In order to maintain business reputation and ensure compliance with the statutory requirements of the Republic of Kazakhstan, the Operator regards ensuring legitimacy of personally identifiable information processing in the Operator’s business processes and maintaining an appropriate security level of personally identifiable information processed by the Operator to be its most important objectives.
The Operator shall require that other persons who have obtained access to personally identifiable information refrain from disclosing and disseminating personally identifiable information to third parties without the consent of the subject of personally identifiable information, unless otherwise permitted by the laws of the Republic of Kazakhstan.
To ensure the security of personally identifiable information during its processing, the Operator shall take necessary and sufficient legal, organizational and technical measures to protect personally identifiable information from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of personally identifiable information, as well as from other unlawful actions in relation thereto.
The Operator shall ensure that all its activities towards the organizational and technical protection of personally identifiable information are carried out lawfully, including in accordance with the statutory requirements of the Republic of Kazakhstan with respect to the processing of personally identifiable information.
In order to ensure that personally identifiable information is adequately protected, the Operator shall assess any harm that may be caused to the subjects of personally identifiable information in case of a security breach of their personally identifiable information, and identify relevant threats to the security of personally identifiable information during its processing in personally identifiable information systems.
In accordance with the relevant threats identified, the Operator shall apply necessary and adequate legal, organizational and technical measures to ensure the security of personally identifiable information, including the use of information security measures, detection of unauthorized access to personally identifiable information and adoption of measures, recovery of personally identifiable information, restriction of access to personally identifiable information, registration and accounting of manipulations with personally identifiable information, and monitoring and evaluation of the effectiveness of security measures applied to personally identifiable information.
The Operator’s management understands the importance and necessity of personally identifiable information security and encourages continuous improvement of the protection system of personally identifiable information processed as part of the core business of the Operator.
The Operator has appointed persons responsible for organizing the processing and security of personally identifiable information.
Each new employee of the Operator directly engaged in processing of personally identifiable information shall be made familiar with the statutory requirements of the Republic of Kazakhstan regarding processing and security of personally identifiable information, this Policy and other local acts of the Operator dealing with processing and security of personally identifiable information, and shall be obliged to comply with the same.