Limited Liability Partnership “Capital Pay” (hereinafter referred to as the 'Organization'). This Privacy Policy (hereinafter referred to as the 'Policy') explains how the Organization collects, uses, and shares personal data (hereinafter referred to as 'Data') of individuals, sole proprietors, and authorized employees of legal entities who are partners of the Organization (hereinafter referred to as 'Users').
This Policy is created in accordance with the requirements of:
The Law of the Republic of Kazakhstan No. 94-V of May 21, 2013 'On Personal Data and Their Protection' (with amendments and additions as of May 1, 2023);
The Law of the Republic of Kazakhstan No. 191-IV of August 28, 2009 'On Counteracting the Legalization (Laundering) of Illegally Obtained Income and the Financing of Terrorism';
The Order of the Minister of Digital Development, Innovations, and Aerospace Industry of the Republic of Kazakhstan No. 395/НҚ of October 21, 2020, 'On Approving the Rules for Collecting and Processing Personal Data' (with amendments and additions as of May 6, 2023).
The Law of the Republic of Kazakhstan No. 94-V of May 21, 2013 'On Personal Data and Their Protection' (with amendments and additions as of May 1, 2023);
The Organization is authorized to collect Data related to the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, transfer (distribution, provision, access), regulation, combination, anonymization, blocking, deletion, scoring, destruction, and protection of Data.
Based on this, the Organization considers as Data all information provided by Users of the Organization’s services when using the services or automatically obtained, as well as the consent of your Users, including third parties, for providing services of the Organization, as well as services and services of partners and government authorities (hereinafter referred to as 'Services').
User Data refers to personal data collected with the consent of the User in accordance with the consent form in Appendix No. 1 of this Policy, including but not limited to the following:
Last name, first name;
Phone number;
Email address;
Model of the device of the Subject and data about its operating system language type and browser and/or type of internet connection used during the visit;
Data about the Subject's location obtained from the IP address;
Information about purchases made by the Subject on the Internet and other metadata for analytics (cookies, etc.);
Content posted by the Subject or viewed by them on the Internet;
Changes in the user's status and duration of visits.
The Organization collects Data to:
Offer personalized Services according to the agreements made between the Organization and/or third parties available through the Organization’s Services;
Identify, authenticate, and authorize the Enterprise and Users within the agreements and for ensuring security, including financial transactions;
Provide services through access to the Organization's Services;
Send special offers related to other goods and services, including those of third parties, via electronic messages, SMS, and/or notifications through the Organization’s Services, which, in the Organization's opinion, may be of interest to Users, or related to the use of the Organization's Services, provision of services, as well as processing requests from Users, verifying User Data, and/or third-party Data provided by Users for the provision of Services.
With the consent of the Enterprise and Users, the Organization will share Data with its partners for them to offer products and services to the Enterprise and Users.
The Organization processes Data in accordance with legal requirements, such as fulfilling obligations to government authorities, addressing complaints, recovering debts, legal proceedings, preventing fraud, and misuse of Services, and ensuring Data security.
The Organization stores Data for the period required according to the type of Data necessary within the contractual obligations for providing Services and their processing purposes, but in any case, for at least 5 (five) years, according to Article 11 of the Law of the Republic of Kazakhstan No. 191-IV of August 28, 2009 'On Counteracting the Legalization (Laundering) of Illegally Obtained Income and the Financing of Terrorism.'
The Organization complies with all legal requirements for cross-border transfer of Data, helping to protect Data wherever it is located. The Organization uses the most secure cloud technologies and storage, regardless of their location, including those located outside the Republic of Kazakhstan or in another jurisdiction, ensuring high reliability of services, Data integrity, and protection from unlawful interference.
The Organization stores Data in accordance with this Policy as long as necessary to achieve the purposes of collection and processing or to comply with the requirements of the legislation of the Republic of Kazakhstan and other countries in which the Organization operates.
The Organization ensures that the Enterprise and Users are fully aware of their rights to Data protection. Each User has the following rights:
Right to access Data;
Right to correct Data;
Right to delete Data;
Right to restrict Data processing;
Right to provide a copy of the Data;
Right to object to Data processing;
Right to Data portability.
Cookies are text files placed on a device to collect information about website visits. When visiting the Organization’s Services, the Organization may automatically collect information about Users via cookies or similar technologies.
The Organization uses cookies in various ways to improve the operation of its Services, including:
Maintaining authorization;
Determining how the Organization’s Services are used;
Offering services and goods that may be of interest;
etc.
The Organization’s Services may contain links to other resources. This Privacy Policy applies only to the Organization’s Services, so if Users click on a link to another resource, Users should review the privacy policy of those resources.
Appendix No. 1
To the Privacy Policy of LLP “Capital Pay”
Consent to the Collection and Processing of
Personal Data for Providing Payment Services
LLP “Capital Pay”
Hereby, in accordance with the requirements of the Law of the Republic of Kazakhstan dated May 21, 2013, No. 94-V 'On Personal Data and Their Protection', and, where applicable, the data protection legislation of the Astana International Financial Centre (hereinafter referred to as the 'AIFC'), as well as the regulations adopted thereunder (hereinafter – 'Applicable Law'), I hereby give my consent to the following:
1. The collection and processing of Data (as defined in Section B of this Consent), through the following means:
(a) Registration and/or authorization of the Data Subject on the Operator’s website (or mobile application), or on any other electronic resource of the Operator;
(b) Signing this Consent in electronic form, including via electronic digital signature, or by using a one-time password (OTP) sent by the Operator or its agent to the Data Subject’s mobile phone number via SMS or via push notification through a web or other software application;
(c) Visiting the electronic resources of the Operator, including through the acceptance of cookies or other policies, protocols, software, or hardware that may collect the Data Subject’s information;
(d) Use of the Operator's products or services.
2. The transfer of Data, including but not limited to personal data, data constituting banking secrecy, insurance secrecy, commercial secrecy in the securities market, and any other information protected by law, to affiliated entities of the Operator, the Operator’s agents, and any other third parties (hereinafter collectively referred to as “Third Parties”), when such transfer is required under Applicable Law or is necessary for the Operator or such Third Parties to provide products or services to the Data Subject, or to perform obligations under agreements between the Operator and the Third Parties. The Data Subject agrees that the Data may be included in databases of the Operator or Third Parties, where the personal data of the Data Subject may subsequently be processed independently of the Operator; provided that the Operator undertakes to require such Third Parties to ensure the confidentiality of the transferred Data.
3. The cross-border transfer of the Data by the Operator beyond the territory of the Republic of Kazakhstan and the AIFC, to countries where such transfer is necessary for the purposes specified in this Consent.The Data Subject acknowledges and agrees that the jurisdictions to which the Data may be transferred may have data storage and protection standards that are lower than those provided under the laws of the Republic of Kazakhstan or the AIFC, and that data operators in those jurisdictions may not be able to provide adequate protection.
4. For the purposes of this Consent, 'Data' includes, without limitation, any information or data that relates to an identified or identifiable Data Subject, recorded on an electronic medium, including but not limited to: last name, first name; phone number; email address; model of the Data Subject’s device and information regarding its operating system and browser language, and/or type of internet connection used at the time of the visit; location data derived from IP address; information about purchases made by the Data Subject online and other metadata for analytics purposes (cookies, etc.); content published or viewed by the Data Subject online; changes in user behavior and duration of visits.
5. The Data of the Data Subject is collected and processed for the following purposes (non-exhaustive list): the Operator’s and Third Parties’ activities related to the provision of financial services; marketing and advertising campaigns; research; promotional activities; delivery of any informational materials to the Data Subject, including those related to products and/or services and/or offers of the Operator and/or Third Parties, and other notices via phone, fax, and other means of communication, including open communication channels (such as SMS, email, push notifications, voice messages, remote access systems, social networks, etc.); processing payments using QR codes or barcodes; selecting a recipient of payment or services from the contact list; displaying the Data Subject's avatar/photo in the Operator’s or Third Parties’ mobile applications; receiving and providing the Data Subject’s digital documents through digital document services; voice communication with representatives of the Operator/Third Parties; delivery of goods and services to the Data Subject; conducting checks by the Operator/Third Parties in accordance with anti-money laundering and counter-terrorism financing requirements; protecting the Operator’s clients from fraudulent activities committed by Data Subjects.
i. The personal data of the Data Subject may not be disseminated by the Operator and/or Third Parties through publicly available sources, except where written consent has been obtained from the Data Subject.
ii. This Consent is granted for the entire period of the Operator’s activity, or until a new version of the Consent is issued and communicated to the Data Subject.