Privacy Policy of Freedom Pay LLP
Privacy Policy of Freedom Pay LLP
Freedom Pay Limited Liability Partnership (hereinafter referred to as the Organization) is part of the FRHC Group of Companies. This Privacy Policy (hereinafter referred to as the Policy) explains how the Organization uses and exchanges personal data (hereinafter referred to as Data) of individuals, sole proprietors, authorized employees of legal entities (hereinafter referred to as Users) being partners of the Company.
Our Guidelines
The Policy is drawn up in accordance with the requirements of:
- Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V "On personal data and their protection" (with amendments and additions as of May 01, 2023);
- Law of the Republic of Kazakhstan dated August 28, 2009 No. 191-IV "On combating the legalization (laundering) of money from crimes and the financing of terrorism";
- Order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan dated October 21, 2020 No. 395/NK "On approval of the Rules for the personal data collection and processing" (with amendments and additions as of May 06, 2023);
The Company instructs the Organization to collect Data related to the Data collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, transfer (distribution, provision, access), regulation, combination, depersonalization, blocking, deletion, scoring, destruction and protection.
Based on this instruction, the Organization considers all Data that was provided as by Users of services rendered by the Organization when using the Organization's Services or received automatically, as well as the consent of your Users, including about third parties, for the provision of the Organization's services, as well as the services of partners and government agencies (hereinafter referred to as Services), as Data.
Data Collected by the Organization
User Data is the following personal data collected with the User's Consent and in accordance with the Consent provided in Appendix 1 hereto:
last name, first name; telephone number; email address; the Subject's device model, language of its operating system and browser, and (or) the type of Internet connection used during the visit; data on the Subject's location obtained under IP address; information on purchases made by the Subject on the Internet and other analytical metadata (cookies, etc.); content posted by the Subject or viewed by him on the Internet; changes in user status and duration of visit.
Data Usage by the Organization
The Organization collects the Data in order to:
- offer personalized Services in accordance with the agreements concluded between the Company and the Organization, and/or third parties, available through the Organization's Services;
- identify, authenticate and authorize the Company and Users within the framework of contracts and to ensure security, including financial transactions;
- provide services through access to the Organization's Services;
- send special offers for other goods and services, including those belonging to third parties, via electronic messages, short messages and/or notifications through the Organization's Services, which the Organization believes may be of interest, or related to the use of the Organization's Services, the provision of services, as well as the processing of requests from the User, the verification of the User's Data and/or third parties' Data transferred by the User and/or third parties for the provision of Services;
The Organization will transfer Data to the Organization's partners only upon consent of the Company and Users, so that they could offer the Company and Users their products and services.
The Organization processes Data for the purpose of compliance with and execution of legal requirements, for example, to fulfill the Organization's obligations to government agencies, in connection with the consideration of claims, debt collections and legal processes, to prevent fraud, misuse of the Services, and to ensure the Data security.
Our Guidelines
The Policy is drawn up in accordance with the requirements of:
- Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V "On personal data and their protection" (with amendments and additions as of May 01, 2023);
- Law of the Republic of Kazakhstan dated August 28, 2009 No. 191-IV "On combating the legalization (laundering) of money from crimes and the financing of terrorism";
- Order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan dated October 21, 2020 No. 395/NK "On approval of the Rules for the personal data collection and processing" (with amendments and additions as of May 06, 2023);
The Company instructs the Organization to collect Data related to the Data collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, transfer (distribution, provision, access), regulation, combination, depersonalization, blocking, deletion, scoring, destruction and protection.
Based on this instruction, the Organization considers all Data that was provided as by Users of services rendered by the Organization when using the Organization's Services or received automatically, as well as the consent of your Users, including about third parties, for the provision of the Organization's services, as well as the services of partners and government agencies (hereinafter referred to as Services), as Data.
Data Collected by the Organization
User Data is the following personal data collected with the User's Consent and in accordance with the Consent provided in Appendix 1 hereto:
last name, first name; telephone number; email address; the Subject's device model, language of its operating system and browser, and (or) the type of Internet connection used during the visit; data on the Subject's location obtained under IP address; information on purchases made by the Subject on the Internet and other analytical metadata (cookies, etc.); content posted by the Subject or viewed by him on the Internet; changes in user status and duration of visit.
Data Usage by the Organization
The Organization collects the Data in order to:
- offer personalized Services in accordance with the agreements concluded between the Company and the Organization, and/or third parties, available through the Organization's Services;
- identify, authenticate and authorize the Company and Users within the framework of contracts and to ensure security, including financial transactions;
- provide services through access to the Organization's Services;
- send special offers for other goods and services, including those belonging to third parties, via electronic messages, short messages and/or notifications through the Organization's Services, which the Organization believes may be of interest, or related to the use of the Organization's Services, the provision of services, as well as the processing of requests from the User, the verification of the User's Data and/or third parties' Data transferred by the User and/or third parties for the provision of Services;
The Organization will transfer Data to the Organization's partners only upon consent of the Company and Users, so that they could offer the Company and Users their products and services.
The Organization processes Data for the purpose of compliance with and execution of legal requirements, for example, to fulfill the Organization's obligations to government agencies, in connection with the consideration of claims, debt collections and legal processes, to prevent fraud, misuse of the Services, and to ensure the Data security.
Term of Data Storage by the Organization
The Organization will store the Data during the period according to the type of Data that is necessary within the framework of contractual obligations for the provision of Services and the purposes of their processing, and in any case during 5 (five) years in accordance with Article 11 of the Law of the Republic of Kazakhstan dated August 28, 2009 No. 191-IV “On combating the legalization (laundering) of money from crimes and the financing of terrorism”.
Cross-Border Data Transfer
The organization complies with all requirements of the legislation regarding cross-border Data transfer, thereby helping to protect Data anywhere. The Organization uses the most secure cloud technologies and storages, regardless of their location, including those located outside the Republic of Kazakhstan or in another jurisdiction, ensuring high reliability of services, and Data protection against security incidents.
Right to Data Protection
The Organization stores Data in accordance with this Policy for as long as it is necessary to achieve the purposes of its collection and processing, and/or in order to comply with the requirements of the legislation of the Republic of Kazakhstan and other countries in which the Organization performs business activities.
The Organization intents to ensure that the Company and Users are fully aware of all their rights to Data protection. Each User has the following rights:
- the right to access Data;
- the right to correct Data;
- the right to delete Data;
- the right to restrict the Data processing;
- the right to provide a copy of Data;
- the right to object to the Data processing; and
- the right to transfer Data.
If the Company’s Users wish to exercise any of these rights, please contact us:
Call here: ___________
Write here: ____________
The Organization will store the Data during the period according to the type of Data that is necessary within the framework of contractual obligations for the provision of Services and the purposes of their processing, and in any case during 5 (five) years in accordance with Article 11 of the Law of the Republic of Kazakhstan dated August 28, 2009 No. 191-IV “On combating the legalization (laundering) of money from crimes and the financing of terrorism”.
Cross-Border Data Transfer
The organization complies with all requirements of the legislation regarding cross-border Data transfer, thereby helping to protect Data anywhere. The Organization uses the most secure cloud technologies and storages, regardless of their location, including those located outside the Republic of Kazakhstan or in another jurisdiction, ensuring high reliability of services, and Data protection against security incidents.
Right to Data Protection
The Organization stores Data in accordance with this Policy for as long as it is necessary to achieve the purposes of its collection and processing, and/or in order to comply with the requirements of the legislation of the Republic of Kazakhstan and other countries in which the Organization performs business activities.
The Organization intents to ensure that the Company and Users are fully aware of all their rights to Data protection. Each User has the following rights:
- the right to access Data;
- the right to correct Data;
- the right to delete Data;
- the right to restrict the Data processing;
- the right to provide a copy of Data;
- the right to object to the Data processing; and
- the right to transfer Data.
If the Company’s Users wish to exercise any of these rights, please contact us:
Call here: ___________
Write here: ____________
What are cookies?
Cookies are text files placed on a device to collect information about visiting web resources. When visiting the Organization's Services, the Organization may automatically collect information about the Company's Users by means of cookies or similar technologies.
How the Organization uses cookies?
The Organization uses cookies in various manners to improve operation of the Organization's Services, including:
- maintaining authorization;
- determining how the Organization's Services are used;
- offering services, products that will be of interest;
- etc.
Privacy Policy at Other Resources
The Organization's Services may contain links to other resources. The Privacy Policy applies only to the Organization's Services, so if Users click on a link to another service, Users should read the privacy policy of these resources.
Appendix 1
To the Privacy Policy
Freedom Pay LLP
Consent to the personal data collection and processing when providing payment services by Freedom Pay LLP.
CONSENT TO DATA COLLECTION AND PROCESSING
Freedom Pay Limited Liability Partnership
In accordance with the requirements of the Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V "On personal data and their protection" and, where applicable, the legislation of the Astana International Financial Center (hereinafter referred to as AIFC) regarding the data protection, as well as regulatory legal acts adopted in accordance therewith (hereinafter referred to as Applicable Legislation), I hereby give my consent to:
1. Data collection and processing (as defined in paragraph B of this Consent) by means of:
(a) registration and (or) authorization of the Subject on the Operator’s website (in the mobile application) or in another electronic resource of the Operator;
(b) execution of the Consent on an electronic medium in any manner, by means of an electronic digital signature, by using a one-time password sent by the Operator or its agent to the Subject's mobile phone number in a form of SMS message or in a web or other software application by means of a push notification;
(c) visiting the Operator's electronic resources, including by accepting Cookies or other policies, protocols, software and hardware that can record the Subject's data;
(d) using the Operator's products or services.
2. transfer of Data, including not limited to personal data, data constituting a banking secret, an insurance secret, a trade secret on the securities market and other secrets protected by law in favor of the Operator's affiliates, the Operator's agents, and any other third parties (hereinafter collectively referred to as "Third Parties"), when the provision of Data is required in accordance with the requirements of applicable legislation, for the purpose of providing products and services by the Operator or Third Parties to the Subject, or for the purpose of fulfilling obligations under the agreement between the Operator and the aforementioned Third Parties. The Subject agrees that the Data may be included in the databases of the Operator or Third Parties, where the personal data of the Subject may subsequently be processed without any participation of the Operator; provided that the Operator undertakes to require Third Parties to ensure the confidentiality of the Data being transferred;
3. cross-border Data transfer by the Operator outside the territory of the Republic of Kazakhstan and the territory of the AIFC to the territory of states in cases where this is necessary for the purposes of collecting and processing the Data stated herein.
The Subject agrees that the countries to which the Data may be transferred may impose Data storage conditions and requirements lower than those provided for by the applicable legislation of the Republic of Kazakhstan/AIFC and the Data operators in these countries will not be able to provide them with adequate protection.
4. In this Consent, the term "Data" includes, but is not limited to, data/information related to a specific or determinable Subject, recorded on an electronic medium, including, but is not limited to: last name, first name; telephone number; email address; Subject's device model and language of its operating system and browser, and/or the type of Internet connection used during the visit; data on the Subject's location obtained as per IP address; information on purchases made by the Subject on the Internet and other metadata for analytics (cookies, etc.); content posted by the Subject or viewed by him on the Internet; changes in user status and duration of visit.
5. The Subject's Data is collected and processed for the purpose of (the list is not exhaustive): implementing the activities of the Operator and Third Parties in providing financial services, marketing and advertising activities, research, holding promotions, providing (forwarding) to the Subject any information materials, including those about products and (or) services and (or) offers of the Operator and Third Parties, as well as other notifications by telephone, fax and other means of communication, as well as through open communication channels (including SMS messages, e-mail, push notifications, voice messages, remote access systems, social networks, etc.), as well as for payment using QR codes or barcodes, for selecting the payment recipient or service from phone book contacts, for displaying the avatar/photo of the Subject in the mobile application of the Operator and/or Third Parties, for receiving and providing digital documents of the Subject to/from digital document service(s), for voice communication with representatives of the Operator/Third Parties; for delivery of goods and provision of services to the Subject; for checking the compliance with requirements on combating the legalization(laundering) of money and financing of terrorism by the Operator/Third Party; and for protecting the Operator's clients against fraudulent actions performed by the Subjects.
i. The personal data of the Subject may not be distributed by the Operator and/or Third Parties in publicly available sources, except in cases where the Subject has given the corresponding written consent to perform these actions.
ii. This Consent is provided for the entire period of the Operator's activity or until the date, when an updated consent is issued and communicated to the Subject.
Cookies are text files placed on a device to collect information about visiting web resources. When visiting the Organization's Services, the Organization may automatically collect information about the Company's Users by means of cookies or similar technologies.
How the Organization uses cookies?
The Organization uses cookies in various manners to improve operation of the Organization's Services, including:
- maintaining authorization;
- determining how the Organization's Services are used;
- offering services, products that will be of interest;
- etc.
Privacy Policy at Other Resources
The Organization's Services may contain links to other resources. The Privacy Policy applies only to the Organization's Services, so if Users click on a link to another service, Users should read the privacy policy of these resources.
Appendix 1
To the Privacy Policy
Freedom Pay LLP
Consent to the personal data collection and processing when providing payment services by Freedom Pay LLP.
CONSENT TO DATA COLLECTION AND PROCESSING
Freedom Pay Limited Liability Partnership
In accordance with the requirements of the Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V "On personal data and their protection" and, where applicable, the legislation of the Astana International Financial Center (hereinafter referred to as AIFC) regarding the data protection, as well as regulatory legal acts adopted in accordance therewith (hereinafter referred to as Applicable Legislation), I hereby give my consent to:
1. Data collection and processing (as defined in paragraph B of this Consent) by means of:
(a) registration and (or) authorization of the Subject on the Operator’s website (in the mobile application) or in another electronic resource of the Operator;
(b) execution of the Consent on an electronic medium in any manner, by means of an electronic digital signature, by using a one-time password sent by the Operator or its agent to the Subject's mobile phone number in a form of SMS message or in a web or other software application by means of a push notification;
(c) visiting the Operator's electronic resources, including by accepting Cookies or other policies, protocols, software and hardware that can record the Subject's data;
(d) using the Operator's products or services.
2. transfer of Data, including not limited to personal data, data constituting a banking secret, an insurance secret, a trade secret on the securities market and other secrets protected by law in favor of the Operator's affiliates, the Operator's agents, and any other third parties (hereinafter collectively referred to as "Third Parties"), when the provision of Data is required in accordance with the requirements of applicable legislation, for the purpose of providing products and services by the Operator or Third Parties to the Subject, or for the purpose of fulfilling obligations under the agreement between the Operator and the aforementioned Third Parties. The Subject agrees that the Data may be included in the databases of the Operator or Third Parties, where the personal data of the Subject may subsequently be processed without any participation of the Operator; provided that the Operator undertakes to require Third Parties to ensure the confidentiality of the Data being transferred;
3. cross-border Data transfer by the Operator outside the territory of the Republic of Kazakhstan and the territory of the AIFC to the territory of states in cases where this is necessary for the purposes of collecting and processing the Data stated herein.
The Subject agrees that the countries to which the Data may be transferred may impose Data storage conditions and requirements lower than those provided for by the applicable legislation of the Republic of Kazakhstan/AIFC and the Data operators in these countries will not be able to provide them with adequate protection.
4. In this Consent, the term "Data" includes, but is not limited to, data/information related to a specific or determinable Subject, recorded on an electronic medium, including, but is not limited to: last name, first name; telephone number; email address; Subject's device model and language of its operating system and browser, and/or the type of Internet connection used during the visit; data on the Subject's location obtained as per IP address; information on purchases made by the Subject on the Internet and other metadata for analytics (cookies, etc.); content posted by the Subject or viewed by him on the Internet; changes in user status and duration of visit.
5. The Subject's Data is collected and processed for the purpose of (the list is not exhaustive): implementing the activities of the Operator and Third Parties in providing financial services, marketing and advertising activities, research, holding promotions, providing (forwarding) to the Subject any information materials, including those about products and (or) services and (or) offers of the Operator and Third Parties, as well as other notifications by telephone, fax and other means of communication, as well as through open communication channels (including SMS messages, e-mail, push notifications, voice messages, remote access systems, social networks, etc.), as well as for payment using QR codes or barcodes, for selecting the payment recipient or service from phone book contacts, for displaying the avatar/photo of the Subject in the mobile application of the Operator and/or Third Parties, for receiving and providing digital documents of the Subject to/from digital document service(s), for voice communication with representatives of the Operator/Third Parties; for delivery of goods and provision of services to the Subject; for checking the compliance with requirements on combating the legalization(laundering) of money and financing of terrorism by the Operator/Third Party; and for protecting the Operator's clients against fraudulent actions performed by the Subjects.
i. The personal data of the Subject may not be distributed by the Operator and/or Third Parties in publicly available sources, except in cases where the Subject has given the corresponding written consent to perform these actions.
ii. This Consent is provided for the entire period of the Operator's activity or until the date, when an updated consent is issued and communicated to the Subject.
Registration number of the payment organization № 02-23-153.
Kaiser Plaza, 2 floor
Настоящим, в соответствии с требованиями Закона Республики Казахстан от 21 мая 2013 года № 94-V «О персональных данных и их защите» и, где применимо, законодательства Международного финансового центра «Астана» (далее – МФЦА) в области защиты данных, а также принятых в соответствии с ними нормативных правовых актов (далее – Применимое законодательство), даю своё согласие на:
1. сбор и обработку Данных (как они определены в пункте B настоящего Согласия) путём:
(a) регистрации и (или) авторизации Субъекта на веб-сайте (в мобильном приложении) Оператора или в ином электронном ресурсе Оператора;
(b) подписания Согласия на бумажном или электронном носителе любым способом не ограничиваясь проставлением подписи (собственноручно), средствами электронной цифровой подписи, подписания путем использования одноразового (единовременного) кода (one-time password), направленного Оператором или его агентом на номер мобильного телефона Субъекта SMS-сообщением или в web или ином программном приложении путем push-уведомления;
(c) посещения офисов Оператора, в тех случаях, когда это применимо;
(d) посещения электронных ресурсов Оператора, в том числе путем приема Cookies или иных политик, протоколов, программных и аппаратных средств, которые могут фиксировать данные Субъекта;
(e) использования продуктов или сервисов Оператора.
2. передачу Данных, не ограничиваясь персональными данными, данными составляющими банковскую тайну, тайну страхования, коммерческую тайну на рынке ценных бумаг и иную охраняемую законом тайну в пользу аффилированных лиц Оператора, агентов Оператора, и любых иных третьих лиц (далее совместно – "Третьи лица"), когда предоставление Данных требуется в соответствии с требованиями применимого законодательства, в целях предоставления Оператором или Третьими лицами продуктов и услуг Субъекту, или в целях исполнения обязательств по договору между Оператором и указанными Третьими лицами. Субъект соглашается, что Данные могут включаться в базы данных Оператора или Третьих лиц, где в последующем персональные данные Субъекта могут обрабатываться без какого-либо участия Оператора; при условии, что Оператор обязуется требовать от Третьих лиц обеспечить конфиденциальность переданных Данных;
3. трансграничную передачу Оператором Данных за пределы территории Республики Казахстан и территории МФЦА на территорию государств в случаях, когда это необходимо для целей сбора и обработки Данных, заявленных в настоящем согласии.
Субъект соглашается, что страны, в которые могут передаваться Данные, могут иметь условия и требования хранения Данных ниже чем те, которые предусмотрены применимым законодательством Республики Казахстан / МФЦА и операторы Данных в этих странах не смогут обеспечить им надлежащую защиту.
A В настоящем Согласии "Данные" не должны ограничиваться сведениями / информацией, относящейся к определенному или определяемому на их основании Субъекту, зафиксированные на электронном, бумажном и (или) ином материальном носителе, в том числе, без исключения: фамилия, имя и отчество (при наличии); транскрипция имени; индивидуальный или иной идентификационный номер (если он предоставлен Субъектом Оператору); полная дата рождения; данные документа, удостоверяющего личность (если он предоставлен Субъектом Оператору) и иные документы (паспорт, вод.права, и т.п.); справки из государственных учреждений (медицинские, наркологические и др.); номер телефона; адрес электронной почты; адрес места проживания; изображение Субъекта (фотография, аватар и т.п.) (если оно предоставлено Субъектом Оператору); биометрические данные; идентификаторы (наименование учетных записей и выбираемые Субъектом идентификаторы); контакты телефонной книги (при использовании мобильных приложений Оператора/Третьих лиц); изображения с камеры устройства Субъекта; цифровые документы; звуковая запись с микрофона мобильного устройства; модель устройства Субъекта и данные о его операционной системе и браузере и (или) типе интернет-соединения; сегмент рынка, к которому относится Субъект; информация о налоговом резидентстве и налоговом идентификаторе Субъекта; записи коммуникаций с представителями службы поддержки и продаж Оператора; идентифицирующие устройство Субъекта сведения; публичные комментарии Субъекта, размещенные на сайтах в сети Интернет; данные о местонахождении Субъекта, полученные по IP-адресу и (или) по e-SIM и (или) SIM-карте и (или) по GPS (глобальная система позиционирования); информация о веб-сайтах, посещаемых Субъектом в сети Интернет; информация о покупках, совершенных Субъектом в сети Интернет и иные метаданные для аналитики (куки и т.д.); контент, размещенный Субъектом, либо просмотренный им в сети Интернет; а также публично доступная информация о Субъекте из социальных сетей; информация / данные, составляющие банковскую тайну, тайну страхования, коммерческую тайну на рынке ценных бумаг и иную охраняемую законом тайну; информация / данные, которые могут быть получены Оператором от или в отношении Субъекта.
B Данные Субъекта собираются и обрабатываются с целью (перечень не является исчерпывающим): осуществления деятельности Оператора и Третьих лиц по оказанию финансовых услуг, маркетинговых и рекламных активностей, исследований, проведения акций, предоставления (пересылки) Субъекту любых информационных материалов, в том числе о продуктах и (или) услугах и (или) предложениях Оператора и Третьих лиц, а также иных уведомлений посредством телефонной, факсимильной и иных видов связи, а также по открытым каналам связи (в том числе SMS-сообщения, e-mail, push-уведомления, голосовые сообщения, системы удаленного доступа, социальные сети и т.п.), а также для оплаты с использованием QR-кодов или штрих кодов, для выбора получателя платежа или услуги из контактов телефонной книги, для отображения аватара/фото Субъекта в мобильном приложении Оператора и/или Третьих лиц, для получения и предоставления цифровых документов Субъекта в/из сервисы (-ов) цифровых документов, для голосового общения с представителями Оператора/Третьих лиц; для доставки товаров и оказания услуг Субъекту; для проведения проверок Оператором/Третьим лицом, связанных с исполнением требований по противодействию легализации (отмыванию) доходов и финансирования терроризма; для защиты клиентов Оператора от мошеннических действий Субъектов.
C Персональные данные Субъекта не могут распространяться Оператором и (или) Третьими лицами в общедоступных источниках, за исключением случаев, когда от Субъекта получено соответствующее письменное согласие на совершение этих действий.
D Настоящее Согласие предоставляется на весь период деятельности Оператора или до срока, когда будет выпущено обновленное согласие с донесением до Субьекта.