Personal Data Protection Policy

1. General Provisions

ACONTO d.o.o. Belgrade (hereinafter “Aconto”, “we”, or “the Company”) is committed to the security and protection of data belonging to its clients, partners, and visitors of the website aconto-email.rs.

All activities involving the collection, processing, and storage of data are carried out in accordance with:

  • the Law on Personal Data Protection (Official Gazette of the RS No. 87/2018);
  • the Law on Electronic Communications; and
  • generally accepted principles of information and business security.

This domain serves a technical and informational purpose only, used to:

  • verify the authenticity of e-mail communication originating from the ACONTO system,
  • protect users from fraudulent messages or abuse, and
  • provide contact and security verification information.

Aconto implements all reasonable technical, organizational, and security measures to prevent unauthorized access, disclosure, modification, or loss of data.
However, users acknowledge that no information system is completely secure, and Aconto cannot guarantee absolute protection of data transmitted over the Internet.

2. Types of Data Protected

Within the domain aconto-email.rs, Aconto ensures the protection of the following categories of data:

  • personal data voluntarily submitted via contact form or e-mail;
  • technical data from electronic communication (IP address, server logs, time of access, browser and device information);
  • e-mail metadata processed for authentication purposes (SPF, DKIM, DMARC records);
  • anonymous analytical data collected through Google Analytics 4 for performance monitoring.

Note: This domain does not collect, process, or store financial, tax, health-related, contractual, or any other sensitive personal data.

3. Technical and Organizational Security Measures

Aconto applies the following measures to maintain data security and confidentiality:

  • use of SSL/TLS encryption on all web pages and mail servers;
  • implementation of SPF, DKIM, and DMARC authentication for all outgoing e-mails to prevent abuse;
  • protection of contact forms through Google reCAPTCHA;
  • regular data backups and restricted physical and digital server access;
  • password, antivirus, and firewall protection;
  • access control based on the “need-to-know” principle;
  • confidentiality agreements with employees and external partners; and
  • internal procedures for the secure handling of digital records and communication.

4. Confidentiality and Access to Data

Access to data is strictly limited to:

  • authorized employees of ACONTO;
  • contractually authorized data processors (e.g., IT support, hosting providers, Google as a service partner); and
  • competent authorities of the Republic of Serbia — only in cases prescribed by law.

All persons with access to data are obliged to maintain confidentiality and are liable for any unauthorized disclosure or use of information.

5. Data Breach and Incident Response

In the event of a suspected data security incident (e.g., unauthorized access, data leak, malicious attack), Aconto will:

  • immediately initiate an internal investigation and document the circumstances;
  • take technical measures to mitigate further consequences;
  • notify the Commissioner for Information of Public Importance and Personal Data Protection (where required by law); and
  • inform affected individuals without undue delay if there is a risk to their rights or freedoms.

Aconto is not liable for any damage arising from events beyond its control, including:

  • hacker attacks,
  • Internet service interruptions,
  • failures of third-party systems, or
  • user negligence (e.g., use of unprotected networks or public computers).

6. Liability and Limitations

Aconto acts in good faith and in compliance with applicable law but cannot:

  • guarantee absolute security of data transmission over the Internet;
  • be held liable for unauthorized actions of third parties; or
  • be responsible for data loss caused by force majeure, technical failure, or user error.

Users are expected to take basic security precautions such as:

  • keeping devices and antivirus software up to date,
  • using strong passwords, and

avoiding sharing confidential information via unsecured channels.

7. User Rights

Every individual whose data are processed has the right to:

  • be informed about the processing of their data;
  • request access, correction, or deletion of their data; and
  • request restriction, portability, or raise an objection to processing.

Requests can be sent to info@aconto.rs, and Aconto will respond within the legally prescribed timeframe without undue delay.

8. Amendments to This Policy

Aconto may amend this Personal Data Protection Policy from time to time to reflect changes in legislation or technical requirements. All changes will be published on this page and take effect on the date of publication. Users are encouraged to review this page periodically to stay informed of the latest version.