Personal Data Processing and Protection Policy

1. General Provisions


This policy on the processing and security of personal data data (hereinafter referred to as the Policy) is drawn up in accordance with the requirements Law of the Republic of Kazakhstan "On personal data and their protection", legislation of the Republic of Kazakhstan on informatization, and other regulatory legal acts of the Republic of Kazakhstan and determines the procedure collection, processing of personal data and measures to ensure their security of BCC-HUB LLP (hereinafter referred to as the Organization).

This policy of the Organization regarding the processing of personal data applies to all information that the Organization may receive from various categories of subjects visiting the Internet resource Organizations: bcchub.kz, as well as other Internet resources of the Organization, which refer to this Policy.

The purpose of this Policy is to ensure the protection of rights and freedoms of a person and a citizen when processing his personal data, provided through the Organization's Internet resources and (or) collected using such Internet resources, directly or indirectly determined or determinable to an individual (subject personal data).


2. Basic concepts used in the Policy


  • Protection of personal data - a set of measures, including legal, organizational and technical, carried out for the purposes established by this Law of the Republic of Kazakhstan "On personal data and their protection";
  • Internet resource - an electronic information resource of the Organization, located at the link: bcchub.kz, the technology of its maintenance and (or) use, functioning in an open information and communication network, as well as an organizational structure that ensures information interaction;
  • Use of personal data - actions with personal data aimed at achieving the goals of the Organization;
  • Processing of personal data - any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
  • Personal data - personal data - information related to a specific or determinable subject of personal data, recorded on an Internet resource;
  • User - any visitor to the Internet resource;
  • Provision of personal data - actions aimed at disclosing personal data to a specific person or a specific group of persons;
  • Subject of personal data (hereinafter referred to as - subject) - an individual to whom the personal data relates;
  • Collection of personal data - actions aimed at obtaining personal data;
  • Third party - a person who is not the subject, owner and (or) operator, but is connected with them (him) by circumstances or legal relations regarding the collection, processing and protection of personal data.
  • Destruction of personal data - actions as a result of which it is impossible to restore personal data;

2. Processing of personal data


The organization processes personal data through Internet resource in the following ways:

  • Personal data provided by users: The processing of personal data is carried out automatically on Internet resource using services that are launched only when entering your data.

The organization processes the user's personal data only in if they are filled in and/or sent by the user independently via special web forms located on the Internet resource. By filling out relevant forms and/or by submitting your personal data Organizations, the user expresses their consent to the processing of their personal data by the Organization, as well as with this Policy.

  • The processing of personal data is carried out automatically on Internet resource using services that are launched only when entering your data.

List of personal data:

  • last name, first name, patronymic;
  • year, month, date and place of birth;
  • citizenship;
  • floor;
  • information on military duty and military service;
  • information about education, qualifications, availability of special knowledge or professional training;
  • information about work experience;
  • information about previously held positions and length of service (copy of work record book) books);
  • permanent residence address;
  • actual residence address;
  • postal addresses and e-mail addresses;
  • telephone numbers;
  • other data specified by the user in the resume.

In relation to registered users on the Internet resource, they may collect information about port usage on user devices in order to identify suspicious activity and protect personal accounts users. Data can be obtained using various methods, for example, cookies and web beacons, etc.

The organization may use third-party Internet services (technologies third parties) to organize the collection and processing of statistical data personal data, third-party Internet services provide storage received data on its own servers. The organization is not responsible responsibility for the localization of third-party Internet service servers. When These are third-party Internet services (third-party technologies), installed on the Internet resource and used by the Organization may set and read cookies from end users' browsers Internet resource, or use web beacons for collecting information in the process of advertising activities on the Internet resource. The collection and use of data collected by such third parties Internet services (third party technologies) is determined independently by these third-party Internet services, which are directly responsible for compliance with this procedure and use of the data they collect, including these third parties Internet services respond and ensure compliance with requirements applicable law, including legislation on personal data of the Republic of Kazakhstan.

The organization does not conduct a comparison of the information provided by the user independently and allowing the identification of the subject personal data, with statistical personal data, obtained through the use of similar passive collection methods information.


3. Principles of processing and storing personal data


Only personal data that meets the purposes will be processed. their processing. The content and volume of data processed by the Organization personal data correspond to the stated purposes of processing.

When processing personal data, the Organization ensures accuracy personal data, their sufficiency and, where necessary, relevance in relation to the purposes of processing personal data. The organization takes the necessary measures (ensures their adoption) to delete or clarify incomplete or inaccurate personal data.

The organization in the course of its activities may provide and (or) entrust the processing of personal data to another person with the consent of the subject personal data, unless otherwise provided by the legislation of the Republic of Kazakhstan about personal data. In this case, the mandatory condition for the provision and (or) the assignment of processing of personal data to another person is the obligation of the parties to maintain confidentiality and ensure security of personal data during their processing.

The terms of processing personal data are determined in accordance with with the purposes for which they were collected.


4. Rights and obligations of the subject of personal data


The organization is obliged to:

  • approve the list of personal data necessary and sufficient for the performance of the tasks carried out by the Organization, unless otherwise provided by the laws of the Republic of Kazakhstan;
  • take and comply with the necessary measures, including legal, organizational and technical, to protect personal data in accordance with the legislation of the Republic of Kazakhstan;
  • comply with the legislation of the Republic of Kazakhstan on personal data and their protection;
  • take measures to destroy personal data in the event that the purpose of their collection and processing has been achieved, as well as in other cases established by the Law on Personal Data and other regulatory legal acts of the Republic of Kazakhstan;

The subject of personal data has the right:

  • receive information containing:
  • confirmation of the fact, purpose, sources, methods of collecting and processing personal data;
  • list of personal data;
  • the terms of processing personal data, including the terms of their storage;
  • demand that the Organization change and supplement their personal data if there are grounds confirmed by relevant documents;
  • demand that the Organization block or destroy their personal data if they have information about a violation of the terms of collection and processing of personal data;
  • appeal to the authorized body for the protection of the rights of personal data subjects or in court against illegal actions or inactions during the processing of his personal data;
  • to protect their rights and legitimate interests, including compensation for losses and (or) compensation for moral damages in court.
  • The subject is obliged to provide his personal data in cases established by the laws of the Republic of Kazakhstan.

5. Protection of personal data


Personal data is subject to protection, which is guaranteed by the state and is carried out in the manner determined by the authorized body.

Collection and processing of personal data is carried out only in cases ensuring their protection.

The purpose of personal data protection is to protect personal data, by applying a set of measures, including legal, organizational and technical, for the purposes of:

  1. realization of the rights to privacy, personal and family secrets;
  2. ensuring their integrity and safety;
  3. maintaining their confidentiality;
  4. implementation of the right to access them;
  5. preventing their illegal collection and processing.

In order to maintain business reputation and ensure compliance requirements of the legislation of the Republic of Kazakhstan, the Organization considers the most important tasks Ensuring the legitimacy of personal data processing in the business processes of the Organization and ensuring the appropriate level security of personal data processed by the Organization. The organization requires other persons who have gained access to personal data, do not disclose to third parties and do not distribute personal data without the consent of the subject of personal data, unless otherwise not provided for by the legislation of the Republic of Kazakhstan.

The organization ensures that all activities it implements on organizational and technical protection of personal data were carried out on legal grounds, including in accordance with with the requirements of the legislation of the Republic of Kazakhstan on the processing of personal data.

The organization is obliged to take necessary measures to protect personal data in accordance with the Law, determined by the prevention unauthorized access to personal data and taking measures, restoration of personal data, restriction of access to personal data data, registration and accounting of actions with personal data, as well as control and evaluation of the effectiveness of measures taken to ensure security of personal data.

Each employee of the Organization directly involved in processing personal data, familiarizes himself with the requirements of the legislation of the Republic of Kazakhstan on the processing and security of personal data, this The Organization's policies and other acts on processing issues and ensure the security of personal data and undertakes to comply with them.

In case of violation of the legislation of the Republic of Kazakhstan on personal data and their protection, the employee of the Organization is responsible for in accordance with the laws of the Republic of Kazakhstan.