Contact support:
Log in Free Trial
Contact support
Free Trial Log in
Select country or language
COUNTRY KZ Казахстан (русский) RU Россия (русский)
LANGUAGE English (global)

    Choose an integrator for automation

    Chatbot scripts

    Partner program for integrators

    ← Все документы

    Personal data processing policy

    Personal Data Processing Policy

    1. Purpose and Scope

    1.1. This document (hereinafter referred to as the Policy) defines the goals and general principles of personal data processing, as well as the implemented measures to protect the rights of personal data subjects in the ChatApp Limited Liability Partnership (hereinafter referred to as ChatApp LLP).

    1.2. The policy applies to all personnel of ChatApp LLP (including employees under employment contracts and persons who have entered into other legal contracts) and all structural units (if any).

    1.3. The requirements of the Policy are also taken into account and imposed on other persons if it is necessary for them to participate in the processes of processing of personal data by ChatApp LLP, for example, in cases of transfer of personal data by ChatApp LLP to contractors, partners and other counterparties in accordance with the established procedure on the basis of instructions for processing personal data, other agreements and contracts.

    2. Compliance with Applicable Law

    2.1. The policy was developed mainly on the basis of the legislation of the Republic of Kazakhstan in view of the legal registration of ChatApp LLP in the Republic of Kazakhstan (hereinafter — RK). The Policy uses terms and definitions in accordance with their meanings, as defined by the Law of the Republic of Kazakhstan "On Personal Data and Their Protection." ChatApp LLP processes personal data taking into account the requirements of the above Law and other legal acts in the field of personal data protection.

    2.2. The Policy, if possible, also takes into account the provisions of other legislation applicable to the activities of ChatApp LLP in the field of personal data processing, for example, General Data Protection Regulation — General Regulation on the Protection of Personal Data, approved by decree of the European Parliament and the Council of the European Union 27.04.2016 (hereinafter — GDPR), or the legislation of individual countries in the part that does not contradict the Law of the Republic of Kazakhstan "On Personal Data and their Protection."

    2.3. In some cases of personal data processing, in order to resolve possible contradictions between various laws of individual states, the procedure and principles of personal data processing in ChatApp LLP may, in addition to the Policy, be regulated and detailed in special sections of documents of ChatApp LLP (for example: contracts, agreements, etc.) related to such individual cases and playing the role of data processing agreements (hereinafter referred to as DPA) in GDPR terminology for such cases.

    3. Principles of Personal Data Processing

    3.1. Processing of personal data is carried out by ChatApp LLP on a legal and fair basis in accordance with the legislation in the field of personal data protection.

    3.2. The content and volume of personal data processed are determined based on the purposes of processing. Personal data that is redundant or inconsistent with the following primary objectives are not processed:

    3.2.1. entering into labor relations with individuals, selection of personnel;

    3.2.2. conclusion, extension of contractual relations;

    3.2.3. identification of parties to contracts, agreements, transactions;

    3.2.4. fulfillment of contractual obligations, including the provision of services, performance of work, granting rights to use software products of ChatApp LLP, supply of goods;

    3.2.5. use by legal entities and individuals of Internet resources and other information resources of ChatApp LLP in accordance with their rules of use, license agreements;

    3.2.6. registration, identification and personalization of users of Internet resources, applications and other information resources; providing access to resources and features available only to registered users; improving the convenience of users, improving software products, improving the quality of services provided and work performed by ChatApp LLP;

    3.2.7. communication with individuals and legal entities to send them notifications, responses to requests, mailings and informational messages, as well as marketing messages to promote software products, goods, works and services of ChatApp LLP and partner organizations;

    3.2.8. implementation of activities to provide additional education;

    3.2.9. participation of individuals in referral, bonus programs, loyalty programs of ChatApp LLP and partner organizations;

    3.2.10. protection of legitimate interests of ChatApp LLP, their partners and clients; countering illegal or unauthorized actions, fraud when using software products, goods, works and services of ChatApp LLP, ensuring information security;

    3.2.11. organization of conferences, seminars, webinars, other public events in the interests of ChatApp LLP, partner organizations, professional communities;

    3.2.12. passing by individuals internships, practices in ChatApp LLP, training in partner educational institutions;

    3.2.13. conducting research on the activities of ChatApp LLP, the use of software products, goods, works and services of ChatApp LLP to develop new software products, expand the range of services provided, works performed, goods, quality control;

    3.2.14. collection, processing of analytical and statistical data on the subject of the activities of ChatApp LLP, the use of information resources, software products, goods, works and services of ChatApp LLP;

    3.2.15. compliance with other legislation applicable to the activities of ChatApp LLP, including international or legislation of the countries in respect of which ChatApp LLP operates.

    3.3. The main categories of personal data subjects whose data is processed in ChatApp LLP include:

    3.3.1. visitors and users of Internet resources, applications and information resources of ChatApp LLP;

    3.3.2. individuals who are or have been in labor and civil law relations with ChatApp LLP, their closest relatives, references, as well as persons intending to enter into such relations, for example, candidates for filling vacant positions;

    3.3.3. individuals who are or have been in labor and civil relations with counterparties of ChatApp LLP, as well as persons who intend to enter into such relations;

    3.3.4. individuals taking part in ChatApp internships, practices from educational institutions;

    3.3.5. individuals indicated in various state registers, databases, public and other sources that are obtained legally and used in the provision of services and products of ChatApp LLP as data sources;

    3.3.6. individuals who applied to ChatApp LLP with requests, messages, statements, complaints, suggestions using contact information or feedback collection tools;

    3.3.7. individuals participating in interviews, surveys, analytical and marketing research on the activities of ChatApp LLP;

    3.3.8. participants of events organized by ChatApp LLP or partner organizations.

    3.4. For these categories of subjects may be processed according to the purposes of processing:

    3.4.1. personal information (surname, first name, patronymic, including former ones; gender; year, month, date of birth; age; place of birth; nationality; citizenship);

    3.4.2. contact information (mailing address, phone numbers, e-mail addresses, pseudonyms, identifiers in social networks and communication services); addresses of registration and actual residence;

    3.4.3. information on identity documents; driver's license; information on vehicles; information on the individual identification number in the state database of individuals;

    3.4.4. professional activity (place of work; position; structural subdivision; personnel number; seniority; participation in legal entities; authority);

    3.4.5. skills and qualifications (received education; profession; assigned specialties; proficiency in foreign languages; completed training courses, internships and practices);

    3.4.6. family information (marital status; family composition; legal representatives, next of kin);

    3.4.7. information on contracts and agreements, their statuses; information on participation in partner and bonus programs; referral promotional codes; information about the products and services used;

    3.4.8. recommendations and feedback; information on personnel assessment;

    3.4.9. financial condition; payment details; income; information on tax and other deductions; information on accruals and deductions of funds, remuneration in another form; information on purchases, orders of goods and services; payment information;

    3.4.10. information on the presence in individual state registers, databases and lists;

    3.4.11. information on military registration; information on migration accounting;

    3.4.12. photo and video images; voice information (voice recording);

    3.4.13. electronic user data (user IDs, network addresses, cookies, device IDs, screen sizes and resolutions, information about hardware and software, for example, browsers, operating system, installed applications, geolocation, language settings, time zone, time and statistics of use of applications and information resources of ChatApp LLP, user actions in services, sources of transitions to pages of an Internet resource, sent search and other requests, user-created content);

    3.4.14. hobbies and interests; personal interests; tastes and preferences; subscriptions to mailings;

    3.4.15. state of health; information on disability, incapacity for work;

    3.4.16. information on incentives, awards, penalties and prosecution;

    3.4.17. other information provided for by standard forms, established procedure and purposes of processing.

    3.5. Actions with personal data include: collecting; recording; systematization; accumulation; storage; clarification (update, change); extraction; use; transfer (distribution, provision, access); depersonalization; blocking; removal, destruction.

    3.6. When processing, the accuracy of personal data, their sufficiency and relevance in relation to the purposes of processing personal data are ensured. If inaccurate or incomplete personal data are found, they can be clarified and updated. In cases where the updating of personal data is outside the area of responsibility of ChatApp LLP, processing may be suspended until the moment of updating. Obligations and responsibility for timely updating of personal data for individual cases of processing may be established by agreements or internal acts of ChatApp LLP.

    3.7. Processing and storage of personal data is carried out no longer than the purpose of processing personal data requires, if there are no legal grounds for further processing, for example, if the Law "On Personal Data and Their Protection" or the agreement with the personal data subject does not establish an appropriate storage period.

    3.8. The processed personal data shall be subject to destruction or depersonalization upon the occurrence of the following conditions:

    3.8.1. achieving the goals of personal data processing or maximum shelf life;

    3.8.2. loss of the need to achieve the goals of personal data processing;

    3.8.3. providing the personal data subject or his legal representative with confirmation that the personal data are illegally obtained or are not necessary for the stated purpose of processing;

    3.8.4. impossibility to ensure the lawfulness of personal data processing;

    3.8.5. withdrawal by the personal data subject of consent to the processing of personal data, if the preservation of personal data is no longer required for the purposes of processing personal data.

    3.9. ChatApp LLP has the right to transfer personal data without the user's consent, only to persons and within their competence directly provided for by the Law of the Republic of Kazakhstan "On Personal Data and Their Protection."

    3.10. ChatApp LLP has the right to transfer personal data to third parties without their consent in the following cases:

    3.10.1. the user himself openly expressed his consent to such actions;

    3.10.2. transfer is necessary as part of the user's use of ChatApp LLP products and (or) the provision of ChatApp LLP services to the user.

    4. Subcontracting and Subcontracting

    4.1. ChatApp LLP, in addition to acting as a personal data operator, may act as a person who processes personal data on behalf of other personal data operators on the basis of contracts and other agreements. Such cases include, for example, the following:

    4.1.1. granting the clients of ChatApp LLP rights to use software products;

    4.1.2. provision of services related to data collection and processing to ChatApp LLP clients;

    4.1.3. joint processing with third-party organizations within the partnership of ChatApp LLP.

    4.2. ChatApp LLP, if necessary, can involve third-party organizations in the processing of personal data as subcontractors, subject to the principles of processing and the presence of an appropriate contract or agreement with them. Such cases include, for example, the following:

    4.2.1. provision of software products, goods, works and services to ChatApp LLP together with other companies, as well as with third-party organizations, technological and other partners of ChatApp LLP;

    4.2.2. organization of a partner network of ChatApp LLP for the distribution of software products, goods, works and services on the market;

    4.2.3. use of third-party services, computing resources, applications and infrastructure for information processing, communication with users of software products, works and services, buyers of goods.

    4.3. Processing of personal data on the basis of contracts and other agreements of ChatApp LLP, orders for the processing of personal data is carried out in accordance with the terms of these contracts, agreements of ChatApp LLP with persons who are entrusted with processing or who have entrusted processing legally. Such agreements may define, inter alia:

    4.3.1. purposes, conditions, actions with personal data, terms of personal data processing;

    4.3.2. roles, functions and obligations of the parties, including confidentiality and information security measures;

    4.3.3. rights and liabilities of the parties relating to the processing of personal data.

    4.4. In cases where the applicable legislation is GDPR, which implies the existence of DPA agreements between processing participants, the role of DPA after the inclusion of special sections with the conditions for processing personal data can be performed by the following documents:

    4.4.1. license/sublicense agreements for the right to use the software;

    4.4.2. contracts and agreements that include data processing orders;

    4.4.3. confidentiality, information security agreements;

    4.4.4. rules for the use of information resources, user agreements;

    4.4.5. regulations, provisions, data processing agreements, service level.

    5. Obtaining the Consent of the Subject to the Processing of His Personal Data

    5.1. In cases of processing not provided for by the current legislation of the Republic of Kazakhstan or the contract with the subject, collection and processing is carried out after obtaining the consent of the subject of personal data. A mandatory case of obtaining preliminary consent is, for example, contact with a potential client for marketing purposes, when promoting goods, software products, works and services of ChatApp LLP on the market.

    5.2. The consent can be expressed in the form of the subject of personal data performing explicit actions aimed at the transaction, for example:

    5.2.1. acceptance of the terms of the offer agreement, license agreement, sublicense agreement, rules for the use of information resources and software products of ChatApp LLP;

    5.2.2. continuation of the use of applications, services, information resources, Internet resources of ChatApp LLP, interaction with their user interfaces after notifying the user about data processing;

    5.2.3. granting the necessary permissions to the mobile application when requested at the time of installation or use;

    5.2.4. marking, filling in the corresponding fields in forms;

    5.2.5. maintaining electronic correspondence referring to processing;

    5.2.6. other actions performed by the subject, by which one can judge his expression of will.

    5.3. In certain cases provided for by the legislation of the Republic of Kazakhstan, the consent is issued in writing indicating the information provided for by the Law "On Personal Data and Their Protection," as well as in accordance with other applicable requirements or standard forms.

    5.4. In cases of processing personal data received not from the subject directly, but from other persons on the basis of a contract or an order for processing, the obligation to obtain the consent of the subject may be assigned to the person from whom the personal data was received.

    5.5. If the subject refuses to provide the necessary and sufficient amount of his personal data, ChatApp LLP will not be able to carry out the necessary actions to achieve the goals corresponding to the processing. For example, in this case, the user's registration in the software product may not be completed, the services under the contract may not be provided, the work may not be completed, the goods have not been delivered, the applicant's resume for the vacancy will not be considered, etc.

    6. Processing of Electronic User Data, Including Cookies

    6.1. ChatApp LLP in order to process personal data established by the Policy, can collect electronic user data on its Internet resources automatically, without the need for the user to participate and perform any actions to send data.

    6.2. The reliability of the electronic data collected in this way in ChatApp LLP is not checked, the information is processed "as is" as it came from the client device.

    6.3. Visitors and users of ChatApp LLP Internet resources may be shown pop-up notifications about the collection and processing of cookie data with a link to the Policy and buttons for accepting the processing conditions or closing the pop-up notification.

    6.4. Such notifications mean that when visiting and using Internet resources, information resources and Internet applications of ChatApp LLP, information (for example, cookie data) can be stored in the browser on the user's device, which allows you to further identify the user or device, remember the work session or save some user settings and preferences specific to these specific Internet resources. Such information, after saving to the browser and before the expiration of the established validity period or deletion from the device, will be sent with each subsequent request to the Internet resource on whose behalf they were saved, together with this request for processing on the side of ChatApp LLP.

    6.5. Processing of cookie data is necessary for ChatApp LLP for the correct operation of Internet resources, in particular, their functions related to the access of registered users of software products, services, works and resources of ChatApp LLP; personalization of users; improving the efficiency and convenience of working with Internet resources, as well as other goals stipulated by the Policy.

    6.6. In addition to processing cookies set by the Internet resources of ChatApp LLP, users and visitors can be set cookies related to the Internet resources of third-party organizations, for example, in cases where the ChatApp LLP Internet resource uses third-party components and software. The processing of such cookies is governed by the policies of the respective Internet resources to which they belong, and may be changed without notifying users of the Internet resources of ChatApp LLP. Such cases may include placement on Internet resources:

    6.6.1. counters of visits, analytical and statistical services, such as Yandex.Metrica or Google Analytics to collect statistics on the attendance of public pages of Internet resources;

    6.6.2. auxiliary service widgets for collecting feedback, organizing chats and other types of communication with users;

    6.6.3. contextual advertising systems, banner and other marketing networks;

    6.6.4. authorization buttons on the Internet resource using accounts in social networks;

    6.6.5. other third-party components used by ChatApp LLP on its Internet resources.

    6.7. Acceptance by the user of the terms of processing of cookies data or closure of a pop-up notification in accordance with the Policy is regarded as consent to the processing of cookies data on the Internet resources of ChatApp LLP.

    6.8. If the user does not agree with the processing of cookies, he must accept the risk that in this case the functions and capabilities of the Internet resource may not be available in full, and then follow one of the following options:

    6.8.1. independently configure your browser in accordance with the documentation or help to it so that it does not allow to receive and send cookie data for any Internet resources or for a specific Internet resource of ChatApp LLP or the Internet resource of a third-party component;

    6.8.2. leave the Internet resource to avoid further processing of cookies.

    6.9. The user can independently manage the stored data through the cookies built into the browsers, including deleting or viewing information about cookies installed by Internet resources, including:

    6.9.1. addresses of Internet resources and paths to them where cookies will be sent;

    6.9.2. names and values of parameters stored in cookies;

    6.9.3. duration of cookies.

    7. Privacy and Security of Personal Data

    7.1. For the collection and processing of personal data in ChatApp LLP, confidentiality is ensured in accordance with the legislation of the Republic of Kazakhstan, internal acts, terms of concluded agreements and agreements of ChatApp LLP, except for the following cases:

    7.1.1. if the personal data are publicly available, contained in publicly available sources of personal data or authorized by the subject for distribution;

    7.1.2. if the information is subject to mandatory disclosure to third parties, including government agencies, in accordance with the current legislation of the Republic of Kazakhstan.

    7.2. ChatApp LLP takes necessary and sufficient legal, organizational and technical measures to ensure the security of personal data to protect them from unauthorized (including accidental) access, destruction, modification, blocking of access and other unauthorized actions.

    7.3. The applied protection measures, among other things, make it possible to protect personal data from preventing unauthorized access to personal data, timely detection of unauthorized access to personal data, if such unauthorized access could not be prevented, minimizing the adverse consequences of unauthorized access to personal data, registering and recording consent to the collection and processing of personal data, including:

    7.3.1. the period or period during which the consent to the collection and processing of personal data is valid;

    7.3.2. information about the operator's ability or lack thereof to transfer personal data to third parties;

    7.3.3. information on the presence or absence of cross-border transfer of personal data during their processing;

    7.3.4. information on distribution of personal data in public sources.

    7.4. The obligations of ChatApp LLP arise from the moment of collecting personal data and are valid until their destruction or depersonalization.

    8. Rights of Personal Data Subjects

    8.1. The personal data subject has the right to withdraw consent to the processing of personal data by sending a corresponding request to ChatApp LLP or authorized representatives in other countries, by mail or by contacting personally.

    8.2. The personal data subject has the right to receive information related to the processing of his personal data, including:

    8.2.1. confirmation of the fact of processing personal data of ChatApp LLP;

    8.2.2. legal grounds and purposes of personal data processing;

    8.2.3. goals and methods of personal data processing used in ChatApp LLP;

    8.2.4. name and location of ChatApp LLP, information about persons (with the exception of employees) who have access to personal data or to whom personal data can be disclosed on the basis of an agreement with ChatApp LLP or on the basis of the legislation of the Republic of Kazakhstan;

    8.2.5. processed personal data related to the relevant personal data subject, the source of their receipt, unless another procedure for submitting such data is provided for by the Law "On Personal Data and Their Protection";

    8.2.6. terms of personal data processing, including terms of their storage;

    8.2.7. information on the cross-border data transfer carried out or proposed;

    8.2.8. other information provided for by the Law "On Personal Data and Their Protection."

    8.3. The personal data subject has the right to demand from ChatApp LLP to clarify his personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided for by the legislation of the Republic of Kazakhstan to protect their rights.

    8.4. If the personal data subject believes that ChatApp LLP processes his personal data in violation of the requirements of the Law "On Personal Data and Their Protection" or otherwise violates his rights and freedoms, the personal data subject has the right to appeal the actions or inaction of ChatApp LLP to the authorized body or in court.

    8.5. The personal data subject has the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court.

    9. Roles and Responsibilities

    9.1. The rights, obligations and responsibilities of ChatApp LLP are determined by the current legislation of the Republic of Kazakhstan, agreements of ChatApp LLP.

    9.2. The responsibility of ChatApp LLP employees participating in the processing of personal data due to the fulfillment of functional duties for the proper processing and unlawful use of personal data is established in accordance with the terms of the employment contract concluded between ChatApp LLP and employees, obligations on non-disclosure of information, internal acts.

    9.3. Control of compliance with the requirements of the Policy of ChatApp LLP is carried out, in general, by those responsible for organizing the processing of personal data, or by individual structural units and authorized persons in accordance with internal acts.

    9.4. The responsibility of persons participating in the processing of personal data on the basis of instructions from ChatApp LLP for the proper processing and unlawful use of personal data is established in accordance with the terms of the agreement concluded between ChatApp LLP and the counterparty, information confidentiality agreement or other agreement.

    9.5. In certain cases provided for by legislation, for example, GDPR or legislation in the field of processing personal data of individual countries, ChatApp LLP may appoint representatives in the territories of the European Union or these countries. In such cases, rights, obligations and responsibilities are distributed in accordance with agreements between such representatives and ChatApp LLP, and contact information about representatives is included in the Policy.

    9.6. Persons guilty of violating the norms governing the processing and provision of information security of personal data bear material, disciplinary, administrative, civil or criminal liability in the manner prescribed by the legislation of the Republic of Kazakhstan, internal acts, agreements of ChatApp LLP.

    10. Publication and Updating of the Policy

    10.1. The policy is developed by persons responsible for organizing the processing of personal data in ChatApp LLP, and is put into effect after its approval.

    10.2. The policy is a publicly available document of ChatApp LLP and provides for the possibility of familiarizing any person with its current version, including existing translations into foreign languages, by publishing it on the Internet at: https://chatapp24.kz/en/doc/privacy-policy/.

    10.3. Web forms, forms, standard forms of ChatApp LLP for collecting personal data must contain notifications of users about the processing of personal data in accordance with the Policy with a link to it.

    10.4. The policy is valid indefinitely after approval and until it is replaced with a new version. ChatApp LLP has the right to make changes to the Policy without notifying any persons. The policy is reviewed annually to keep it up to date and updated as necessary.

    10.5. Interested parties can send suggestions and comments for changes to the Policy to: support@chatapp24.kz