![]()
“Asiainfo” LLC Personal
Data Protection and Processing Policy (Confidentiality Policy) 1. General Provisions 1.1. This Policy is carried out by “Asiainfo” LLC (hereinafter referred to
as the “Company”) in relation to the processing and protection of personal
information of individuals (personal data subjects) on the ground of Articles
29 and 33 of the Constitution of the Kyrgyz Republic and the Law No. 58 On Personal Data. 1.2. The policy applies to all personal data that can be obtained by the Company
during its activities, including the Company clients. The processing of personal
data of the Company is carried out in accordance with the following regulatory
legal acts: ·
CODE of the Kyrgyz
Republic dd. 4 August 2004 No.106 “Labor
Code of the Kyrgyz Republic” ·
Law of 14 April
2008 No. 58 On Personal Data; ·
Law of 14 July
2014 No.136 About biometric registration of citizens of the Kyrgyz Republic; ·
Resolution of
the Government of the Kyrgyz Republic dd. 21 November 2017 No. 759 “The procedure for obtaining the
consent of the personal data subject to the collection and processing of his
personal data, the procedure and form of notifying personal data subjects about
the transfer of their personal data to a third party”; ·
other regulatory
legal acts of the Kyrgyz Republic and regulatory documents of the state executive
bodies. 1.3. The purpose of the Policy is to inform the persons who provide their
personal data with the necessary information to assess what personal data and
for what purposes are processed by the Company, what methods of ensuring their
security are implemented, as well as establishing the basic principles and
approaches to processing and ensuring the security of personal data in the
Company. 1.4. The policy ensures the protection of the rights and freedoms of individuals
when processing their personal data using automation tools or without using
such means, and also establishes the responsibility of persons who have access
to personal data for failure to comply with the requirements governing the
processing and protection of personal data. 1.5. Users, using the Company services posted on
the website of the Company at: https://www.cctld.kg/ and http://domain.kg/,
informing the Company their personal data, including through the mediation of
third parties, acknowledge their consent to the processing of personal data in
accordance with this Policy. In case of disagreement with this Policy as a
whole, as well as in case of disagreement with any clause of this Policy, the
User must refrain from using the Services. 1.6. Consent to the processing of personal data can be revoked by the personal
data subject. If the personal data subject withdraws consent to the processing
of personal data, the operator has the right to continue processing personal data
without the consent of the personal data subject if there are grounds specified
by the current legislation. 1.7. This Policy may be changed by the Company. The Company has the right
at any time, at its sole discretion, to make changes to this Policy without
prior notification of the User about it. When making changes in the current
edition, the date of the last update is indicated. The new version of the
Policy comes into force from the moment it is posted on the web server, unless
otherwise provided by the new edition of the Policy. 1.8. This Policy applies only to information about the User obtained while
using the Company Services. The Company does not control and is not responsible
for the processing of information about the User by third-party websites, to
which the User can click on the links available on the official web server of
the Company. 1.9. Definitions used in this Policy: Personal information (personal data) - information recorded on a material
medium about a specific person, identified with a specific person or which can
be identified with a specific person, allowing this person to be identified
directly or indirectly, through reference to one or more factors specific to
his biological, economic, cultural, civic or social identity. Personal data includes biographical and identification data, personal
characteristics, information about marital status, financial condition, health
status, and more. List of
personal information - a list of categories of data about this subject. Personal data array is any structured collection of personal information
of a certain number of subjects, regardless of the type of information carrier
and the means used for their processing (archives, file cabinets, electronic
databases, etc.). Publicly available personal data arrays - arrays of personal data, access
to which is not limited by law, and intended for general use (directories,
phone books, address books, etc.). Confidentiality mode for personal information - normatively established
rules that determine restrictions on access, transfer, provision and storage
conditions for personal data. The personal data subject (subject) is an individual to whom the relevant
personal data relates. The holder (possessor) of personal data array - state authorities, local
governments and legal entities that are entrusted with the authority to
determine the purposes, categories of personal information and control the
collection, storage, processing and use of personal data in accordance with the
Law. The authorized state body for personal data (hereinafter referred to as
the authorized state body) is a state body authorized by the Government of the
Kyrgyz Republic to exercise the functions and powers to ensure that the
processing of personal data meets the requirements of the Law, protection of
the rights of personal data subjects (subjects), registration of holders
(owners) of personal data arrays, maintaining the Register of holders of
personal data arrays, other tasks, functions and powers provided for by the
Law. Processor is an individual or legal entity, determined by the holder
(owner) of personal data, who processes personal information based on an
agreement concluded with him. The recipient of personal information is a public authority or local
self-government bodies, legal entities and individuals, as well as a personal
data subject (subject), to whom personal data is transferred and provided in
accordance with the Law. Collection of personal information is the procedure for obtaining personal
information by the holder (possessor) of personal data array from the subjects
of this data or from other sources in accordance with the legislation of the
Kyrgyz Republic. Processing of personal information is any operation or set of operations performed
regardless of methods by the holder (owner) of personal information or on his
behalf, by automatic means or without such, in order to collect, record, store,
update, group, block, erase and destroy personal data. The consent of the personal data subject is a free, specific,
unconditional and conscious expression of the will of the person in the form
provided for by this Law, in accordance with which the subject notifies of his
consent to the implementation of procedures related to the processing of his
personal data. Transfer of personal information is a provision by the holder (owner) of
personal data to third parties in accordance with the Law and international
treaties. Cross-border
transfer of personal information is a transfer by the holder (owner) of
personal information to holders under the jurisdiction of other states. Updating personal information - promptly making changes to personal data
in accordance with the procedures established by the current legislation of the
Kyrgyz Republic. Blocking personal information - temporary suspension of the transfer,
clarification, use and destruction of personal data. Destruction (erasure or crash) of personal information - actions of the
holder (possessor) of personal information to bring this data into a state that
does not allow restoring their content. Depersonalization of personal information is the removal from personal information
of the part that allows to be identified with a specific person. Information
system of personal information - a set of personal data contained in databases
and ensuring their processing of information technologies and technical means. 2. The
concept and content of personal data 2.1. For the purposes of this Policy, personal data means any information
relating directly or indirectly to a specific individual (personal data subject). 2.2. Depending on the personal data subject, the Company, in order to carry
out its activities and to fulfill its obligations, may process personal data of
the following categories of subjects: · Personal data of the Company
employee, a candidate for a job is information required by the Company in
connection with labor relations and concerning a specific employee; · Client data - information
that the Company needs to fulfill its obligations under the contractual
relationship with the Client and to comply with the requirements of the
legislation of the Kyrgyz Republic. This also includes data provided by
potential clients, client representatives authorized to represent clients;
heads and chief accountants of legal entities that are Company clients, persons
who have concluded civil law contracts with the Company for the provision of
services to the Company; employees of Company partners and other legal entities
that have contractual relations with the Company, with which Company employees
interact in the framework of their activities; · personal data of the Client
provided during registration on the website https://www.cctld.kg/ and
http://domain.kg/, including when the Client makes Orders, as well as when
using services, communication forms posted on the website at: https://www.cctld.kg/
and http://domain.kg/; · personal data of other individuals who have consented to the processing of
their personal information by the Company or individuals whose personal
information processing is necessary for the Company to achieve the goals
provided for by an international treaty of the Kyrgyz Republic or by law, for
the implementation and fulfillment of the functions and obligations assigned on
the hosting provider and the domain name registrar by the legislation of the
Kyrgyz Republic; · personal data of individuals that are made publicly available by them, and
their processing does not violate their rights and complies with the
requirements established by the Legislation on personal information. 2.3. The personal data subject included in the list of persons specified in
clause 2.2, the client of the Company agrees to the processing of the following
personal data: surname, name, patronymic; date of birth; mailing addresses (at
the place of registration and for contacts); number of the main identity
document of the Client, information about the date of issue of the specified
document and the issuing authority; phone numbers; fax numbers; e-mail
addresses. 3. Grounds and purposes of personal data
processing 3.1. The Company processes personal data to carry out its activities,
including for the provision of services to Clients. The Company has the right
to:
3.2. The Company processes personal data only if at least one of the
following conditions is met:
3.3. The Company and other persons who have gained access to personal
information are obliged not to disclose to third parties and not to distribute
personal information without the consent of the personal data subject, unless
otherwise provided by law. 3.4. The Company can process personal information of subjects of personal
information for the following purposes:
3.5. The Company does not process special categories of Personal Data
related to race, nationality, political views, religious or philosophical
beliefs, intimate life. 3.6. The legal grounds for processing personal information are the
following legal acts:
4. Principles
of personal data processing 4.1. The processing of personal information by the Company is carried out based
on the following principles:
4.2. Employees of the Company admitted to the Processing of personal
information must:
- legislation of the Kyrgyz Republic in the field of personal information,
this Policy; - local acts of the Company on the processing and security of personal
information;
4.3. The security of personal information in the Company is ensured by the
implementation of coordinated measures aimed at preventing (neutralizing) and
eliminating threats to the security of personal information and minimizing
possible damage. 5. Timeframe of personal data processing 5.1. The timeframe for processing personal data are determined based on the
purposes of processing in the information systems of the Company, in accordance
with the term of the contract, agreement with the personal data subject. 5.2. A condition for stopping the processing of personal information may be
the achievement of the goals of processing personal information in accordance
with the terms of the contract concluded between the Company and the personal
data subject, expiration of the consent or withdrawal of the consent of the personal
data subject to the processing of their personal data, as well as
identification of illegal processing of personal data. 6. The persons authorized to process personal
data 6.1. To achieve the goals of Article 3 of this Policy, only those employees
of the Company who are entrusted with such a duty in accordance with their
official (labor) duties are authorized to process personal information. Access
of other employees may be granted only in cases provided by law. The Company
requires its employees to maintain confidentiality and ensure the security of
personal data during their processing. 6.2. The Company has the right to transfer
personal data to third parties in the following cases: - The personal data subject has clearly
expressed his consent to such actions; - The transfer is provided for by national or
other applicable law in the framework of the procedure established by law. 6.3. At the reasoned request
of the authorized body and in accordance with the current legislation, personal
data of the subject without his consent can be transferred: ·
in
connection with the administration of justice to the judicial authorities; ·
to the
internal affairs bodies, the State Committee for National Security, the
prosecutor's office; ·
to other
bodies and organizations authorized by the current legislation and applicable
legal norms in the cases established in regulatory legal acts that are binding
on the operator.
7.1. In the
process of providing services, in the implementation of internal economic
activities, the Company uses automated and non-automated processing of personal
information. 7.2. The Company
has the right to entrust the personal information processing to another person
with the consent of the Personal Data Subject, unless otherwise provided by the
legislation of the Kyrgyz Republic, on the basis of an agreement concluded with
this person, a prerequisite for which is compliance by this person with the principles
and rules for Processing Personal Data provided for by the Law on Personal Data. 7.3.
Personal data is not disclosed to third parties and is not distributed in any
other way without the consent of the Personal Data Subject, unless otherwise
provided by the legislation of the Kyrgyz Republic. 7.4.
Representatives of public authorities (including those of controlling,
supervisory, law enforcement and other bodies) get access to personal
information processed in the Company, in the amount and manner established by
the legislation of the Kyrgyz Republic. 7.5. As part
of the personal data processing for the Personal Data Subject and the Company,
the following rights are defined. 7.5.1. The personal
data subject has the right to:
7.5.2. The Company has the right to:
7.6. In case of confirmation of the fact of inaccuracy of personal information
or the illegality of its processing, personal information must be updated by
the operator, and the processing must be stopped. 7.7. Upon achievement of the goals of processing personal information, as
well as if the personal data subject withdraws consent to its processing,
personal information is subject to destruction if:
7.8. The Company is obliged to inform the personal data subject or his
representative about the processing of personal information of such a subject
at the request of the latter. 7.9. The Company also has other rights and bears other obligations
established by the law On Personal Data. 8. Implementation of personal data protection 8.1. The Company's activity in processing personal data in information
systems is inextricably linked with the protection of the confidentiality of
the information received by the Company. All employees of the Company are
obliged to ensure the confidentiality of personal data, as well as other
information established by the Company, if this does not contradict the current
legislation of the Kyrgyz Republic. 8.2. The security of personal information during its processing in the
information systems of the Company is ensured by the information security
system. 8.3. The exchange of personal information during its processing in
information systems is carried out through communication channels protected by
technical information protection means. 8.4. When processing personal data in the information systems of the
Company the following is provided:
Copyright © Ilya O. Levin & Sergey D. Piryazev & Vitaliy Yurlov, 2000. Updated by Vitaliy Yurlov, 2020. All rights reserved.
|