goes directly to Raiffeisen (or a similar secure payment gateway) which processes your payment and informs us of success or failure. They may receive personal identifiers and payment info necessary for the transaction.
    • Email Marketing and Communication Tools: We may use an email service (such as MailChimp, SendGrid, or similar) to send out bulk emails or newsletters. In doing so, your name and email address are stored with that provider for the purpose of sending emails. These providers typically have data centers in the EU or compliant frameworks for international transfer.
    • Event Management Platforms: We might use platforms or software for event registration, badging, or scheduling (for example, an online ticketing system or B2B matchmaking platform). If we use such a platform, your relevant data (like your registration details) might be hosted on their servers. We will choose providers with appropriate security standards and data protection compliance.
    • Analytics Providers: We use Google Analytics (a web analytics service provided by Google) to understand how our Site is usedfair.openbalkan.com. Google Analytics sets cookies and collects usage data (as described in Section 2: IP address, device info, site usage). Google may process this data on servers globally (including in the United States). We have configured Google Analytics to anonymize IP addresses where possible, and we treat the data in aggregate. Google acts as a processor for us, meaning it cannot use the data except to provide us these analytics. (See our Cookies Policy and Google’s privacy policy for more info.)
    • IT and Hosting Services: Our website may be hosted on third-party servers (possibly a cloud provider or a hosting company). These companies inevitably process the data that passes through our site (including potentially your personal data in server logs, database storage, backups, etc.). We ensure any hosting provider we use has appropriate security measures in place.
  • Event Partners and Co-Organizers: Wine Vision by Open Balkan is supported by multiple government entities and partners as part of the Open Balkan initiative. In some cases, we may share minimal necessary information with official partners or co-organizers. For example, if the governments of Serbia, North Macedonia, or Albania (patrons of the event) request aggregated statistics or lists of participating companies for protocol reasons, we may provide that. If we partner with another organization for a specific program (e.g., a “Food Vision” event running concurrently), and you sign up for it, we will share your details with that organizer to ensure you can participate in their program too. All such partners are also subject to data protection obligations.
  • Exhibitors / Attendees (for networking purposes): We do not publish personal contact details publicly without consent. However, if you are an exhibitor, certain information (like your company name, city, and possibly your representative’s name/title) will be listed on the exhibitor list that is publicly available to visitors. Similarly, if you are a speaker or panelist, we may publish your name and bio with your consent. For B2B matchmaking, participants opting in may see limited profile information about each other to facilitate meeting scheduling. We will always inform you and obtain appropriate consent if your personal data will be visible to other participants.
  • Legal and Compliance: We may disclose personal information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, law enforcement inquiry). This includes situations where disclosure is necessary to meet national security or law enforcement requirements, or to protect our rights, your safety, or the safety of others. For example, to comply with e-commerce regulations, we include our business contact information in the Terms and on the website. If consumer protection authorities request records of transactions or user consents, we may provide those as required by law.
  • Business Transfers: If Wine Vision by Open Balkan (or the organizing entity such as Belgrade Fair) undergoes a business transaction such as a merger, acquisition, reorganization, or asset sale, your personal data may be transferred to the successor or new organizing entity. We would ensure the new owner has to respect the terms of this Privacy Policy or provide notice and obtain consent if required. (This is mentioned for completeness; as a government-backed fair, a typical “sale” is unlikely, but the organizational responsibility could shift among ministries or agencies, etc.)
  • Protection of Rights: We may share data with our professional advisors (lawyers, accountants) if necessary to obtain advice or protect our legal rights, privacy, safety, or property, or those of our employees, you, or others. For instance, if there is a dispute with a participant or a contractual breach, we might share relevant data from our records with our attorneys for resolving the matter.

Importantly, we do not share or disclose your personal information to third parties for their own direct marketing purposes without your permission. We also do not engage in any selling or renting of participant lists.

6. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to provide and improve the Services, as explained here and in our Cookies Policy (see the separate Cookies Policy page for more detail). Cookies are small text files that are stored on your device to help websites function or gather information. When you visit our Site, we may use cookies to:

  • Ensure Site Functionality: Some cookies are essential for the site to operate (for example, to remember items in a shopping cart, or to allow you to log in to a secure area if applicable).
  • Improve User Experience: We use cookies to remember your preferences (like language selection, although currently our site is in English only) or other settings that improve your experience.
  • Analytics: We use analytics cookies (like Google Analytics cookies) to collect information about how visitors use our Site. These cookies collect information such as pages visited, time spent, traffic source, and user interactions. The data collected is aggregated and anonymized; it helps us understand user behavior and improve our content layout and performancefair.openbalkan.com. For example, analytics may tell us that a large number of users are interested in the “Program” page, indicating we should keep that information updated and easy to find.
  • Advertising (Minimal/None): Our Site currently does not host third-party ads, so we generally do not use advertising cookies. If this changes (for instance, if we showcase sponsored content or retarget visitors with ads on social media), we will update our Cookies Policy and obtain consent for any marketing cookies.
  • Social Media Widgets: If our pages integrate social media sharing buttons or feeds (like an embedded Instagram feed or a YouTube video), those platforms might set cookies. For example, YouTube might set cookies if we embed a video of last year’s fair highlights. We strive to use privacy-enhanced modes where possible, but some data (like your IP) could be shared with those third parties when you interact with such content.

Your Choices: On your first visit to our Site, you will see a cookie notice or banner requesting your consent for non-essential cookies (like analytics). You have the option to accept or reject such cookies. Even after accepting, you can always manage your cookie preferences:

  • Through our Site’s cookie settings (if provided in the banner or a “Cookie Settings” link) – allowing you to toggle categories of cookies on or off.
  • Via your web browser settings, you can delete or block cookies. Most browsers allow you to refuse new cookies, accept or reject cookies individually, or delete existing ones. Please note that if you block all cookies (especially including essential cookies), some features of our Site may not function properly.
  • To specifically opt-out of Google Analytics tracking, Google provides a browser add-on here: https://tools.google.com/dlpage/gaoptout. Using that will prevent Google Analytics from collecting data on that device/browser.

For more detailed information about the cookies we use and your choices, please review our full Cookies Policy document.

7. Your Rights and Choices

Under applicable data protection laws (including GDPR for EU users and Serbia’s Law on Personal Data Protection), you have certain rights regarding your personal data. We are committed to upholding these rights. These include:

  • Right to Access: You have the right to request confirmation as to whether we are processing personal data about you, and if so, to request a copy of the information we hold about youfair.openbalkan.com. We will provide you with a copy of your personal data in a commonly used electronic form, unless you request otherwise.
  • Right to Rectification: If any of your personal data that we have is inaccurate or incomplete, you have the right to request correction or completion. For example, you can ask us to update your contact details if they’ve changed. We encourage you to keep your information up-to-date and will honor legitimate correction requests.
  • Right to Erasure: Commonly known as the “right to be forgotten,” you may, in certain circumstances, request that we delete or remove your personal data. This applies, for instance, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent and there is no other legal ground for processing. Please note this right is not absolute – we may need to retain certain information where required by law or where we have overriding legitimate grounds (e.g., we cannot delete your transaction records without breaching financial laws). But we will inform you of any data we must keep if we cannot fulfill a deletion request in full.
  • Right to Restrict Processing: You have the right to ask us to suspend processing of your personal data in certain scenarios – for example, if you contest the accuracy of the data, or if you want us to preserve data while you establish, exercise or defend a legal claim. When processing is restricted, we will still store your data but won’t use it for other purposes until the issue is resolved (except for certain things like legal compliance or with your consent).
  • Right to Data Portability: To the extent applicable (generally for data processed by automated means on the basis of consent or contract), you have the right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller. For example, if you provided us a list of your team members as part of an application, you could request that we return that list to you in a spreadsheet, or send it to a new event organizer at your direction.
  • Right to Object: You have the right to object to our processing of your personal data when our legal basis is “legitimate interests,” especially regarding any direct marketing. If you object, we will cease processing the data for that purpose unless we have compelling legitimate grounds that override your rights or if processing is needed for legal claims. Importantly, you can always object to processing of your email for marketing – effectively, you can unsubscribe from our marketing communications at any time, and we will honor that choice.
  • Right not to be subject to automated decision-making: We do not carry out any decision-making based solely on automated means that produces legal or similarly significant effects on you (no profiling without human involvement, etc.). But you have the right to not be subjected to such decisions if we ever implement them, unless certain exceptions apply.
  • Right to Withdraw Consent: If we rely on consent for any part of processing (e.g., for sending newsletters, or for optional data you provided), you have the right to withdraw that consent at any time. For example, you can opt out of email marketing by clicking “unsubscribe” in any marketing email, or by contacting us. Withdrawing consent will not affect the lawfulness of processing we conducted prior to your withdrawal.
  • Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to file a complaint with a supervisory authority. In Serbia, you can contact the Commissioner for Information of Public Importance and Personal Data Protection. If you are in the EU, you may contact the data protection authority in your country of residence. We encourage you to contact us first, so we have the opportunity to address your concerns directly. We take privacy seriously and will work with you to resolve any issues.

To exercise any of these rights, please contact us at [email protected] with your specific request. We may need to verify your identity to ensure that we don’t disclose data to the wrong person (for example, by asking you to send the request from the email address associated with your data or by requesting additional verification). We will respond to legitimate requests as soon as possible, and at least within the timeframes required by law (usually within one month, extendable by another two months for complex requests – we will inform you if an extension is needed).

Please note that for certain requests (like access, deletion, etc.), there might be legal or contractual exemptions. If we cannot fulfill a portion of your request, we will explain the reasoning (unless we are legally prevented from doing so, in cases of investigations, etc.).

8. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption: Our website is secured via SSL/TLS encryption (HTTPS). This means data transmitted between your browser and our Site (such as form inputs) is encrypted in transit. Also, sensitive data (like passwords, if any, and payment transactions handled by Raiffeisen) are protected using industry-standard encryption.
  • Access Controls: Personal data we store is accessible only by authorized personnel who need access to perform their job duties (for example, the event management team and IT administrators). We restrict access through user accounts, strong passwords, and, where applicable, multi-factor authentication.
  • Secure Hosting: We use reputable hosting with firewalls and monitoring. Regular updates and security patches are applied to our website software and servers to guard against vulnerabilities.
  • Data Minimization: We limit the personal data we collect and store to what is necessary. For instance, as mentioned, we do not store credit card details on our servers after a transaction; those are handled by the payment processor. Any particularly sensitive documents you might provide (like passport copies for visa assistance) are handled offline or in secure environments and not kept longer than needed.
  • Training and Policies: Our staff and volunteers are trained on data protection principles and must adhere to confidentiality obligations regarding participants’ personal information. We have internal policies to handle data securely and respond properly in the event of a security incident.
  • Backups and Recovery: We maintain regular backups of critical data to ensure we can recover information in case of accidental deletion or technical issues. Backup data is stored securely (encrypted and with the same access restrictions).
  • Third-Party Due Diligence: Where we use third-party service providers to process data, we ensure through contracts that they also adopt appropriate security measures. For example, our email newsletter service and hosting provider are certified under internationally recognized security standards or frameworks.
  • Incident Response: Despite all efforts, no system can be 100% secure. We have a procedure to handle any suspected data breach. In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by law.

Important: While we strive to protect your data, you also play a role in security. Please use strong, unique passwords if you create an account on our platform and keep your login details confidential. Be cautious about phishing attempts – we will never ask for your password via email, and any payment should only be done through our official channels (we won’t ask you to send credit card details via email).

9. International Data Transfers

Wine Vision by Open Balkan is based in Serbia, and the data we collect is primarily stored and processed in Serbia. If you are accessing the Site from outside Serbia (for example, from within the European Union or elsewhere), please be aware that your data will be transferred to and stored in Serbia, and possibly in other countries if our service providers have servers elsewhere. Serbia is not a member of the EU, and at present it does not have an EU adequacy decision (meaning the European Commission has not formally declared Serbian data protection law as equivalent to EU standards). However, Serbia’s data protection law is closely aligned with GDPRdlapiperdataprotection.com and we apply the same high standards of privacy protection.

When we transfer personal data out of the EU/EEA (for example, if an EU user’s data is viewed by us in Serbia, or if we use a US-based cloud service), we take steps to ensure appropriate safeguards are in place. These may include:

  • Standard Contractual Clauses (SCCs): We may incorporate the European Commission’s approved standard data protection clauses into our contracts with service providers to ensure that they protect EU personal data in line with EU standards.
  • Explicit Consent: In certain cases, we may rely on your explicit consent for transfers. By registering for an international event and submitting your data, you acknowledge that the transfer of your data to Serbia (and any other country where it may be processed) is necessary for the performance of the contract (your event participation). We will seek to rely on contractual necessity or SCCs primarily, but in absence of those, your use of our Services may imply consent to such transfer.
  • Other Lawful Bases: Sometimes data transfer is needed for the performance of a contract with you (for instance, if you are an EU exhibitor, transferring your data to our Serbian servers is necessary to register you for the Serbian event). In other cases, transfers might be necessary for important reasons of public interest (given the governmental nature of Open Balkan) or for the establishment, exercise, or defense of legal claims. We ensure any transfer aligns with GDPR Art. 49 exceptions if no other safeguard is available.

Third-Party Services: Some of our third-party processors (like Google Analytics or MailChimp) might store data on servers in the United States or other countries. For those, we ensure they have measures like SCCs or are part of frameworks like the EU-US Data Privacy Framework (if applicable and up to date). We continually monitor legal developments around international data transfers (such as Schrems II decision implications) and will adjust our practices as needed.

By using our Services and providing us with your information, you understand that your data may be transferred to and processed in Serbia and other jurisdictions as described. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

10. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for satisfying any legal, accounting, or reporting requirements. In general:

  • Event Registration Data: If you register or participate in Wine Vision by Open Balkan, we will retain your core registration details for a reasonable period to manage this and future events. Typically, we keep exhibitors’ and buyers’ data for a few years so we can invite you to subsequent editions and maintain historical records of participation. If you do not participate again, we may delete or anonymize your contact data after [5 years] from last contact, unless you request deletion earlier. Visitors’ data (if any collected, e.g., ticket purchase records) might be kept for a shorter duration (e.g., [2 years]) since the need to retain it is less.
  • Financial and Transaction Records: We are required by Serbian law to keep financial records (including invoices, payment records, etc.) for a certain minimum period (usually 5 to 10 years depending on the document). Therefore, any personal data contained in such records (name on invoice, etc.) will be retained as part of those records for the legally required timeframe.
  • Communications: Emails or inquiries you send us may be retained until they are no longer needed for our operations. If a communication relates to a contract or a complaint, we may keep it as long as the contract is active and for a appropriate period thereafter. General inquiries might be deleted after resolving your question, or archived in backups.
  • Marketing Lists: If you have consented to marketing or we have a legitimate interest to send you updates, we will keep your contact information on our mailing list until you opt out or until we decide to purge inactive contacts. When you unsubscribe, we will remove you from the list promptly, though we may keep a record of the opt-out (email address and time) to ensure we respect that in the future.
  • Web Analytics Data: Data collected via Google Analytics and similar tools is typically retained for [14 months] (as per our Google Analytics settings) or a similar reasonable period, after which it is automatically deleted or aggregated.
  • Legal Hold: If we are in a legal dispute or under an investigation that requires us to keep data (e.g., a claim arising from the event), we will retain the relevant data until the issue is resolved, regardless of the normal retention schedule.
  • Anonymized Data: We may convert personal data into anonymous statistical or aggregated data (so you can no longer be identified) for research or analytical purposes. Once anonymized, such data is no longer personal data and we may retain it indefinitely for business analysis (e.g., total attendance numbers year over year).

After the retention period expires, or if you request deletion (and we have no overriding reason to keep the data), we will securely delete or anonymize your personal data. In case of physical documents, they will be shredded or incinerated. In case of electronic records, we will delete them from our active databases, and when feasible, from backups (it may not be immediately possible to purge from all backup archives, but such backups are protected and eventually cycle out).

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. If we make material changes, we will notify you by updating the “Effective Date” at the top of this Policy and, if the changes are significant, by providing a prominent notice on our website or via emailfair.openbalkan.com. We encourage you to review this Policy periodically to stay informed about how we are protecting your information. If you continue to use the Services after changes to the Privacy Policy are posted, it will signify your acceptance of the updated terms, to the extent permitted by law.

If we intend to process your personal data for a new purpose not outlined in this Policy, we will provide you with information about that purpose and any other relevant details prior to starting the processing, and if required, seek your consent.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please do not hesitate to contact us:

Wine Vision by Open Balkan – Privacy Team
Address: Bulevar Vojvode Mišića 14, 11030 Belgrade, Serbia
Email: [email protected]
Phone: +381 11 26 55 239 / +381 11 26 55 113

We will address your inquiry as soon as possible. Your trust is our priority, and we are committed to resolving any issues to your satisfaction. If you feel we have not adequately addressed your concerns, remember you have the right to lodge a complaint with the relevant supervisory authority as noted in Section 7.

Thank you for taking the time to read our Privacy Policy. We value your participation in Wine Vision by Open Balkan and are dedicated to protecting your personal data and privacy rights.