Please wait, loading...
Please wait, loading...
1) This Model Personal Data Processing Policy (hereinafter referred to as the “Policy”) has been developed in accordance with the requirements of Part 2 of Article 4 of the Law of the Kyrgyz Republic “On Personal Information” and defines the legal and organizational basis for processing personal data by the PEAK public fund (hereinafter referred to as the “Holder/Processor”).
2) This Policy aims to ensure the protection of the rights and freedoms of individuals whose personal data is processed by the Holder/Processor. It applies to all operations involving personal data, whether performed in automated mode or not.
1) Personal data subjects have the following rights:
– To receive full information about their personal data processed by the Holder/Processor.
– To access their personal data, including the right to receive a copy of any record containing their personal data, except as provided by the Law of the Kyrgyz Republic “On Personal Information.”
– To rectify their personal data, block or delete it in cases where the data is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated purpose of processing.
– To take legal measures to protect their rights, including filing a complaint with the authorized state body for personal data protection.
– To exercise other rights provided by the legislation of the Kyrgyz Republic.
2) Personal data subjects are obliged to:
– Provide the Holder/Processor with accurate and reliable data about themselves.
– Provide documents containing personal data to the extent necessary for the processing purposes.
– Inform the Holder/Processor about any updates or changes to their personal data.
1) The Holder/Processor has the right to:
– Obtain reliable information and/or documents containing personal data from the personal data subject.
– Rectify the personal data provided by the subject if necessary.
2) The Holder/Processor is obliged to:
– Process personal data in accordance with the Law of the Kyrgyz Republic “On Personal Information.”
– Consider and respond to personal data subjects’ inquiries regarding the processing of their personal data within a period not exceeding 7 days from the date of the application.
– Provide personal data subjects with free access to their personal data.
– Take measures to update personal data in response to a personal data subject’s request.
– Organize the protection of personal data in accordance with the requirements of the legislation of the Kyrgyz Republic.
1) The personal data processed by the Holder/Processor include:
– Telephone number
– Full name
– Email address
2) The Holder/Processor processes special categories of personal data [The specific categories should be specified here].
3) The Holder ensures that the content and volume of processed personal data correspond to the stated purposes of processing. If necessary, measures are taken to eliminate redundant data that is not relevant to the stated purposes.
4) Processing of special categories of personal data revealing racial or ethnic origin, nationality, political views, religious or philosophical beliefs, as well as data relating to health and intimate life, is not carried out by the Holder/Processor or is carried out strictly in accordance with Article 8 of the Law of the Kyrgyz Republic “On Personal Information.”
5) The lists of personal data and categories of personal data subjects may be revised by the Holder. Changes to this Policy will be recorded, and personal data subjects will be notified through various means such as the official website, announcements
, push notifications, or email messages.
1) The Holder/Processor processes personal data for the following predetermined and legitimate purposes:
– Compliance with the legislation of the Kyrgyz Republic.
– Ensuring transparency in public activities to the extent prescribed by law.
1) The legal grounds for processing personal data by the Holder/Processor are:
– The Constitution of the Kyrgyz Republic.
– The Civil Code of the Kyrgyz Republic.
– The Law of the Kyrgyz Republic “On Personal Information.”
– Consent of personal data subjects to the processing of their personal data.
1) The processing of personal data by the Holder/Processor is carried out in the following manner:
– Automated processing.
2) The processing of personal data by the Holder/Processor includes any operations or set of operations performed, with or without the use of automated means, for the purpose of collecting, recording, storing, updating, grouping, blocking, erasing, and destroying personal data.
3) The processing of personal data is subject to obtaining the consent of the personal data subject (“Consent”), unless otherwise provided by law.
4) The subject of personal data is notified through email.
5) The personal data subject makes a decision to provide their personal data and provides it in writing, either on paper or in the form of an electronic document signed with an electronic signature, in accordance with the legislation of the Kyrgyz Republic.
6) The processing of personal data may be terminated upon achievement of the processing purposes, updating of personal data, or identification of unlawful processing of personal data.
7) The Holder/Processor has the right to transfer personal data to third parties, with the consent of the personal data subject, for the purpose of achieving the processing purposes. The data recipient is obliged to maintain the confidentiality of the data.
8) The Holder/Processor takes or ensures the necessary legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, distribution, or any other illegal actions.
9) Personal data should not be retained for longer than necessary to fulfill the purposes for which it was collected. Storage periods may only be extended in the interests of the personal data subject or if required by the legislation of the Kyrgyz Republic.
1) In case the personal data is confirmed to be inaccurate or processed unlawfully, the personal data shall be updated, blocked, or deleted, depending on the legality of their collection, storage, and processing by the Holder/Processor. Processing may also be terminated accordingly.
2) If personal data is found to be inaccurate or processed unlawfully, the personal data subject has the right to directly address the Holder or the authorized state body for personal data protection.
3) Upon a written request from the personal data subject, the Holder/Processor is obliged to provide information on the processing of personal data, including the following:
– Confirmation of personal data processing by the Holder/Processor.
– Legal grounds and purposes of personal data processing.
– Methods used by the Holder/Processor for processing personal data.
– Name and location of the Holder, information about individuals who have access to personal data, and the basis for their access (excluding employees of the Holder or individuals to whom personal data may be transferred based on an agreement or law).
– Processed personal data related to the personal data subject, including the source of their receipt.
– Terms of personal data processing, including storage periods.
– Procedures for exercising the personal data subject’s rights regarding the updating, blocking, and deletion of personal data.
– Information about
performed or proposed cross-border data transfers.
4) If the personal data subject does not have access rights to the requested information, a reasoned refusal is provided.
5) After the storage period expires and the purposes of collecting personal data are achieved, the personal data is destroyed within four weeks. Destruction is confirmed by an act, a copy of which can be provided to the personal data subject upon written request.
1) All relations related to the processing of personal data that are not reflected in this Policy are regulated in accordance with the provisions of the Law of the Kyrgyz Republic “On Personal Information.”
2) The Holder/Processor reserves the right to make changes to this Policy. The date of the last update is indicated in the current version. The new version of the Policy becomes effective