1. General Provisions
This personal data processing policy is developed in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” (hereinafter referred to as the Personal Data Law), and defines the procedures for handling personal data and measures to ensure personal data security implemented by ASIA CASPIAN CONSTRUCTION (hereinafter referred to as the Operator).
1.1. The Operator considers the observance of human rights and freedoms during personal data processing, including the right to privacy, personal and family secrets, as its primary goal and essential condition for conducting business.
1.2. This Operator’s policy regarding personal data processing (hereinafter referred to as the Policy) applies to all information that the Operator may receive about website visitors at https://acc.kz/.
2. Main Terms Used in the Policy
2.1. Automated personal data processing – processing of personal data using computer equipment.
2.2. Blocking of personal data – temporary cessation of personal data processing (except cases when processing is necessary to clarify the personal data).
2.3. Website — a set of graphic and informational materials, software and databases that ensure their availability on the internet at the web address https://acc.kz/.
2.4. Personal data information system — a set of personal data contained in databases and information technologies and technical tools used for their processing.
2.5. Anonymization of personal data — actions as a result of which it is impossible to determine without using additional information the person to whom the personal data belongs.
2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with personal data using automation tools or without them, including collection, recording, categorization, accumulation, storage, updating, retrieval, use, transfer (distribution, provision of access), anonymization, blocking, deletion, destruction of personal data.
2.7. Operator — a government body, municipal authority, legal or physical person who independently or jointly with others organizes and/or carries out personal data processing, as well as determines the purposes of processing, the composition of personal data, and the actions (operations) carried out with such data.
2.8. Personal data — any information relating directly or indirectly to an identified or identifiable user of the website https://acc.kz/.
2.9. Personal data permitted for distribution by the data subject — personal data for which the subject has granted unlimited access by providing consent for processing such data in accordance with the Federal Law on Personal Data (hereinafter referred to as “data permitted for distribution”).
2.10. User — any visitor of the website https://acc.kz/.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or group of persons.
2.12. Distribution of personal data — any actions aimed at disclosing personal data to an indefinite group of people (transfer of personal data) or making personal data accessible to the public, including publication in mass media, posting in information and telecommunication networks, or granting access in any other way.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign country to a government agency, foreign physical or legal person.
2.14. Destruction of personal data — any actions resulting in irreversible destruction of personal data, making further recovery of such data in the information system impossible, and/or destruction of material carriers of personal data.
3. Main rights and obligations of the Operator
3.1. The Operator has the right:
— to obtain from the data subject accurate information and/or documents containing personal data;
— in case the data subject revokes consent for processing personal data or submits a request to stop processing, the Operator may continue processing personal data without consent if justified under the Federal Law on Personal Data;
— to independently determine the list and composition of measures necessary and sufficient to fulfill the obligations established by the Federal Law on Personal Data and related regulatory acts unless otherwise specified by law.
3.2. The Operator is obliged:
— to provide the data subject upon request information regarding the processing of his/her personal data;
— to organize the processing of personal data in compliance with Russian legislation;
— to respond to requests and inquiries from data subjects and their legal representatives in accordance with the requirements of the Federal Law on Personal Data;
— to provide the authorized body for data protection with necessary information within 10 days after receiving a request;
— to publish or otherwise provide unrestricted access to this Policy regarding the processing of personal data;
— to take legal, organizational and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, dissemination, unauthorized access, and other unlawful actions;
— to cease transmission (distribution, provision, access), processing, and destroy personal data in accordance with the procedures and cases stipulated by the Federal Law on Personal Data;
— to perform other duties provided by the Federal Law on Personal Data.
4. Main rights and obligations of data subjects
4.1. Personal data subjects have the right:
— to receive information concerning the processing of their personal data, except in cases provided by federal laws. Information shall be provided in an accessible form and must not contain personal data related to other data subjects unless legally justified. The list of information and procedure for obtaining it are defined by the Federal Law on Personal Data;
— to request the Operator to clarify, block or delete their personal data if such data are incomplete, outdated, inaccurate, unlawfully obtained or unnecessary for the stated purpose of processing, as well as to take measures to protect their rights as provided by law;
— to make prior consent a condition for processing personal data for marketing purposes;
— to withdraw consent for processing personal data and submit a request to stop processing;
— to file complaints with the authorized body for data protection or to pursue legal remedies against unlawful actions or omissions by the Operator during data processing;
— to exercise other rights provided by Russian legislation.
4.2. Personal data subjects are obliged:
— to provide the Operator with accurate information about themselves;
— to notify the Operator about changes or updates to their personal data.
4.3. Individuals who provide false information about themselves or disclose another person’s personal data without consent bear responsibility in accordance with Russian legislation.
5. Principles of personal data processing
5.1. Personal data shall be processed on a lawful and fair basis.
5.2. Processing of personal data shall be limited to achieving specific, predetermined and legitimate purposes. Processing incompatible with the initial purpose of data collection is prohibited.
5.3. Merging databases intended for different processing purposes is prohibited.
5.4. Only personal data relevant to the declared purposes shall be processed.
5.5. The content and volume of personal data processed must correspond to the declared processing purposes. Excessive data processing beyond the declared purposes is prohibited.
5.6. Accuracy, completeness and, where necessary, relevance of personal data in relation to the processing purposes must be ensured. The Operator takes all necessary steps and/or ensures the implementation of steps required to remove or correct incomplete or inaccurate data.
5.7. Personal data shall be stored in a form allowing identification of the data subject no longer than necessary for the processing purposes, unless a specific storage period is established by federal law, contract, or where the data subject is a party, beneficiary or guarantor of the contract. Processed personal data shall be destroyed or anonymized once the processing goals are achieved or when they are no longer necessary, unless otherwise provided by federal law.
6. Purposes of personal data processing
| Purpose of processing | informing the User by sending emails |
|---|---|
| Personal data |
|
| Legal basis |
|
| Types of personal data processing |
|
7. Conditions for personal data processing
7.1. Processing of personal data is carried out based on the data subject’s consent.
7.2. Processing of personal data is necessary to achieve goals defined by international agreements of the Russian Federation or by law, as well as for fulfilling functions, powers and obligations assigned to the Operator by Russian legislation.
7.3. Processing of personal data is necessary for judicial proceedings, execution of court decisions or decisions of other authorities in accordance with enforcement legislation.
7.4. Processing of personal data is necessary for performance of a contract to which the data subject is a party, beneficiary or guarantor, or for entering into a contract initiated by the data subject or under which the data subject will act as a beneficiary or guarantor.
7.5. Processing of personal data is necessary for realization of the rights and legitimate interests of the Operator or third parties, or for achievement of socially significant objectives, provided that the rights and freedoms of the data subject are not violated.
7.6. Processing of personal data is carried out for publicly available personal data, i.e., data made accessible to the public by the data subject or at his/her request.
7.7. Processing of personal data is carried out in accordance with federal law requiring publication or disclosure.
8. Procedure for collecting, storing, transferring and processing personal data
Security of personal data processed by the Operator is ensured through implementation of legal, organizational and technical measures fully meeting current legislative requirements on personal data protection.
8.1. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized access.
8.2. Under no circumstances will the User’s personal data be transferred to third parties, except in cases stipulated by current legislation or where the data subject has given consent to transfer data to a third party for performance of civil-law obligations.
8.3. In case of inaccuracies in personal data, the User may update the data independently by sending a notification to the Operator’s email acckz@bk.ru marked “Updating personal data”.
8.4. The processing period of personal data is determined by the purposes for which the data were collected, unless otherwise stipulated by law or contract.
8.5. All information collected by third-party services, including payment systems, communication tools and other service providers, is stored and processed by those entities in accordance with their Terms of Use and Privacy Policy. The Operator assumes no responsibility for the actions of third parties listed in this clause.
8.6. Restrictions imposed by the data subject on transfer (except granting access), processing or conditions of processing (except granting access) of data permitted for distribution do not apply in cases involving state, public or other public interest purposes defined by Russian legislation.
8.7. The Operator ensures confidentiality of personal data during processing.
8.8. The Operator stores personal data in a form allowing identification of the data subject no longer than necessary for the processing purposes, unless a specific storage period is established by federal law, contract, or where the data subject is a party, beneficiary or guarantor of the contract.
8.9. Grounds for termination of personal data processing include achievement of processing goals, expiration of consent validity, withdrawal of consent or submission of a request to stop processing, as well as detection of unlawful processing.
9. List of actions performed by the Operator with personal data
9.1. The Operator performs collection, recording, categorization, accumulation, storage, updating, retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion and destruction of personal data.
9.2. The Operator performs automated processing of personal data with receipt and/or transfer of information via information and telecommunication networks or without such transfer.
10. Cross-border transfer of personal data
10.1. Before starting cross-border transfer of personal data, the Operator must notify the authorized body for data protection of its intention to carry out such transfer (this notification must be sent separately from the notification regarding data processing).
10.2. Before submitting the above notification, the Operator must obtain appropriate information from foreign government bodies, foreign individuals or legal persons to whom the cross-border transfer is planned.
11. Confidentiality of personal data
The Operator and other persons having access to personal data must not disclose or distribute such data without the consent of the data subject, unless otherwise provided by federal law.
12. Final provisions
12.1. Users may get clarifications regarding personal data processing by contacting the Operator via email at acckz@bk.ru.
12.2. Any changes to the Operator’s data processing policy will be reflected in this document. The Policy remains valid indefinitely until replaced by a new version.
12.3. The current version of the Policy is freely accessible on the Internet at https://acc.kz/privacy.
