Login to the personal account
Privacy Policy of FFIN Payments LLP
This Privacy Policy (hereinafter — the “Policy”) applies to all information, including personal data as defined by applicable law, which FFIN Payments LLP (hereinafter — the “Organization”) and/or its affiliated entities may obtain about you in the course of your use of any websites, applications, products, and/or services of the Organization’s partners, as well as in the performance of any agreements or contracts concluded with you in connection with the use of partner services. The Organization may also receive personal information from its partners through websites, applications, products, or services that you use. In applicable cases, the transfer of personal information shall be carried out only in circumstances permitted by the applicable legislation and shall be based on contracts concluded between the Organization and each respective Partner.
Legal Basis and Guidance
This Policy has been prepared in accordance with the requirements of:
- The Law of the Republic of Kazakhstan dated 21 May 2013 No. 94-V “On Personal Data and Their Protection”;
- The Law of the Republic of Kazakhstan dated 28 August 2009 No. 191-IV “On Counteracting the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism”;
- The Order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan dated 21 October 2020 No. 395/NK “On the Approval of the Rules for the Collection and Processing of Personal Data” (as amended and supplemented on 6 May 2023);
The Organization is authorized to collect and process Data associated with the collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, transfer (distribution, provision, access), adjustment, combination, anonymization, blocking, deletion, scoring, destruction, and protection of such Data.
Based on the foregoing, the Organization recognizes as Data all information provided by users of the Organization’s services when using the Organization’s Services or obtained automatically, as well as the consents of such Users, including with respect to third parties, for the purpose of enabling the Organization to provide its own services, as well as the services of its partners and governmental authorities (hereinafter — the “Services”).
- The Law of the Republic of Kazakhstan dated 21 May 2013 No. 94-V “On Personal Data and Their Protection”;
- The Law of the Republic of Kazakhstan dated 28 August 2009 No. 191-IV “On Counteracting the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism”;
- The Order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan dated 21 October 2020 No. 395/NK “On the Approval of the Rules for the Collection and Processing of Personal Data” (as amended and supplemented on 6 May 2023);
The Organization is authorized to collect and process Data associated with the collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, transfer (distribution, provision, access), adjustment, combination, anonymization, blocking, deletion, scoring, destruction, and protection of such Data.
Based on the foregoing, the Organization recognizes as Data all information provided by users of the Organization’s services when using the Organization’s Services or obtained automatically, as well as the consents of such Users, including with respect to third parties, for the purpose of enabling the Organization to provide its own services, as well as the services of its partners and governmental authorities (hereinafter — the “Services”).
What Data the Organization Collects
User Data — means personal data collected from the User with their consent, in accordance with the Consent Form provided in Annex No. 1 to this Policy:
Personal information collected during the operation of websites and/or the provision of Partner services, as well as during the use of websites, applications, products, or services of the Organization’s Partners, may vary depending on whether you access such resources using your user account or without authentication.
In cases where you log into your account, the personal information collected about you by the Organization and/or by the Partner services during your use of their websites and services may be matched and combined with other personal information previously collected by the Organization through your account (for example, your identity details, contact information, age, gender, etc.). The Organization and/or its Partner services do not verify the personal information you provide, except in cases explicitly stipulated by the User Agreement or the terms of use of specific services, and cannot assess its accuracy or your legal capacity to provide such personal information. Nevertheless, the Organization and its Partners assume that the personal information you provide is accurate, sufficient, and up to date, and that you will update it as necessary.
The Organization and/or its Partners may collect the following categories of personal information about you while you use the websites and Partner services:
(i) Personal information provided by you during registration (creation of an account), such as your name, phone number, address, and age;
(ii) Electronic data, including HTTP headers, IP address, cookies, web beacons / pixel tags, browser identifier information, as well as data regarding your hardware and software configuration and Wi-Fi network details;
(iii) Date and time of your access to the websites and/or Partner services;
(iv) Information about your activity during the use of websites and/or Partner services;
(v) Geolocation information;
(vi) Other information about you that is necessary for processing in accordance with the terms governing the use of specific websites or Partner services of the Organization;
(vii) Information about you that we receive from our Partners in accordance with the agreements concluded between you and the respective Partner, as well as the agreements concluded between the Organization and such Partner;
(viii) Your payment card details, other payment-related information provided by you, as well as information received from Partners or other entities participating in the processing of payment transactions carried out through Partner websites or services and/or related to the provision of paid services.
Personal information collected during the operation of websites and/or the provision of Partner services, as well as during the use of websites, applications, products, or services of the Organization’s Partners, may vary depending on whether you access such resources using your user account or without authentication.
In cases where you log into your account, the personal information collected about you by the Organization and/or by the Partner services during your use of their websites and services may be matched and combined with other personal information previously collected by the Organization through your account (for example, your identity details, contact information, age, gender, etc.). The Organization and/or its Partner services do not verify the personal information you provide, except in cases explicitly stipulated by the User Agreement or the terms of use of specific services, and cannot assess its accuracy or your legal capacity to provide such personal information. Nevertheless, the Organization and its Partners assume that the personal information you provide is accurate, sufficient, and up to date, and that you will update it as necessary.
The Organization and/or its Partners may collect the following categories of personal information about you while you use the websites and Partner services:
(i) Personal information provided by you during registration (creation of an account), such as your name, phone number, address, and age;
(ii) Electronic data, including HTTP headers, IP address, cookies, web beacons / pixel tags, browser identifier information, as well as data regarding your hardware and software configuration and Wi-Fi network details;
(iii) Date and time of your access to the websites and/or Partner services;
(iv) Information about your activity during the use of websites and/or Partner services;
(v) Geolocation information;
(vi) Other information about you that is necessary for processing in accordance with the terms governing the use of specific websites or Partner services of the Organization;
(vii) Information about you that we receive from our Partners in accordance with the agreements concluded between you and the respective Partner, as well as the agreements concluded between the Organization and such Partner;
(viii) Your payment card details, other payment-related information provided by you, as well as information received from Partners or other entities participating in the processing of payment transactions carried out through Partner websites or services and/or related to the provision of paid services.
How the Organization Will Use the Data
The Organization collects and processes Data for the following purposes:
- To provide personalized Services in accordance with agreements concluded between the Enterprise and the Organization and/or with third parties, accessible through the Organization’s Services;
- To identify, authenticate, and authorize the Enterprise and Users within the framework of agreements, and to ensure security, including the security of financial transactions;
- To provide services through access to the Organization’s digital platforms and systems;
- To send, via email, SMS messages, and/or notifications through the Organization’s Services, special offers regarding other products and services, including those belonging to third parties, which, in the Organization’s opinion, may be of interest to the Enterprise or Users; or to send messages related to the use of the Organization’s Services, provision of services, processing of User requests, or verification of Data provided by the User and/or third parties for the purpose of rendering Services;
With the consent of the Enterprise and Users, the Organization may transfer Data to its Partners so that they can offer their own products and services to the Enterprise and Users.
The Organization also processes Data in order to comply with and fulfill legal requirements, including the Organization’s obligations to governmental authorities, handling of claims and debt recovery, participation in legal proceedings, prevention of fraud or misuse of the Services, and ensuring the security and integrity of Data.
- To provide personalized Services in accordance with agreements concluded between the Enterprise and the Organization and/or with third parties, accessible through the Organization’s Services;
- To identify, authenticate, and authorize the Enterprise and Users within the framework of agreements, and to ensure security, including the security of financial transactions;
- To provide services through access to the Organization’s digital platforms and systems;
- To send, via email, SMS messages, and/or notifications through the Organization’s Services, special offers regarding other products and services, including those belonging to third parties, which, in the Organization’s opinion, may be of interest to the Enterprise or Users; or to send messages related to the use of the Organization’s Services, provision of services, processing of User requests, or verification of Data provided by the User and/or third parties for the purpose of rendering Services;
With the consent of the Enterprise and Users, the Organization may transfer Data to its Partners so that they can offer their own products and services to the Enterprise and Users.
The Organization also processes Data in order to comply with and fulfill legal requirements, including the Organization’s obligations to governmental authorities, handling of claims and debt recovery, participation in legal proceedings, prevention of fraud or misuse of the Services, and ensuring the security and integrity of Data.
Data Retention Period
The Organization retains Data for a period corresponding to the type of Data and the purpose of its processing, as required to fulfill contractual obligations for the provision of Services and to achieve the purposes for which the Data were collected. In any case, Data shall be retained for no less than five (5) years, in accordance with Article 11 of the Law of the Republic of Kazakhstan dated 28 August 2009 No. 191-IV “On Counteracting the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism.”
Cross-Border Data Transfer
The Organization complies with all applicable legal requirements governing cross-border transfer of Data, thereby ensuring protection of Data regardless of its location. The Organization uses secure cloud technologies and data storage systems, regardless of their physical location — including those located outside the Republic of Kazakhstan or in other jurisdictions — while ensuring a high level of service reliability, data integrity, and protection against unlawful access or interference.
Data Protection Rights
The Organization retains Data in accordance with this Policy for as long as necessary to achieve the purposes for which such Data were collected and processed, and/or as required to comply with the legislation of the Republic of Kazakhstan and other jurisdictions in which the Organization conducts its business activities.
The Organization strives to ensure that the Enterprise and Users are fully aware of all their rights to Data protection. Each User has the following rights:
The Organization strives to ensure that the Enterprise and Users are fully aware of all their rights to Data protection. Each User has the following rights:
- the right to access the Data;
- the right to correct the Data;
- the right to delete the Data;
- the right to restrict the processing of the Data;
- the right to be provided with a copy of the Data;
- the right to object to the processing of the Data;
- the right to data portability
What Are Cookies
Cookies are text files placed on your device to collect information about your visits to web resources. When you access the Organization’s Services, the Organization may automatically collect certain information about the Users of the Enterprise through cookies or similar technologies.
How the Organization Uses Cookies
The Organization uses cookies in various ways to improve the operation of the Organization’s Services, including:
- maintaining authorization;
- determining how the Organization’s Services are used;
- offering services and products that may be of interest;
- etc.
- maintaining authorization;
- determining how the Organization’s Services are used;
- offering services and products that may be of interest;
- etc.
Privacy Policy of Partner Services
The Organization’s Services may contain links to other resources. The Privacy Policy applies only to the Organization’s Services, therefore, if Users click on a link to another service, Users should read the privacy policy of those resources.
Annex No. 1
To the Privacy Policy of FFIN
Payments LLP
Consent to the Collection and
Processing of Personal Data in the
Provision of Payment Services by
FFIN Payments LLP
To the Privacy Policy of FFIN
Payments LLP
Consent to the Collection and
Processing of Personal Data in the
Provision of Payment Services by
FFIN Payments LLP
CONSENT TO THE COLLECTION AND PROCESSING OF DATA
FFIN Payments Limited Liability Partnership
FFIN Payments Limited Liability Partnership
Hereby, in accordance with the requirements of the Law of the Republic of Kazakhstan dated 21 May 2013 No. 94-V “On Personal Data and Their Protection” and, where applicable, the legislation of the Astana International Financial Centre (hereinafter – the AIFC) in the field of data protection, as well as the regulatory legal acts adopted in accordance therewith (hereinafter – the Applicable Legislation), I give my consent to:
The collection and processing of Data (as defined in Section B of this Consent) by means of:
i. The Subject’s personal data may not be disseminated by the Operator and/or Third Parties in publicly accessible sources, except in cases where the Operator has received the Subject’s corresponding written consent to perform such actions.
ii. This Consent is granted for the entire period of the Operator’s activity or until the time when an updated consent is issued and communicated to the Subject.
The collection and processing of Data (as defined in Section B of this Consent) by means of:
- registration and/or authorization of the Subject on the Operator’s website (in a mobile application) or in another electronic resource of the Operator;
- signing of the Consent on an electronic medium in any way, by means of an electronic digital signature, signing through the use of a one-time password sent by the Operator or its agent to the Subject’s mobile phone number via SMS message or in a web or other software application through a push notification;
- visiting the Operator’s electronic resources, including by accepting Cookies or other policies, protocols, software and hardware tools that may record the Subject’s data;
- using the Operator’s products or services.
- The transfer of Data, including but not limited to personal data, data constituting banking secrecy, insurance secrecy, commercial secrecy in the securities market, and other legally protected confidential information, to the Operator’s affiliates, the Operator’s agents, and any other third parties (hereinafter collectively referred to as “Third Parties”), when the provision of Data is required in accordance with the requirements of applicable legislation, for the purpose of providing by the Operator or Third Parties products and services to the Subject, or for the performance of obligations under a contract between the Operator and the said Third Parties. The Subject agrees that the Data may be included in the databases of the Operator or Third Parties, where the personal data of the Subject may subsequently be processed without any participation of the Operator, provided that the Operator undertakes to require Third Parties to ensure the confidentiality of the transferred Data;
- The cross-border transfer by the Operator of Data outside the territory of the Republic of Kazakhstan and the territory of the AIFC to the territory of other states in cases where it is necessary for the purposes of the collection and processing of Data as declared in this Consent. The Subject agrees that the countries to which the Data may be transferred may have data storage conditions and requirements lower than those provided for by the applicable legislation of the Republic of Kazakhstan / AIFC, and that the data operators in such countries may not be able to provide adequate protection.
- In this Consent, “Data” includes, but is not limited to, information relating to an identified or identifiable Subject, recorded on an electronic medium, including, without limitation: surname, first name; phone number; email address; model of the Subject’s device and data on its operating system language type and browser and/or type of Internet connection used during the visit; data on the Subject’s location obtained through IP address; information about purchases made by the Subject on the Internet and other metadata for analytics (cookies, etc.); content posted or viewed by the Subject on the Internet; changes in user status and duration of visit.
- The Subject’s Data are collected and processed for the following purposes (the list is not exhaustive): carrying out the activities of the Operator and Third Parties for the provision of financial services, marketing and advertising activities, research, promotional campaigns, providing (sending) to the Subject any informational materials, including information about products and/or services and/or offers of the Operator and Third Parties, as well as other notifications via telephone, facsimile, and other means of communication, including open communication channels (such as SMS messages, e-mail, push notifications, voice messages, remote access systems, social networks, etc.); for payments using QR codes or barcodes; for selecting the payment recipient or service from the contacts of the phone book; for displaying the Subject’s avatar/photo in the mobile application of the Operator and/or Third Parties; for receiving and providing the Subject’s digital documents to/from digital document services; for voice communication with representatives of the Operator/Third Parties; for the delivery of goods and provision of services to the Subject; for conducting inspections by the Operator/Third Party related to compliance with anti-money laundering and counter-terrorism financing requirements; for protecting the Operator’s clients from fraudulent actions of Subjects.
i. The Subject’s personal data may not be disseminated by the Operator and/or Third Parties in publicly accessible sources, except in cases where the Operator has received the Subject’s corresponding written consent to perform such actions.
ii. This Consent is granted for the entire period of the Operator’s activity or until the time when an updated consent is issued and communicated to the Subject.
Cookie files
Notification about the use of cookies
Our website, like most others, uses cookies and other similar technologies (pixel tags, etc.) to provide services that best suit your interests and needs, and to collect statistical and marketing information to analyse and improve our services and websites.
By using this site, you consent to the use of cookies and other similar technologies in accordance with this Notice.
If you do not agree to us using this type of cookie, you must adjust your browser settings accordingly or not use our website.
Please note that if you block or delete cookies, we cannot guarantee that our website will work correctly on your browser.
Cookies that are stored through the website do not contain information that can be used to identify you.
What is a cookie and other similar technologies
A cookie is a small text file stored on your computer, smartphone or other device that you use to visit websites.
Some pages you visit may also collect information using pixel tags and web beacons, which are electronic images called single-pixel (1×1) or blank GIF images.
Cookies may be placed on your device by us ("own" cookies) or by other operators ("third party" cookies).
We use two types of cookies on the website: 'session cookies' and 'persistent cookies'. Session cookies are temporary cookies that remain on your device until you leave the site. A persistent cookie stays on your device for a long time or until you manually delete it (how long a cookie stays on your device will depend on the length or "lifetime" of the particular cookie and your browser settings).
Cookies come in different types:
Necessary. These files are necessary to ensure the proper operation of the site, the use of its functions. Disabling the use of such files will lead to a drop in site performance, inability to use its components and services.
Cookies related to performance, efficiency and analytics. These cookies allow us to analyse visitors' interaction with the site, optimise the content of the site, measure the effectiveness of advertising campaigns by providing information on the number of visitors to the site, the time of use, and errors that occur.
Functional cookies remember users who have already visited our site, their individual parameters (such as language and region, for example) and preferences, and help to personalise the content of the site.
Social Media Access Buttons. These are used to allow users to share a link to a social media page or bookmark an email. These buttons are links to social media websites owned by third parties, which in turn may record information about your online activity, including on our website. Please review the respective terms of use and privacy policies of such sites to understand how they use your data and how you can opt-out or delete your data.
Third Party Web Services. We sometimes use third-party web services on this website. For example, to display certain elements (images, videos, presentations, etc.), to organise surveys, etc. As with social media buttons, we cannot prevent these sites or external domains from collecting information about how you use the content on the site.
How do I manage cookies?
Most internet browsers are initially set to automatically accept cookies.
At any time, you can change your browser settings to block cookies or to alert you when cookies are sent to your device (refer to your specific browser's usage guide). Disabling cookies may affect your browsing experience.
If you use multiple devices and/or browsers to access the Internet, the appropriate settings must be changed in each of them.
Final Terms
At our sole discretion, we may change this Notice from time to time.
If you have any questions, we can be contacted using the contacts on our website.
We are using cookie files
