Personal Data Processing and Cookie Policy
Last updated: 13.02.2025
Permanent links to current versions:
User Agreement (hereinafter referred to as the Agreement).
License Offer Agreement (Appendix to the Agreement).
Personal Data Processing and Cookie Policy (this Policy, Appendix to the Agreement).
1. Terms Used
1.1. The following terms are used in this Personal Data Processing and Cookie Policy:
1.1.1. "Personal data" — any information related to a directly or indirectly identified or determinable subject of personal data.
1.1.2. "Personal data processing" — any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
1.1.3. "Personal data operator (operator)" - a government agency, municipal agency, legal entity or individual that independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.
1.1.4. "Confidentiality of personal data" - a mandatory requirement for the Operator or other person who has gained access to personal data not to allow their dissemination without the consent of the subject of personal data or the presence of other legal grounds.
1.1.5. "Cookies" - a small fragment of data sent by the web server and stored on the user's computer, which the web client or web browser sends to the web server in an HTTP request each time an attempt is made to open a page of the corresponding site.
The subject of personal data has the ability to prohibit the creation of cookies or delete existing ones using the appropriate settings of the web browser, however, in this case, it will be impossible to fully use all the functionality of the Internet service (hereinafter referred to as the Service).
1.1.6. "IP address" is a unique network address of a node in a computer network built using the IP protocol.
1.1.7. "Automated processing of personal data" is the processing of personal data using computer technology.
1.1.8."Dissemination of personal data"– actions aimed at disclosing personal data to an indefinite number of persons.
1.1.9. "Provision of personal data" – actions aimed at disclosing personal data to a specific person or a specific group of persons.
1.1.10. "Blocking of personal data" – temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).
1.1.11. "Destruction of personal data" – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which tangible media of personal data are destroyed.
1.1.12. "Depersonalization of personal data" – actions as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information.
1.1.13. "Personal data information system" – a set of personal data contained in databases and the information technologies and technical means ensuring their processing.
2. General Provisions
2.1. This Policy of Modesco Limited liability partnership regarding the processing of personal data and the processing of Cookies (hereinafter referred to as the Policy) has been developed in compliance with the requirements of the Law of May 21, 2013 No. 94-V "On Personal Data" (hereinafter referred to as the Personal Data Law) in order to ensure the protection of the rights and freedoms of an individual and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.
2.2. The Policy applies to all personal data processed by Modesco Limited liability partnership.
2.3. Before starting to use the website https://fleep.bot (hereinafter referred to as the Website), the subject of personal data is obliged to carefully read the Policy. By using any functions, services and capabilities of the Site, including simply browsing the pages of the Site, the subject of personal data declares that he/she has read, understood and agrees to comply with the terms of the Policy, including all special conditions and rules mentioned therein, without any exceptions or reservations.
2.4. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
2.5. In compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Internet information and telecommunications network on the Operator's website.
2.6. Basic rights and obligations of the Operator.
2.6.1.The operator has the right:
2.7.1. The personal data subject has the right:
2.9. Liability for violation of the requirements of the legislation of the Republic of Kazakhstan and regulatory acts of the Operator in the field of processing and protecting personal data shall be determined in accordance with the legislation of the Republic of Kazakhstan.
3. Purposes of processing Personal data
3.1. The processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
3.2. Only personal data that meet the purposes of their processing may be processed.
3.3. The Operator processes personal data for the following purposes:
4. Legal basis for the processing of Personal Data
4.1. The legal basis for the processing of personal data is the set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
5. Composition, volume, and categories of processed personal data
5.1. The content and volume of processed personal data must correspond to the stated purposes of processing, as provided in Section 2 of this Policy. The processed personal data must not be excessive in relation to the stated purposes of their processing.
It is prohibited to refuse to process data (service) if the personal data subject refuses to provide biometric personal data and (or) give consent to the processing of personal data, unless, in accordance with federal law, the operator’s consent to the processing of personal data is mandatory.
5.2. The Operator may process personal data of the following categories of personal data subjects.
5.2.1. Candidates for employment with the Operator:
5.4. The Operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except for cases stipulated by the legislation of the Republic of Kazakhstan.
6. Cookies
6.1. The Operator's websites use cookie collection and processing technology.
6.2. Except for the cases specified in this Privacy and Cookie Policy, the cookies used by the Operator are necessary for the functionality and performance of the Site; these functional and/or operational cookies will be deleted from the device of the personal data subject at the end of the browser session (session cookies). The Operator does not use the information stored in mandatory cookies for any other purposes, except in case of absolute necessity to provide the personal data subject with the requested services and functionality.
6.3. The Operator uses cookies to personalize the capabilities of the Site and, possibly, display relevant advertising. The Operator uses cookies and similar technologies, including mobile device identifiers, to identify personal data subjects, improve the usability of the Site, enhance security and, possibly, display advertising.
6.4. When visiting the Site for the first time, the Operator invites the personal data subject to read and accept the Personal Data Processing and Cookie Processing Policy.
6.5. The Operator uses session tracking technologies and persistent tracking technologies. Tracking technologies (such as cookies) can be persistent (i.e. they are stored on the personal data subject’s computer until they delete them) or temporary (i.e. they are stored until the personal data subject closes the browser).
6.6. Essential Cookies – are necessary for the normal functioning of the Site. The Operator may use essential Cookies to authenticate personal data subjects, prevent fraudulent use of the Site or provide individual functions of the Site. 6.7
. Analytical and performance cookies allow the Operator to recognize personal data subjects and track their transitions to the Site, helping to improve the operation of the Site.
6.8. Functionality Cookies – used to recognize repeat visits to the Site. They allow personalization of the Site content for personal data subjects, addressing by name and saving selected settings (e.g. language or region).
6.9. Targeting Cookies – track the process of using the Site, opened pages and used links.
6.10. Cookies can be used to:
7. Processing of Personal Data
7.1. The Operator processes personal data in accordance with the requirements of the legislation of the Republic of Kazakhstan.
7.2. Personal data is processed with the consent of the personal data subjects to their processing, as well as without consent in cases stipulated by the legislation of the Republic of Kazakhstan.
7.3. The Operator carries out both automated and non-automated processing of personal data.
7.4. Only the Operator's employees whose job responsibilities include processing personal data are allowed to process personal data.
7.5. Personal data are processed by:
7.7. Transfer of personal data to inquiry and investigation bodies, the Federal Tax Service, the Pension Fund of the Republic of Kazakhstan, the Social Insurance Fund of the Republic of Kazakhstan and other authorized executive bodies and organizations is carried out in accordance with the requirements of the legislation of the Republic of Kazakhstan.
7.8. The operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
7.10. When collecting personal data, including via the Internet, the Operator shall ensure the recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of personal data of citizens of the Republic of Kazakhstan using databases located on the territory of the Republic of Kazakhstan, except for the cases specified in the Law on Personal Data.
8. Other actions with Personal Data. Access to Personal Data.
8.1. Confirmation of the fact of processing personal data by the Operator, the legal grounds and purposes of processing personal data, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, shall be provided by the Operator to the subject of personal data or his representative upon application or upon receipt of a request from the subject of personal data or his representative.
The Operator's response to a subject's request (appeal) for information concerning the processing of their personal data must be given within ten working days from the date of the request or receipt by the Operator of the request from the personal data subject or their representative. The specified period may be extended, but not more than by five working days if the Operator sends a reasoned notice to the personal data subject stating the reasons for extending the period for providing the requested information. The response to the request shall be given in the form in which the request (appeal) was sent, or in the form specified in the request (appeal) itself.
The information provided shall not include personal data related to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data.
The request must contain:
If the request (appeal) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data or the subject does not have the rights to access the requested information, then a reasoned refusal shall be sent to him.
The right of the personal data subject to access his personal data may be limited in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the access of the personal data subject to his personal data violates the rights and legitimate interests of third parties.
8.2. In the event that inaccurate personal data is discovered upon the request of the personal data subject, the Operator blocks the personal data related to this subject from the moment of such request or receipt of the said request for the verification period, unless blocking the personal data violates the rights and legitimate interests of the personal data subject or third parties.
In case of confirmation of the fact of inaccuracy of personal data, the Operator, on the basis of information provided by the personal data subject, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of the personal data.
8.3. In case of detection of unlawful processing of personal data upon an appeal (request) of the personal data subject, the Operator blocks the unlawfully processed personal data related to this subject, from the moment of such appeal or receipt of the request.
8.4. Upon achievement of the purposes of processing personal data, as well as in the event of withdrawal of consent to their processing by the personal data subject, personal data are subject to destruction if:
9. Final Provisions
9.1. This Policy and amendments to it are approved by Modesco Limited liability partnership and introduced by order.
9.2. All employees must be familiarized with the text of this Policy and amendments to it by signature.
10. Operator details
Modesco Limited liability partnership
registration number 240440018332,
addressed Kazakhstan, 050008, Almaty city, Bostandyk district, 52 Abai Avenue, office 802-98
Modesco Limited liability partnership
Permanent links to current versions:
User Agreement (hereinafter referred to as the Agreement).
License Offer Agreement (Appendix to the Agreement).
Personal Data Processing and Cookie Policy (this Policy, Appendix to the Agreement).
1. Terms Used
1.1. The following terms are used in this Personal Data Processing and Cookie Policy:
1.1.1. "Personal data" — any information related to a directly or indirectly identified or determinable subject of personal data.
1.1.2. "Personal data processing" — any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
1.1.3. "Personal data operator (operator)" - a government agency, municipal agency, legal entity or individual that independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.
1.1.4. "Confidentiality of personal data" - a mandatory requirement for the Operator or other person who has gained access to personal data not to allow their dissemination without the consent of the subject of personal data or the presence of other legal grounds.
1.1.5. "Cookies" - a small fragment of data sent by the web server and stored on the user's computer, which the web client or web browser sends to the web server in an HTTP request each time an attempt is made to open a page of the corresponding site.
The subject of personal data has the ability to prohibit the creation of cookies or delete existing ones using the appropriate settings of the web browser, however, in this case, it will be impossible to fully use all the functionality of the Internet service (hereinafter referred to as the Service).
1.1.6. "IP address" is a unique network address of a node in a computer network built using the IP protocol.
1.1.7. "Automated processing of personal data" is the processing of personal data using computer technology.
1.1.8."Dissemination of personal data"– actions aimed at disclosing personal data to an indefinite number of persons.
1.1.9. "Provision of personal data" – actions aimed at disclosing personal data to a specific person or a specific group of persons.
1.1.10. "Blocking of personal data" – temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).
1.1.11. "Destruction of personal data" – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which tangible media of personal data are destroyed.
1.1.12. "Depersonalization of personal data" – actions as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information.
1.1.13. "Personal data information system" – a set of personal data contained in databases and the information technologies and technical means ensuring their processing.
2. General Provisions
2.1. This Policy of Modesco Limited liability partnership regarding the processing of personal data and the processing of Cookies (hereinafter referred to as the Policy) has been developed in compliance with the requirements of the Law of May 21, 2013 No. 94-V "On Personal Data" (hereinafter referred to as the Personal Data Law) in order to ensure the protection of the rights and freedoms of an individual and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.
2.2. The Policy applies to all personal data processed by Modesco Limited liability partnership.
2.3. Before starting to use the website https://fleep.bot (hereinafter referred to as the Website), the subject of personal data is obliged to carefully read the Policy. By using any functions, services and capabilities of the Site, including simply browsing the pages of the Site, the subject of personal data declares that he/she has read, understood and agrees to comply with the terms of the Policy, including all special conditions and rules mentioned therein, without any exceptions or reservations.
2.4. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
2.5. In compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Internet information and telecommunications network on the Operator's website.
2.6. Basic rights and obligations of the Operator.
2.6.1.The operator has the right:
- independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
- entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data stipulated by the Law on Personal Data;
- In the event of the personal data subject’s withdrawal of consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Law on Personal Data.
- organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
- respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
- notify the authorized body for the protection of the rights of personal data subjects (the Federal Service for Supervision of Communications, Information Technology and Mass Media) at the request of this body of the necessary information within 10 working days from the date of receipt of such request.
2.7.1. The personal data subject has the right:
- receive information regarding the processing of his personal data, except for cases stipulated by federal laws. Information is provided to the personal data subject by the Operator in an accessible form, and it should not contain personal data related to other personal data subjects, except for cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
- demand that the Operator clarify his personal data, block it or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also take measures provided by law to protect his rights;
- put forward the condition of prior consent when processing personal data for the purpose of promoting goods, works and services on the market;
2.9. Liability for violation of the requirements of the legislation of the Republic of Kazakhstan and regulatory acts of the Operator in the field of processing and protecting personal data shall be determined in accordance with the legislation of the Republic of Kazakhstan.
3. Purposes of processing Personal data
3.1. The processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
3.2. Only personal data that meet the purposes of their processing may be processed.
3.3. The Operator processes personal data for the following purposes:
- ensuring compliance with the Constitution of the Republic of Kazakhstan, federal laws and other regulatory legal acts of the Republic of Kazakhstan;
- implementation of commercial activities of the Operator;
- personnel records management;
- assisting employees in finding employment, obtaining education and career advancement, ensuring the personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property;
- attracting and selecting candidates for work at the Operator;
- organization of registration of employees for individual (personalized) records in the compulsory pension insurance system;
- filling out and submitting required reporting forms to executive authorities and other authorized organizations;
- conclusion and execution of civil law contracts;
- accounting.
4. Legal basis for the processing of Personal Data
4.1. The legal basis for the processing of personal data is the set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
- Constitution of the Republic of Kazakhstan;
- Civil Code of the Republic of Kazakhstan;
- Labor Code of the Republic of Kazakhstan;
- Tax Code of the Republic of Kazakhstan;
- Law of the Republic of Kazakhstan of 21.05.2013 No. 94-V "On Personal Data and Their Protection";
- Law of the Republic of Kazakhstan of 24.11.2015 No. 418-V "On Informatization";
- Law of the Republic of Kazakhstan of 22.04.1998 No. 220-I "On Limited and Additional Liability Partnerships";
- Law of the Republic of Kazakhstan of 28.02.2007 No. 234-III "On Accounting and Financial Reporting";
- Law of the Republic of Kazakhstan of 21.06.2013 No. 105-V "On Pension Provision in the Republic of Kazakhstan";
- Regulations on the protection of personal data when processing them in information systems, approved by the Government of the Republic of Kazakhstan;
- local acts of the Operator;
- other regulatory legal acts governing the activities of the Operator;
- agreements concluded between the Operator and personal data subjects;
- consent of personal data subjects to the processing of their personal data.
5. Composition, volume, and categories of processed personal data
5.1. The content and volume of processed personal data must correspond to the stated purposes of processing, as provided in Section 2 of this Policy. The processed personal data must not be excessive in relation to the stated purposes of their processing.
It is prohibited to refuse to process data (service) if the personal data subject refuses to provide biometric personal data and (or) give consent to the processing of personal data, unless, in accordance with federal law, the operator’s consent to the processing of personal data is mandatory.
5.2. The Operator may process personal data of the following categories of personal data subjects.
5.2.1. Candidates for employment with the Operator:
- last name, first name, patronymic;
- gender;
- citizenship;
- date and place of birth;
- contact details;
- information about education, work experience, qualifications;
- other personal data provided by candidates in their resumes and cover letters.
- last name, first name, patronymic;
- gender;
- citizenship;
- image (photograph);
- passport details;
- address of registration at the place of residence and address of actual residence;
- contact information (phone numbers, email);
- individual taxpayer identification number;
- individual insurance account number (SNILS);
- information on education, qualifications, professional training and advanced training;
- marital status, presence of children, family ties;
- information about work activity, including the presence of incentives, awards and (or) disciplinary sanctions;
- marriage registration data;
- military registration information;
- information about disability;
- information on alimony withholding;
- information about income from previous place of employment;
- other personal data provided by employees in accordance with the requirements of labor legislation.
- last name, first name, patronymic;
- degree of kinship;
- date of birth;
- other personal data provided by employees in accordance with the requirements of labor legislation.
- the Internet Protocol (IP) address used to connect the personal data subject’s computer to the Internet, login details, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, website visit information;
- contact information (phone numbers, email, Telegram account name);
- last name, first name, patronymic;
- Vkontakte page address and account name;
- personal account ID in the Telegram messenger;
- username (link) to personal profile in Telegram messenger;
- information about the actions of the personal data subject in the Service;
- address of registration at the place of residence and address of actual residence;
- year, month and date of birth;
- bank details;
- other personal data provided by clients and counterparties and their employees (individuals), necessary for the conclusion and execution of contracts.
5.4. The Operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except for cases stipulated by the legislation of the Republic of Kazakhstan.
6. Cookies
6.1. The Operator's websites use cookie collection and processing technology.
6.2. Except for the cases specified in this Privacy and Cookie Policy, the cookies used by the Operator are necessary for the functionality and performance of the Site; these functional and/or operational cookies will be deleted from the device of the personal data subject at the end of the browser session (session cookies). The Operator does not use the information stored in mandatory cookies for any other purposes, except in case of absolute necessity to provide the personal data subject with the requested services and functionality.
6.3. The Operator uses cookies to personalize the capabilities of the Site and, possibly, display relevant advertising. The Operator uses cookies and similar technologies, including mobile device identifiers, to identify personal data subjects, improve the usability of the Site, enhance security and, possibly, display advertising.
6.4. When visiting the Site for the first time, the Operator invites the personal data subject to read and accept the Personal Data Processing and Cookie Processing Policy.
6.5. The Operator uses session tracking technologies and persistent tracking technologies. Tracking technologies (such as cookies) can be persistent (i.e. they are stored on the personal data subject’s computer until they delete them) or temporary (i.e. they are stored until the personal data subject closes the browser).
6.6. Essential Cookies – are necessary for the normal functioning of the Site. The Operator may use essential Cookies to authenticate personal data subjects, prevent fraudulent use of the Site or provide individual functions of the Site. 6.7
. Analytical and performance cookies allow the Operator to recognize personal data subjects and track their transitions to the Site, helping to improve the operation of the Site.
6.8. Functionality Cookies – used to recognize repeat visits to the Site. They allow personalization of the Site content for personal data subjects, addressing by name and saving selected settings (e.g. language or region).
6.9. Targeting Cookies – track the process of using the Site, opened pages and used links.
6.10. Cookies can be used to:
- Customization of the content of the Website web pages in accordance with the preferences of personal data subjects, as well as for the recognition of personal data subjects;
- Creating statistics that help to understand how exactly personal data subjects use the Site;
- Maintaining a session of the personal data subject.
7. Processing of Personal Data
7.1. The Operator processes personal data in accordance with the requirements of the legislation of the Republic of Kazakhstan.
7.2. Personal data is processed with the consent of the personal data subjects to their processing, as well as without consent in cases stipulated by the legislation of the Republic of Kazakhstan.
7.3. The Operator carries out both automated and non-automated processing of personal data.
7.4. Only the Operator's employees whose job responsibilities include processing personal data are allowed to process personal data.
7.5. Personal data are processed by:
- receiving them in writing directly from the subjects of personal data;
- obtaining them from publicly available sources;
- entering them into the Operator’s logs, registers and information systems;
- use of other methods of processing personal data.
7.7. Transfer of personal data to inquiry and investigation bodies, the Federal Tax Service, the Pension Fund of the Republic of Kazakhstan, the Social Insurance Fund of the Republic of Kazakhstan and other authorized executive bodies and organizations is carried out in accordance with the requirements of the legislation of the Republic of Kazakhstan.
7.8. The operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
- identifies threats to the security of personal data during their processing;
- adopts local regulations and other documents governing relations in the sphere of processing and protection of personal data. The Operator's local regulations may not include provisions restricting the rights of the personal data subject;
- appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
- creates the necessary conditions for working with personal data;
- organizes the recording of documents containing personal data;
- organizes work with information systems in which personal data is processed;
- stores personal data under conditions that ensure their safety and prevent unauthorized access to them;
- organizes internal control measures and (or) audit of compliance of personal data processing with the Law on Personal Data and regulatory legal acts adopted in accordance with it, requirements for the protection of personal data, the Operator’s policy regarding the processing of personal data, and local regulatory acts of the Operator;
- determines the assessment of the harm that may be caused to personal data subjects in the event of a violation of the rules for working with personal data, the ratio of the said harm and the measures taken by the operator aimed at ensuring the fulfillment of the obligations stipulated by the Law on Personal Data;
- organizes familiarization of employees directly involved in the processing of personal data with the provisions of the Republic of Kazakhstan legislation on personal data, including requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on issues of processing personal data, and (or) training of the said employees;
- ensures interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Republic of Kazakhstan.
7.10. When collecting personal data, including via the Internet, the Operator shall ensure the recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of personal data of citizens of the Republic of Kazakhstan using databases located on the territory of the Republic of Kazakhstan, except for the cases specified in the Law on Personal Data.
8. Other actions with Personal Data. Access to Personal Data.
8.1. Confirmation of the fact of processing personal data by the Operator, the legal grounds and purposes of processing personal data, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, shall be provided by the Operator to the subject of personal data or his representative upon application or upon receipt of a request from the subject of personal data or his representative.
The Operator's response to a subject's request (appeal) for information concerning the processing of their personal data must be given within ten working days from the date of the request or receipt by the Operator of the request from the personal data subject or their representative. The specified period may be extended, but not more than by five working days if the Operator sends a reasoned notice to the personal data subject stating the reasons for extending the period for providing the requested information. The response to the request shall be given in the form in which the request (appeal) was sent, or in the form specified in the request (appeal) itself.
The information provided shall not include personal data related to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data.
The request must contain:
- the number of the main document certifying the identity of the personal data subject or his representative, information on the date of issue of the specified document and the body that issued it;
- information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conventional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator;
- signature of the personal data subject or his/her representative.
If the request (appeal) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data or the subject does not have the rights to access the requested information, then a reasoned refusal shall be sent to him.
The right of the personal data subject to access his personal data may be limited in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the access of the personal data subject to his personal data violates the rights and legitimate interests of third parties.
8.2. In the event that inaccurate personal data is discovered upon the request of the personal data subject, the Operator blocks the personal data related to this subject from the moment of such request or receipt of the said request for the verification period, unless blocking the personal data violates the rights and legitimate interests of the personal data subject or third parties.
In case of confirmation of the fact of inaccuracy of personal data, the Operator, on the basis of information provided by the personal data subject, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of the personal data.
8.3. In case of detection of unlawful processing of personal data upon an appeal (request) of the personal data subject, the Operator blocks the unlawfully processed personal data related to this subject, from the moment of such appeal or receipt of the request.
8.4. Upon achievement of the purposes of processing personal data, as well as in the event of withdrawal of consent to their processing by the personal data subject, personal data are subject to destruction if:
- unless otherwise provided by an agreement to which the subject of personal data is a party, beneficiary or guarantor;
- The operator does not have the right to carry out processing without the consent of the subject of personal data on the grounds provided for by the Law on Personal Data or other federal laws;
- unless otherwise provided by another agreement between the Operator and the personal data subject.
9. Final Provisions
9.1. This Policy and amendments to it are approved by Modesco Limited liability partnership and introduced by order.
9.2. All employees must be familiarized with the text of this Policy and amendments to it by signature.
10. Operator details
Modesco Limited liability partnership
registration number 240440018332,
addressed Kazakhstan, 050008, Almaty city, Bostandyk district, 52 Abai Avenue, office 802-98
Modesco Limited liability partnership