Privacy Policy

Personal Data Processing and Security Policy

1. General Provisions

OneVision LLP (BIN 210240024671) (hereinafter referred to as the Operator), as part of its core business, processes personal data of various categories of Personal Data Subjects, including the following Operator's website: https://onevision.kz/, as well as other Operator sites that refer to this Personal Data Processing and Security Policy (hereinafter referred to as the Policy).

In accordance with the current legislation of the Republic of Kazakhstan, OneVision LLP is the operator of personal data. When organizing and processing personal data, the Operator is guided by the requirements of the Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V "On Personal Data and their Protection" and other regulatory legal acts adopted in accordance with it. For the purposes of this Policy, Personal Data means any information provided via Internet sites to the Operator and (or) collected using such Internet sites, relating directly or indirectly to a specific or identifiable individual (Personal Data Subject).

2. Collection of Personal Data

The Operator collects information through Internet sites in the following ways:

  • Personal data provided by users: The Operator collects personal data that is entere

  • Passive collection of personal data about the current connection in terms of statistical information:

    • user ID assigned by the Site;
    • pages visited;
    • number of page visits;
    • information about moving through the pages of the Site;
    • duration of the user session;
    • entry points (third-party Sites from which the user links to the Site);
    • exit points (links on the Site through which the user goes to third-party Sites);
    • user's country;
    • user's region;
    • time zone set on the user's device;
    • user provider;
    • user's browser;
    • browser digital fingerprint (canvas fingerprint);
    • available browser fonts;
    • installed browser plug-ins;
    • WebGL settings of the browser;
    • type of available media devices of the browser;
    • availability of ActiveX;
    • list of supported languages on the user’s device;
    • processor architecture of the user’s device;
    • user’s OS;
    • display settings (resolution, depth color, page placement parameters on the screen);
    • information about the use of automation tools when accessing the Site.

In relation to registered users of the Site, information about the use of ports on users' devices may be collected in order to detect suspicious activity and protect users' personal accounts. Data can be collected using various methods, such as cookies, web beacons, etc. The Operator may use third-party Internet services (third-party technologies) to organize the collection of statistical personal data, and such third-party Internet services store the received data on their own servers. The Operator is not responsible for the localization of servers of third-party Internet services. At the same time, such third-party Internet services (third-party technologies) installed on the Site and used by the Operator can set and read browser cookies of end users of the Site to collect information in the course of advertising activities on the Site. The procedure for the collection and use of data collected by such third-party Internet services (third-party technologies) is determined independently by these third-party Internet services and they are directly responsible for compliance with this procedure and the use of the data they collect, moreover, these third-party Internet services are responsible and must ensure compliance with the requirements of applicable law, including legislation on personal data in the territory of the Republic of Kazakhstan. The Operator does not compare the information provided by the user independently and allowing to identify the Subject of personal data with statistical personal data obtained in the course of using such passive methods of collecting information.

3. Principles and Conditions of Personal Data Processing

The processing of personal data by the Operator is carried out on a legal and fair basis and is limited to achieving specific, predetermined and legal purposes, including in accordance with the Public Offer for the provision of payment and information technology services to individuals aimed at ensuring interaction when making Payments through the OneVision System and the OneVision System Connection Agreement. Only personal data that meets the purposes of their processing are subject to processing. The content and scope of personal data processed by the Operator correspond to the stated purposes of processing, redundancy of processed personal data is not allowed. When processing personal data, the Operator ensures the sufficiency of personal data and, if necessary, relevance in relation to the purposes of personal data processing. The Operator takes the necessary measures (ensures their adoption) by deleting or clarifying incomplete or inaccurate personal data. In the course of its activities, the Operator may provide and (or) entrust the processing of personal data to another person with the consent of the Personal Data Subject, unless otherwise provided by the legislation of the Republic of Kazakhstan on personal data. At the same time, the parties' obligation to respect confidentiality and ensure the security of personal data during their processing remain the mandatory condition for providing and (or) ordering the processing of personal data to another person. The terms for the personal data processing are determined in accordance with the purposes for which they were collected.

4. Rights of the Personal Data Subject

The Personal Data Subject has the right:

  • to demand clarification of its personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take measures provided by law to protect its rights;
  • to demand a list of its personal data processed by the Operator and the source of their receipt;
  • to receive information about the terms of processing of its personal data, including the terms of their storage;
  • to demand notification of all persons who were previously informed of incorrect or incomplete personal data of the Personal Data Subject, about all exceptions, corrections or additions made to them;
  • to appeal to the authorized body for the protection of the rights of Personal Data Subjects or in court against illegal actions or inactions during processing of personal data of the Personal Data Subject;
  • to protect its rights and legitimate interests, including compensation for damages and (or) compensation for moral damage in court.

If you have questions about the nature of the application, use, modification or deletion of your personal data that you have provided, or if you want to refuse further processing by the Operator, please contact us at the Operator's address or by e-mail: info@onevision.kz. Please note that the Operator of personal data is not responsible for false information provided by the Personal Data Subject.

5. Implementation of Personal Data Protection Requirements

In order to maintain its business reputation and ensure compliance with the requirements of the legislation of the Republic of Kazakhstan, the Operator considers ensuring the legitimacy of personal data processing in the Operator's business processes and ensuring an appropriate level of security of personal data processed by the Operator as its most important tasks. The Operator requires third parties who have gained access to personal data not to disclose them to third parties and not to distribute personal data without the consent of the Personal Data Subject, unless otherwise provided by the legislation of the Republic of Kazakhstan. In order to ensure the security of personal data during their processing, the Operator takes the necessary and sufficient legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions with respect to personal data. The Operator ensures that all measures implemented by the Operator for the organizational and technical protection of personal data are carried out legally, including in accordance with the requirements of the legislation of the Republic of Kazakhstan on personal data processing.

В целях обеспечения адекватной защиты персональных данных Оператор проводит оценку вреда, который может быть причинен Субъектам персональных данных в случае нарушения безопасности их персональных данных, а также определяет актуальные угрозы безопасности персональных данных при их обработке в информационных системах персональных данных.

In order to ensure adequate protection of personal data, the Operator evaluates the harm that may be caused to Personal Data Subjects in the event of a violation of security of their personal data, and also determines current threats to the security of personal data when they are processed in personal data information systems. The Operator applies necessary and sufficient legal, organizational and technical measures in accordance with the identified current threats in order to ensure the security of personal data, including the use of information protection tools, detection of unauthorized access to personal data and taking appropriate measures, recovery of personal data, restriction of access to personal data, registration and accounting of actions with personal data, as well as monitoring and evaluating the effectiveness of the measures applied to ensure the security of personal data. The Operator's management is aware of the importance and necessity of ensuring the security of personal data and encourages continuous improvement of the personal data protection system processed as part of the Operator's core business. The Operator has appointed persons responsible for organizing the processing and ensuring the security of personal data.

Each new employee of the Operator who directly processes personal data is familiarized with the requirements of the legislation of the Republic of Kazakhstan on the processing and security of personal data, this Policy and other local acts of the Operator on the processing and security of personal data and undertakes to comply with them.

6. Consent of the Personal Data Subject

The Personal Data Subject hereby consents to the collection and processing of personal data by the Operator for the purpose of service provision, as well as to the transfer and cross-border transfer of personal data of the Personal Data Subject in accordance with the regulatory legislation.