PRIVACY AND PERSONAL DATA PROCESSING POLICY
Almaty city, Kazakhstan
15 of April, 2024
This policy defines the policy of Property Abroas Limited Partnership (hereinafter referred to as the “Operator”) regarding the processing of personal data and contains information about the actions by the Operator regarding personal data protection requirements.
1. GENERAL TERMS
1.1. The following terms and definitions for the purposes of this policy have the following meanings:
“Personal data” - any information relating to a specific person (subject of personal data) or person determined on the basis of such information, including his last name, first name, middle name, year, month, date and place of birth, address, email address, telephone number, marital, social, property status, education, profession, income, other information. For the purposes of this policy, personal data means both information that the User provides about himself independently when using the Service, and information that is automatically transmitted to the Operator in the process of using the Service using the software installed on the User’s device, including the IP address, data of cookies, information about the User’s browser, technical specifications of the equipment and software used by the User, date and time of access to the Service, addresses of the requested pages of the website and other similar information. In addition, personal information for the purposes of this policy also includes information about the User, the processing of which is provided for by the Agreement governing the use of the Service. In accordance with Presidential Decree of March 6, 1997 No. 188, personal data refer to information of a confidential nature.
“Operator” – Property Abroad LP , VAT reg number: 240140006853, IBAN (KZT): KZ718562203135750682 in JSC BANK CENTERCREDIT, BIC: KCJBKZKX, Address: Kazakhstan Republic, 050057, Almaty, ul Mynbaeva, 53, which is processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal datas.
“User” – any individual person (personal data subject), including acting on behalf of and in the interests of a legal entity, which, in the process of using the Service, can provide the Operator with its personal data, independently or through the legal entity it represents, expressing consent to the conditions set forth in the Agreement or by means of it signing, or performing the specific actions indicated therein, aimed at using the Service. The User in the context of this policy also means persons whose personal data is processed by the Operator on behalf of the user of the Service contained in the Agreement.
“Service”, “Information System of a Personal Data”, “Information System” - the web service under the name “Homes Overseas”, available on the Internet at the website at: https://www.homesoverseas.ru, which is the Internet portal for placing announcements of the purchase and sale of real estate outside the territory of the Republic Kazakhstan (abroad). The service includes a combination of information, other computer programs, databases, software codes underlying their know-how, algorithms, design elements, fonts, logos, as well as text, graphic and other materials, as well as other results of intellectual activity.
“Agreement” - a license agreement/contract, a user or other agreement between the User and the Operator that governs the use of the Service and contains the User’s instruction to the Operator to process personal data concluded either by signing it or by performing specific actions which are aimed at using the Service.
“Processing of personal data” - actions (operations) with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.
"Automated processing of personal data" - processing of personal data using computer technology.
“Non-automated processing of personal data”, “Processing of personal data without using automation tools” - processing of personal data contained in the personal data information system or extracted from such a system in cases when such actions with personal data as use, clarification, distribution, destruction personal data in relation to each of the subjects of personal data are carried out with the direct participation of a person.
“Distribution of personal data” - actions aimed at transferring personal data to a specific circle of persons (transfer of personal data) or at disclosing personal data to an indefinite circle of persons.
“Providing personal data” - actions aimed at transferring personal data to a specific person or a certain circle of persons.
“Blocking personal data” - the temporary termination of the processing of personal data (unless the processing is necessary to clarify personal data).
“Destruction of personal data” - actions that make it impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.
“Depersonalization of personal data” - actions, as a result of which it is impossible to determine the ownership of personal data to a specific subject without using additional information.
“Use of personal data” - actions (operations) with personal data committed for the purpose of making decisions, transactions or other actions that give rise to legal consequences in relation to the subjects of personal data or otherwise affect their rights and freedoms or the rights and freedoms of others.
“Public available personal data” - personal data to which access to an unlimited circle of persons is provided with the consent of the subject or to which confidentiality requirement does not apply in accordance with federal laws.
“Confidentiality of personal data” - a requirement to the person who has access to personal data to comply the requirement not to allow their dissemination without the consent of the subject or other legal basis.
“Cookies” - a small piece of data sent by the web server and stored on the user's device of the website on which the Counter is installed. Cookies contain small pieces of text and are used to store information about browsers. They allow you to store and receive identification information and other information on computers, smartphones, phones and other devices. The cookie specifications are described in RFC 2109 and RFC 2965. Other technologies are used for the same purposes, including data stored by browsers or devices, identifiers associated with devices, and other software. In this Policy, all of these technologies are called cookies.
“Web beacons” - images in electronic form (single-pixel (1x1) or empty GIF-images). Web beacons can help the Operator recognize certain types of information on the User’s device, for example, cookies, the time and date of viewing the page, and a description of the page where the web beacon is located.
“Counter” is a computer program that uses a piece of code installed on a website that is responsible for the analysis of cookies and the collection of statistical and personal data from this website. Personal data is collected in anonymized form.
“IP address” - a number from the numbering resource of a data network built on the basis of the IP protocol (RFC 791), which uniquely identifies, when providing telematic communication services, including access to the Internet, a subscriber terminal (computer, smartphone, tablet, etc. device) or means of communication included in the information system and owned by the User.
“Token” is a unique character set that identifies the User in accounts of third-party web services. The token allows an authorized connection to the Service using authorization through third-party web services (for example, social networks).
1.2. All other terms and definitions that appear in the text of the Agreement are interpreted by the Parties in accordance with the legislation of the Republic Kazakhstan, the current recommendations (RFC) of international standardization bodies on the Internet and the usual rules for the interpretation of relevant terms that have developed on the Internet.
1.3. Terms and definitions used in this Agreement can be used both in the singular and in the plural, depending on the context, the spelling of the terms can be used both in capital letter and in capital.
1.4. This Policy has been developed in accordance with the Constitution of theRepublic Kazakhstan, the Civil Code of theRepublic Kazakhstan, other federal laws.
1.5. This Policy defines the procedure and conditions for the processing of personal data by the Operator, including the procedure for transferring personal data to third parties, the specifics of manual processing of personal data, the procedure for accessing personal data, the system for protecting personal data, the procedure for organizing internal control and liability for violations in processing personal data, and also other issues.
1.6. This Policy comes into force from the moment it is approved by the Operator and is valid indefinitely until it is replaced by a new policy.
1.7. The Operator has the right to make changes to this Policy without the consent of the User. All changes to the Policy are made by the regulatory act of the Operator.
1.8. This Policy applies to all processes for the processing of personal data carried out using the Service without using automation tools. The Operator does not control and is not responsible for websites owned by third parties to which the User can click on the links posted on the Service.
2. LEGAL BASES FOR PERSONAL DATA PROCESSING
2.1. The processing of the User’s personal data is carried out on the basis of and pursuant to the Agreement governing the use of the Service and other agreements or agreements concluded between the User and the Operator.
2.2. The processing of the User’s personal data can also be carried out on the basis of his separate consent to such processing, which can also be expressed directly when using the Service by clicking on the appropriate button or by ticking the indicator box of the corresponding check box. The validity period of such consent of the User is indicated in its text.
3. PURPOSES FOR COLLECTING PERSONAL DATA
3.1. The Operator processes only those personal data that are necessary to use the Service or to execute agreements and contracts with the User, with the exception of cases when the legislation of the Republic Kazakhstan provides for the mandatory storage of personal information for a period specified by law.
3.2. When processing personal data, the Operator does not combine databases containing personal data, the processing of which is carried out for incompatible purposes.
3.3. The Operator processes the User’s personal data for the following purposes:
3.3.1. - the use of personal data of Users who are individuals using the Service on their own behalf for the purpose of concluding and executing the Agreement or any other contract with the Operator;
3.3.2. - the use of personal data of Users who are individuals using the Service on behalf of the individual or legal entity they represent for the purpose of concluding and executing the Agreement or any other agreement with the Operator;
3.3.3. - conducting statistical and other studies;
3.3.4. - compliance of the mandatory requirements of the legislation of the Republic Kazakhstan.
4. VOLUME AND CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF SUBJECTS OF PERSONAL DATA
4.1. Personal data authorized for processing in accordance with this policy and provided by Users who are individuals using the Service on their own behalf by filling in the appropriate input fields when using the Service may include the following information:
4.1.1. Surname, name and patronymic;
4.1.2. Telephone number;
4.1.3. E-mail address;
4.1.4. Messenger identifiers.
4.2. Personal data authorized for processing in accordance with this policy and provided by Users who are individuals using the Service on behalf of the individual or legal entity they represent, by filling in the appropriate input fields when using the Service, may include the following information:
4.2.1. Surname, name and patronymic;
4.2.2. Telephone number;
4.2.3. E-mail address;
4.2.4. Messenger identifiers.
4.3. Personal data processed in accordance with this policy and automatically transmitted to the Operator in the process of using the Service using the software installed on the User’s device may include the following information:
4.3.1. The IP address of the User’s device;
4.3.2. cookie data;
4.3.3. data collected by counters;
4.3.4. Web Beacon data
4.3.5. User browser information;
4.3.6. technical specifications of the device and software;
4.3.7. date and time of access to the Service;
4.3.8. addresses of requested pages of the Service website;
4.3.9. geographical coordinates of the location of the User
4.4. In accordance with this policy, the Operator processes the personal data of persons belonging to the following categories of personal data subjects:
4.4.1. individuals using the Service in accordance with the Agreement on its use on their own behalf;
4.4.2. individuals using the Service in accordance with the Agreement on its use on behalf of the individual or legal entity that they represent.
5. PROCEDURE AND TERMS OF PROCESSING PERSONAL DATA
5.1. The Operator has the right to process the User’s personal data without notifying the authorized body for the protection of the rights of personal data subjects.
5.2. The operator processes the User’s personal data using the personal data information system without using automation tools in accordance with federal laws or other regulatory legal acts of the Republic Kazakhstan that establish requirements for ensuring the security of personal data during its processing and for observing the rights of personal data subjects. Such actions with personal data as the use, refinement, distribution, destruction of personal data in relation to the User are carried out with the direct participation of the Operator’s employees.
5.3. The Operator processes and stores the User’s personal data for a period determined in accordance with the Agreement on the use of the Service.
5.4. Confidentiality of User’s personal data is maintained, except for cases when the User voluntarily provides information about himself for general access to an unlimited number of people.
5.5. The Operator has the right to transfer the User’s personal data to third parties in the following cases:
5.5.1. - the User agrees to such actions, what is expressed in accordance with the terms of the Agreement on the use of the Service;
5.5.2. - the transfer is necessary for the use by the User of a certain functionality of the Service (for example, for authorization through accounts on social networks) or for the execution of a specific agreement, contract or transaction with the User;
5.5.3. - the transfer is provided for by the legislation of the Republic Kazakhstan or other applicable legislation within the framework of the procedure established by law;
5.5.4. - in case of transfer of rights to the Service, it is necessary to transfer personal data to the acquirer simultaneously with the transfer of all obligations to comply with the conditions of this Policy in relation to the personal data received by him;
5.5.5. - if necessary, to ensure the possibility of protecting the rights and legitimate interests of the Operator or third parties, when the User violates this policy or the Agreement on the use of the Service;
5.5.6. - in other cases, provided by law.
5.6. In case of loss or unauthorized disclosure of personal data, the Operator informs the User about this fact.
5.7. The Operator shall take the necessary organizational and technical measures to protect the User’s personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, as well as from other illegal actions of third parties.
5.8. The Operator together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or unauthorized disclosure of the User’s personal data.
5.9. The operator has the right to transfer personal data to the bodies of inquiry and investigation, other authorized bodies on the grounds stipulated by the current legislation of the Republic Kazakhstan.
5.10. When collecting personal data, the Operator records, systematizes, accumulates, stores, clarifies (updates, changes), extracts the User’s personal data, which are citizens of the Republic Kazakhstan, using databases located on the territory of the Republic Kazakhstan.
5.11. Operator stops processing the User’s personal data, processing of which their consent, upon the expiration of the User’s consent to their processing or upon withdrawal of the User’s consent to the processing of his personal data, as well as in the event of unlawful processing of personal data or the liquidation of the Operator.
6. PROCEDURE FOR COLLECTING PERSONAL DATA USING “COOKIE” FILES, WEB BEACONS AND COUNTERS
6.1. Cookies transmitted from the Operator to the User’s device and from the User to the Operator can be used by the Operator to achieve the purposes of processing personal data in accordance with the privacy policy and processing of personal data.
6.2. The operator uses various types of cookies in the Service, which serve for different purposes and, depending on them, can be assigned to one of the following categories:
-
“Required”, i.e. cookies, which are strictly necessary for the functioning of critical components of the Service and the payment by the User;
-
“Functional”, i.e. cookies, which allow the User to interact with the interface of the Service and use its capabilities, record information about the actions taken in the Service and configure the Service in accordance with the needs of the User. Without these cookies, the Service will not be able to provide certain functions, such as remembering the information entered by the User, saving the preferred language, etc;
-
“Analytical”, i.e. analytical/statistical cookies, which help to improve the performance of the Service and make it more convenient for Users. Through Analytical cookies, the Operator receives information about the quality and or effectiveness of the Service and its services, which helps to understand how Users use the Service and how they use the Operator's services.
6.3. The operator does not explicitly request consent for the use of mandatory cookies. If the User does not want his personal data to be collected using mandatory cookies, he can disable their provision to the Operator in the software (browser) on his device. At the same time, the functionality of the Service related to the mandatory cookies will cease to be available to the User, which may lead to complete inoperability or incorrect operation of the Service.
6.4. The Operator may use the functional and analytical cookies only with the consent of the User, which is expressed as a general rule by the adoption of the Agreement and the start of the use of the Service. Otherwise, the User has the right to refuse to use such cookies by disabling them in the Service settings without harming its functionality.
6.5. The user agrees that his devices and software used to work with the Service, depending on their version and configuration, may or may not have the function of prohibiting operations with cookies, for any, as well as for certain sites and applications, as well as the function of deleting previously received cookies (for example, private browser mode).
6.6. The Operator has the right to establish a requirement for the User’s device on the mandatory permission to receive and receive cookies in connection with security requirements.
6.7. The structure of the cookie, its contents and technical parameters are determined by the Operator and may change without prior notice to the User. The user has the right to receive all necessary information about cookies by sending a request to the Operator in the manner prescribed by the privacy policy and the processing of personal data.
6.8. The counters placed by the Operator in the Service can be used by the Operator to analyze cookies and collect personal data about the use of the Service in order to improve the quality of the Service, the level of ease of use, and the improvement of the Service. The technical parameters of the operation of the meters are determined by the Operator and are subject to change without prior notice to the User.
6.9. The operator may also use web beacons, either separately or in conjunction with cookies, to collect information about the use of the Service. The user has the right to block web beacons when using the Service by prohibiting the download of images in the settings of his software (browser).
7. ACCESS TO PERSONAL DATA
7.1. The right to access the User’s personal data is reserved only for the Operator’s employees, who are allowed, by virtue of their duties, to work with the User’s personal data on the basis of a list of persons authorized to work with personal data, which is approved by the Operator.
7.2. The list of employees who have access to personal data is maintained by the Operator in the current state.
7.3. Access to the User’s personal data by third parties who are not employees of the Operator is prohibited without the consent of the User, with the exception of cases established by the legislation of the Republic Kazakhstan.
7.4. The access of the Operator’s employee to the User’s personal data is terminated from the date of termination of the employment relationship or from the date the employee loses the right to access the User’s personal data in connection with a change in job duties, position or other circumstances in accordance with the procedure established by the Operator. In the event of termination of the employment relationship, all media with the User’s personal data that were at the disposal of the dismissed employee of the Operator are transferred to a higher-ranking employee in the order established by the Operator.
8. UPDATING, CORRECTING, DELETING AND DESTRUCTION OF PERSONAL DATA
8.1. The user can at any time change, update, supplement or delete the personal data provided to them or part of them using the Service interface.
8.2. If the Operator independently reveals the fact of incompleteness or inaccuracy of the User’s personal data, the Operator shall take all possible measures to update personal data and make appropriate corrections.
8.3. If it is impossible to update incomplete or inaccurate personal data of the User, the Operator takes measures to delete them.
8.4. If it is unlawful to process the User’s personal data, their processing by the Operator ceases, and personal data is subject to deletion.
8.5. In case the Service interface is inoperative or the Service is not functional for changing, updating, supplementing or deleting the User’s personal data, as well as in any other cases, the User has the right to demand in writing from the Operator the clarification of his personal data, their blocking or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the processing purpose.
8.6. The Operator makes the necessary changes to the personal data that are incomplete, inaccurate or irrelevant in a period not exceeding seven business days from the date the User submits information confirming that the personal data is incomplete, inaccurate or irrelevant.
8.7. The Operator destroys the User’s personal data illegally obtained or not necessary for the processing purpose within a period not exceeding seven business days from the date the User submits information confirming that such personal data is illegally obtained or is not necessary for the processing purpose.
8.8. The Operator notifies the User of the changes and measures taken and takes reasonable measures to notify third parties to whom the personal data of this User was transferred.
8.9. The rights of the User to change, update, supplement or delete personal data may be limited in accordance with the requirements of the law. Such restrictions, in particular, may provide for the Operator's obligation to save personal data changed, updated, supplemented or deleted by the User for a period specified by law and to transfer such personal data in accordance with the established procedure to state authorities.
9. RESPONSES TO USER REQUESTS FOR ACCESS TO PERSONAL DATA
9.1. The User has the right to receive information from the Operator regarding the processing of their personal data, including containing:
9.1.1. confirmation of the fact of processing personal data by the Operator;
9.1.2. legal grounds and purposes of processing personal data;
9.1.3. goals and methods of processing personal data;
9.1.4. the name and location of the Operator, information about persons (except for the employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;
9.1.5. processed personal data relating to the relevant User, source of their receipt, unless otherwise provided for by federal law;
9.1.6. terms for processing personal data, including periods for their storage;
9.1.7. the procedure for exercising by the User the rights provided for by the Federal Law of July 27, 2006 No. 152-ÔÇ “On Personal Data”;
9.1.8. information on completed or suspected cross-border data transfer;
9.1.9. the name or surname, name, patronymic and address of the person processing the personal data on behalf of the operator, if processing is or will be entrusted to such a person;
9.1.10. other information provided by law.
9.2. The Operator provides the opportunity to get acquainted with the personal data processed and stored in the Operator’s information system free of charge when the User contacts within thirty days from the date of receipt of a written request from the User.
9.3. In case Operator refuse to provide information on the availability of personal data about the User or personal data to the User upon his request or upon receipt of a request from the User, the Operator shall provide a reasoned response in writing within a period not exceeding thirty days from the day the User contacted or from the date of receipt of the User’s request, which is the basis for such a refusal.
10. INFORMATION ON THE REALIZED REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA
10.1. The security of personal data during their processing in the information system is ensured by a personal data protection system that neutralizes current threats.
10.2. The personal data protection system used by the Operator includes legal, organizational, technical and other measures to ensure the security of personal data, determined taking into account current threats to the security of personal data and information technologies used in information systems.
10.3. With regard to personal data, in respect of which the User has consented to their processing by third parties, the Operator has the right to attract, on the basis of the contract, another person ensuring the security of personal data when they are processed in the information system.
10.4. When processing personal data in the information system of the Operator, the latter provides:
10.4.1. taking measures aimed at preventing unauthorized access to the User’s personal data and/ or transferring them to persons who do not have the right to access such information;
10.4.2. timely detection of unauthorized access to personal data;
10.4.3. prevention of impact on technical means involved in the processing of personal data, as a result of which their functioning may be impaired;
10.4.4. the ability to immediately restore personal data modified or destroyed due to unauthorized access to them;
10.4.5. continuous monitoring of the level of security of personal data.
10.5. In order to comply with security requirements and implement a personal data security system, the Operator has developed a private model of security threats to the personal data information system.
10.6. The Operator determined the level of protection of personal data during their processing in the personal data information system owned by the Operator.
10.7. The operator has drawn up an act to determine the level of security of personal data during their processing in the personal data information system.
10.8. Based on the act of determining the level of security of personal data when processing it in the personal data information system without the use of automation, the operator has developed and implemented a set of measures to protect and ensure the security of personal data.
10.9. The operator uses hardware and software for the processing and protection of personal data, and also maintains a register of personal data protection tools.
10.10. The operator keeps a journal of accounting and storage of removable storage media containing personal data.
10.11. Technical means ensuring the functioning of the personal data information system are located in premises owned by the Operator on the basis of ownership or other property rights (rent, gratuitous use, etc.).
10.12. All employees of the Operator authorized to work with personal data, as well as those associated with the operation and maintenance of the personal data information system, are familiar with the requirements of this Policy, as well as with the Operator’s internal documents regulating the procedure for working with personal data.
10.13. The Operator has organized the process of training employees in the use of personal data protection equipment operated by the Operator. The training is conducted by employees with constant access to personal data, and employees associated with the operation and maintenance of the personal data information system and personal data protection facilities.
10.14. The internal documents of the Operator established that employees are obliged to immediately inform the appropriate official of the Operator about the loss, damage or shortage of information carriers containing personal data, as well as about attempts to unauthorized disclosure of personal data, its reasons and conditions.
11. CONSENT TO PROCESSING PERSONAL DATA
11.1. The user decides to provide his personal data and agrees to its processing freely, of his own free will and in his interest.
11.2. Consent to the processing of personal data provided by the User is specific, informed and conscious.
11.3. In the case of processing the User’s personal data on the basis of his separate consent to such processing, expressed directly when using the Service by clicking on the appropriate button or by ticking the corresponding check box indicator, such consent to the processing of personal data is provided by the User in the form of an electronic document signed a simple electronic signature in accordance with the Agreement governing the use of the Service.
11.4. Consent to the processing of personal data may be taked away by the User in accordance with the procedure established by law.
12. FINAL PROVISIONS
12.1. The start of the use of the Service by the User means his acceptance of the terms of this Policy. In case of disagreement of the User with the terms of this Policy, the use of the Service should be immediately terminated.
12.2. The law of the Republic Kazakhstan shall apply to this Policy and to the relations between the User and the Operator arising in connection with the application of this policy.
12.3. This Policy is in the public domain on the Operator’s website at the following link: https://www.homesoverseas.ru/policy
12.4. The User is entitled to send all offers or questions regarding this Policy to the Operator’s User support service by sending an electronic message to the email address: info@homesoverseas.ru.
13. DETAILS
Property Abroad LP
VAT reg number: 240140006853
IBAN (KZT): KZ718562203135750682 in JSC BANK CENTERCREDIT
BIC: KCJBKZKX
Address: Kazakhstan Republic, 050057, Almaty, ul Mynbaeva, 53
E-mail: info@homesoverseas.ru
Phone: +7 (705) 875-02-58
