Personal Data Processing Policy
1. GENERAL PROVISIONS
1.1. The Policy of OcOO Forti (hereinafter referred to as the Processor) regarding the processing of personal data (hereinafter referred to as the Policy) defines the main goals, principles, conditions, and methods of processing personal data, lists of subjects and personal data processed by the Processor, the rights of personal data subjects and the functions of the Processor in the processing of personal data, as well as those implemented by the Processor requirements for the protection of personal data.
1.2. The Policy is aimed at ensuring the protection of the rights and freedoms of individuals when processing their personal data by the Processor, including the protection of the rights to privacy, personal and family secrets.
1.3. The Policy was developed in accordance with the Law of the Kyrgyz Republic dated April 14, 2008 No. 58 "On personal information", the requirements of the Constitution of the Kyrgyz Republic, the Labor Code of the Kyrgyz Republic, and other regulatory legal acts of the Kyrgyz Republic in the field of personal data.
1.4. The provisions of this Policy are the basis for the development of internal regulatory documents regulating the Processor's issues and processes of processing personal data of its employees and other personal data subjects.
1.5. This Policy is the basis for the development by the Processor's subsidiaries of local regulations defining the Policy of processing Personal data of these organizations.
1. 6. This Policy applies to all personal data of subjects processed by the Processor using automation tools and without the use of such tools.
2. THE BASIC CONCEPTS USED IN THIS POLICY
2.1. In accordance with Article 3 of the Law of the Kyrgyz Republic dated April 14, 2008 No. 58 "On Personal Information", the following basic terms and definitions are used for the purposes of this Law:
3. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, pursuant to which and in accordance with which the Processor processes personal data, including:
The Constitution of the Kyrgyz Republic;
The Labor Code of the Kyrgyz Republic;
The Law of the Kyrgyz Republic dated July 19, 2017 No. 127 "On Electronic Management";
Law of the Kyrgyz Republic No. 136 dated July 14, 2014 "On Biometric Registration of Citizens of the Kyrgyz Republic";
Law of the Kyrgyz Republic No. 58 dated April 14, 2008 "On Personal information";
Resolution of the Cabinet of Ministers of the Kyrgyz Republic dated November 18, 2022 No. 638 "On approval of the Procedure for Registration of holders (holders) of personal data Arrays, Personal Data Arrays and Lists of personal Data in the Register of Holders (Holders) of personal Data Arrays, as well as its maintenance and publication";
Resolution of the Government of the Kyrgyz Republic dated November 21, 2017 No. 759 "On approval of the procedure for obtaining the consent of a personal data subject to the collection and processing of his personal data, the procedure and form of notification of personal data subjects on the transfer of their personal data to a third party";
Resolution of the Government of the Kyrgyz Republic dated November 21, 2017 No. 760 "On approval of requirements for ensuring the security and protection of personal data during their processing in personal data information systems, the implementation of which ensures the established levels of personal data security".
3.2. In order to implement the provisions of the Policy, the Processor develops relevant local regulations and other documents, including including:
The Regulation on the processing and protection of personal data from the Processor;
local regulations and documents (orders, instructions, journals, notifications, etc.) that regulate and reflect the issues of processing and ensuring the security of personal data for the Processor.
4. PURPOSES OF PERSONAL DATA PROCESSING
4.1. The Processor sets as its most important goal and condition for the implementation of its activities the observance of human and civil rights and freedoms in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.
4.2. The Processor uses the data provided by the User for the purposes of:
4.2.1. registration and identification of the User on the Site, providing the User with the opportunity to fully use the Site;
4.2.2. further communication on the User's request, including by third parties – partners of the Processor to fulfill obligations under the User's request, consulting on the provision of services by the Company;
4.2.3. creating an account and providing access to your account/ account on partner sites;
4.2.4. sending informational messages;
4.2.5. advertising, promotion of goods, works (services), including on the basis of information received about the User's personal preferences and settings;
4.2.6. evaluation and analysis of the work of the Handler's Website;
4.2.7. analytics of the effectiveness of advertising, statistical research based on depersonalized information provided by the User;
4.2.8. informing the User about promotions, discounts and special offers through e-mail newsletters, telephone communication;
4.2.9. conducting marketing research, including with the involvement of third parties as a contractor (contractor, consultant)
5. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING
5.1. The processing of personal data of Users is carried out using databases on the territory of the Kyrgyz Republic;
5.2. The processing of personal data is carried out both with the use of automated means and without their use;
5.3. The Processor undertakes not to transfer the information received from the User to third parties, except in cases specifically specified in this Policy;
5.4. The transfer of personal data of Users to third parties - partners of the Processor, if necessary, is carried out on the basis of the consent of Users in order to fulfill obligations to Users;
5.5. The Processor, if necessary, transfers Users' personal data to third parties - partners of the Company, these persons undertake to keep confidential, not disclose or distribute personal data without the User's consent, unless otherwise provided by applicable law and/or this Policy;
5.6. The storage of personal data of Users is carried out on electronic media, and for the purposes of fulfilling obligations to Users can be carried out on tangible media after the extraction of personal data;
5.7. The storage of personal data is carried out within the period objectively necessary for the fulfillment of obligations to Users, and is determined by the following events (depending on which event occurs earlier):
5.7.1. until the User deletes personal data through the personal account;
5.7.2. until the moment of destruction of personal data by the Company in connection with the receipt of a request from the User for the destruction of personal data or revocation of consent to their processing;
5.7.3. until the expiration of the User's consent.
5.8. The Processor has the right to store the User's personal data, except in cases of receiving a request for data destruction or revocation of consent to data processing, in an impersonal form after fulfilling obligations to the User for the purposes specified in clause 2.2.7. of this Policy.
5.9. If it is necessary to transfer Users' personal data to third parties – partners of the Processor in cases expressly provided for by the Policy, such transfer is carried out in compliance with the following conditions:
5.9.1. the third party – partner of the Processor ensures the confidentiality of personal data during their processing and use and undertakes not to disclose the data to other persons, as well as not to distribute Users' personal data without their consent;
5.9.2. the third party partner of the Processor guarantees compliance with the following measures to ensure the security of personal data during their processing: the use of information protection tools; detection and fixation of unauthorized access to personal data and taking measures to restore personal data; restriction of access to personal data; control and evaluation of the effectiveness of measures applied to ensure the security of personal data, other measures provided for by law;
5.9.3. the third party partner of the Processor is prohibited from transferring and distributing personal data of Users.
5.10. It is not considered a violation of the obligations provided for in this Policy, the transfer of information in accordance with the reasonable and applicable requirements of the legislation of the Kyrgyz Republic, as well as the provision of information by the Processor to partners acting on the basis of an agreement with the Processor to fulfill obligations to the User; the transfer of User data by the Processor to third parties in an impersonal form for the purpose of evaluating and analyzing the operation of the Processor's Website, providing personal recommendations, displaying advertisements based on personal preferences and User settings, as well as conducting marketing, analytical and/or statistical research.
5.11. The Processor has the right to use the "cookies" technology. Cookies do not contain confidential information. Cookies are used to remember User preferences and settings, as well as to collect analytical data about Site visits. Using the Site means that the User agrees to the use of all cookies and analytical data on Site visits, as well as their transfer to third parties.
5.12. The User has the right to receive information from the Processor regarding the processing of his personal data. The Company provides the User or his representative with the opportunity to familiarize themselves with personal data related to the User free of charge.
5.13. In case of detection of incompleteness, inaccuracy or irrelevance of information, the Processor, based on the User's information, makes the necessary changes to the User's personal data within a period not exceeding 7 (seven) business days and notifies the User of the changes made.
5.14. If the User or his representative provides the Processor with confirmation of the fact of illegal receipt or processing of his personal data, as well as the fact that actions with his personal data do not correspond to the purposes of processing, the Processor undertakes to destroy such personal data of the User within a period not exceeding 7 (seven) working days and notify the User of the measures taken.
SUBJECTS OF PERSONAL DATA
6.1. The Processor processes the following categories of personal data subjects:
individuals who are applicants for vacant positions — with the consent of the personal data subjects, in the composition and within the time necessary for the Processor to make a decision on admission or refusal to apply for a job, as well as for the formation of a personnel reserve;
individuals who are members of the Processor's management bodies — with the consent of the subjects of personal data, in the composition and within the time limits necessary to achieve the goals stipulated by law KR goals for the implementation and fulfillment of the tasks assigned by the legislation KR for the Handler of functions, powers and responsibilities;
individuals who are in an employment relationship with the Processor, with its subsidiaries — in the composition and within the time limits necessary to achieve the goals stipulated by law KR goals for the implementation and fulfillment of the tasks assigned by the legislation KR for the Processor of functions, powers and duties, for the formation of a personnel reserve, as well as for the conclusion and execution of a contract to which the personal data subject is a party or beneficiary or guarantor, including for the purpose of providing insurance;
individuals who perform works, provide services and (or) supply goods and have concluded a civil contract with the Processor;
foreign employees of the Handler (hereinafter referred to as "expats") — with the consent of the subjects of personal data, in the composition and within the time limits necessary to achieve the goals provided for by law KR goals for the implementation and fulfillment of the tasks assigned by the legislation KR for the Handler of functions, powers and duties, to assist expats in issuing invitations, visas and for migration registration, obtaining a work permit, a patent, for forming a personnel reserve, as well as for concluding and executing a contract to which the personal data subject is a party, or beneficiary or guarantor, including, and for the purpose of providing insurance;
relatives of the Handler's expats — with the consent of the subjects of personal data, in the composition and within the time limits necessary to achieve the goals provided for by law KR of the goals, implementation and fulfillment of the tasks assigned by the legislation To assign functions, powers and duties to the Processor, to assist in the registration of invitations, visas and for migration registration, the exercise of the rights and legitimate interests of the Processor, as well as for the conclusion and execution of an agreement to which the personal data subject is a party, or beneficiary or guarantor, including for the purpose of providing insurance;
individuals who are representatives of existing and potential suppliers of the Processor — with the consent of the subjects of personal data, in the composition and within the time necessary for interaction with suppliers;
individuals who are dependent on the Handler's employee;
individuals who receive income from the Processor, but are not in an employment relationship with him — in the composition and within the time necessary for the implementation and fulfillment of the obligations imposed by law KR for the Handler of functions, powers and responsibilities;
individuals who are representatives of partners — with the consent of the subjects of personal data, in the composition and within the time necessary for interaction with partners;
individuals whose personal data have been made publicly available by them, and their processing does not violate their rights and meets the requirements established by the Legislation on Personal Data;
individuals who have expressed consent to the processing of their personal data by the Processor or individuals whose personal data processing is necessary for the Processor to achieve the goals provided for by an international agreement of the Kyrgyz Republic or legislation, to exercise and fulfill the powers and duties assigned by the legislation of the Kyrgyz Republic to the Processor.
7. RIGHTS AND OBLIGATIONS OF THE PROCESSOR AND SUBJECTS OF PERSONAL DATA
7.1. The subject of personal data has the right to:
to receive information concerning the processing of his personal data in the manner, form and time limits established by the Legislation on Personal Data;
to demand clarification of their personal data, their blocking or destruction if they are incomplete, outdated, inaccurate, unreliable, illegally obtained or are not necessary for the stated purpose of processing, as well as if they are used for purposes not previously stated when providing consent to the processing of personal data;
revoke your consent to the processing of personal data;
take legal measures to protect their rights and legitimate interests;
to receive, in order to exercise their rights and legitimate interests, information from the Processor concerning the processing of their personal data, when contacting the Processor and when sending a request personally or with the help of a representative, with mandatory indication in such a request of the necessary information provided for by the Law of the Kyrgyz Republic dated April 14, 2008 No. 58 "On Personal Information", requirements The Constitution of the Kyrgyz Republic, the Labor Code of the Kyrgyz Republic, and other regulatory legal acts of the Kyrgyz Republic in the field of personal data.
7.2. The subjects whose personal data are processed by the Processor are obliged to:
provide reliable information about themselves and provide documents containing personal data, the composition of which is established by the legislation of the Kyrgyz Republic and local regulatory documents of the Processor to the extent necessary for the purpose of processing;
inform the Processor about the clarification (updating, modification) of their personal data.
7.3. The Processor has the right to:
to process the personal data of the Personal Data Subject in accordance with the stated purpose;
to require the Subject of personal data to provide reliable personal data necessary for the performance of the contract, the provision of services, the identification of the Subject of personal data, as well as in other cases provided for by the legislation of the Kyrgyz Republic;
restrict the access of the Personal Data Subject to his personal data if the access of the Personal Data Subject to his personal data violates the rights and legitimate interests of third parties, as well as in other cases provided for by the legislation of the Kyrgyz Republic;
process publicly available personal data of individuals;
for the purposes of internal information support of the Processor, create internal reference materials, which, with the written consent of the personal data subject, unless otherwise provided by the legislation of the Kyrgyz Republic, may include his surname, first name, patronymic, place of work, position, year and place of birth, address, subscriber number, e-mail address and other personal data data provided by the personal data subject;
to process personal data subject to publication or mandatory disclosure in accordance with the legislation of the Kyrgyz Republic;
to entrust the processing of personal data to another person with the consent of the personal data subject on the basis of an agreement concluded with this person.
7.4. The processor processing the personal data of the personal data subjects is obliged to:
process personal data received in accordance with the procedure established by applicable law;
to consider the appeals of the Personal Data Subject (the legal representative of the Personal Data Subject) on the issue of processing his personal data and give motivated answers;
to carry out operational and archival storage of Processor's documents containing personal data of Personal data Subjects in accordance with the requirements of the legislation of the Kyrgyz Republic.
1. GENERAL PROVISIONS
1.1. The Policy of OcOO Forti (hereinafter referred to as the Processor) regarding the processing of personal data (hereinafter referred to as the Policy) defines the main goals, principles, conditions, and methods of processing personal data, lists of subjects and personal data processed by the Processor, the rights of personal data subjects and the functions of the Processor in the processing of personal data, as well as those implemented by the Processor requirements for the protection of personal data.
1.2. The Policy is aimed at ensuring the protection of the rights and freedoms of individuals when processing their personal data by the Processor, including the protection of the rights to privacy, personal and family secrets.
1.3. The Policy was developed in accordance with the Law of the Kyrgyz Republic dated April 14, 2008 No. 58 "On personal information", the requirements of the Constitution of the Kyrgyz Republic, the Labor Code of the Kyrgyz Republic, and other regulatory legal acts of the Kyrgyz Republic in the field of personal data.
1.4. The provisions of this Policy are the basis for the development of internal regulatory documents regulating the Processor's issues and processes of processing personal data of its employees and other personal data subjects.
1.5. This Policy is the basis for the development by the Processor's subsidiaries of local regulations defining the Policy of processing Personal data of these organizations.
1. 6. This Policy applies to all personal data of subjects processed by the Processor using automation tools and without the use of such tools.
2. THE BASIC CONCEPTS USED IN THIS POLICY
2.1. In accordance with Article 3 of the Law of the Kyrgyz Republic dated April 14, 2008 No. 58 "On Personal Information", the following basic terms and definitions are used for the purposes of this Law:
- personal information (personal data) — recorded information on a material medium about a specific person, identified with a specific person or which can be identified with a specific person, allowing you to identify this person directly or indirectly by referring to one or more factors specific to his biological, economic, cultural, civic or social identity;
- personal data includes biographical and identification data, personal characteristics, information about marital status, financial status, health status, etc.;
- list of personal data — a list of categories of data about one subject;
- an array of personal data is any structured collection of personal data of an indefinite number of subjects, regardless of the type of information carrier and the means of processing them (archives, card files, electronic databases, etc.);
- public arrays of personal data — arrays of personal data, access to which is not limited by law, and intended for general use (reference books, phone books, address books, etc.);
- confidentiality of personal data — legally established rules defining restrictions on access, transfer, provision and conditions of storage of personal data;
- The subject of personal data (Subject) is an individual to whom the relevant personal data relate;
- the holder (Holder) of an array of personal data is public authorities, local self—government bodies and legal entities that are authorized to determine the purposes, categories of personal data and control the collection, storage, processing and use of personal data in accordance with this Law;
- the authorized state body for personal data (hereinafter referred to as the authorized state body) is a state body authorized by the Government of the Kyrgyz Republic to perform functions and powers to ensure compliance of personal data processing with the requirements of this Law, protect the rights of personal data subjects (subjects), register holders (holders) of personal data arrays, maintain a Register of holders of personal data arrays, other tasks, functions and powers provided for by this Law;
- the authorized state body for personal data (hereinafter referred to as the authorized state body) is a state body authorized by the Government of the Kyrgyz Republic to perform functions and powers to ensure compliance of personal data processing with the requirements of this Law, protect the rights of personal data subjects (subjects), register holders (holders) of personal data arrays, maintain a Register of holders of personal data arrays, other tasks, functions and powers provided for by this Law;
- Processor is a natural or legal person, determined by the holder (owner) of personal data, who processes personal data on the basis of an agreement concluded with him;
- personal data processing is any operation or set of operations performed regardless of the methods by the holder (owner) of personal data or on his behalf, by automatic means or without them, for the purpose of collecting, recording, storing, updating, grouping, blocking, erasing and destroying personal data;
- the consent of the Personal Data Subject is a free, specific, unconditional and conscious expression of the will of a person expressed in the form provided for by this Law, according to which the subject notifies of his consent to the implementation of procedures related to the processing of his personal data;
- transfer of personal data — provision by the holder (holder) of personal data to third parties in accordance with this Law and international treaties;
- cross—border transfer of personal data - transfer by the holder (holder) of personal data to holders under the jurisdiction of other states;
- updating of personal data is the prompt introduction of changes to personal data in accordance with the procedures established by the current legislation of the Kyrgyz Republic;
- blocking of personal data — temporary termination of the transfer, clarification, use and destruction of personal data;
- destruction (erasure or destruction) of personal data — actions of the holder (owner) of personal data to bring this data into a state that does not allow to restore their contents;
- depersonalization of personal data is the removal of that part of personal data that allows them to be identified with a specific person;
- the personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing;
- information — information (messages, data) regardless of the form of their presentation;
- A user is a person who uses an existing automated system or network to perform a specific function and solve the tasks facing him;
- Handler's employee is an individual who has concluded an employment contract with the Handler;
- close relatives — persons who are relatives in a direct ascending and descending line (parents and children, grandfathers, grandmothers and grandchildren), full- and incomplete (having a common father or mother) brothers and sisters;
- candidate — an individual applying for a vacant position, whose personal data was received by the Processor;
- Processor supplier is a term used when referring jointly to a corporate counterparty, i.e. a legal entity, an individual entrepreneur or an individual, as well as a foreign legal entity that has concluded or intends to conclude a contract with the Processor for the supply of goods or products, the performance of works or the provision of services;
- the Processor's partner is a legal entity, an individual entrepreneur, as well as an individual engaged in private practice in accordance with the procedure established by the legislation of the Kyrgyz Republic, who has concluded or intends to conclude a contract with the Processor for the purchase of goods or products, receipt of works or services performed or provided by the Processor;
- representative of the partner, supplier — an individual whose personal data has been transferred to the Processor and:
- a member of the management bodies of the partner, supplier;
- who is the owner, founder, shareholder or participant of a partner, supplier;
- acting on behalf of a partner, supplier on the basis of a power of attorney or by virtue of work obligations;
- retail customer is an individual who has concluded an agreement with the Processor for the purchase of goods or products, receipt of works or services performed or provided by the Processor, including receipt of services by joining the terms of a public agreement, and whose personal data has been transferred to the Processor;
- the counterparty of the Processor is a party to the contract with the Processor;
- publicly available personal data is personal data that an unlimited number of people have access to on the basis of a federal law, by a personal data subject or at his request, including data that, in accordance with the law, is subject to mandatory disclosure or publication;
- biometric personal data is information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity and which is used by the Processor to establish the identity of the subject of personal data;
- special categories of personal data — personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life;
- access to personal data — familiarization of certain persons (including employees) with the personal data of subjects processed by the Processor, provided that the confidentiality of this information is maintained;
- confidentiality of personal data is the obligation of persons who have access to personal data not to disclose to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.
3. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, pursuant to which and in accordance with which the Processor processes personal data, including:
The Constitution of the Kyrgyz Republic;
The Labor Code of the Kyrgyz Republic;
The Law of the Kyrgyz Republic dated July 19, 2017 No. 127 "On Electronic Management";
Law of the Kyrgyz Republic No. 136 dated July 14, 2014 "On Biometric Registration of Citizens of the Kyrgyz Republic";
Law of the Kyrgyz Republic No. 58 dated April 14, 2008 "On Personal information";
Resolution of the Cabinet of Ministers of the Kyrgyz Republic dated November 18, 2022 No. 638 "On approval of the Procedure for Registration of holders (holders) of personal data Arrays, Personal Data Arrays and Lists of personal Data in the Register of Holders (Holders) of personal Data Arrays, as well as its maintenance and publication";
Resolution of the Government of the Kyrgyz Republic dated November 21, 2017 No. 759 "On approval of the procedure for obtaining the consent of a personal data subject to the collection and processing of his personal data, the procedure and form of notification of personal data subjects on the transfer of their personal data to a third party";
Resolution of the Government of the Kyrgyz Republic dated November 21, 2017 No. 760 "On approval of requirements for ensuring the security and protection of personal data during their processing in personal data information systems, the implementation of which ensures the established levels of personal data security".
3.2. In order to implement the provisions of the Policy, the Processor develops relevant local regulations and other documents, including including:
The Regulation on the processing and protection of personal data from the Processor;
local regulations and documents (orders, instructions, journals, notifications, etc.) that regulate and reflect the issues of processing and ensuring the security of personal data for the Processor.
4. PURPOSES OF PERSONAL DATA PROCESSING
4.1. The Processor sets as its most important goal and condition for the implementation of its activities the observance of human and civil rights and freedoms in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.
4.2. The Processor uses the data provided by the User for the purposes of:
4.2.1. registration and identification of the User on the Site, providing the User with the opportunity to fully use the Site;
4.2.2. further communication on the User's request, including by third parties – partners of the Processor to fulfill obligations under the User's request, consulting on the provision of services by the Company;
4.2.3. creating an account and providing access to your account/ account on partner sites;
4.2.4. sending informational messages;
4.2.5. advertising, promotion of goods, works (services), including on the basis of information received about the User's personal preferences and settings;
4.2.6. evaluation and analysis of the work of the Handler's Website;
4.2.7. analytics of the effectiveness of advertising, statistical research based on depersonalized information provided by the User;
4.2.8. informing the User about promotions, discounts and special offers through e-mail newsletters, telephone communication;
4.2.9. conducting marketing research, including with the involvement of third parties as a contractor (contractor, consultant)
5. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING
5.1. The processing of personal data of Users is carried out using databases on the territory of the Kyrgyz Republic;
5.2. The processing of personal data is carried out both with the use of automated means and without their use;
5.3. The Processor undertakes not to transfer the information received from the User to third parties, except in cases specifically specified in this Policy;
5.4. The transfer of personal data of Users to third parties - partners of the Processor, if necessary, is carried out on the basis of the consent of Users in order to fulfill obligations to Users;
5.5. The Processor, if necessary, transfers Users' personal data to third parties - partners of the Company, these persons undertake to keep confidential, not disclose or distribute personal data without the User's consent, unless otherwise provided by applicable law and/or this Policy;
5.6. The storage of personal data of Users is carried out on electronic media, and for the purposes of fulfilling obligations to Users can be carried out on tangible media after the extraction of personal data;
5.7. The storage of personal data is carried out within the period objectively necessary for the fulfillment of obligations to Users, and is determined by the following events (depending on which event occurs earlier):
5.7.1. until the User deletes personal data through the personal account;
5.7.2. until the moment of destruction of personal data by the Company in connection with the receipt of a request from the User for the destruction of personal data or revocation of consent to their processing;
5.7.3. until the expiration of the User's consent.
5.8. The Processor has the right to store the User's personal data, except in cases of receiving a request for data destruction or revocation of consent to data processing, in an impersonal form after fulfilling obligations to the User for the purposes specified in clause 2.2.7. of this Policy.
5.9. If it is necessary to transfer Users' personal data to third parties – partners of the Processor in cases expressly provided for by the Policy, such transfer is carried out in compliance with the following conditions:
5.9.1. the third party – partner of the Processor ensures the confidentiality of personal data during their processing and use and undertakes not to disclose the data to other persons, as well as not to distribute Users' personal data without their consent;
5.9.2. the third party partner of the Processor guarantees compliance with the following measures to ensure the security of personal data during their processing: the use of information protection tools; detection and fixation of unauthorized access to personal data and taking measures to restore personal data; restriction of access to personal data; control and evaluation of the effectiveness of measures applied to ensure the security of personal data, other measures provided for by law;
5.9.3. the third party partner of the Processor is prohibited from transferring and distributing personal data of Users.
5.10. It is not considered a violation of the obligations provided for in this Policy, the transfer of information in accordance with the reasonable and applicable requirements of the legislation of the Kyrgyz Republic, as well as the provision of information by the Processor to partners acting on the basis of an agreement with the Processor to fulfill obligations to the User; the transfer of User data by the Processor to third parties in an impersonal form for the purpose of evaluating and analyzing the operation of the Processor's Website, providing personal recommendations, displaying advertisements based on personal preferences and User settings, as well as conducting marketing, analytical and/or statistical research.
5.11. The Processor has the right to use the "cookies" technology. Cookies do not contain confidential information. Cookies are used to remember User preferences and settings, as well as to collect analytical data about Site visits. Using the Site means that the User agrees to the use of all cookies and analytical data on Site visits, as well as their transfer to third parties.
5.12. The User has the right to receive information from the Processor regarding the processing of his personal data. The Company provides the User or his representative with the opportunity to familiarize themselves with personal data related to the User free of charge.
5.13. In case of detection of incompleteness, inaccuracy or irrelevance of information, the Processor, based on the User's information, makes the necessary changes to the User's personal data within a period not exceeding 7 (seven) business days and notifies the User of the changes made.
5.14. If the User or his representative provides the Processor with confirmation of the fact of illegal receipt or processing of his personal data, as well as the fact that actions with his personal data do not correspond to the purposes of processing, the Processor undertakes to destroy such personal data of the User within a period not exceeding 7 (seven) working days and notify the User of the measures taken.
SUBJECTS OF PERSONAL DATA
6.1. The Processor processes the following categories of personal data subjects:
individuals who are applicants for vacant positions — with the consent of the personal data subjects, in the composition and within the time necessary for the Processor to make a decision on admission or refusal to apply for a job, as well as for the formation of a personnel reserve;
individuals who are members of the Processor's management bodies — with the consent of the subjects of personal data, in the composition and within the time limits necessary to achieve the goals stipulated by law KR goals for the implementation and fulfillment of the tasks assigned by the legislation KR for the Handler of functions, powers and responsibilities;
individuals who are in an employment relationship with the Processor, with its subsidiaries — in the composition and within the time limits necessary to achieve the goals stipulated by law KR goals for the implementation and fulfillment of the tasks assigned by the legislation KR for the Processor of functions, powers and duties, for the formation of a personnel reserve, as well as for the conclusion and execution of a contract to which the personal data subject is a party or beneficiary or guarantor, including for the purpose of providing insurance;
individuals who perform works, provide services and (or) supply goods and have concluded a civil contract with the Processor;
foreign employees of the Handler (hereinafter referred to as "expats") — with the consent of the subjects of personal data, in the composition and within the time limits necessary to achieve the goals provided for by law KR goals for the implementation and fulfillment of the tasks assigned by the legislation KR for the Handler of functions, powers and duties, to assist expats in issuing invitations, visas and for migration registration, obtaining a work permit, a patent, for forming a personnel reserve, as well as for concluding and executing a contract to which the personal data subject is a party, or beneficiary or guarantor, including, and for the purpose of providing insurance;
relatives of the Handler's expats — with the consent of the subjects of personal data, in the composition and within the time limits necessary to achieve the goals provided for by law KR of the goals, implementation and fulfillment of the tasks assigned by the legislation To assign functions, powers and duties to the Processor, to assist in the registration of invitations, visas and for migration registration, the exercise of the rights and legitimate interests of the Processor, as well as for the conclusion and execution of an agreement to which the personal data subject is a party, or beneficiary or guarantor, including for the purpose of providing insurance;
individuals who are representatives of existing and potential suppliers of the Processor — with the consent of the subjects of personal data, in the composition and within the time necessary for interaction with suppliers;
individuals who are dependent on the Handler's employee;
individuals who receive income from the Processor, but are not in an employment relationship with him — in the composition and within the time necessary for the implementation and fulfillment of the obligations imposed by law KR for the Handler of functions, powers and responsibilities;
individuals who are representatives of partners — with the consent of the subjects of personal data, in the composition and within the time necessary for interaction with partners;
individuals whose personal data have been made publicly available by them, and their processing does not violate their rights and meets the requirements established by the Legislation on Personal Data;
individuals who have expressed consent to the processing of their personal data by the Processor or individuals whose personal data processing is necessary for the Processor to achieve the goals provided for by an international agreement of the Kyrgyz Republic or legislation, to exercise and fulfill the powers and duties assigned by the legislation of the Kyrgyz Republic to the Processor.
7. RIGHTS AND OBLIGATIONS OF THE PROCESSOR AND SUBJECTS OF PERSONAL DATA
7.1. The subject of personal data has the right to:
to receive information concerning the processing of his personal data in the manner, form and time limits established by the Legislation on Personal Data;
to demand clarification of their personal data, their blocking or destruction if they are incomplete, outdated, inaccurate, unreliable, illegally obtained or are not necessary for the stated purpose of processing, as well as if they are used for purposes not previously stated when providing consent to the processing of personal data;
revoke your consent to the processing of personal data;
take legal measures to protect their rights and legitimate interests;
to receive, in order to exercise their rights and legitimate interests, information from the Processor concerning the processing of their personal data, when contacting the Processor and when sending a request personally or with the help of a representative, with mandatory indication in such a request of the necessary information provided for by the Law of the Kyrgyz Republic dated April 14, 2008 No. 58 "On Personal Information", requirements The Constitution of the Kyrgyz Republic, the Labor Code of the Kyrgyz Republic, and other regulatory legal acts of the Kyrgyz Republic in the field of personal data.
7.2. The subjects whose personal data are processed by the Processor are obliged to:
provide reliable information about themselves and provide documents containing personal data, the composition of which is established by the legislation of the Kyrgyz Republic and local regulatory documents of the Processor to the extent necessary for the purpose of processing;
inform the Processor about the clarification (updating, modification) of their personal data.
7.3. The Processor has the right to:
to process the personal data of the Personal Data Subject in accordance with the stated purpose;
to require the Subject of personal data to provide reliable personal data necessary for the performance of the contract, the provision of services, the identification of the Subject of personal data, as well as in other cases provided for by the legislation of the Kyrgyz Republic;
restrict the access of the Personal Data Subject to his personal data if the access of the Personal Data Subject to his personal data violates the rights and legitimate interests of third parties, as well as in other cases provided for by the legislation of the Kyrgyz Republic;
process publicly available personal data of individuals;
for the purposes of internal information support of the Processor, create internal reference materials, which, with the written consent of the personal data subject, unless otherwise provided by the legislation of the Kyrgyz Republic, may include his surname, first name, patronymic, place of work, position, year and place of birth, address, subscriber number, e-mail address and other personal data data provided by the personal data subject;
to process personal data subject to publication or mandatory disclosure in accordance with the legislation of the Kyrgyz Republic;
to entrust the processing of personal data to another person with the consent of the personal data subject on the basis of an agreement concluded with this person.
7.4. The processor processing the personal data of the personal data subjects is obliged to:
process personal data received in accordance with the procedure established by applicable law;
to consider the appeals of the Personal Data Subject (the legal representative of the Personal Data Subject) on the issue of processing his personal data and give motivated answers;
to carry out operational and archival storage of Processor's documents containing personal data of Personal data Subjects in accordance with the requirements of the legislation of the Kyrgyz Republic.
8. FUNCTIONS OF THE PROCESSOR AND REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA
8.1. The Processor processes personal data on a lawful and fair basis in order to perform the functions, powers and duties assigned by law, exercise the rights and legitimate interests of the Processor, its employees and third parties.
8.2. The list of personal data processed by the Processor is determined in accordance with the legislation of the Kyrgyz Republic, local regulations of the Processor and taking into account the purposes of personal data processing.
8.3. The Processor receives personal data directly from the subjects of personal data, processes the personal data of the subjects with their consent, which can also be expressed by performing specific actions on the Processor's website, including, but not limited to, placing an order, registering in a personal account, subscribing to a newsletter, in accordance with this Politics
8.4. The processor transfers personal data to state bodies within their powers in accordance with the legislation of the Kyrgyz Republic.
8.5. The Processor provides access to the processed personal data only to those employees who need it in connection with the performance of their official duties and in compliance with the principles of personal responsibility.
8.6. The Processor processes personal data in compliance with confidentiality, which means the obligation not to disclose to third parties and not to distribute personal data without the consent of the Personal Data Subject, unless otherwise provided by the legislation of the Kyrgyz Republic.
8.7. The Processor ensures the confidentiality of the personal data of the Personal Data Subject on its part, on the part of its affiliates, on the part of its employees who have access to the personal data of individuals, and also ensures the use of personal data by the above-mentioned persons exclusively for purposes consistent with the law, contract or other agreement concluded with the Personal Data Subject.
8.8. The Processor processes personal data in the following ways:
non-automated processing of personal data;
automated processing of personal data with or without transmission of the received information via information and telecommunication networks;
mixed processing of personal data.
8.9. Actions for processing personal data include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.
8.10. The Processor protects the User's personal information in accordance with the requirements for the protection of such information, and is responsible for using secure methods to protect such information.
8.11. The Processor has the right to transfer the User's personal information (including organizations that record, systematize, accumulate, clarify, store, extract, directly send special offers, information about new products and promotions to the User, process requests and appeals, as well as destroy personal information) to third parties.
8.12. In order to protect the User's personal information, ensure its proper use and prevent unauthorized and/or accidental access to it, the Processor applies the necessary and sufficient technical and administrative measures. The personal information provided by the User is stored on servers with limited access located in secure premises.
8.13. The Processor does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status and intimate life.
8.14. The protection measures implemented by the Processor during the processing of personal data include:
obtaining the consent of personal data subjects to the processing of their personal data;
appointment of officials responsible for organizing the processing and ensuring the security of personal data in the departments and information systems of the Processor;
approval and execution of local regulations and other documents that establish and regulate the processing, protection and security of personal data for the Processor;
ensuring the separate storage of personal data and their material carriers containing different categories of personal data and the processing of which is carried out for different purposes;
organization of accounting of material carriers of personal data and information systems in which personal data is processed;
application of a set of measures to ensure the security of personal data to ensure the confidentiality of personal data and their protection from unlawful actions:
ensuring unrestricted access to the Policy by posting it on the official website of the Processor on the Internet information and telecommunications network;
establishing rules for access to personal data processed in the information system of the Processor, as well as ensuring registration and accounting of all actions with them;
8.15. Ensuring the security of the processed personal data is carried out by the Processor within the framework of a single integrated system of organizational, technical and legal measures to protect information, taking into account the requirements of the Legislation on personal data adopted in accordance with it regulatory legal acts.
8.16. The information security system of the Processor is continuously developing and improving based on the requirements of international and national information security standards, as well as the best international practices.
9. FINAL PROVISIONS
9.1. This Policy is a publicly available document and is subject to posting on the official website of the Processor fortyworld.com
9.2. The Policy is subject to updating in case of amendments to legislative acts and regulatory documents on the processing and protection of personal data.
9.3. Familiarization of employees with the provisions of this Policy is carried out under a personal signature.
9.4. The provisions of this Policy are binding on all employees who have access to personal data from the Processor and/or participate in the organization of the processing and security of personal data.
9.5. Responsibility for violation of the requirements of the legislation of the Kyrgyz Republic and the regulations of the Processor in the field of processing and protection of personal data is determined in accordance with the current legislation of the Kyrgyz Republic.
9.6. In order to exercise the rights and obligations of personal data subjects, it is necessary to use the address fortyworld.com
8.1. The Processor processes personal data on a lawful and fair basis in order to perform the functions, powers and duties assigned by law, exercise the rights and legitimate interests of the Processor, its employees and third parties.
8.2. The list of personal data processed by the Processor is determined in accordance with the legislation of the Kyrgyz Republic, local regulations of the Processor and taking into account the purposes of personal data processing.
8.3. The Processor receives personal data directly from the subjects of personal data, processes the personal data of the subjects with their consent, which can also be expressed by performing specific actions on the Processor's website, including, but not limited to, placing an order, registering in a personal account, subscribing to a newsletter, in accordance with this Politics
8.4. The processor transfers personal data to state bodies within their powers in accordance with the legislation of the Kyrgyz Republic.
8.5. The Processor provides access to the processed personal data only to those employees who need it in connection with the performance of their official duties and in compliance with the principles of personal responsibility.
8.6. The Processor processes personal data in compliance with confidentiality, which means the obligation not to disclose to third parties and not to distribute personal data without the consent of the Personal Data Subject, unless otherwise provided by the legislation of the Kyrgyz Republic.
8.7. The Processor ensures the confidentiality of the personal data of the Personal Data Subject on its part, on the part of its affiliates, on the part of its employees who have access to the personal data of individuals, and also ensures the use of personal data by the above-mentioned persons exclusively for purposes consistent with the law, contract or other agreement concluded with the Personal Data Subject.
8.8. The Processor processes personal data in the following ways:
non-automated processing of personal data;
automated processing of personal data with or without transmission of the received information via information and telecommunication networks;
mixed processing of personal data.
8.9. Actions for processing personal data include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.
8.10. The Processor protects the User's personal information in accordance with the requirements for the protection of such information, and is responsible for using secure methods to protect such information.
8.11. The Processor has the right to transfer the User's personal information (including organizations that record, systematize, accumulate, clarify, store, extract, directly send special offers, information about new products and promotions to the User, process requests and appeals, as well as destroy personal information) to third parties.
8.12. In order to protect the User's personal information, ensure its proper use and prevent unauthorized and/or accidental access to it, the Processor applies the necessary and sufficient technical and administrative measures. The personal information provided by the User is stored on servers with limited access located in secure premises.
8.13. The Processor does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status and intimate life.
8.14. The protection measures implemented by the Processor during the processing of personal data include:
obtaining the consent of personal data subjects to the processing of their personal data;
appointment of officials responsible for organizing the processing and ensuring the security of personal data in the departments and information systems of the Processor;
approval and execution of local regulations and other documents that establish and regulate the processing, protection and security of personal data for the Processor;
ensuring the separate storage of personal data and their material carriers containing different categories of personal data and the processing of which is carried out for different purposes;
organization of accounting of material carriers of personal data and information systems in which personal data is processed;
application of a set of measures to ensure the security of personal data to ensure the confidentiality of personal data and their protection from unlawful actions:
ensuring unrestricted access to the Policy by posting it on the official website of the Processor on the Internet information and telecommunications network;
establishing rules for access to personal data processed in the information system of the Processor, as well as ensuring registration and accounting of all actions with them;
8.15. Ensuring the security of the processed personal data is carried out by the Processor within the framework of a single integrated system of organizational, technical and legal measures to protect information, taking into account the requirements of the Legislation on personal data adopted in accordance with it regulatory legal acts.
8.16. The information security system of the Processor is continuously developing and improving based on the requirements of international and national information security standards, as well as the best international practices.
9. FINAL PROVISIONS
9.1. This Policy is a publicly available document and is subject to posting on the official website of the Processor fortyworld.com
9.2. The Policy is subject to updating in case of amendments to legislative acts and regulatory documents on the processing and protection of personal data.
9.3. Familiarization of employees with the provisions of this Policy is carried out under a personal signature.
9.4. The provisions of this Policy are binding on all employees who have access to personal data from the Processor and/or participate in the organization of the processing and security of personal data.
9.5. Responsibility for violation of the requirements of the legislation of the Kyrgyz Republic and the regulations of the Processor in the field of processing and protection of personal data is determined in accordance with the current legislation of the Kyrgyz Republic.
9.6. In order to exercise the rights and obligations of personal data subjects, it is necessary to use the address fortyworld.com
company
Catalog
©2024 FORTY
contacts