Privacy policy

Communis d.o.o., Sarajevo
Updated: October 4, 2025

1. Our Commitment to Data Protection

Communis d.o.o., as the owner of the website https://communis.ba, is committed to protecting the privacy of users and visitors.
We only collect the minimum amount of data necessary for the proper functioning of the website and for traffic analysis, and we provide clear information on how and why such data is used.

All personal data is treated confidentially and accessible only to authorized personnel who need it to perform their duties. Our employees and partners are required to respect the principles of data protection and confidentiality.

2. Data Controller and Contact Information

Data Controller:
Communis d.o.o.
Skenderija 5/3, 71000 Sarajevo, Bosnia and Herzegovina
E-mail: info@communis.ba
Phone: +387 33 551-155

For any questions regarding data protection, you may contact us using the above details.

3. Scope of This Policy

This policy explains how Communis d.o.o. collects, uses, and stores data arising from the use of the website communis.ba.
It applies in particular to processing that occurs through:

  • cookies and similar technologies,
  • analytics and tracking tools (Google Tag Manager, Google Analytics 4),
  • third-party embedded services (YouTube, Google Maps),
  • technical logs ensuring proper functionality and security.

We use Real Cookie Banner to manage cookies and user consents.
This tool enables:

  • displaying information about all cookies by category,
  • granting and withdrawing consent for each service,
  • documenting consents in accordance with legal requirements.

Legal basis:

  • Art. 6(1)(c) GDPR – legal obligation to inform and record consents,
  • Art. 6(1)(f) GDPR – legitimate interest in ensuring correct website functionality.

More information: https://devowl.io/rcb/data-processing/

The full list of cookies and technologies is available at:
https://communis.ba/cookie-policy/

5. Data We Process

  1. Technical data:
    IP address, requested URL, date and time of access, browser type, and device information.
    – Purpose: to ensure website display and security.
  2. Cookies and third-party scripts:
    • Google Tag Manager (GTM): used for managing tags; does not store personal data itself.
    • Google Analytics 4 (GA4): uses anonymized IP addresses and interaction data for statistical analysis.
    • YouTube embed: may set cookies for video playback and performance optimization.
    • Google Maps embed: sets cookies for map display and anti-abuse protection.
    • WordPress: uses essential cookies (e.g., language preference, page functionality).
  3. Consent records:
    Anonymous consent identifiers (ID, date, and cookie categories) stored via Real Cookie Banner.
Purpose Example Data Legal Basis
Website display and security IP address, logs, Cloudflare protection Legitimate interest (Art. 6(1)(f))
Statistics and analytics GA4 events, anonymized IP, source of traffic Consent (Art. 6(1)(a))
Tag management GTM configuration Legitimate interest (Art. 6(1)(f))
Embedded content (YouTube, Maps) IP, technical identifiers Consent (Art. 6(1)(a))
Consent documentation Real Cookie Banner records Legal obligation (Art. 6(1)(c))

7. Recipients and International Data Transfers

Data may be shared with:

  • Google Ireland Ltd. / Google LLC (Analytics, Tag Manager, YouTube, Maps),
  • website hosting and technical support providers.

Transfers of data to third countries (e.g., the USA) may occur.
In such cases, Standard Contractual Clauses (SCCs) and other appropriate safeguards are applied to ensure lawful processing.

8. Data Retention Periods

Data Type Retention Period
Technical logs Up to 30 days (longer if required for security)
GA4 data According to Google Analytics settings (2–14 months)
Consent records (RCB) Up to 10 years (proof of compliance)

9. Your Rights

As a website visitor, you have the right to:

  • access your personal data,
  • correct inaccurate data,
  • request erasure (“right to be forgotten”),
  • restrict or object to processing,
  • withdraw your consent at any time (without affecting the lawfulness of prior processing).

Requests may be submitted via e-mail to: info@communis.ba

Supervisory authority:
Personal Data Protection Agency in Bosnia and Herzegovina
Dubrovačka 6, 71000 Sarajevo
E-mail: azlpinfo@azlp.ba
Web: www.azlp.ba

The following cookie categories are used on communis.ba:

  • Essential cookies: Real Cookie Banner, Polylang (language), WordPress system cookies.
  • Functional cookies: YouTube, Google Maps (display and security).
  • Statistical cookies: Google Analytics 4.

Cookies are only activated based on your consent.
A full technical list is available at: https://communis.ba/cookie-policy/

Google Tag Manager is used to manage scripts and tags.
It does not set cookies or collect personal data, but it may activate other tools (such as GA4 or YouTube) depending on your consent.

Consent Mode transmits consent states (analytics_storage, ad_storage) and defaults to “denied” until consent is granted.

12. Google Analytics 4

This website uses Google Analytics 4 to analyze user interactions and traffic.
Data is collected anonymously, including IP address (anonymized), device type, duration of visit, and traffic source.
Scripts are only loaded after you have given consent.

13. YouTube and Google Maps

Embedded content from YouTube and Google Maps may set cookies and process data such as IP address, device identifiers, and viewing preferences.
These services load only after consent is given through the cookie banner.

14. Data Security

Communis d.o.o. applies appropriate technical and organizational measures, including:

  • HTTPS/TLS encryption,
  • access control and authentication,
  • regular security audits,
  • restricted data access.

15. Updates to This Policy

This policy may be updated periodically to reflect legal or technical changes.
All updates will be published on this page.

Last updated: October 4, 2025