1.1.1. "Shareholder of the Company" is "Halyk Savings Bank of Kazakhstan" Joint Stock Company.
1.1.2. "Company’s Services" are mobile applications, web trading platform, corporate website, that allow users of the Company’s Services to interact with the Company under a brokerage services contract, or without conclusion of such a contract, or to interact with the Company’s partners as a part of the contracts concluded between Users and such partners including the exchange of information and carrying out individual transactions via the Internet or a special application of a mobile device (smartphone, tablet, etc.), as well as an electronic payment system that allows users of mobile devices to make money transfers via the Internet. The Company’s Services are both the Company's own Services and the Services to be provided by the Shareholder of the Company.
1.1.3. "Personal Data" are the information relating to directly or indirectly specified or identifiable physical person (personal data subject).
1.1.4. "Personal Data Processing" is any activity/transaction or a set of activities/operations with personal data carried out with or without automation tools including: collecting, recording, systematizing, accumulating, storing, clarifying (updating, amending), extracting, using, transferring (distributing, providing, accessing), depersonalization, blocking, deleting, destroying personal data.
1.1.5. "Personal Data Confidentiality" is a mandatory requirement for the Company or other person who has access to personal data not to allow their dissemination without the personal data subject’s consent or other legal grounds.
1.1.6. "User" is a person who has access to the Company's Services via the Internet, and uses the Company's Services.
1.1.7. "User Information" is personal information that User provides independently when using the Company’s Services and creating account, or carrying out registration, as well as the data automatically transmitted in the course of use of the Company’s Services, including but not limited to: IP-address, data of the mobile device used for access, etc. When the Company’s Services are used, the following information may be requested and obtained:
- User Data. When an account is created and/or registration is carried out, the Company requests information about User, such as: Individual Identification Number, full name, gender, date of birth, residence and registration address, email address, phone number, place of employment, position, images and videos from a camera, and User’s contact data (telephone and/or address book, contacts in a mobile device), as well as the data automatically sent by a web server. The Company may also request additional information.
- Mobile Device Data. The Company collects data of User’s mobile devices such as mobile device model, operating system version, unique device identifiers, mobile network data and mobile phone number. In addition, device ID and mobile phone number can be linked to a User's account.
- Location Data. The Company's Services that support geographic location function of a User's mobile device allow the Company to receive information about the User's actual location including GPS (Global Positioning System) data sent by the mobile device.
- Information about Operations Being Performed. When making transactions with financial instruments, information operations, money transfers, etc., the Company collects data about the place, time and amount of the transactions performed, the type of payment method, data about the seller and/or service provider, descriptions of the reason for the transaction, if any, and other information related to carrying out the above operations.
2. General provisions
2.4. Separate agreements with Users may set forth other goals for which User Personal Data may be requested or disclosed.
3. User Data received and used, and goals of use
3.2. The Company may use User Personal Data for the following purposes:
- to identify User registered in a mobile application when interaction with the Company is carried out under a brokerage services contract concluded, or without such a contract.
- to provide User with the access to the Company's Services.
- to establish communication with User including by sending notifications or inquiries regarding the use of the Company's Services, to provide services, process requests or applications from User.
- to determine User’s location, ensure security, and prevent fraud.
- to confirm the accuracy and completeness of personal data provided by User.
- to create an account for carrying out transactions.
- to notify User about the status of client orders.
- to process and receive payments, to confirm taxes or tax benefits, to challenge payments.
- to provide User with effective customer and technical support in case of problems associated with the use of the Company's Services.
- to provide User with updates to the Company's products, special offers, information on promotions, newsletters and other information on behalf of the Company or the Shareholder of the Company.
- to provide User with the access to the Company’s websites or Services or those of Shareholder of the Company for obtaining products, updates and services.
4. Terms and conditions of data processing
4.2. The User Personal Data are processed without any time limits, in any legal way including in the personal data information systems using automation tools or without such tools.
5. Provision of User Data to third parties
5.2. The Company does not provide User Data to the companies and individuals not associated with the Company except when Users give their consent.
5.3. An additional consent of User is requested by the Company in accordance with applicable laws of the Republic of Kazakhstan to provide User Data to the companies and individuals not associated with the Company including other Users.
6. Security measures to keep confidentiality
6.1. The Company takes all the possible measures to ensure protection and security of User Data from unauthorized attempts to access, alter, disclose or destroy it, as well as other ways of abuse.
6.2. In particular, the Company constantly improves the ways of data collecting, storing and processing including physical security measures intended to counteract unauthorized access to the Company's systems for theft of assets, phishing or other types of fraud.
6.3. The Company also limits the access to employees, contractors and agents to User Data, and establishes strict contractual confidentiality obligations, violation of which results in liability and penalties set forth with the laws of the Republic of Kazakhstan.
6.4. The User Personal Data can be provided to the authorized governmental bodies of the Republic of Kazakhstan only on the grounds and in the manner established by the laws of the Republic of Kazakhstan.
6.5. In case of loss or disclosure of User Personal Data, the Company informs User about the loss or disclosure of his/her personal data.
6.6. The Company and a User take all the necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of User Personal Data. In order to ensure secure use of the Company’s Services, the Company recommends User to keep the following recommendations:
- User must keep the account data such as login and password in secret from any third parties.
- User undertakes to immediately inform the Company about any suspected case of unauthorized use of his/her account.
6.7. Keeping the Company’s recommendations allows User to ensure maximum safety of the information provided to the Company including details of User‘s payment card (or other electronic means of payment), and other data, and to reduce the risks when operations are carried out using the details of payment card (or other electronic means of payment) for non-cash payment for goods and services including payments via the Internet.
7.2. In the event of loss or disclosure of Confidential Information, the Company is not liable if the Confidential Information:
- became public domain before it was lost or disclosed.
- was received from a third party prior to its receipt by the Company.
- was disclosed with the User’s consent.
8. Dispute Resolution
8.1. Before submitting a claim to a court in respect of the disputes arising from the relationships between User and the Company, it is mandatory to submit a pre-judicial claim (a written proposal for a voluntary settlement of a dispute).
8.2. The recipient of the pre-judicial claim notifies the applicant of the claim in writing about the results of consideration of the claim within 30 calendar days from the date of receipt of the pre-judicial claim.
8.3. If no agreement is reached, the dispute will be referred to a court in accordance with the current laws of the Republic of Kazakhstan.