In touch with you

almaty@manpower.kz

Policy regarding the collection, processing and protection of personal data of the "Manpower Kaz" limited liability partnership

1.            GENERAL PROVISIONS

 

1.1. This Personal data processing Policy (hereinafter referred to as the "Policy") has been developed in pursuance of the requirements of the Law of the Republic of Kazakhstan No. 94-V dated May 21, 2013 "On Personal Data and their Protection" (hereinafter referred to as the "Personal Data Law") in order to ensure protection of the rights and freedoms of a person and a citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.

 

1.2. This Policy applies to the following categories of personal data subjects processed by the Operator:

 

•             Operator's employees;

•             applicants for vacancies of the Operator (candidates);

•             counterparties of the Operator;

•             representatives of the Operator's counterparties;

•             visitors to the Operator's Website.

 

1.3. Basic terms used in the Policy:

Personal data - information relating to a specific or identifiable on their basis personal data subject, recorded on electronic, paper and (or) other tangible media;

Operator of the database containing personal data (hereinafter- Operator) - Manpower Kaz LLP, which collects, processes and protects personal data;

Processing of personal data - аctions aimed at accumulation, storage, modification, addition, use, distribution, depersonalization, blocking and destruction of personal data;

The owner of the database containing personal data (hereinafter - the owner) - a state body, a natural and (or) legal person exercising in accordance with the laws of the Republic of Kazakhstan the right to own, use and dispose of the database containing personal data

Dissemination of personal data - actions resulting in the transfer of personal data, including through the media or providing access to personal data in any other way;

Blocking of personal data - temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data);

Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed;

Depersonalization of personal data - actions, as a result of which it is impossible to determine whether personal data belongs to the subject of personal data;

A database containing personal data (hereinafter -the database) is an aggregate of ordered personal data

Cross-border transfer of personal data - transfer of personal data to the territory of a foreign state;

Website - a set of programs for electronic computers and other information contained in the information system, access to which is provided through the Internet information and telecommunication network and located at: .

 

1.4. Basic rights and obligations of the Operator.

 

1.4.1. The Operator has the right to:

•             independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law on Personal Data and the regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other laws;

•             entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by law, on the basis of an agreement concluded with this person. A person who processes personal data on behalf of the Operator is obliged to comply with the principles and rules for the processing of personal data provided for by the Law on Personal Data;

•             in the event that the subject of personal data withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Law on Personal Data.

 

1.4.2. The Operator is obliged to:

•             approve the list of personal data necessary and sufficient for performance of their tasks, unless otherwise provided by the laws of the Republic of Kazakhstan;

•             approve documents defining the operator's policy with respect to the collection, processing and protection of personal data;

•             take and observe necessary measures, including legal, organizational and technical, for protection of personal data in accordance with the legislation of the Republic of Kazakhstan;

•             to comply with the legislation of the Republic of Kazakhstan on personal data and its protection;

•             provide, upon request of the authorized body within the framework of consideration of applications of individuals and legal entities, information on methods and procedures used to ensure compliance of the owner and (or) the operator with the requirements of the Law on personal data;

•             to take measures on destruction of personal data in case of achievement of the purpose of its collection and processing, as well as in other cases established by the Law on personal data and other normative legal acts of the Republic of Kazakhstan;

•             provide proof of subject's consent to collection and processing of his/her personal data in cases stipulated by the legislation of the Republic of Kazakhstan;

•             upon application of a subject to communicate information relating to him/her within the time frame stipulated by the legislation of the Republic of Kazakhstan;

•             in case of refusal to provide information to a subject or his/her legal representative to provide a reasoned response within the time frame stipulated by the legislation of the Republic of Kazakhstan;

•             within one business day:

- to change and (or) supplement personal data on the basis of relevant documents confirming their reliability, or to destroy personal data if it is impossible to change and (or) supplement them;

- block personal data relating to the subject, if there is information about a violation of the conditions of their collection, processing;

- destroy personal data in case of confirmation of the fact of their collection, processing in violation of the laws of the Republic of Kazakhstan;

- remove blocking of personal data in case of non-confirmation of violation of conditions of collection, processing of personal data.

•             provide the subject or his/her legal representative with an opportunity to become acquainted with personal data relating to the subject, free of charge;

•             appoint a person responsible for organizing the processing of personal data, if the owner and (or) the operator are legal entities.

 

1.5. The Subject of personal data has the right to:

•             to know about the availability of the owner and (or) the operator, as well as a third party their personal data, as well as to receive information containing:

•             to demand from the owner and/or operator changes and additions to his personal data if there are grounds, confirmed by relevant documents;

•             demand that the owner and (or) operator, as well as a third party block their personal data if there is information about the violation of the conditions of collection and processing of personal data;

•             to demand from the owner and (or) operator, as well as the third party to destroy their personal data, collection and processing of which was made with violation of the legislation of the Republic of Kazakhstan, as well as in other cases;

•             withdraw consent for collection, processing, distribution in publicly accessible sources, transfer to third parties and cross-border transfer of personal data, except as required by law;

•             give consent (refuse) to the owner and (or) the operator to disseminate his personal data in publicly available sources of personal data;

•             to protect their rights and legitimate interests, including compensation for moral and material damages;

•             to exercise other rights stipulated by the legislation of the Republic of Kazakhstan.

 

1.6. Control over the fulfillment of the requirements of this Policy is carried out by the Operator's authorized person responsible for organizing the processing of personal data.

 

1.7. Responsibility for violation of the requirements of the legislation of the Republic of Kazakhstan and local acts of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Republic of Kazakhstan.

 

2. PRINCIPLES OF PERSONAL DATA PROCESSING

 

2.1. The collection, processing and protection of personal data shall be carried out in accordance with the principles of:

1) observance of constitutional rights and freedoms of man and citizen;

2) legality;

3) confidentiality of personal data of limited access;

4) the equality of the rights of the subjects, owners and operators;

5) ensuring the security of an individual, society and the state.

 

3. LEGAL BASIS FOR PROCESSING PERSONAL DATA

 

3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, in pursuance of which and in accordance with which the Operator processes personal data, including:

 

•             Constitution of the Republic of Kazakhstan;

•             Labor Code of the Republic of Kazakhstan;

•             Civil Code of the Republic of Kazakhstan;

•             Tax Code of the Republic of Kazakhstan;

•             other regulatory legal acts regulating relations related to the activities of the Operator.

 

3.2. The legal basis for the processing of personal data is also:

 

•             Charter of the Operator;

•             contracts concluded with the Subject of personal data;

•             consent of the Personal Data Subject to the processing of personal data;

•             other grounds provided by law.

 

4. VOLUME, CATEGORIES AND CONDITIONS OF PROCESSED PERSONAL DATA, CATEGORIES OF PERSONAL DATA SUBJECTS WITH RESPECT TO THE DECLARED PURPOSE OF PERSONAL DATA PROCESSING

 

4.1. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. It is not allowed to process personal data that is incompatible with the purposes of collecting personal data. Only personal data that meet the purposes of their processing are subject to processing.

 

4.2. The content and scope of the processed personal data must comply with the stated purposes of processing provided for in this section. The processed personal data should not be excessive in relation to the stated purposes of their processing. Personal data is processed by the Operator for the following purposes:

•             Ensuring compliance with labor legislation, support of labor relations;

•             assistance in obtaining benefits and compensations;

•             newsletters and news;

•             voluntary medical insurance;

•             employee training and advanced training;

•             provision of corporate mobile communications;

•             administration and support of business trips;

•             consideration of an applicant for a vacant position, making a decision on hiring or refusing to accept a job and forming a personnel reserve;

•             providing access to IT infrastructure, supporting business processes in corporate information resources and information security;

•             career counseling and job search;

•             preparation, conclusion and execution of contracts;

•             sending advertising information about products and services;

•             processing incoming applications from individuals and sending them information;

•             holding promotions, surveys, research, events;

•             ensuring the interaction of affiliated persons;

•             evaluating, optimizing and improving the quality of the Website, services and their usability in accordance with the preferences of the recipient.

 

4.3. In accordance with this Policy, the Operator may process personal data belonging to the following categories of Personal Data Subjects:

•             Operator's employees;

•             applicants for vacancies of the Operator (candidates);

•             counterparties of the Operator;

•             representatives of the Operator's counterparties;

•             visitors to the Operator's Website.

 

4.4. Processing of personal data in order to ensure compliance with labor laws, support of labor relations.

 

4.4.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             Operator's employees

 

4.4.2. The Operator processes the following categories and the list of personal data of employees for the purpose specified in this section of the Policy:

a) the processing of personal data of employees is carried out in accordance with the following list:

•             Full Name;

•             Age;

•             Date of Birth;

•             Sex;

•             Family status;

•             Profession;

•             position and place of work;

•             information about the passage of briefings and training;

•             information on admission, transfer, dismissal and other personnel changes;

•             income information;

•             residence address;

•             registration address;

•             E-mail address;

•             phone number;

•             SNILS;

•             TIN, BIN;

•             Citizenship;

•             details of an identity document;

•             driver's license data, personal vehicle data;

•             data of an identity document outside the Republic of Kazakhstan;

•             data of the document contained in the birth certificate;

•             work experience;

•             status related to military duty, information about military registration;

•             information about education.

 

b) processing by the Operator of biometric personal data of employees (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is carried out in accordance with the requirements of the legislation of the Republic of Kazakhstan, namely:

•             face image data obtained using photo-video devices.

 

4.4.3. The Operator carries out mixed processing of personal data of employees for the purposes specified in this section of the Policy, including transmission via the internal network (intranet).

 

4.4.4. The list of actions performed by the Operator with personal data of employees in the purpose specified in this section of the Policy: accumulation, storage, modification, amendment, use, distribution, depersonalization, blocking and destruction of personal data.

 

4.4.5. The Operator processes the personal data of laid-off employees in cases and within the time limits stipulated by the legislation of the Republic of Kazakhstan. Such cases, among other things, include the processing of personal data in the framework of accounting and tax accounting, including to ensure the safety of documents necessary for the calculation, withholding and transfer of tax.

 

4.4.6. Consent of employees to the processing of their personal data in order to ensure the labor legislation of the Republic of Kazakhstan are not required.

 

4.4.7. The Operator, without the consent of employees, does not disclose to third parties and does not distribute the personal data of employees for the purpose specified in this section of the Policy, unless otherwise provided by the legislation of the Republic of Kazakhstan.

 

4.4.8. When transferring personal data of employees, the Operator must comply with the following requirements:

•             it is prohibited to communicate personal data of employees to a third party without the written consent of employees, except when it is necessary to prevent a threat to the life and health of employees, as well as in cases established by applicable law;

•             an employee transferring the personal data of the Operator's employees is obliged to warn the persons receiving the personal data of employees that these data can be used only for the purposes for which they are reported, and require these persons to confirm compliance with this rule. Persons receiving personal data of the Operator's employees are required to maintain their confidentiality. This provision does not apply to the exchange of personal data of employees in the manner prescribed by applicable law;

•             an employee transferring the personal data of the Operator's employees has the right to transfer their personal data to employees' representatives in the manner prescribed by the Labor Code, and to limit this information only to those personal data of employees that are necessary for the specified representatives to perform their functions.

•             the transfer of personal data of employees to the Unified Accumulative Pension Fund of the Republic of Kazakhstan in the manner prescribed by law is carried out without the consent of employees.

•             Consent of employees is not required in cases where the Operator transfers personal data of employees to tax authorities, military commissariats, trade union bodies, as provided for by applicable law, as well as upon receipt, within the established authority, motivated requests from prosecutors, law enforcement agencies, security agencies and other authorities authorized to request information about employees in accordance with the competence provided for by the current legislation of the Republic of Kazakhstan.

 

4.5. Processing of personal data in order to assist in obtaining benefits and compensation.

 

4.5.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             Operator's employees.

 

4.5.2. The Operator processes the following categories and the list of personal data of employees for the purpose specified in this section of the Policy:

•             Full Name;

•             SNILS, TIN, BIN;

•             Data of an identity document;

•             Registration address;

•             Family status;

•             Personal vehicle data.

 

4.6. Processing of personal data for the purposes of newsletters and news

 

4.6.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             Operator's employees

 

4.6.2. The Operator processes the following categories and the list of personal data of employees for the purpose specified in this section of the Policy:

•             Full Name;

•             Email.

 

4.7. Processing of personal data for the purposes of voluntary health insurance

 

4.7.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             Operator's employees

 

4.7.2. The Operator processes the following categories and the list of personal data of employees for the purpose specified in this section of the Policy:

•             Full Name;

•             Date of Birth;

•             Position and place of work;

•             Data of an identity document;

•             Registration address;

•             Phone number;

•             E-mail address;

•             Information about income.

 

4.8. Processing of personal data for the purposes of employee training and advanced training

 

4.8.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•    Operator's employees

 

4.8.2. The Operator processes the following categories and the list of personal data of employees for the purpose specified in this section of the Policy:

•             Full Name;

•             Date of Birth;

•             Position and place of work;

•             Information about education;

•             Family status;

•             Data of an identity document;

•             Driver's license details;

•             SNILS.

 

4.9. Processing of personal data for the purpose of providing corporate mobile communications

 

4.9.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•    Operator's employees

 

4.9.2. The Operator processes the following categories and the list of personal data of employees for the purpose specified in this section of the Policy:

•             Full Name

•             Citizenship

•             Date of Birth

•             TIN, BIN

•             SNILS

•             Data of an identity document

•             Cell phone number

 

4.10. Processing of personal data for the purposes of administration and support of business trips

 

4.10.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             Operator's employees

 

4.10.2. The Operator processes the following categories and the list of personal data of employees for the purpose specified in this section of the Policy:

•             Full Name

•             Date of Birt

•             Data of an identity document

•             Data of an identity document abroad of the Republic of Kazakhstan

•             E-mail address

•             Cell phone number

 

4.11. Processing of personal data for the purpose of considering an applicant for a vacant position, making a decision on hiring or refusing to hire and forming a personnel reserve.

 

4.11.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             Applicants for vacancies of the Operator

 

4.11.2. The Operator processes the following categories and the list of personal data of applicants for the purpose specified in this section of the Policy:

a) processing of general (other) categories of personal data of applicants is carried out in accordance with the following list:

 

•             Full Name

•             Date of Birth

•             Place of Birth

•             Floor

•             E-mail address

•             phone number

•             citizenship

•             profession

•             job title

•             work experience

•             information about education

•             photo

 

b) the processing of biometric personal data of applicants (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is carried out in accordance with the requirements of the legislation of the Republic of Kazakhstan, namely:

•             face image data obtained using photo-video devices.

 

4.11.3. The processing of personal data of applicants for the purpose specified in this section of the Policy is subject to prior consent to such processing. Obtaining consent from applicants is carried out in the event of an invitation to an interview.

4.11.4. Placement by applicants on electronic Internet resources (vacancy aggregators) is carried out in accordance with the rules of these resources. By sending a CV to the Operator's e-mail, the applicants thereby consent in a conclusive form to the processing of their personal data.

 

4.12. Processing of personal data in order to access the IT infrastructure, support business processes in corporate information structures and information security

 

4.12.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•    Operator's employees

 

4.12.2. The Operator processes the following categories and the list of personal data of employees for the purpose specified in this section of the Policy:

•             Full Name

•             Date of Birth

•             E-mail address

•             Cell phone number

•             Position and place of work

•             Personnel Number

•             SNILS, TIN/BIN,

•             Data of an identity document

•             Information about employment

•             Structural unit and its location

 

4.13. Processing of personal data for the purposes of career counseling and job search

 

4.13.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             Applicants

 

4.13.2. The Operator processes the following categories and the list of personal data of applicants for the purpose specified in this section of the Policy:

•             Full Name

•             Date of Birth

•             Place of Birth

•             Floor

•             E-mail address

•             phone number

•             citizenship

•             profession

•             job title

•             work experience

•             information about education

 

4.14. Processing of personal data for the purposes of preparing, concluding and executing contracts.

 

4.14.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             counterparties of the Operator

•             representatives of the Operator's counterparties

•             visitors to the Operator's WebWebsite

 

4.14.2. The Operator processes the following categories and the list of personal data of counterparties, representatives of couterparties, visitors for the purpose specified in this section of the Policy:

•             Full Name

•             E-mail address

•             phone number

•             TIN/BIN, SNILS

•             citizenship

•             details of an identity document

•             bank details of a bank card

 

processing of general (other) categories of personal data of representatives of counterparties is carried out in accordance with the following list:

•             Full Name

•             E-mail address

•             phone number

•             position and place of work

•             details of an identity document

 

processing of general (other) categories of personal data of visitors to the Website is carried out in accordance with the following list:

•             Full Name

•             E-mail address

•             phone number

•             position and place of work

 

4.14.3. The processing of personal data of counterparties, representatives of counterparties, visitors does not require obtaining appropriate consent, provided that the amount of personal data processed by the Operator corresponds to the purpose of preparing, concluding and executing a civil law contract specified in this section of the Policy.

 

4.15. Processing of personal data for the purpose of sending advertising information about products and services.

 

4.15.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             representatives of the Operator's counterparties

•             visitors to the Operator's WebWebsite

 

4.15.2. The Operator processes the following categories and a list of personal data of representatives of counterparties, visitors to the Website for the purpose specified in this section of the Policy:

•             Full Name

•             E-mail address

•             phone number

 

4.16. Processing of personal data in order to process incoming requests from individuals and send them information.

 

4.16.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             visitors to the Operator's WebWebsite

 

4.16.2. The Operator processes the following categories and the list of personal data of visitors for the purpose specified in this section of the Policy:

•             Full Name

•             E-mail address

•             phone number

 

4.17. Processing of personal data for the purpose of holding promotions, surveys, research, events.

 

4.17.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             visitors to the Operator's WebWebsite

 

4.17.2. The Operator processes the following categories and the list of personal data of visitors for the purpose specified in this section of the Policy:

•             Full Name

•             E-mail address

•             phone number

 

4.18. Processing of personal data in order to ensure the interaction of affiliated persons.

 

4.18.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             Employees of the Operator and affiliates of the Operator

 

4.18.2. The Operator processes the following categories and the list of personal data of visitors for the purpose specified in this section of the Policy:

•             Full Name

•             position and place of work

•             E-mail address

•             phone number

 

4.19. Processing of personal data in order to evaluate, optimize and improve the quality of the WebWebsite, services and ease of use in accordance with the preferences of the Website visitor.

 

4.19.1. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such (s) category (s) of personal data subjects as:

•             visitors to the Operator's WebWebsite

 

4.19.2. The Operator processes the following categories and the list of personal data of visitors for the purpose specified in this section of the Policy:

•             Full Name

•             E-mail address

•             phone number

•             information collected through metrics programs

 

4.20. The list of actions performed by the Operator with the personal data of the subjects specified in this Policy: accumulation, storage, modification, addition, use, distribution, depersonalization, blocking and destruction of personal data.

 

4.21. The Operator carries out mixed processing of personal data of visitors for the purpose specified in this Policy with transmission over the internal network (Intranet).

 

4.22. The Operator shall be obliged to keep accounting records for the periods established in accordance with the rules for organizing state archival business, but the minimum storage period may not be less than five (5) years. Upon the expiry of the periods specified by the legislation of the Republic of Kazakhstan, personal files of employees and other documents shall be transferred for archival storage.

 

4.23. The Operator, without the consent of the subjects of personal data specified in this Policy, shall not disclose to third parties and shall not distribute their personal data, unless otherwise provided by law.

 

4.24. The processing of personal data of the subjects specified in this Policy may be subject to obtaining prior consent to such processing, except as expressly named in this Policy and / or established by applicable law.

 

4.25. The Operator has the right to carry out cross-border transfer of personal data of subjects to the territory of foreign states that ensure their protection.

 

5. COLLECTION AND STORAGE OF PERSONAL DATA

 

5.1. When collecting personal data, including through the Internet information and telecommunication network, the Operator ensures recording, systematization, accumulation, storage, clarification (updating, change), extraction of personal data of subjects using databases located on the territory of the Republic of Kazakhstan.

 

5.2. Persons who have transferred to the Operator information about another Personal Data Subject, including through the WebWebsite, without the consent of the subject whose personal data were transferred, are liable in accordance with the legislation of the Republic of Kazakhstan.

 

5.3. The Operator stores personal data in a form that allows determining the subject of personal data, no longer than required by the purposes of processing personal data, if the period for storing personal data is not established by law, an agreement to which the Personal Data Subject is a party, beneficiary or guarantor.

 

5.4. The processed personal data is subject to destruction in the event of:

•             reaching the deadline for processing personal data;

•             achieving the goals of personal data processing;

•             loss of the need to achieve the purposes of processing personal data;

•             obtaining a withdrawal of consent to the processing of personal data;

•             in other cases, stipulated by the current legislation.

 

6. PROTECTION OF PERSONAL DATA

 

6.1. Threats to the security of personal data are understood as a set of conditions and factors that create the possibility of unauthorized, including accidental, access to personal data during their collection and processing, which may result in destruction, modification, blocking, copying, unauthorized provision to third parties, unauthorized distribution of personal data. data, as well as other illegal actions.

 

6.2. The protection of personal data is carried out by applying a set of measures, including legal, organizational and technical, in order to:

1) realization of the rights to privacy, personal and family secrets;

2) ensuring its integrity and safety;

3) ensuring its confidentiality;

4) exercising the right to access them;

5) prevention of its illegal collection and processing.

 

6.3. To ensure the protection of personal data, the following is carried out:

1)            allocation of business processes containing personal data;

2)            determination of threats to the security of personal data during their processing;

3)            separation of personal data into public and restricted access;

4)            determination of the list of persons who collect and process personal data or have access to them;

5)            appointment of a person responsible for organizing the processing of personal data;

6)            establishing the procedure for access to personal data and ensuring storage conditions that exclude unauthorized access to them;

7)            approval of documents defining the Operator's policy regarding the collection, processing and protection of personal data;

8)            creation of the necessary conditions for working with personal data;

9)            organization of accounting of documents containing personal data;

10)         organization of work with information systems in which personal data are processed;

11)         training of the Operator's employees who process personal data;

12)         at the request of the authorized body, providing information on the methods and procedures used to ensure that the Operator complies with the requirements of the Law.

 

6.4. The person responsible for organizing the processing of personal data shall:

1)            exercises internal control over compliance by the Operator and its employees with the legislation of the Republic of Kazakhstan on personal data and their protection;

2)            informs the Operator's employees on the provisions of the legislation of the Republic of Kazakhstan on personal data and their protection regarding the processing of personal data, the requirements for the protection of personal data;

3)            exercises control over the acceptance and processing of applications from subjects or their legal representatives.

 

7. UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA

 

7.1. Confirmation of the fact of processing personal data by the Operator, the legal grounds and purposes of processing personal data are provided by the Operator to the Subject of personal data or his representative upon contact or upon receipt of a request from the Subject of personal data or his representative within 10 (ten) business days from the date of receipt of the request. The information provided does not include personal data relating to other Personal Data Subjects, unless there are legal grounds for disclosing such personal data.

 

The request shall contain:

•             number of the main identity document of the Personal Data Subject or his representative, information on the date of issue of the specified document and the issuing authority;

•             information confirming the participation of the Personal Data Subject in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing personal data by the Operator;

•             signature of the Personal Data Subject or his representative.

 

The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Republic of Kazakhstan.

If in the appeal (request) of the Personal Data Subject, in accordance with the requirements of the Law on Personal Data, all the necessary information is not reflected or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him.

The right of the Personal Data Subject to access his personal data may be limited in accordance with the Law on Personal Data, including if the Personal Data Subject's access to his personal data violates the rights and legitimate interests of third parties.

 

7.2. In the event that inaccurate personal data is detected when the Personal Data Subject or his representative contacts, or at their request or at the request of the Authorized Body, the Operator blocks personal data relating to this Personal Data Subject from the moment of receipt of such request or receipt of the specified request for the verification period, if blocking personal data does not violate the rights and legitimate interests of the Personal Data Subject or third parties.

In case of confirmation of the fact of inaccuracy of personal data, the Operator, on the basis of information provided by the subject of personal data or his representative or the Authorized body, or other necessary documents, clarifies personal data within 1 business day from the date of submission of such information and removes the blocking of personal data.

 

7.3. If unlawful processing of personal data is detected upon contact (request) by the Personal Data Subject or his representative or the Authorized Body, the Operator shall block the unlawfully processed personal data relating to this Personal Data Subject from the moment of such request or receipt of the request.

 

7.4. Upon reaching the goals of processing personal data, as well as in the event that the Subject of personal data withdraws consent to their processing, personal data shall be destroyed if:

•             otherwise is not provided by the agreement to which the Personal Data Subject is a party;

•             the Operator is not entitled to process without the consent of the Subject of personal data on the grounds provided for by the Law on Personal Data or other laws;

•             otherwise is not provided by another agreement between the Operator and the Personal Data Subject.

 

8. FINAL PROVISIONS

 

8.1. In pursuance of the requirements of the Law on Personal Data, this Policy is posted at the location of the Operator, as well as in free access on the information and telecommunication network "Internet" on the WebWebsite.