1. GENERAL PROVISIONS
The Personal Data Processing Policy was compiled in accordance with the requirements of the Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V On Personal Data and Their Protection and defines the procedure for processing personal data and measures to ensure the security of personal data taken by Astana-Expo KS Exhibition Company LLP (hereinafter referred to as the Operator).
The Operator shall set as its most important goal and condition of its activity to observe the rights and liberties of a person and citizen during the processing of his/her personal data, including the protection of the rights to privacy, personal and family secrecy.
The Operator's Personal Data Processing Policy (hereinafter - the Policy) applies to all data that the Operator may obtain about visitors to our websites, including astana-expo.com, promweek.kz, kmfexpo.kz, kss-expo.kz, btexpo.kz, moexpo.kz, ibexpo.kz, waterexpo.kz, flora-expo.kz, kadex.kz, digital-aex.com, cds-forum.kz.
The following basic terms are used in the Policy:
- Personal data processing means any actions or combinations thereof, conducted with or without automated means, in relation to personal data, including their collection, registration, systematisation, accumulation, storage, correction (update or modification), retrieval, application, anonymisation, blocking, erasure or destruction.
- Operator means a public institution, local authority, legal or private person who solely or jointly with other parties manages and/or processes personal data, while defining the purpose of such processing, the types of personal data to be processed and the operations to be undertaken.
- Personal data means information related to a specific or particular individual (the subject of personal data).
- Presentation of personal data means the act of disclosing personal information to a specific individual or a specific group of individuals.
- Subject of personal data means an individual to whom specific personal data relate and who can be identified on the basis of such data.
- Destruction of personal data means procedures after which it is not possible to recover personal data in a personal data processing system, or when the physical carriers of that data are deleted.
- Cookies mean small text files that are stored on a device (PC, mobile phone or tablet) of the user when visiting websites. They allow websites to store a User's activity or preferences over a period of time.
2. PRINCIPLES OF PERSONAL DATA PROCESSING
The personal data shall be processed on the Operator's websites considering the following key principles:
1. Legitimacy and Transparency: All actions related to the personal data processing shall be carried out in strict compliance with the law of the Republic of Kazakhstan.
2. Target Orientation: Personal data shall be processed exclusively for specific, clearly defined and legitimate purposes. Any processing that does not correspond to these purposes shall be considered prohibited.
3. Nonredundancy: The Operator shall process only those personal data that are necessary to fulfill the stated goals.
4. Data Accuracy: Personal data shall be treated carefully and responsibly to ensure that they are accurate, up-to-date and relevant to the stated purposes of processing.
5. Separation of Databases: It is unacceptable to combine different databases which contain personal data, if they are processed for different purposes that cannot be combined.
6. Security and Confidentiality: The Operator shall take all necessary measures to protect personal data from unauthorised access, loss, alteration or disclosure.
7. Storage Limitation: Personal data shall be destroyed or anonymised once the purposes of their processing have been achieved or if there is no further need for their storage, except in cases expressly provided for by the law of the Republic of Kazakhstan.
All actions of the Operator related to the processing of personal data shall be aimed at protecting human and civil rights and liberties. All employees of the Operator who have access to personal data shall be aware of the requirement to comply with these principles and bear responsibility for their violation.
The Operator shall not be entitled to transfer or disclose information that contains personal data to third parties without the explicit consent of the person to whom the data belongs, except for cases established by the law of the Republic of Kazakhstan.
3. PERSONAL DATA COLLECTED BY THE OPERATOR ABOUT THE USER
The Operator collects, processes and stores a variety of information about the User as set out below. In individual cases, some data may not be personal data, but in combination with other information that allows identifying the User, the Operator considers them as personal data:
● Identification data
includes first name, patronymic, last name, login or other identifiers, as well as gender.
● Contact data
contains billing address, shipping address, email and phone numbers.
● Geographic data
includes the country and city of residence.
● Work data
contains the place of work, position and authority in decision-making.
● Technical data
includes IP address, login, browser type and version, time zone settings, browser plugin types and versions, OS and other technologies on the devices the User uses to access the Site.
● Activity data
includes how the User uses the website, products and services of the Operator.
● Marketing data
includes the User's preferences in receiving marketing materials from the Operator and partners, as well as general communication preferences.
The Operator may also use the above data to compile aggregated statistics. Despite the fact that the aggregated data is derived from the User's personal data, they do not disclose the User's identity.
The Operator shall not collect sensitive categories of personal data about the User, such as race or ethnicity, religious beliefs, sexual life or orientation, political opinions, trade union membership, health data or biometric data.
4. RIGHTS OF THE PERSONAL DATA SUBJECT
4.1 Consent of the personal data subject to the processing of her/his personal data
The personal data subject shall decide whether to provide her/his personal data and consent to its processing voluntarily and in her/his own interest. Consent to the personal data processing may be expressed by a person or her/his representative in any form that allows to confirm its provision, unless otherwise provided for by the Law of the Republic of Kazakhstan dated 21 May 2013 No. 94-V On Personal Data and Their Protection.
4.2 Rights of the personal data subject
The Operator will process the personal data of the personal data subject only if they are filled in and/or sent by the User independently through special forms and questionnaires located on the following websites: astana-expo.com, promweek.kz, kmfexpo.kz, kmfexpo.kz, kss-expo.kz, btexpo.kz, moexpo.kz, ibexpo.kz, waterexpo.kz, flora-expo.kz, kadex.kz, digital-aex.com. By filling in the relevant forms and questionnaires and/or sending her/his personal data to the Operator, the personal data subject expresses her/his consent to this Policy.
The personal data subject shall be entitled to request from the Operator information related to the processing of her/his personal data, unless such right is restricted in accordance with the Law of the Republic of Kazakhstan dated 21 May 2013 No. 94-V On Personal Data and Their Protection. The subject of personal data may request the Operator to correct, block or destroy her/his personal data, if it is incomplete, outdated, incorrect, obtained by unlawful means or not required for the stated purpose of processing. In addition, the personal data subject has the right to take measures provided for by the legislation of the Republic of Kazakhstan to protect her/his rights.
5. MARKETING AND COOKIES
5.1 Use of data for marketing purposes
The Operator may use the User's identification data, contact data, technical data, activity data and profile to advertise goods and services, if there is a legitimate basis for doing so.
Unless the User opts out, the User will receive marketing notifications from the Operator, if the User has previously requested information, registered for an event or purchased services from the Operator. The User may opt out of receiving such notifications by following the opt-out link in any marketing email or by contacting the Operator directly.
5.2 Cookie Integration
The User may set her/his browser to block cookies or notify the User when cookies are set. However, disabling cookies may affect the proper operation of some functions of the Operator's websites.
6. PERSONAL DATA PROTECTION
The protection of personal data processed by the Operator shall be guaranteed by the implementation of legal, organisational and technical measures that comply with the requirements of the legislation of the Republic of Kazakhstan in the field of personal data protection.
To prevent unauthorised actions with personal data, the Operator implements the following measures:
● appoint persons responsible for the processing and protection of personal data
● restrict the list of persons who are allowed access to personal data
● inform persons about the requirements of the legislation of Kazakhstan and regulatory documents of the Operator on the processing and protection of personal data
● regulate data storage and use
● identify potential threats to personal data and develop appropriate security measures
● ensure the system of personal data protection based on the identified threats
● monitor the application and efficiency of security measures
● separate access rights to resources and equipment for data processing
● monitor and register actions in information systems
● use anti-virus software and restore the system in case of breaches
● apply network defense and attack detection tools, if necessary
● establish an access and security regime for the premises where personal data are stored and processed.
7. FINAL PROVISIONS
Additional rights and obligations of the Operator as a personal data controller shall be determined by the personal data legislation of the Republic of Kazakhstan. For any questions, please contact us at the following e-mail address: email@example.com.
This document will reflect any changes to the Operator's Personal Data Processing Policy. The Policy remains in effect indefinitely until replaced by a new version.
The current version of the Policy is freely available on the Internet at http://astana-expo.com/en/policy