Privacy policy

1. General Provisions

1.1
This Privacy Policy is developed by the Sole Proprietor BONKERS! (Business Identification Number 820324300687) represented by Ilya Fyodorovich Muravyev (hereinafter referred to as the Policy and the Operator, respectively) to fulfill the requirements of the Personal Data Law of the Republic of Kazakhstan dated May 21, 2013, N 94-V (hereinafter referred to as the Personal Data Law) and regulates the processing of the Site Users' personal data by the Operator.

1.2
The Policy employs terms as defined in section 1.6. The Policy applies to relations in the field of personal data processing that have arisen both before and after this Policy's approval.

1.3
The Operator independently or jointly with others organizes the processing of personal data and determines the purposes of personal data processing, the operations (actions) performed with personal data.

1.4
The Policy applies to all personal data that the Operator receives from the Site Users.

1.5
To fulfill the requirements of the Personal Data Law, this Policy is published in open access on the Internet at the Site.

1.6
Key Terms Used in the Policy:
Personal Data: any information related directly or indirectly to a specifically or identifiable Site User.
Site: a collection of interconnected web pages located on the Internet at https://toughdesigner.com
User: any individual providing information to the Operator using the Site.
Other definitions include the information system of personal data, processing of personal data, automated processing, dissemination, provision, depersonalization, blocking, destruction, cross-border transfer.

2. Purposes of Personal Data Processing

2.1
Processing of personal data by the Operator is carried out for the following purposes:
Processing User requests for the purpose of entering into contracts with Users;
Conclusion and execution of contracts with Users;
Providing Users access to the information and materials contained on the Site;
Informing Users about goods, services, advertising, and other activities of the Operator;
Other purposes necessary for compliance with the Personal Data Law by the Operator.

3. Categories of Processed Personal Data

3.1
The Operator collects and processes anonymized data about visitors (including “cookies”) through internet statistics and advertising services (Yandex Metrika, Google Analytics, and others). Users can manage their cookie preferences through the cookie banner and have the ability to withdraw or change their consent at any time.

3.1.1
Cookies used by the Operator include:
Necessary Cookies: Essential for the operation of the website.
Analytics Cookies: Used to gather anonymized statistics to improve the user experience.
Marketing Cookies: Used to track visitors across websites for personalized advertising purposes.

3.1.2
The Operator retains personal data and cookie information for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Cookies are retained for up to [specify duration] unless users choose to clear or disable them.

3.1.3
The Operator retains cookies for varying durations depending on their purpose:
Necessary Cookies: These are session-based and expire when you close your browser.
Analytics Cookies: Retained for up to 24 months to help improve user experience and gather anonymized usage statistics.
Marketing Cookies: Retained for up to 12 months to track visitors across websites for advertising purposes.

3.1.4
The Operator does not process special categories of personal data as defined by the Personal Data Law, nor does it process biometric data. Under GDPR, users have the right to access, rectify, or delete their personal data, as well as object to or restrict processing, and request data portability.

4. Procedure and Conditions for Processing Personal Data

4.1
Personal data processing is carried out by the Operator with the consent of the Users to process their personal data, as well as without such consent in cases provided by law. The User's consent to the processing of personal data is considered obtained by the Operator from the moment the User marks a special field in the corresponding personal data collection form located on the Site.

4.2
The Operator carries out Automated processing of personal data.

4.3
The Operator processes personal data in a form that allows identifying the subject of personal data, no longer than required by the purposes of personal data processing.

4.4
Upon achieving the goals of personal data processing, as well as in case of withdrawal of consent to their processing by the User, personal data are subject to destruction, except for cases provided by legislation.

4.5
The Operator implements the following requirements for personal data protection:- Ensuring the confidentiality of personal data.
Ensuring the realization of the personal data subject's rights, including the right to access information.
Ensuring the accuracy of personal data, and when necessary, relevance to the purposes of personal data processing (including measures to delete or clarify incomplete or inaccurate data).
Protecting personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination, and other unlawful actions.
Other requirements provided by legislation.

4.6
The Operator takes the following measures, necessary and sufficient to ensure the fulfillment of obligations provided by legislation regarding the processing and protection of personal data:

4.6.1
Appointment of a person responsible for ensuring the security of personal data.

4.6.2
Defining the list of employees allowed to work with personal data.

4.6.5
Approval of this Privacy Policy related to personal data processing and security.

4.6.4
Application of legal, organizational, and technical measures to ensure the security of personal data, in particular:
• Identification of threats to the security of personal data during processing in the Personal Data Information System.
• Application of organizational and technical measures to ensure the security of personal data during processing in the Personal Data Information System, necessary to meet the requirements for personal data protection, the fulfillment of which ensures the levels of personal data protection established by the Government of the Republic of Kazakhstan.
• Application of information protection means that have passed the evaluation of compliance in the prescribed manner.
• Establishment of rules for access to personal data processed in the Personal Data Information System.
• Control over the measures taken to ensure the security of personal data and the level of protection of the Personal Data Information System.

4.6.5
Carrying out internal control over the compliance of personal data processing with the Personal Data Law and related regulatory legal acts, requirements for personal data protection, the Operator's policy regarding personal data processing, and the Operator's local acts.

4.6.6
Familiarizing employees who directly process personal data with the legislation of the Republic of Kazakhstan on personal data, including the requirements for the protection of personal data, as well as with this Policy.

4.7
The Operator has the right to transfer User personal data to third parties in the following cases:

4.7.1
The User has expressed consent to such actions.

4.7.2
The transfer is necessary for the execution of a contract by the Operator, concluded with the User.

4.7.3
The transfer is necessary to provide the User, at their request, access to certain services of the Site.

4.7.4
The transfer is provided for by applicable legislation.

4.7.5
The transfer of personal data is carried out for statistical or other research purposes, except for the purposes specified in Article 15 of the Personal Data Law, provided that the personal data is anonymized.

4.8
When collecting personal data of Users, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Republic of Kazakhstan using databases located in the territory of the Republic of Kazakhstan, except for cases specified in the Personal Data Law.

5. Procedure for User Interaction with the Operator

5.1
Users have the right to request information from the Operator concerning the processing of their personal data. To do this, they need to send a request to the email address: [email protected].

5.2
Users have the right to send requests for clarification, updating of personal data, statements of withdrawal of consent to the processing of personal data to the email address specified in section 5.1 of the Policy.