Privacy policy for this website
This policy describes the processing of personal data on this website — no more and no less. It is written to be read: no sentences that mean nothing, and no claims about processing that does not happen here.
Last updated:
Konis Software d.o.o. respects the privacy of this site's visitors and processes personal data in accordance with the Serbian Personal Data Protection Act and the General Data Protection Regulation of the European Union (GDPR).
This policy covers the website only. It does not describe processing inside the NG One system — that processing is governed by a data processing agreement in which the client is the controller and Konis Software the processor, and it is set out there, specifically for each company.
1. Data controller
The controller is Konis Software d.o.o., Bulevar Mihajla Pupina 10, 11070 Beograd, Serbia. For any question regarding the processing of personal data, write to office@konissoftware.com.
The controller determines the purposes and means of processing the data collected through this website.
2. What this policy covers
This policy covers the processing of personal data that arises when you visit this website, submit the contact form, or write to the email address given here.
This policy does not describe processing inside the ERP system. When a company becomes a client and the data of its employees, customers and suppliers is processed in the system, that processing is governed by a data processing agreement in which the client is the controller and Konis Software the processor. That agreement establishes the purpose, the categories of data, the retention periods and the protective measures for that specific company. It is not this document, and this policy does not replace it.
The site links to other Konis Software sites and to the sites of our products. Those sites have their own privacy policies — following a link takes you outside the scope of this one.
3. What we collect and why
We do not collect data we do not need, and we do not ask for anything beyond what the purpose of your message requires. The table below is the complete list.
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Contact form data: name, email address, phone (optional), company name (optional), topic and message body | Answering your enquiry, preparing a walkthrough or an offer | Steps taken prior to entering into a contract, at the request of the data subject (Art. 12(1)(2) of the Serbian Act; Art. 6(1)(b) GDPR) | 24 months from the last communication, unless the enquiry leads to a contractual relationship — then the retention of that relationship applies |
| Business correspondence by email: sender address, message body and attachments | Conducting a conversation about possible cooperation and recording what was agreed | Legitimate interest of the controller — communication with business partners (Art. 12(1)(6) of the Serbian Act; Art. 6(1)(f) GDPR) | Up to 3 years from the last message; longer only where necessary to establish or defend a legal claim |
| Server technical data: IP address, access time, requested path, browser and operating system type | Security and stability of the site, detecting abuse and automated attacks | Legitimate interest of the controller — network and information security (Art. 12(1)(6) of the Serbian Act; Art. 6(1)(f) GDPR) | 12 months at most |
| Traffic data: pages viewed, referrer, approximate city-level location, device type | Measuring traffic and improving the site's content | Consent (Art. 15 of the Serbian Act; Art. 6(1)(a) GDPR) | 14 months at most from the last visit; until consent is withdrawn, if earlier |
| Settings in your browser: language and theme choice | So the site looks the same on your next visit | Necessary to provide the service you explicitly requested | Until cleared from your browser; this data never reaches our server and is not linked to you |
We do not collect special categories of data (health, biometric, political or religious beliefs) and do not ask for them in the contact form or in correspondence. If you send them on your own initiative, we delete them as soon as we notice.
This site makes no decisions based solely on automated processing, and does no profiling.
4. Cookies and local storage
The site sets no non-essential cookies until you consent. Until then, analytics are neither loaded nor executed.
- Your language and theme choice is kept in your browser's local storage. That data stays on your device, is never sent to a server, and is not used to recognize you.
- Analytics cookies are set only with your consent and serve to measure traffic. The data is aggregated; the IP address is truncated before processing.
- There are no marketing, advertising or cross-site tracking cookies. We do not share data with advertising networks.
You may withdraw consent at any time — through the cookie settings on the site, or by clearing site data in your browser. Withdrawal does not affect the lawfulness of processing carried out before it.
5. Who the data is disclosed to
We do not sell, trade or pass data to third parties for marketing purposes. We disclose it only to processors providing a service necessary for the site to run, and only under a contract binding them to the same standards of protection.
- A hosting and content delivery provider — hosting the site and its technical logs.
- A business email provider — receiving and storing correspondence.
- A traffic measurement tool — only if you have consented.
The current list of processors, with the name and seat of each, is provided on request sent to office@konissoftware.com.
Data is processed in Serbia and in the European Union. If a transfer to a country outside the list of jurisdictions with an adequate level of protection ever became necessary, it would be carried out under standard contractual clauses or another instrument provided by law, following a prior assessment.
We also disclose data to competent authorities where we are required to by law or by court order — in which case we disclose only what was requested, and keep a record of having done so.
6. Security
- All traffic to the site runs over an encrypted connection (TLS).
- Access to received messages is limited to the employees who need it to answer your enquiry.
- Data is kept to the minimum and deleted once the retention period in section 3 expires.
- Every processor is bound by a contract requiring confidentiality and the same protective measures.
No measure is absolute. Should a personal data breach occur that is likely to result in a risk to rights and freedoms, we will notify the Commissioner within 72 hours, and the data subjects without undue delay where the law requires it.
7. Your rights
In relation to the data we process about you, you have the following rights:
- Access — to learn whether we process your data and to obtain a copy of it.
- Rectification and completion — to have inaccurate data corrected and incomplete data completed.
- Erasure — where the data is no longer needed for the purpose, where you withdraw consent, or where processing is unlawful.
- Restriction of processing — while the accuracy of the data or the merit of your objection is being checked.
- Portability — to receive the data you provided in a structured, machine-readable format.
- Objection — to processing based on legitimate interest; after an objection we stop processing unless there is an overriding legal ground.
- Withdrawal of consent — at any time, as easily as it was given; withdrawal does not affect processing carried out before it.
Send your request to office@konissoftware.com. We respond without undue delay and no later than 30 days from receipt; the period may be extended by a further 60 days for complex requests, in which case we tell you and give the reason. Handling a request is free of charge; a fee may be charged only where a request is manifestly unfounded or excessive, and only with a stated reason.
If you believe your rights have not been respected, you may lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection (poverenik.rs). We would be grateful if you came to us first — it is faster and usually enough.
8. Changes to this policy
We change the policy when what it describes changes — for example when we add a processor or a new purpose. The version published on this page, with the date at the top, is always the one in force.
If a change materially affects your rights and we hold your address from earlier correspondence, we will tell you before the change takes effect.
9. Contact
For any question, request or complaint regarding the processing of personal data: office@konissoftware.com, or by post to Konis Software d.o.o., Bulevar Mihajla Pupina 10, 11070 Beograd, Serbia.