Personal Data Processing Policy
of KERWAN, LTD
The activities of KERWAN, LTD is in the distribution of software, 3D-scanners, 3D-printers and consumables of leading world manufacturers, consulting in the field of software training involves processing and storage of personal data of clients in the automated information systems of KERWAN, LTD. In compliance with In conformity with the legislation (By the law of the Republic of Kazakhstan of May 21, 2013 № 94-V "On personal data and their protection" (as amended on 14.07.2022),) , KERWAN, LTD has implemented a set of technical and organizational measures to ensure the securityprotection of processed and stored customer personal data of the customers.
KERWAN, LTD is a high-tech company that uses advanced IT-technologies in its work. Therefore, one of the company's priorities is to complyiance with current legislation of the Republic of Kazakhstan in the field of information security, as well as with the requirements of the Law of the Republic of Kazakhstan of May 21, 2013 № 94-V "On personal data and their protection" (as amended on 14.07.2022), whose main purpose is to protect human and civil rights and freedoms during processing of their personal data, including the protection of rights to privacy, personal and family secrets.whose main purpose is to ensure the protection of the rights and freedoms of man and citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.
The purpose of personal data processing
The purpose of collecting, processing and keeping storing the personal data, as well as other actions with the personal data of the customers is to fulfill the obligations of KERWAN, LTD to the customer under the contract with them.
The personal data composition
- Customer personal data processed by the company may include:
- last name, first name, patronymic name of the person,
- telephone number, fax number, e-mail address (at the request of the client).
Collecting (receiving) personal data
The company receives personal data only from the client personally by filling out the electronic form on the website of KERWAN, LTD at: https://kerwanltd.com
The principles of personal data processing
- When processing personal data of clients, KERWAN, LTD adheres to the following principles:
- legal compliance of receiving, processing and keeping storing of personal data as well of any other actions with personal data,
- personal data processing for the purpose of fulfilling its obligations under the contract of service provision only,
- collecting only the personal data we actually need for the stated processing purposes,
- implementation of measures to ensure the security of personal data during its processing and storage,
- complying with the rights of subjects data to access their personal data.
Personal data processing
The company process clients' personala data in both non-automated and automated ways.
- Only employees who have undergone the admission procedure are allowed to process personal data in the company. The admission procedure includes:
- making the employee aware of the local regulations of the company (regulations, instructions, etc.), strictly regulating the procedure and procedure for working with the personal data of the customers,
- taking an employee's signature of confidentiality regarding the personal data of clients when working with them,
- receiving by an employee and using in their work individual attributes of access to the company's information systems, which contain client's personal data. All the employees are given the minimum rights of access to information systems necessary for the performance of their job duties.
The employees who have access to customer's personal data receive only the personal data they need to perform their specific job functions.
Keeping personal data
The clients' personal data is stored in paper (contract) and electronic form. Electronic form of client's personal data are stored in the information systems of personal data of KERWAN, LTD, as well as in archival copies of databases of these systems. The procedure for archiving and the retention period of archived copies of databases of the company's personal data information systems are defined in the backup instruction, which is mandatory for the administrators of the relevant systems.The procedure of archiving and the terms of storage of archival copies of databases of the Company's personal data information systems are defined in the instructions on backup, which are mandatory for the administrators of the relevant systems.
When storing customers' personal data, organizational and technical measures are followed to ensure their safety and to exclude unauthorized access to them.
- These measures include:
- designation of a unit or an employee responsible for a particular method of personal data storing,
- limiting physical access to the storage locations and data carriers the media;
- accounting of all information systems and electronic media, as well as archival copies.
Transfer of personal data to third parties
Personal data transfer to third parties is not provided by KERWAN, LTD.
Security measures for personal data processing
- Ensuring the security of personal data in the company is achieved by the following measuresIn the company security measures for personal data processing is achieved by the following measures:
- appointment of an employee responsible for the personal data processing organization,
- performing an internal audit of the company's information systems that contain personal data, conducting their classification,
- development of a private threat model in security of personal data,
- appointment of designating of a responsible administrator for each information system,
- making of the list of the persons allowed to work with personal data,
- development and approval of the company's local regulations governing the processing of personal data. Developing work instructions for information system operators and administrators,
- implementation of technical measures that reduce the likelihood of the implementation of threats to the security of personal data,
- conducting of regular audits of the security state of the company's information systems.
- The subject of personal data has the right to receive information relating to the processing of his personal data, including those containing:
- confirmation of the fact of personal data processing,
- legal basis and purpose of personal data processing;
- purposes and applied methods of personal data processing,
- information about persons (other than company employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract or on the basis of federal law,
- processed personal data relating to the relevant personal data subject, the source of their receipt,
- personal data terms of processing, including the terms of their storage,
- the procedure for personal data subject's rights' realization.
The client may obtain this information by writting request to the office of KERWAN, LTD. The answer is sent to the address specified in the request within 30 days.