+7 (776) 222 31 31
Aktobe, Abilkaiyr-Khan ave. 44, building 2

Privacy policy, terms of collection and processing of personal data

1. General provisions

This privacy policy, terms of collection and processing of Personal Data (hereinafter referred to as the Policy) is compiled in accordance with the Law of the Republic of Kazakhstan “On Personal Data and their Protection” dated May 21, 2013 No. 94-V (hereinafter referred to as the Personal Data Law) and defines the procedure for the collection and processing of Personal Data and measures to ensure the security of Personal Data implemented by LLP “Demalys Zhaiy” (the Operator).
1.1. The Operator considers the observance of human and civil rights and freedoms in the collection and processing of Personal Data, including the implementation of the right to privacy, personal and family secrets, as its most important goal and condition for its activities.
1.2. This Policy applies to all information that the Operator may obtain about visitors to the https://hotel-aktobe.kz website.

2. Basic concepts used in the Policy

2.1. Automated processing of Personal Data – processing of Personal Data using computer technology.
2.2. Blocking of Personal Data – actions to temporarily cease the collection, accumulation, modification, supplementation, use, distribution, anonymization, and destruction of Personal Data.
2.3. Internet resource – information (in text, graphic, audiovisual, or other forms) posted on a hardware and software complex with a unique network address https://hotel-aktobe.kz/ and (or) domain name and operating on the Internet.
2.4. Accumulation of Personal Data – actions to systematize Personal Data by entering them into a database containing Personal Data.
2.5. Collection of Personal Data – actions aimed at obtaining Personal Data.
2.6. Anonymization of Personal Data – actions that result in it being impossible to determine the ownership of Personal Data by the Personal Data Subject.
2.7. Processing of Personal Data – actions aimed at the accumulation, storage, modification, supplementation, use, distribution, anonymization, blocking, and destruction of Personal Data. 2.8. Operator of a database containing Personal Data (hereinafter referred to as the operator) – a state body, physical and (or) legal entity that collects, processes, and protects Personal Data.
2.9. Personal Data – information relating to a specific or identifiable Personal Data Subject, recorded on an electronic, paper, and (or) other material medium.
2.10. Personal Data Subject (hereinafter referred to as the Subject) – a physical person – a visitor to the https://hotel-aktobe.kz website, to whom the Personal Data relates.
2.11. Distribution of Personal Data – actions that result in the transfer of Personal Data, including via mass media, or providing access to Personal Data in any other way.
2.12. Cross-border transfer of Personal Data – transfer of Personal Data to foreign countries.
2.13. Destruction of Personal Data – actions that result in it being impossible to restore Personal Data.

3. Basic Rights and Duties of the Operator

3.1. The operator has the right to collect and process Personal Data in the manner prescribed by the Personal Data Law and other regulatory legal acts of the Republic of Kazakhstan.
3.2. The operator is obliged to:
3.2.1. Approve the list of Personal Data necessary and sufficient to fulfill its tasks unless otherwise provided by the Laws of the Republic of Kazakhstan;
3.2.2. Approve documents defining the policy of the Operator concerning the collection, processing, and protection of Personal Data;
3.2.3. Take and comply with necessary measures, including legal, organizational, and technical, to protect Personal Data in accordance with the legislation of the Republic of Kazakhstan;
3.2.4. Comply with the legislation of the Republic of Kazakhstan on Personal Data and their protection;
3.2.5. Provide information on the methods and procedures used to ensure compliance by the Operator with the requirements of this Law, at the request of the authorized body within the framework of considering appeals of physical and legal entities;
3.2.6. Take measures to destroy Personal Data upon achieving the purposes of their collection and processing, as well as in other cases established by the Personal Data Law and other Regulatory Legal Acts of the Republic of Kazakhstan;
3.2.7. Provide proof of obtaining the Subject’s consent to collect and process their Personal Data in cases provided by the legislation of the Republic of Kazakhstan;
3.2.8. Inform the Subject, upon their request, about the information relating to them within the timeframes established by the legislation of the Republic of Kazakhstan;
3.2.9. If the Subject or their legal representative is refused information, provide a reasoned response within the timeframes established by the legislation of the Republic of Kazakhstan;
3.2.10. within one working day:
– amend and (or) supplement Personal Data based on appropriate documents confirming their accuracy, or destroy Personal Data if it is impossible to amend and (or) supplement them;
– block Personal Data relating to the Subject if there is information about a violation of the conditions of their collection and processing;
– destroy Personal Data if it is confirmed that they were collected and processed in violation of the legislation of the Republic of Kazakhstan, as well as in other cases established by this Law and other regulatory legal acts of the Republic of Kazakhstan;
– lift the blocking of Personal Data if the fact of a violation of the conditions of their collection and processing is not confirmed; – from the moment of detecting a Personal Data security breach, notify the authorized body of such a breach, indicating the contact details of the person responsible for organizing the processing of Personal Data (if available);
3.2.11. Provide the Subject or their legal representative with the opportunity to familiarize themselves with the Personal Data relating to this Subject free of charge;
3.2.12. Appoint a person responsible for organizing the processing of Personal Data if the Operator is a legal entity.
3.3. The person responsible for organizing the processing of Personal Data is obliged to:
3.3.1. Conduct internal control over the compliance of the Operator and its employees with the legislation of the Republic of Kazakhstan on Personal Data and their protection, including the requirements for the protection of Personal Data;
3.3.2. Inform the Operator’s employees about the provisions of the legislation of the Republic of Kazakhstan on Personal Data and their protection concerning the processing of Personal Data, requirements for the protection of Personal Data;
3.3.3. Monitor the reception and processing of appeals from Subjects or their legal representatives.

4. Main rights and duties of Personal Data Subjects

4.1. The Subject has the right to:
4.1.1. Know about the existence of their Personal Data held by the Operator and any third party, as well as to receive information that includes: – confirmation of the fact, purposes, sources, and methods of collecting and processing Personal Data; – a list of Personal Data; – the terms of processing Personal Data, including storage periods;
4.1.2. Require the Operator to amend and supplement their Personal Data if there are grounds confirmed by relevant documents;
4.1.3. Require the Operator and any third party to block their Personal Data if there is information about a violation of the conditions for collecting and processing Personal Data;
4.1.4. Require the Operator and any third party to destroy their Personal Data if their collection and processing were carried out in violation of the legislation of the Republic of Kazakhstan, as well as in other cases established by this Law and other regulatory legal acts of the Republic of Kazakhstan;
4.1.5. Withdraw consent to the collection, processing, distribution in public sources, transfer to third parties, and cross-border transfer of Personal Data, except in cases provided for in paragraph 2 of Article 8 of the Personal Data Law;
4.1.6. Give (refuse) consent to the Operator for the distribution of their Personal Data in public sources of Personal Data;
4.1.7. Protection of their rights and legitimate interests, including compensation for moral and material damage;
4.2. The Subject is required to provide their Personal Data in cases established by the Laws of the Republic of Kazakhstan.

5. Principles of collection, processing, and protection of Personal Data

5.1. The collection, processing, and protection of Personal Data are carried out in accordance with the principles of:
1) respecting the constitutional rights and freedoms of individuals and citizens;
2) legality;
3) confidentiality of restricted access Personal Data;
4) equality of rights for Subjects, owners, and operators;
5) ensuring the security of individuals, society, and the state.
Purpose of Collection and Processing of Personal Data, Types of Personal Data, Legal Grounds, and

6. Types of Processing of Personal Data

– Purpose of collection and processing: communication during hotel room reservations.
Personal Data: last name, first name, patronymic, email address, phone numbers.
– Legal grounds: the Operator’s statutory (founding) documents, contracts, or public offers concluded between the Operator and the Personal Data Subject.
– Types of processing of Personal Data: collection, recording, systematization, accumulation, storage, destruction, and anonymization of Personal Data.

7. Conditions for the collection and processing of Personal Data

7.1. The collection and processing of Personal Data are carried out by the Operator and any third party with the consent of the Subject or their legal representative in the manner determined by the authorized body, except in cases provided for in paragraph 5 of Article 7 and Article 9 of the Personal Data Law.
7.2. The collection and processing of Personal Data of a deceased (recognized by the court as missing or declared deceased) Subject are carried out in accordance with the legislation of the Republic of Kazakhstan.
7.3. The processing of Personal Data in the form of cross-border transfer of Personal Data, except in cases provided for by Article 16 of the Personal Data Law, the distribution of Personal Data in public sources, as well as their transfer to third parties, is carried out with the consent of the Subject.
7.4. The processing of Personal Data should be limited to achieving specific, predetermined, and Lawful purposes. The processing of Personal Data that is incompatible with the purposes of collecting Personal Data is not allowed.
7.5. Personal Data that is excessive in relation to the purposes of their processing is not Subject to processing.
7.6. The collection and processing of copies of identity documents on paper are prohibited, except in cases where there is no integration with the information systems of state bodies and (or) state legal entities, it is impossible to identify the Subject using technological means, as well as in other cases provided for by the Laws of the Republic of Kazakhstan.

8. Procedure for giving (withdrawing) consent of the Subject for the collection and processing of Personal Data

8.1. The Subject or their legal representative gives (withdraws) consent for the collection and processing of Personal Data electronically, in a way that allows confirmation of receipt of consent.
8.2. The Subject or their legal representative cannot withdraw consent for the collection and processing of Personal Data if this contradicts the Laws of the Republic of Kazakhstan, or if there are outstanding obligations.
8.3. Consent for the collection and processing of Personal Data includes:
1) the name and BIN of the Operator;
2) the Subject’s last name, first name, patronymic (if mentioned in the identity document);
3) the term or period during which the consent for the collection and processing of Personal Data is valid;
4) information on the possibility or impossibility of the Operator transferring Personal Data to third parties;
5) information on the presence or absence of cross-border transfer of Personal Data during their processing;
6) information on the dissemination of Personal Data in public sources;
7) a list of the data collected related to the Subject;
other information determined by the owner and (or) operator.

9. List of actions performed by the Operator with the collected Personal Data

9.1. The operator and third party providing the booking module perform the collection, recording, systematization, accumulation, storage, clarification (updating, modification), anonymization, blocking, deletion, and destruction of Personal Data.
9.2. The operator carries out automated processing of Personal Data with and without the receipt and/or transmission of information obtained through information and telecommunications networks.

10. Cross-border transfer of Personal Data

10.1. Cross-border transfer of Personal Data – the transfer of Personal Data to the territory of foreign states.
10.2. According to the Personal Data Law, the cross-border transfer of Personal Data to the territory of foreign states is carried out only if these states ensure the protection of Personal Data.
10.3. Cross-border transfer of Personal Data to the territory of foreign states that do not ensure the protection of Personal Data may be carried out in the following cases:
10.3.1. with the consent of the Subject or their legal representative for the cross-border transfer of their Personal Data;
10.3.2. provided for by international treaties ratified by the Republic of Kazakhstan;
10.3.3. provided for by the Laws of the Republic of Kazakhstan, if it is necessary to protect the constitutional order, ensure public order, protect the rights and freedoms of individuals and citizens, health, and public morals;
10.3.4. to protect the constitutional rights and freedoms of individuals and citizens, if it is impossible to obtain the consent of the Subject or their legal representative.
10.4. The cross-border transfer of Personal Data to the territory of foreign states may be prohibited or restricted by the Laws of the Republic of Kazakhstan.
10.5. The specifics of the cross-border transfer of service information about subscribers and (or) users of communication services are determined by the Law of the Republic of Kazakhstan “On Communications.”

11. Confidentiality of Personal Data

11.1. Operators and third parties who have access to restricted access Personal Data ensure their confidentiality by complying with the requirements to prevent their dissemination without the consent of the Subject or their legal representative or the presence of another legal basis.

12. Final Provisions

12.1. The Subject can obtain any explanations on issues of interest related to the processing of their Personal Data by contacting the Operator via email at reception@hotel-aktobe.kz.
12.2. Any changes to the Operator’s Personal Data processing policy will be reflected in this document. The policy is valid indefinitely until replaced by a new version.
12.3. The current version of the Policy is freely accessible on the Internet at https://hotel-aktobe.kz.