Personal Data Protection Policy
1. General Provisions.
1.1 By using the website www.cabio.org you (including the legal entity or individual on whose behalf you are acting) agree to the terms of this Operator’s Policy regarding the processing of personal data (hereinafter referred to as the Policy). If you do not agree with the rules and regulations described in this Policy you are free to avoid providing your personal information on the website www.cabio.org.
1.2 This policy regulates public relations in the field of personal data processing. Besides that it defines the purpose, principles and legal basis of activities related to the collection, processing and protection of personal data.
1.3 This policy has been created in accordance with the requirements of the Law No. 94-V “On Personal Data and Their Protection” of the Republic of Kazakhstan dated May 21, 2013 (amended and supplemented May 1, 2023) and determines the procedure for processing personal data and measures to ensure the security of personal data of Central Asia Bio Solutions LLP (CABS) (hereinafter referred to as Operator).
1.4 This Policy applies to all information that Operator may receive about Users of the website www.cabio.org.
1.5 The User has the right to clarify any questions regarding this Policy or the processing of personal data by contacting Operator at info@cabio.org
2. Basic concepts in the field of personal data protection.
2.1 Biometric data are personal data that characterize the physiological and biological characteristics of the subject of personal data, on the basis of which his identity can be established.
2.2 Personal data is information relating to a specific subject of personal data or determined on their basis, recorded on electronic, paper and (or) other tangible media.
2.3 Blocking of personal data are actions to temporarily stop the collection, accumulation, modification, addition, use, distribution, depersonalization and destruction of personal data.
2.4 Accumulation of personal data are actions to systematize personal data by entering them into a database containing personal data.
2.5 Collection of personal data are actions aimed at obtaining personal data.
2.6 Destruction of personal data are actions as a result of which it is impossible to restore personal data.
2.7 Depersonalization of personal data are actions as a result of which it is impossible to determine the ownership of personal data by the subject of personal data.
2.8 Database containing personal data (hereinafter referred to as the database) is a set of ordered personal data.
2.9 The owner of the database containing personal data (hereinafter referred to as the owner) is a state body, individual and (or) legal entity exercising, in accordance with the laws of the Republic of Kazakhstan, the right to own, use and dispose of the database containing personal data.
2.10 Operator of the database containing personal data (hereinafter referred to as the operator) is a government body, individual and (or) legal entity collecting, processing and protecting personal data.
2.11 Protection of personal data is a set of measures, including legal, organizational and technical, carried out for the purposes established by this Law.
2.12 Processing of personal data are actions aimed at accumulating, storing, changing, supplementing, using, distributing, depersonalizing, blocking and destroying personal data.
2.13 Use of personal data are actions with personal data aimed at achieving the goals of the owner, operator and third party.
2.14 Storage of personal data are actions to ensure the integrity, confidentiality and availability of personal data.
2.15 Dissemination of personal data are actions that result in the transfer of personal data, including through the media or providing access to personal data in any other way.
2.16 Subject of personal data (hereinafter referred to as the subject) is an individual to whom the personal data relates.
2.17 Third party is a person who is not the subject, owner and (or) operator, but is associated with them (him) by circumstances or legal relations regarding the collection, processing and protection of personal data.
2.18 User - any visitor to the website www.cabio.org.
2.19 Cookies are small text files used to identify User’s computer when visiting certain sites on the Internet.
3. Purposes of processing personal data.
3.1 The purpose of this Policy is to ensure the protection of the rights and freedoms of User when collecting and processing his personal data.
3.2 Operator will process Users’ Personal Information to achieve the following objectives:
3.2.1 Improve the performance, content and services of the www.cabio.org website.
3.2.2 Perform compliance audits, data metrics, develop new services, as well as protect the site and the integrity of any services, analyze information, including clarifying order details.
3.2.3 Create anonymized datasets to improve performance at www.cabio.org.
3.2.4 Respond to questions, comments, requests, feedback from Users, including those related to services.
3.2.5 Send to User notifications about new products and services, special offers and various Operator’s events.
3.2.6 Fulfill relevant contractual obligations to User and other third parties.
3.3 Operator will also process Personal Information with User’s consent to provide User with marketing information regarding news, updates and other information about Operator’s services.
3.4 Operator is obliged not to use Personal Information for any other purposes other than those specified in this Policy.
4. The procedure for collecting, storing, transferring and other types of processing of personal data.
4.1 Collection, processing and protection of personal data are carried out in accordance with the following principles:
4.1.1 compliance with the constitutional rights and freedoms of User
4.1.2 legality
4.1.3 confidentiality of personal data with limited access
4.1.4 equality of rights of User and Operator
4.1.5 ensuring the safety of User and Operator
4.2 Consent to the collection and processing of personal data includes:
4.2.1 last name, first name, patronymic of User.
4.2.2 list of collected data related to User (email address, telephone number).
4.2.3 other information determined by Operator, for example, such as: location information, home or work address, gender, age or date of birth, position, country of residence.
4.2.4 the term or period during which the consent to the collection and processing of personal data is valid.
4.2.5 information about Operator’s ability or lack thereof to transfer personal data to third parties.
4.2.6 information about the presence or absence of cross-border transfer of personal data during their processing.
4.2.7 information about the dissemination of personal data in publicly available sources.
4.3 User gives (revokes) consent to the collection and processing of personal data in writing by sending a letter to Operator to the email address info@cabio.org with the appropriate mark “consent\refusal”.
4.4 Operator who gains access to restricted personal data ensures its confidentiality by complying with the requirements not to allow its distribution without the consent of User.
4.5 The accumulation of personal data is carried out by collecting personal data necessary and sufficient to perform the tasks carried out by Operator.
4.6 The storage of personal data is carried out by Operator in accordance with the general practice of archiving in a database located on the territory of the Republic of Kazakhstan.
4.7 The storage period of personal data is determined by the date of achievement of the purposes of their collection and processing, unless otherwise provided by the legislation of the Republic of Kazakhstan.
4.8 When collecting and processing personal data for statistical, sociological, scientific, and marketing research, Operator transmitting personal data is obliged to anonymize it in accordance with the rules for collecting and processing personal data.
5. Exchange of personal information.
5.1 Operator may transfer certain Personal Information to contractors for the purpose of processing this information on behalf of Operator and further providing services to Operator or User on behalf of Operator. These third parties include vendors who provide services such as: data analytics, email transmission, CRM, IT security, database management, financial or legal advisors. Information will be processed in accordance with confidentiality obligations and security measures.
6. Cross-border transfer of personal data.
6.1 Cross-border transfer of personal data is a transfer of personal data abroad.
6.2 In accordance with this Policy, cross-border transfer of personal data to the territory of foreign states is carried out only if these states ensure the protection of personal data
6.3 Cross-border transfer of personal data to the territory of foreign states that do not ensure the protection of personal data may be carried out in the following cases:
6.3.1 the consent of the subject or his legal representative to the cross-border transfer of his personal data
6.3.2 provided for by international treaties ratified by the Republic of Kazakhstan
6.3.3 provided for by the laws of the Republic of Kazakhstan, if necessary in order to protect the constitutional system, protect public order, human and civil rights and freedoms, health and morality of the population
6.3.4 protection of the constitutional rights and freedoms of a man and citizen, if obtaining the consent of the subject or his legal representative is impossible.
7. Information security.
7.1 Operator will use industry standard security measures to protect against unauthorized disclosure of the Personal Information it collects and stores. Operator takes steps to ensure that the Personal Information collected is complete and appropriate for its intended use.
8. Final provisions.
8.1 The current version of the Policy is valid indefinitely until replaced by a new version and is freely available on the Internet at https://www.cabio.org/privacy-policy/
8.2 User can receive any clarification on issues of interest regarding the processing of his personal data by contacting the Operator via email info@cabio.org.
8.3 In case User no longer wishes to receive electronic communications from Operator User may decline such communications by sending corresponding request to info@cabio.org.
