a
Print
version

Personal Data Protection & Privacy Policy

POLICY OF "BRAND DEPO" LLС REGARDING THE PROCESSING OF PERSONAL DATA

1. General provisions

The Personal Data Processing Policy (hereinafter referred to as the Policy) is developed in accordance with the Law of the Republic of Kazakhstan No. 94-V.
This Policy defines the procedure for processing personal data and measures to ensure the security of personal data in "BRAND DEPO" LLС (hereinafter referred to as the Operator) in order to protect the rights and freedoms of a person and citizen when processing their personal data, including the protection of the rights to privacy, personal and family secrets.

The Policy uses the following basic concepts:

  • automated processing of personal data – processing of personal data using computer technology;
  • blocking of personal data – temporary termination of processing of personal data (except for cases when processing is necessary to clarify personal data);
  • personal data information system – a set of personal data contained in databases and information technologies and technical means that ensure their processing;
  • depersonalization of personal data – actions that make it impossible to determine whether personal data belongs to a specific personal data subject without using additional information;
  • processing of personal data –any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access) depersonalization, blocking, deletion, or destruction of personal data;
  • operator – a state body, municipal body, legal entity or individual that independently or jointly with other persons organizes and / or performs the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
  • personal data – any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data);
  • provision of personal data – actions aimed at disclosing personal data to a certain person or a certain group of persons;
  • dissemination of personal data – actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or at making personal data available to an unlimited number of persons, including publishing personal data in the mass media, posting it in information and telecommunications networks, or providing access to personal data in any other way;
  • cross-border transfer of personal data – transfer of personal data on the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
  • destruction of personal data – actions that make it impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

Subjects whose personal data is processed in "BRAND DEPO" LLС with or without the use of automation tools are:

  • candidates for the Operator's job;
  • employees of the Operator and their family members (spouses and close relatives);
  • persons who previously had an employment relationship with the Operator;
  • persons who have a civil nature of contractual relations with the Operator, or who are at the stage of pre-contractual or fulfilled relations of a similar nature;
  • persons undergoing various types of internships (internships) with the Operator;
  • founders (participants) of the Operator;
  • contractors of the Operator represented by individual entrepreneurs, their employees; founders, managers, representatives (persons acting on the basis of powers of attorney) and employees of legal entities that have or have had contractual relations with the Operator, or wish to conclude contracts with the Operator;
  • visitors to the Operator's office.
  • subscribers of the website of "BRAND DEPO" LLС on the Internet;
  • other persons whose personal data processing is necessary for the Operator to fulfill the purposes specified in this Policy.

Receiving personal data from the Operator is organized in such a way as not to violate the confidentiality of the collected personal data. The list of cases when it is necessary to obtain the written consent of the personal data subject to the processing of his / her personal data, as well as the procedure and form of obtaining consent are determined by the Company's documents in accordance with the provisions of the Law of the Republic of Kazakhstan No. 94-V

2. Principles and conditions of personal data processing

2.1. Principles of personal data processing

The Operator processes personal data on the basis of the following principles:

  • legality and fair basis;
  • restrictions on the processing of personal data to achieve specific, pre-defined and legitimate goals;
  • preventing the processing of personal data that is incompatible with the purposes of personal data collection;
  • preventing the association of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
  • processing only those personal data that meet the purposes of their processing;
  • compliance of the content and volume of personal data processed with the stated purposes of processing;
  • preventing the processing of personal data that is excessive in relation to the stated purposes of their processing;
  • ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
  • destruction or depersonalization of personal data after the purposes of their processing have been achieved, or if it is no longer necessary to achieve these goals, if the Operator cannot eliminate the violations of personal data committed, unless otherwise provided for by federal law.

2.2. Terms of personal data processing

The Operator processes personal data if at least one of the following conditions is met:

  • processing of personal data is carried out with the consent of the personal data subject to the processing of his / her personal data;
  • processing of personal data is necessary to achieve the goals stipulated by the international treaty of the Republic of Kazakhstan or the law, to perform and fulfill the functions, powers and duties assigned to the operator by the legislation of the Republic of Kazakhstan;
  • processing of personal data is necessary for the administration of justice, execution of a judicial act, an act of another body or official subject to execution in accordance with the legislation of the Republic of Kazakhstan on enforcement proceedings;
  • the processing of personal data is necessary for the performance of a contract to which the personal data subject is a party or beneficiary or guarantor, as well as for the conclusion of a contract on the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor;
  • processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated;
  • processing of personal data is carried out, access to which is granted to an unlimited number of persons by the subject of personal data or at his request (hereinafter referred to as publicly available personal data);
  • personal data subject to publication or mandatory disclosure is processed in accordance with the Law of the Republic of Kazakhstan No. 94-V.

2.3. Confidentiality of personal data

The operator and other persons who have obtained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by the Law of the Republic of Kazakhstan No. 94-V.

2.4. Publicly available sources of personal data

For information support purposes, the Operator may create publicly available sources of personal data of personal data subjects, including reference books and address books. Publicly available sources of personal data may include, with the written consent of the personal data subject, his / her last name, first name, patronymic, date and place of birth, position, contact phone numbers, email address and other personal data provided by the personal data subject.

Information about the personal data subject must be excluded at any time from publicly available sources of personal data at the request of the personal data subject, the authorized body for the protection of the rights of personal data subjects, or by a court decision.

2.5. Special categories of personal data

Processing by the Operator of special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status, intimate life is allowed only in relation to employees of the Operator or persons who are applicants for vacant positions of the Operator, in cases where:

  • the personal data subject has given written consent to the processing of their personal data;
  • personal data is made publicly available by the personal data subject;
  • processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject or the life, health or other vital interests of other persons, and obtaining the consent of the personal data subject is impossible;
  • processing of personal data is necessary to establish or exercise the rights of the personal data subject or third parties, as well as in connection with the administration of justice;
  • processing of personal data is carried out in accordance with the legislation on mandatory types of insurance, with the insurance legislation;
  • The Operator may process personal data about a criminal record only in cases and in accordance with the procedure determined in accordance with federal laws.

2.6. Biometric personal data

Information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity – biometric personal data – can be processed by the Operator only in relation to employees of the Operator or persons who are applicants for vacant positions of the Operator, provided that the personal data subject consents in writing.

2.7. Assignment of personal data processing to another person

The operator has the right to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by law, on the basis of a contract concluded with this person. A person who processes personal data on behalf of the Operator must comply with the principles and rules for processing personal data provided for by the Law of the Republic of Kazakhstan No. 94-V and this Policy.

2.8. Cross-border transfer of personal data

The operator is obliged to make sure that the foreign state to whose territory it is intended to transfer personal data provides adequate protection of the rights of personal data subjects, before such transfer begins.

Cross-border transfer of personal data on the territory of foreign states that do not provide adequate protection of the rights of personal data subjects may be carried out in the following cases:

  • availability of written consent (including using the hardware of the "BRAND DEPO" LLС website on the Internet) of the personal data subject to cross-border transfer of his / her personal data;
  • execution of a contract to which the personal data subject is a party.

2.9. Automatic collection of personal information

In some cases, "BRAND DEPO" LLС uses cookies, web beacons and other technologies to automatically collect certain types of information when you visit the Prian website prian.info or in the process of exchanging electronic messages with you. Collecting such information allows us to save individual settings and parameters of online visitors, improve the functional characteristics of the website, make them more user-friendly and generally increase their efficiency, as well as evaluate the productivity of our marketing activities.

2.9.1. IP addresses

An IP address is a number assigned to your computer every time you access the Internet. It allows computers and servers to recognize each other and exchange information. The IP addresses of visitors to our sites may be taken into account for information security and system diagnostics purposes. This information can also be used in aggregated form to analyze site usage trends and their effectiveness.

2.9.2. Cookie technology

A cookie is a file placed on your computer or device connected to the Internet each time you visit our website. This allows the site to remember your computer or device. In addition, cookies can also be used for other purposes.

An information window that appears on some of our websites will ask for your consent to the collection of cookies. To maintain the functionality of the site, you may also need a second type of cookie, called "user cookies". The use of an informational banner does not block these cookies. The selected item will be saved in a cookie and will be valid for 90 days. If you wish to cancel it, you can do so by deleting the cookies in your browser.

Although most browsers accept cookies automatically, you can configure your browser so that only you can decide whether to accept a cookie or block it (see the "Tools" or "Settings" menu of your browser). You can delete cookies from your device at any time. Please note that if you do not accept cookies, some of the site's functions may be lost.

More detailed information about managing cookies can be found in the help file of your browser or on specialized sites, such as www.allaboutcookies.org.

Third-party tools and widgets can be used on our individual web pages to provide additional features for online visitors. In this case, a cookie may be placed on your device, which will make the use of tools and widgets more convenient and correctly reflect the process of your communication with other users on our web pages.

Cookies themselves do not inform us of your email address or otherwise identify you. In our analytical reports, we may use other identifiers, including IP addresses, but only for the purpose of determining the number of unique online visitors to our websites and collecting information about their geographical location, and not for identifying individual online visitors.

By accessing our websites or entering your login credentials to access areas that only registered users can access, you agree to our placing cookies on your computer or device connected to the Internet.

2.9.3. Google Analytics Online Service

"BRAND DEPO" LLC uses the Internet service Google Analytics. You can find more information about using Google Analytics here: http://www.google.com/analytics/learn/privacy.html

To provide website visitors with more choices regarding the collection of their data by Google Analytics, Google has developed an optional Google Analytics Opt-out Browser Add-on. An additional browser communicates with Google Analytics JavaScript (ga.js), so that information about website visits is not sent to Google Analytics. The additional Google Analytics browser does not prevent information from being sent to the website itself or to other web analytics services.

2.9.4. Web beacons (web beacon technology)

A web beacon is a small graphic file on a web page that can be used to obtain certain information from your computer, such as the IP address, how long the content of the web page has been studied, the browser type, and the presence of cookies previously created by the same server.

"BRAND DEPO" LLC uses these web beacons in strict compliance with the current legislation.

"BRAND DEPO" LLC or service providers may use web beacons to monitor the performance of third-party websites that provide us with recruitment or marketing services, or to collect aggregated statistics about online site visitors and manage cookies.

You can disable some web beacons by blocking the associated cookies. In this case, the web beacon will be able to register an anonymous visit from your IP address, but the information in the cookie will not be recorded.

If you subscribe to our newsletters or other materials, we may monitor the actions of recipients. For example, through embedded links inside messages, we may collect information about the number of recipients who have opened a particular message. This information is collected in order to evaluate which sections of the site are most interesting to users, and to improve user settings.

2.9.5. Location Services

"BRAND DEPO" LLC may collect and use information about the geographical location of your computer or mobile device. The purpose of collecting this data is to provide you with information about services in your area that might be of interest to you, and to improve the products and services offered there.

3. Rights of the personal data subject

3.1. Consent of the personal data subject to the processing of his / her personal data

The personal data subject makes a decision on the provision of his / her personal data and gives consent to their processing freely, voluntarily and in his / her own interest. Consent to the processing of personal data may be given by the personal data subject or his representative in any form that allows us to confirm the fact of its receipt, unless otherwise established by federal law.

3.2. Rights of the personal data subject

The subject of personal data has the right to receive information from the Operator concerning the processing of his / her personal data, if such right is not restricted in accordance with federal laws. The personal data subject has the right to demand that the Operator clarify his / her personal data, block them or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights.

Processing of personal data for the purpose of promoting goods, works, and services on the market through direct contacts with the personal data subject (potential consumer) by means of communication tools, as well as for the purpose of political campaigning, is allowed only with the prior consent of the personal data subject.

The Operator is obliged to immediately stop processing the personal data for the above-mentioned purposes at the request of the personal data subject.

It is prohibited to make decisions based solely on automated processing of personal data that give rise to legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests, except in cases provided for by federal laws, or with the written consent of the subject of personal data.

If the personal data subject considers that the Operator processes his / her personal data in violation of the requirements of the Law of the Republic of Kazakhstan No. 94-V or otherwise violates his / her rights and freedoms, the personal data subject has the right to appeal the actions or omissions of the Operator to the Authorized Body for the Protection of the Rights of Personal data Subjects or in court.

The subject of personal data has the right to protect their rights and legitimate interests, including compensation for losses and (or) compensation for moral damage.

4. Ensuring the security of personal data

The security of personal data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary to meet the requirements of federal legislation in the field of personal data protection.

To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:

  • appointment of officials responsible for organizing the processing and protection of personal data;
  • restriction of the number of persons allowed to process personal data;
  • familiarization of subjects with the requirements of federal legislation and regulatory documents of the Operator for the processing and protection of personal data;
  • organization of accounting, storage and circulation of media containing information with personal data;
  • identification of threats to the security of personal data during their processing, formation of threat models based on them;
  • development of a personal data protection system based on the threat model;
  • checking the availability and effectiveness of information security tools;
  • delineation of user access to information resources and software and hardware information processing tools;
  • registration and accounting of actions of users of personal data information systems;
  • use of anti-virus tools and personal data protection system recovery tools;
  • use of inter-network shielding, intrusion detection, security analysis, and cryptographic information protection tools when necessary;
  • organization of access control to the Operator's territory, security of premises with technical means of processing personal data.

5. Terms of processing (storage) of personal data

The terms of processing (storing) personal data are determined in accordance with the term of the contract with the personal data subject, the statute of limitations, as well as other terms established by the legislation of the Republic of Kazakhstan and the Operator's documents.

Personal data whose processing (storage) period has expired must be destroyed, unless otherwise provided by federal law or regulatory documents of the Operator.

Storage of personal data after the expiration of the storage period is allowed only after their depersonalization.

6. Final provisions

Other rights and obligations of the Operator in connection with the processing of personal data are determined by the legislation of the Republic of Kazakhstan in the field of personal data.

Employees of the Operator who are guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil or criminal liability in accordance with the procedure established by the laws of the Republic of Kazakhstan.

Quoting conditions of Prian.info materials