Unihost.kz

Home / Company / Personal Data Collection and Processing Policy

Personal data collection and processing policy

1. General Provisions

Unihost.kz Limited Liability Partnership (hereinafter referred to as the Partnership), legal entity registration number 6578-e-1910-01-TOO, business identification number (BIN) 140240031371, prioritizes the security of personal data in its operations. All business processes within the Partnership are structured to ensure the security of personal data.

This Personal Data Processing Policy (hereinafter referred to as the Policy) has been developed in accordance with the requirements of the Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V "On Personal Data and Their Protection" (hereinafter referred to as the Personal Data Law), the Law of the Republic of Kazakhstan dated November 24, 2015 No. 418-V "On Informatization" (hereinafter referred to as the Informatization Law) and other regulatory legal acts of the Republic of Kazakhstan, and determines the procedure for collecting and processing personal data and measures to ensure the security of personal data.

The concepts contained in Article 1 of the Law on Personal Data are used in this Policy with the same meaning.

This Policy is a publicly available document of the Partnership and is subject to posting on the Partnership’s official website on the Internet at: https://unihost.kz (hereinafter referred to as the Website).

2. Subjects of personal data and list of personal data

The Partnership collects and processes personal data of the following categories of personal data subjects:

2.1. Personal data of directors, other employees, and representatives of legal entities, as well as individual entrepreneurs interacting with the Partnership within the framework of potential cooperation, negotiations on the conclusion, execution, and execution of civil law contracts.
List of personal data:

  • last name, first name, patronymic;
  • email address;
  • mobile phone number.

2.2. List of personal data: any information related to an individual, specified in the employment contract, employee's personal card, documents confirming the employee's work activity (including the work record book), military ID, documents required for concluding the employment contract, other documents received upon conclusion and during the term of the employment contract, including:

  • last name, first name, patronymic;
  • floor;
  • year, month, date and place of birth;
  • citizenship;
  • signature;
  • details of documents confirming the legality of stay in the territory of the Republic of Kazakhstan;
  • bank details (bank account number, name and BIC of the bank);
  • any personal data;
  • data from the personal record sheet and personal card form T-2;
  • identity documents: name, number and date of issue of the identity document;
  • individual identification number;
  • permanent residence address and information on registration at the place of residence;
  • actual residence address;
  • postal addresses and email addresses;
  • phone numbers;
  • portrait image (photograph);
  • information on education, qualifications, availability of special knowledge or professional training;
  • marital status and family composition;
  • information on previously held positions and work experience (copy of work record book);
  • information on military duty and military service;
  • the presence and group of disability and the degree of limitation to work activity;
  • information on legal capacity (medical certificate form No. 086 (valid for 1 year), original, certificate of no criminal record (from egov.kz), certificate from a mental health clinic (from egov.kz), correction from a drug addiction clinic (from egov.kz)).

2.3. Personal data of job applicants, including personal data obtained (with their consent) from the unified system for recording employment contracts and information on work activity.
List of personal data:

  • last name, first name, patronymic;
  • year, month, date and place of birth;
  • citizenship;
  • floor;
  • information on military duty and military service;
  • educational information;
  • information on work experience;
  • other information indicated by the applicant in the resume.

2.4. Individuals interacting with the Partnership in the context of negotiations on the conclusion, execution, and performance of civil law contracts.
List of personal data:

  • last name, first name, patronymic;
  • year, month, date;
  • identity documents;
  • individual identification number;
  • permanent residence address and information on registration at the place of residence;
  • actual residence address;
  •  postal addresses and email addresses;
  • phone numbers;
  • bank details (bank account number, name and BIC of the bank).

2.5. Other information not related to personal data processed by the Partnership about visitors to the Site:

  • Data on the technical equipment (devices) of the Site visitors: type of operating system, type of device (personal computer, mobile phone, tablet), type of browser, geographic location.
  • Anonymous data about visitors to the Site (including cookies) is collected and processed using Internet statistics services (Yandex.Metrica, Google Analytics (and others).

3. Purposes of personal data processing

3.1. The Partnership processes the personal data of directors, other employees, and representatives of legal entities, as well as individual entrepreneurs interacting with the Partnership within the framework of possible cooperation, negotiations on the conclusion, conclusion, and execution of civil law contracts, including contracts for the provision of services, for the following purposes:

  • fulfillment of the Partnership's obligations to counterparties, feedback with counterparties, including sending notifications, requests, information messages for the purpose of providing services, as well as for sending emails and other forms of sending/receiving information by telephone or email to the counterparty, as well as for the purpose of processing requests and applications from counterparties;
  • providing technical support to counterparties for the Partnership’s products and services;
  • assessment and improvement of the quality of services, the work of the Partnership, the development of new services, and the promotion of services;
  • statistical and marketing research, including those related to the work of the Partnership;
  • to conduct marketing activities, send advertising messages and offers to counterparties to participate in special promotions and events.

3.2. The Partnership processes personal data of persons in employment relationships with the Partnership for the following purposes:

  • organization of personnel records of the Partnership, maintenance of personnel records;
  • assisting employees in finding employment, professional training, retraining and advanced training, other training and professional internship, and career growth;
  • calculation and accrual of wages, compensation and other payments, as well as compliance with other guarantees and provision of benefits in accordance with the requirements of the labor legislation of the Republic of Kazakhstan, collective agreements and acts of the Partnership;
  • calculation, withholding and transfer of individual income tax, as well as submission of tax reports in accordance with the requirements of the tax legislation of the Republic of Kazakhstan;
  • providing information to the authorized body on employment issues in accordance with the requirements of the legislation of the Republic of Kazakhstan on employment of the population;
  • withholding and deduction of funds for pension provision and compulsory social insurance of employees in accordance with the requirements of the legislation of the Republic of Kazakhstan on pension provision and compulsory social insurance;
  • performance of other duties stipulated by the requirements of the legislation of the Republic of Kazakhstan;
  • organization of business trips (business trips) for employees;
  • issuance of powers of attorney (including for representing the interests of the Partnership before third parties);
  • ensuring personal safety of employees;
  • control over the quantity and quality of work performed, including conducting certifications of the employee’s suitability for the position held or the work performed;
  • ensuring the safety of the Partnership’s property;
  • compliance with the access control regime in the premises of the Partnership;
  • time tracking;
  • concluding contracts in favor of the employee.

3.3. The Partnership processes personal job applicants for the following purpose: deciding on the possibility of concluding an employment contract with the specified individuals.

3.4. The Partnership processes the personal data of individuals interacting with the Partnership in the context of negotiations on the conclusion, execution, and performance of civil law contracts for the following purpose: negotiating, concluding, and executing contracts.

3.5. The Partnership processes other information, which is not personal data, of Website visitors for the following purposes:

  • assessment and improvement of the quality of services, the work of the Partnership, the development of new services, and the promotion of services;
  • statistical and marketing research, including those related to the work of the Partnership;
  • to conduct marketing activities, send advertising messages and offers to participate in special promotions and events.

4. Terms of personal data processing

4.1. The processing of personal data of personal data subjects is carried out until the purposes of processing the personal data are achieved or the period specified in the consent to the collection and processing of personal data.

4.2. Personal data whose processing (storage) period has expired, as well as upon termination of the legal relationship between the subject and the Partnership, must be destroyed, unless otherwise provided by the legislation of the Republic of Kazakhstan. Storage of personal data after termination of its processing is permitted only if it is anonymized.

5. Principles of collection, processing and storage of personal data

5.1. The collection and processing of personal data is carried out with the consent of the subjects of personal data.

5.2. Personal data is collected as follows:

  • provision of personal data by the subject when filling out web forms on the Site, as well as on sites containing the domain unihost.kz;
  • Automatic collection of personal data on the Site using technologies and services: web protocols, cookies, web beacons, which are launched only when you enter your data;
  • provision of personal data in writing, including through communication means.

5.3. The content and volume of the processed personal data correspond to the previously declared purposes specified in Section 3 "Purposes of Personal Data Processing" of this Policy.

5.4. Personal data is kept confidential, except in cases where the specified data is publicly available.

5.5. For the purposes of conducting marketing research, the Partnership collects and processes anonymized personal data.

5.6. The Partnership stores personal data in a database located in the territory of the Republic of Kazakhstan.

5.7. Personal data may be transferred to third parties solely for the purposes specified in Section 3 "Purposes of Personal Data Processing" of this Policy. Data may be transferred to third parties only if such third parties accept obligations to ensure confidentiality and comply with other requirements stipulated by the Law on Personal Data.

5.8. Personal data may be transferred to authorized state bodies of the Republic of Kazakhstan only on the grounds and in the manner established by the legislation of the Republic of Kazakhstan.

6. Rights and obligations of the personal data subject

6.1. The Subject has the right:

6.1.1. to know whether the Partnership has his/her personal data, and to receive information containing:

  • confirmation of the fact, purpose, sources, methods of collecting and processing personal data;
  • list of personal data processed;
  • the terms of processing personal data, including the terms of their storage.

6.1.2. to demand that the Partnership change or supplement their personal data if there are grounds confirmed by the relevant documents;

6.1.3. to demand that the Partnership block their personal data if there is information about a violation of the terms of collection and processing of personal data; 6.1.4

. to demand that the Partnership destroy their personal data, the collection and processing of which was carried out in violation of the legislation of the Republic of Kazakhstan, as well as in other cases established by the Law on Personal Data and other regulatory legal acts of the Republic of Kazakhstan;

6.1.5. to revoke consent to the collection and processing of personal data, except for the cases provided for in paragraph 2 of Article 8 of the Law on Personal Data;

6.1.6. to give consent (refuse) to the Partnership to disseminate their personal data in publicly available sources of personal data;

6.1.7. to protect their rights and legitimate interests, including demanding compensation for moral and material damage;

6.1.8. to exercise other rights stipulated by the Law on Personal Data and other laws of the Republic of Kazakhstan.

6.2. The subject may exercise the rights specified in paragraph 6.1. by sending a letter containing a written message with the relevant request (inquiry) to the Partnership's postal address: indicated on the Partnership's website, with the note "request regarding personal data" or by sending an e-mail to the Partnership's e-mail address: support@unihost.kz with a similar note.

7. Rights and obligations of the Partnership

7.1. The Partnership is obliged to:

7.1.1. approve the list of personal data necessary and sufficient for the performance of the tasks carried out by the Partnership, unless otherwise provided by the laws of the Republic of Kazakhstan;

7.1.2. take and comply with the necessary measures, including legal, organizational and technical, to protect personal data in accordance with the legislation of the Republic of Kazakhstan;

7.1.3. comply with the legislation of the Republic of Kazakhstan on personal data and their protection;

7.1.4. take measures to destroy personal data if the purpose of their collection and processing is achieved, as well as in other cases established by the Law on Personal Data and other regulatory legal acts of the Republic of Kazakhstan;

7.1.5. provide proof of obtaining the consent of the subject to the collection and processing of his personal data in cases stipulated by the legislation of the Republic of Kazakhstan;

7.1.6. communicate information related to the subject within three working days from the date of receipt of the application of the subject or his legal representative, unless other terms are provided for by the laws of the Republic of Kazakhstan;

7.1.7. In the event of a refusal to provide information to the subject or his legal representative within a period not exceeding three working days from the date of receipt of the request, provide a reasoned response, unless other time limits are provided for by the laws of the Republic of Kazakhstan;

7.1.8. within one working day:

  • change and (or) supplement personal data on the basis of relevant documents confirming their accuracy, or destroy personal data if it is impossible to change and (or) supplement them;
  • block personal data related to the subject if there is information about a violation of the terms of their collection or processing;
  • destroy personal data in the event of confirmation of the fact of their collection and processing in violation of the legislation of the Republic of Kazakhstan, as well as in other cases established by this Law and other regulatory legal acts of the Republic of Kazakhstan;
  • Unblock personal data if there is no confirmation of a violation of the terms of collection and processing of personal data.

7.1.9. provide the subject or his legal representative with the opportunity to become familiar with the personal data related to the given subject free of charge;

7.1.10. appoint a person responsible for organizing the processing of personal data.

7.2. The employee of the Partnership responsible for organizing the processing of personal data is obliged to:

  • to exercise internal control over the compliance of the Partnership and its employees with the legislation of the Republic of Kazakhstan on personal data and their protection, including requirements for the protection of personal data;
  • to inform the employees of the Partnership of the provisions of the legislation of the Republic of Kazakhstan on personal data and their protection regarding the processing of personal data and requirements for the protection of personal data;
  • exercise control over the reception and processing of requests from subjects or their legal representatives.

8. Protection of personal data

8.1. Legal measures to protect personal data:

  • concluding confidentiality agreements with respect to personal data with third parties who have access to such personal data;
  • adoption of the Partnership's documents, including this Policy, defining the policy on the collection and processing of personal data, threats to the security and protection of personal data, procedures aimed at preventing and identifying violations of the legislation of the Republic of Kazakhstan on personal data and their protection, eliminating the consequences of such violations and other provisions aimed at protecting personal data

8.2. Organizational measures for the protection of personal data:

  • organizing a security regime for premises in which personal data carriers are located to prevent the possibility of uncontrolled entry or presence in these premises of persons who do not have the right to access these premises;
  • separation of personal data from other information by recording them on separate personal data carriers;
  • division of personal data into publicly accessible and restricted access;
  • determination of storage locations for personal data carriers in compliance with conditions that ensure the safety of personal data;
  • determining the list of persons who collect and process personal data or who have access to it in the course of performing their work duties;
  • appointment of a person responsible for organizing the collection and processing of personal data, formalized by the relevant document of the Partnership;
  • implementation of internal audit of personal data processing activities;
  • familiarization of employees with this Policy and other documents aimed at protecting personal data adopted by the Partnership.

8.3. Technical measures to protect personal data:

  • use of specialized technical and software tools that block unauthorized access to personal data;
  • use of specialized programs that anonymize personal data.

9. Cross-border transfer of personal data

9.1. Cross-border transfer of personal data to foreign countries may only be carried out if these countries ensure the protection of personal data. Personal data of the subject may be transferred to third parties solely for the purposes specified in Section 3 "Purposes of Personal Data Processing" of this Policy, provided that such third parties undertake to ensure the confidentiality and protection of the personal data received.

9.2. Cross-border transfer of personal data to the territory of foreign states that do not ensure the protection of personal data may only be carried out in cases stipulated by the Law on Personal Data.

10. Final Provisions

10.1. This Policy is subject to change and supplementation in the following cases by decision of the bodies and officials of the Partnership in accordance with their competence:

  • in case of changes in the legislation of the Republic of Kazakhstan on personal data and their protection;
  • when the purposes of processing personal data change;
  • when using new technologies for collecting, processing and protecting personal data (including transfer and storage);
  • in other cases.

10.2. The Partnership reserves the right to unilaterally amend this Policy (in whole or in part) at any time without prior consent from the personal data subject. All changes shall take effect upon posting the new version of the Policy on the Website.

10.3. The personal data subject undertakes to independently monitor changes to the Policy by reviewing its current version.

10.4. Compliance with the requirements of the Policy is monitored by persons responsible for organizing the processing of personal data by the Partnership.