Privacy policy

1. General

●      1.1. This Privacy Policy describes the procedure for processing personal data collected using the www.ffin.kz Internet resource (hereinafter referred to as the Site), and related services and tools of the Site, adopted by Freedom Finance JSC (hereinafter referred to as the Company). The Company processes the Site users' personal data solely in compliance with requirements of the Personal Data and their Protection Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V, and international treaties ratified by the Republic of Kazakhstan. The Privacy Policy (hereinafter referred to as the Policy) has been developed in accordance with standards thereof.

●      1.2. This Policy is an official document of the www.ffin.kz website, which defines and regulates the procedure for information handling and processing of personal data of individuals and legal entities applying for the services provided by the website www.ffin.kz. The Policy is designed to ensure proper protection of users' information, including their personal data, from unauthorized access and disclosure.

●      1.3. The Policy, other official documentation of the Site and the current law of the Republic of Kazakhstan govern relations related to the collection, storage, distribution and protection of the Site users' information. In case of contradictions between this Policy and other official documents of the Site, this Policy shall prevail.

●      1.4. In this Policy the expressions set out below have the following meanings:

○      - Administration of the site www.ffin.kz (hereinafter referred to as the Site Administration) means employees that are authorized to manage the site acting on behalf of the Company, who arrange and (or) process personal data, and also determine the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.

○      - Personal data means any information relating directly or indirectly to a particular or identifiable individual (Data Subject).

○      - Processing of personal data means any action (operation) or a set of actions (operations) that can be done to or with personal data with or without using automation tools, including collection, recording, organizing, accumulating, holding, adjusting (updating, modifying), extraction, use, transfer (distribution, provision, access), impersonating, blocking, erasure, or destroying of personal data.

○      - Confidentiality of personal data means a mandatory requirement for the Operator or other person who has gained access to personal data to prevent their distribution without consent of the Data Subject or other legal grounds

○      - User of the site www.ffin.kz (hereinafter referred to as the User) means a person who has access to the Site via the Internet and uses the site www.ffin.kz.

○      - Cookies mean a small blocks of data sent by a web server while a user is browsing a website and placed on the user's computer, which the web client or web browser sends to the web server in an HTTP request each time it tries to open a page of the corresponding site.

○      - IP address means a unique network address of a node in a computer network built using the IP protocol.

●      1.5. By registering and using the Site, the User agrees to the terms of the Policy. If the User does not agree with the terms of the Policy, the use of the Site must be immediately terminated.

●      1.6. The Site Administration does not verify the accuracy of users' information that they provide on the Site, except when such verification is necessary to fulfill the obligations of the Site Administration to the user.

●      1.7. Users should be aware that when clicking on some links posted on the Site, they may be redirected to sites (applications, etc.) of other companies outside the Company's hosting space ("Facebook", "google+", "VKontakte"), where Users' information is collected outside the direct control of the Company and the Site Administration. In this case, the Privacy Policies of the sites and/or applications of third parties will govern the processing of information received from users by such third parties.

●      1.8. If the User wishes to enter the Site using a third-party operator's authentication service, such as Facebook information, the Company may receive an additional profile, or other information, access to which is provided by such third party.

2. Application of and Amendments to the Privacy Policy

●      2.1. The Policy becomes effective for a perpetual life from the moment of its approval by the Board of Directors of the Company. The current Policy is invalidated when it is replaced by a restarted Policy. The Policy is replaced by publishing its restarted version on the Site.

●      2.2. The current version of the Policy, which is a public document, is available to any Internet user by clicking on the link www.ffin.kz. The Site Administration may make amendments to the Policy that do not contradict the law of the Republic of Kazakhstan. Posting a restarted version of the Policy on the Site after its approval is considered to be a notification to Site users of the amendments made to the Policy.

3. Conditions and Purposes of Personal Data Processing

●      3.1. The Site Administration processes the user's personal data to fulfill the terms of the Agreement between the Site Administration and the User for the provision of the Site using services (Public Offer).

●      3.2. By providing its services, the Site Administration believes that the User:

○      - has all the necessary rights to enable him to register and use this Site;

○      - is aware that User’s information posted on the Site by the User may become available to third parties involved by the Site Administration to fulfill obligations

●      3.3. To provide its services, the Company may use the information that the Company collects and places for the following purposes:

○      - ensuring Company's customer service, including for creating and managing user accounts, solving technical problems and accessing various functions of the Site;

○      - adaptation of offers and experiences, including advertising on own services or services of third parties;

○      - control over the general and individual activity of Users, as well as to manage traffic on the Site;

○      - communications with Users, including on issues of service, customer service or permitted marketing communications through any available communication channels;

○      – analysis in order to improve the Company's customer service.

●      The Company may hold the information, which it collects and obtains on its Site, to achieve the Company's business goals.

4. Scope of Personal Data

●      4.1. Users' personal data includes:

○      4.1.1. Unique identifier - email address;

○      4.1.2. Additional data: name, date of birth, mobile phone number, delivery address and others.

○      4.1.3. Data additionally provided by the Users at the request of the Site Administration in order to fulfill the obligations of the Site Administration to the Users arising from the terms of the Agreement with the User. The Site Administration, in particular, may request the User for a copy of an identity document or other document containing the name, surname, and photo of the User, and other additional information that, at the discretion of the Site Administration, is necessary and sufficient to identify such User and will prevent abuses and violations of the rights of third parties.

●      4.2. Other Users' information processed by the Site Administration - the Site Administration also processes other Users' information, which includes:

○      4.2.1. Standard data automatically received by the server when accessing the Site and upon subsequent actions of the User (host IP address, type of the user's operating system, pages of the Site visited by the User, and Cookie files);

○      4.2.2. Information automatically obtained when accessing the Site using bookmarks (cookies);

○      4.2.3. Information obtained as a result of the User's actions on the Site;

○      4.2.4. Information necessary to identify the User.

5. Processing of Users' Information

●      5.1. Personal data are processed based on the principles of:

○      - legality of the purposes and methods of personal data processing;

○      - good faith;

○      - compliance of the purposes of personal data processing with the purposes predetermined and declared during the collection of personal data, and the powers of the Site Administration;

○      - compliance of the scope and nature of the personal data being processed, methods of personal data processing with the purposes of personal data processing.

●      5.2. Collection of personal data.

○      5.2.1. The User's personal data is collected on the Site upon registration, and in the future when the User, on its own accord, enters additional information into the Site tools.

●      5.3. Holding and using personal data.

○      5.3.1. Users' personal data is hold exclusively on electronic media and processed using automated systems, except when manual processing of personal data is necessary to comply with legal requirements.

●      5.4. Transfer of personal data.

○      5.4.1. Users' personal data is not transferred to any third parties, unless otherwise expressly stipulated by this Policy and the terms of the Agreement with the User (Public Offer).

○      5.4.2. If specified by the User or with the User's consent, the User's personal data may be transferred to third parties-contractors of the Site Administration, subject to the assumption by such counterparties of obligations to ensure the confidentiality of the information received, in particular, when using applications.

○      5.4.3. Applications that are used by Users on the Site are hosted and maintained by third parties (developers) who act independently of the Site Administration and do not act on behalf of the Site Administration. Users should independently become acquainted with the rules of services and the personal data protection policy of such third parties (developers) before using the respective applications.

○      5.4.4. At the request of government authorities, Users' personal data is submitted in the manner stipulated by the law of the Republic of Kazakhstan.

●      5.5. Erasure of personal data.

○      5.5.1. Users' personal data is erased:

■      - by the Site Administration after receiving a request from the User to erase data from the personal page;

■      - when the Site Administration deletes information posted by the User, or the User's personal page in cases stipulated by the sale contract (offer).

6. User's Information Protection Measures

●      6.1. The Site Administration takes all possible technical, organizational and legal measures to ensure the protection of Users' personal data from any illegal actions.

●      6.2. The data from the User's browser to the Site's server is transferred using 256-bit encryption.

7. Disclaimer

●      7.1. This Policy does not apply to the actions of third-party Internet resources.

●      7.2. The Site Administration is not liable for the actions of third parties who, as a result of using the Internet or the Site Services, have access to the User's information and for the consequences of using the information.

8. User Requests

●      8.1. Users may send their requests to the Site Administration, including requests regarding the use of their personal data in writing to the email: [email protected]

●      8.2. The request sent by the User must comply with the requirements for submitting requests to the Service and Support Service, namely, contain:

○      - Full name

○      - information confirming the participation of the user in relations with the Administration (in particular, the email address that was used to register on the Site);

○      - phone number.

The Site Administration undertakes to consider and send a response to the User's request within 10 calendar days from the date of receipt of the request.