Privacy Policy

This document explains what data we collect on digitalkazakhstan.org, for what purposes, on what legal grounds, and what rights you have as a data subject.

This Policy is compliant with the Law of the Republic of Kazakhstan No. 94-V of 21 May 2013 'On personal data and their protection'. In force since 14 May 2026.

Personal data controller: Digital Kazakhstan NPO, Astana. Contact for processing matters: info@digitalkazakhstan.org.

1. Data we collect

  • Visitor technical data: IP, browser User-Agent, referrer, request timestamps — for web-server logs and abuse protection.
  • Functional cookies (UI language, equipment compare cart state). No third-party analytics cookies are used.
  • Contact details voluntarily submitted via the contact form or email: name, email, company, message.
  • Company information when applying for accreditation: BIN, name, region, contact person, business description.

2. Purposes and legal grounds

  • Responding to enquiries and ongoing correspondence — based on subject consent (art. 8 of Law No. 94-V).
  • Accreditation and publication in the members directory — based on consent and the association's statutory mission.
  • Operational and security maintenance of the site — based on the operator's legitimate interest.
  • Compliance with applicable law — financial records, anti-fraud, responses to authorised state bodies.

3. Retention

  • Web-server logs: 90 days.
  • Enquiry correspondence: up to 3 years from the last contact.
  • Accredited member profiles: throughout membership plus 1 year.
  • Accounting records: 5 years (Tax Code of Kazakhstan requirement).

4. Sharing with third parties

  • We do not sell or share personal data for marketing purposes.
  • Data may be shared with processors (payment gateway, email provider, hosting) solely to perform contractual obligations under confidentiality agreements.
  • Cross-border transfer is performed only to countries with adequate protection or under separate subject consent (art. 16 of Law No. 94-V).

5. Your rights

  • Receive confirmation of processing and a copy of your data.
  • Request rectification, blocking or deletion if data is incomplete, outdated or unlawfully obtained.
  • Withdraw consent at any time. Withdrawal is non-retroactive and does not affect lawfulness of prior processing.
  • Lodge a complaint with the Ministry of Digital Development of Kazakhstan — the authorised personal-data protection body.

6. Security

  • Data in transit is encrypted with TLS 1.2+ (HTTPS, HSTS).
  • The personal-data database is hosted on servers located in Kazakhstan, with technical and organisational safeguards.
  • Access is granted only to authorised staff who have completed personal-data processing training.

7. Policy changes

  • The current version is always available at this URL; the last-update date is at the top.
  • Material changes are announced via a site banner at least 14 days before they take effect.

8. Contact

  • Personal-data enquiries and requests: info@digitalkazakhstan.org.
  • Mailing address: Kunaev str. 12/1, Astana, Digital Kazakhstan association office.