Privacy policy
1. General provisions
1.1. The Policy regarding the processing of personal data (hereinafter referred to as the "Policy") is aimed at protecting the rights and freedoms of individuals whose personal data is processed by the ТОО «ASTORIA INVEST» (hereinafter referred to as the "Operator").
1.2. The Policy is developed in accordance with Federal Law "On Personal Data" (hereinafter referred to as the "Personal Data Law").
1.3. The Policy contains information that must be disclosed in accordance with Personal Data Law and is a publicly available document.
2. Information about the Operator
2.1. The Operator operates in the Kazakhstan.
3. Information about the processing of personal data
3.1. The Operator processes personal data on a lawful and fair basis to fulfill the functions, powers, and obligations imposed by the legislation, to exercise the rights and legitimate interests of the Operator, the employees of the Operator, and third parties.
3.2. The Operator obtains personal data directly from the subjects of personal data.
3.3. The Operator processes personal data using automated and non-automated methods, with or without the use of computer technology.
3.4. Actions with personal data include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, deletion, and destruction.
4. Processing of personal data of clients
4.1. The Operator processes personal data of clients within the framework of legal relations with the Operator, regulated by (hereinafter referred to as "clients").
4.2. The Operator processes personal data of clients for the purpose of complying with the norms of legislation, as well as for the following purposes:
- informing about new products, special promotions, and offers;
- conclusion and performance of contract terms.
4.3. The Operator processes personal data of clients with their consent, provided by clients and/or their legal representatives through conclusive actions on this website, including but not limited to placing an order, registering in a personal account, subscribing to a newsletter, in accordance with this Policy.
4.4. The Operator processes personal data of clients for no longer than is necessary for the purposes of processing personal data, unless otherwise required by the legislation of the Kazakhstan.
4.5. The Operator processes the following personal data of clients:
- Last name, first name, patronymic;
- Address;
- Contact phone number;
- Email address.
5. Information on ensuring the security of personal data
5.1. The Operator appoints a person responsible for organizing the processing of personal data to fulfill the obligations provided by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it.
5.2. The Operator implements a set of legal, organizational, and technical measures to ensure the security of personal data, to ensure the confidentiality of personal data and protect them from unauthorized actions:
- provides unlimited access to the Policy, a copy of which is located at the Operator's address and may also be posted on the Operator's website (if available);
- in accordance with the Policy, approves and implements the document "Regulation on the Processing of Personal Data" (hereinafter referred to as the Regulation) and other local acts;
- familiarizes employees with the provisions of personal data legislation, as well as with the Policy and the Regulation;
- grants employees access to personal data processed in the Operator's information system, as well as to their physical carriers, only for the performance of labor duties;
- establishes rules for access to personal data processed in the Operator's information system, and ensures the registration and recording of all actions with them;
- conducts an assessment of the harm that may be caused to the subjects of personal data in case of violation of the Federal Law "On Personal Data";
- performs the identification of threats to the security of personal data during their processing in the Operator's information system;
- implements organizational and technical measures and uses information security tools necessary to achieve the established level of personal data protection;
- detects instances of unauthorized access to personal data and takes measures to respond, including the restoration of personal data modified or destroyed as a result of unauthorized access;
- conducts an assessment of the effectiveness of the security measures implemented for personal data before putting the Operator's information system into operation;
- performs internal control to ensure compliance with the processing of personal data in accordance with the Federal Law "On Personal Data," regulatory legal acts adopted in accordance with it, requirements for personal data protection, the Policy, the Regulation, and other local acts, including monitoring the security measures implemented for personal data and their level of protection during processing in the Operator's information system.
6. Rights of personal data subjects
6.1. The personal data subject has the right to:
- receive personal data related to the subject and information about their processing;
- request the clarification, blocking, or destruction of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated purpose of processing;
- withdraw their consent to the processing of personal data;
- protect their rights and legitimate interests, including seeking compensation for damages and moral harm through legal proceedings;
- appeal the actions or inaction of the Operator to the authorized body for the protection of the rights of personal data subjects or through legal proceedings.
6.2. In order to exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator directly or submit a request personally or through a representative. The request must contain the information specified in the Federal Law "On Personal Data".