POLICY ON THE COLLECTION, PROCESSING AND PROTECTION OF PERSONAL DATA

1. GENERAL PROVISIONS

1.1. Who approved this Policy

This Policy on the Collection, Processing and Protection of Personal Data has been approved by:

Aximum LLP

Business Identification Number (BIN): 251240031238

Registered address: Apt. 16, 157/4 Miras microdistrict, Bostandyk district, Almaty, Republic of Kazakhstan

Email: [email protected]

Hereinafter referred to as the Operator.

1.2. Applicable law

This Policy is prepared in accordance with the legislation of the Republic of Kazakhstan, including the Law of the Republic of Kazakhstan No. 94-V dated May 21, 2013 “On Personal Data and Its Protection”, as amended, and other applicable legal acts of the Republic of Kazakhstan.

1.3. What this Policy defines

This Policy defines:

1. the procedure for collecting, processing, storing and protecting personal data;
2. the purposes and legal grounds for personal data processing;
3. the categories of personal data processed by the Operator;
4. the rights of personal data subjects;
5. the procedure for interaction with personal data subjects regarding their personal data.

1.4. Whose personal data is processed

The Operator may process personal data of individuals who:

1. visit the Operator’s websites or online resources;
2. submit applications, requests or forms through the Operator’s resources;
3. use the Operator’s services, products, applications or mini-applications;
4. communicate with the Operator through messengers, email, forms or other communication channels;
5. enter into civil law, contractual or other relations with the Operator.

1.5. Categories of personal data processed by the Operator

The Operator may process the following personal data:

1. full name;
2. phone number;
3. email address;
4. links to social media profiles;
5. messenger username or nickname, including Telegram username;
6. user identifiers in messengers, mini-applications or other digital platforms;
7. information submitted by the user through forms, applications, requests or messages;
8. technical data related to the use of the Operator’s resources, including cookies, IP address, device data, browser data and usage statistics.

1.6. Processing of depersonalized and technical data

The Operator may collect and process depersonalized data about visitors, including cookies and usage statistics, using analytics tools and Internet statistics services.

Such data is used to improve the quality of the Operator’s resources, analyze usage, fix errors and develop services.

1.7. Resources where personal data may be processed

This Policy applies to the Operator’s websites, applications, mini-applications, subdomains, pages and related digital resources, including:

• https://unitee.space/ and its subdomains and pages.

1.8. Matters not regulated by this Policy

Matters not regulated by this Policy shall be governed by the applicable legislation of the Republic of Kazakhstan.

2. PERSONAL DATA

2.1. Definition of personal data

Information relating to an identified or identifiable individual, recorded on electronic, paper or other tangible media.

2.2. Personal data subject

An individual whose personal data is processed by the Operator.

2.3. Processing of personal data

Any actions performed with personal data, including collection, recording, systematization, accumulation, storage, modification, updating, use, transfer, distribution, depersonalization, blocking and destruction.

3. RIGHTS OF PERSONAL DATA SUBJECTS

The personal data subject has the right to:

1. know whether the Operator processes their personal data;
2. receive information about the purposes, methods and scope of personal data processing;
3. request access to their personal data;
4. request correction, updating or supplementation of personal data;
5. request blocking, destruction or depersonalization of personal data in cases provided by law;
6. withdraw consent to personal data processing, unless further processing is required or permitted by law;
7. exercise other rights provided by the legislation of the Republic of Kazakhstan.

4. PURPOSES OF PERSONAL DATA PROCESSING

The Operator processes personal data for the following purposes:

1. processing requests, applications and inquiries from users;
2. communication with users;
3. providing access to the Operator’s services, products, applications and materials;
4. concluding, performing and terminating contracts;
5. providing customer support;
6. identifying users in digital services, messengers, applications and mini-applications;
7. sending service, technical, transactional and informational messages;
8. notifying users about products, services, updates and changes;
9. improving the quality, security and functionality of the Operator’s resources;
10. analyzing the use of the Operator’s resources;
11. fulfilling obligations established by the legislation of the Republic of Kazakhstan;
12. protecting the rights and legitimate interests of the Operator, users and third parties.

5. PRINCIPLES OF PERSONAL DATA PROCESSING

The Operator processes personal data based on the following principles:

1. legality, fairness and transparency;
2. processing only for specific, predetermined and lawful purposes;
3. limiting the scope of personal data to what is necessary and sufficient for the purposes of processing;
4. ensuring accuracy and relevance of personal data where necessary;
5. storing personal data no longer than required for the purposes of processing, unless otherwise required by law;
6. taking necessary legal, organizational and technical measures to protect personal data.

6. COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

6.1. Procedure for obtaining personal data

The Operator obtains personal data directly from the User when filling out forms, registering, sending requests or using the Operator’s resources.

6.2. Consent to processing

The Operator processes personal data with the consent of the personal data subject, except in cases where processing without consent is permitted by the legislation of the Republic of Kazakhstan.

6.3. Storage of personal data

Personal data is stored as long as necessary to achieve the purposes of processing, unless a longer period is required by law. The Operator’s databases are located in the territory of the Republic of Kazakhstan.

7. TRANSFER OF PERSONAL DATA

7.1. Transfer to third parties

The Operator may transfer personal data to third parties (contractors, analytics services, payment systems) solely to achieve the purposes specified in this Policy, and subject to ensuring confidentiality.

7.2. Cross-border transfer

Cross-border transfer of personal data is carried out in accordance with the legislation of the Republic of Kazakhstan where there are legal grounds.

8. SECURITY MEASURES

The Operator takes necessary legal, organizational and technical measures to protect personal data from unauthorized access, modification, disclosure or destruction.

9. USE OF COOKIES

The Operator uses cookies to ensure the functionality of resources, analyze traffic and improve user experience. The User can manage cookie settings in their browser.

10. LEGAL BASIS FOR PERSONAL DATA PROCESSING

The legal bases are: consent of the subject, performance of a contract, requirements of the legislation of the Republic of Kazakhstan, protection of the legitimate interests of the Operator or third parties.

11. FINAL PROVISIONS

11.1. Contact Information

For questions regarding personal data processing, the User may contact the Operator:

Email: [email protected]

11.2. Changes to the Policy

The Operator has the right to change this Policy. The new version comes into force from the moment it is published on the Operator’s resources.

11.3. Entry into force

This Policy comes into force from the moment it is published.