Legal

Privacy Policy

How we collect, use, and protect your personal data. Last updated: May 2026.

1. Who We Are

StepTo d.o.o. ("StepTo", "we", "us") is a limited liability company registered in the Republic of Serbia (registration number: 21935558, tax ID: 113892993), with its registered office at Bulevar Vudroa Vilsona 6, 11000 Belgrade, Serbia.

We are the data controller for the personal data we process through this website and in connection with our services. For privacy matters, contact us at info@stepto.net.

2. What Data We Collect

Contact form: When you submit an enquiry via our contact form, we collect your first name, last name, work email address, company name (optional), and a description of your project.

Server logs: Our hosting infrastructure automatically records standard server log data — IP address, browser type, referring URL, pages visited, and timestamps — for security and operational purposes. This data is not used for tracking or profiling.

Cookies: We use only technically necessary cookies required to operate the website (e.g. session cookies). We do not use tracking, advertising, or third-party analytics cookies.

3. Why We Process Your Data

To respond to your enquiry (legal basis: legitimate interest in pre-contractual communication, Art. 6(1)(f) GDPR; or performance of a contract, Art. 6(1)(b) GDPR where applicable).

To operate and secure our website infrastructure (legal basis: legitimate interest, Art. 6(1)(f) GDPR).

We do not use your data for automated decision-making or profiling.

4. How Long We Keep Your Data

Contact enquiries: We retain your data for as long as necessary to respond to and follow up on your enquiry, and for up to 3 years afterwards for the purpose of maintaining business records. If we enter into a contract with you, standard accounting retention periods apply (up to 10 years).

Server logs: Retained for up to 90 days for security and operational purposes, then deleted.

5. Who We Share Your Data With

We do not sell, rent, or share your personal data with third parties for marketing purposes.

We use the following categories of processors who may handle your data on our behalf, under appropriate data processing agreements:

Cloud hosting and infrastructure providers (servers located within the EU or EEA).

Email delivery services used to transmit your contact form submission to our team.

If we are required to disclose data by law or court order, we will do so in compliance with applicable legal obligations.

6. International Transfers

StepTo is based in Serbia. The European Commission has issued an adequacy decision recognising Serbia as providing an adequate level of data protection for transfers from the EU/EEA. No additional safeguards are required for data transfers between the EU/EEA and Serbia.

7. Your Rights

Under the GDPR, you have the right to:

Access — request a copy of the personal data we hold about you.

Rectification — ask us to correct inaccurate or incomplete data.

Erasure — request deletion of your data, subject to our legal retention obligations.

Restriction — ask us to restrict processing of your data in certain circumstances.

Portability — receive your data in a structured, machine-readable format.

Object — object to processing based on legitimate interests.

Withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email us at info@stepto.net. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority. In Serbia, this is the Commissioner for Information of Public Importance and Personal Data Protection (www.poverenik.rs). EU residents may also contact their national supervisory authority.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our website is served over HTTPS. Access to personal data is restricted to authorised staff on a need-to-know basis.

9. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We recommend reviewing their privacy policies before submitting any personal data.

10. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices or applicable law. The date at the top of this page shows when it was last revised. We encourage you to review this policy periodically.

Questions about this policy? Contact us at info@stepto.net or view our company imprint.

Performance-led engineering

Senior engineers who move work forward, not just tickets.

Work with accountable, English-fluent professionals who communicate clearly, protect quality, and deliver with a steady operating rhythm. Cost efficiency matters, but performance is why clients stay with us.

Book an intro call Browse services
Delivery signals · senior engineering team
Senior ownership
Lead-level
Delivery rhythm
Weekly
Timezone overlap
CET
1 teamaccountable for outcomes, communication, and execution