This Standard Personal Data Processing Policy (hereinafter — the Policy) is developed in accordance with Part 2 of Article 4 of the Law of the Kyrgyz Republic “On Personal Information” and establishes the legal and organizational grounds for the processing of personal data by GTAgro LLC (hereinafter — the Holder/Processor).
This Policy is aimed at ensuring the protection of the rights and freedoms of personal data subjects during the processing of their personal data and applies to all operations involving personal data performed by the Holder/Processor, both in automated and non-automated modes.
Basic rights and obligations of personal data subjects:
Personal data subjects have the right:
to obtain complete information about their personal data processed by the Holder/Processor;
to access their personal data, including the right to receive a copy of any record containing their personal data, except in cases provided for by the Law of the Kyrgyz Republic “On Personal Information”;
to request clarification, blocking, or deletion of their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the declared purpose of processing;
to take measures provided by law to protect their rights, including applying to the authorized state body for personal data protection;
to exercise other rights established by the legislation of the Kyrgyz Republic.
Personal data subjects are obliged to:
provide only accurate information about themselves to the Holder/Processor;
provide documents containing personal data in the volume necessary for the purpose of processing;
notify the Holder/Processor about any clarification (updating, modification) of their personal data.
Basic rights and obligations of the Holder/Processor:
The Holder/Processor has the right:
to receive from the personal data subject accurate information and/or documents containing personal data;
to clarify the personal data provided by the subject.
The Holder/Processor is obliged to:
process personal data in accordance with the procedures established by the Law of the Kyrgyz Republic “On Personal Information”;
review requests submitted by personal data subjects regarding the processing of their data and provide responses within no more than 7 days from the date of submission;
provide the personal data subject with free access to their personal data;
take measures to update personal data upon the request of the personal data subject;
ensure the protection of personal data in accordance with the legislation of the Kyrgyz Republic.
The Holder/Processor collects, uses, and protects personal data provided by the personal data subject in any form of communication, in accordance with this Policy and the legislation of the Kyrgyz Republic.
The Holder/Processor processes personal data of the following categories of subjects:
Customer
The personal data processed by the Holder/Processor includes:
Full Name
Special categories of personal data processed by the Holder/Processor include:
— (not specified in the provided text)
The Holder ensures the compliance of the content and volume of processed personal data with the declared purposes of processing and, if necessary, takes measures to eliminate any excessive data not required for these purposes.
The processing of special categories of personal data revealing racial or ethnic origin, national affiliation, political views, religious or philosophical beliefs, as well as data relating to health or intimate life, is not carried out by the Holder/Processor / or is carried out strictly in accordance with Article 8 of the Law of the Kyrgyz Republic “On Personal Information”.
The Holder may revise the lists of personal data and categories of personal data subjects. Changes must be incorporated into this Policy and personal data subjects must be notified by any available means (official website, notices, push notifications, email, etc.).
Personal data is processed by the Holder/Processor for the following pre-defined and lawful purposes:
(Purposes not included in provided text — can be added upon request.)
The legal grounds for personal data processing by the Holder/Processor include:
The Civil Code of the Kyrgyz Republic;
Personal data is processed by the Holder/Processor using the following method:
Mixed (automated and non-automated)
Processing of personal data performed by the Holder/Processor includes any operation or set of operations performed regardless of the method used, with or without automation, for the purposes of collecting, recording, storing, updating, grouping, blocking, deleting, and destroying personal data.
Personal data is processed by the Holder/Processor with the consent of the personal data subject (hereinafter — Consent), except for cases established by law when processing may be carried out without such consent.
Methods of notifying the personal data subject:
(Not specified — can be filled in if required.)
The personal data subject decides to provide their personal data and gives consent in writing on paper or in the form of an electronic document signed with an electronic signature according to the legislation of the Kyrgyz Republic.
Grounds for terminating the processing of personal data include achieving the purposes of processing, updating personal data, or identifying unlawful processing.
To achieve the processing purposes, and with the consent of the personal data subject, the Holder/Processor may transfer personal data to third parties, provided that the recipient assumes obligations to maintain confidentiality.
The Holder/Processor takes (or ensures the taking of) necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, distribution, and other unlawful actions.
Personal data must not be stored longer than necessary to achieve the purposes of their collection. Storage periods may be extended only in the interests of the personal data subject or if required by the legislation of the Kyrgyz Republic.
If personal data is found to be inaccurate or unlawfully processed, it must be updated, blocked, or destroyed depending on the legality of its collection, storage, and processing, or its processing must otherwise be terminated.
In cases of inaccuracy or unlawful processing of personal data, the personal data subject has the right to contact the Holder directly or apply to the authorized state body for personal data protection.
Upon written request of the personal data subject, the Holder/Processor must provide information about the processing of their personal data, including:
confirmation of the fact of processing;
legal grounds and purposes of processing;
purposes and methods of processing applied by the Holder/Processor;
name and location of the Holder, and information about persons (except employees who have access by default) who may receive personal data under a contract or by law;
personal data processed and the source of its collection;
processing periods, including storage periods;
procedure for exercising rights regarding updating, blocking, and deleting;
information about performed or intended cross-border transfers.
If the subject does not have the right to access the requested information, a reasoned refusal is issued.
Upon expiration of the storage period or achievement of the purposes of collection, personal data must be destroyed within two weeks. Destruction is confirmed by an act, a copy of which may be issued to the personal data subject upon written request.
All relations concerning personal data processing that are not covered by this Policy shall be regulated according to the Law of the Kyrgyz Republic “On Personal Information”.
The Holder/Processor has the right to amend this Policy. The updated version must indicate the date of the last revision. The new version enters into force upon publication in open access, provided that a preliminary notice of the planned changes is issued not less than 14 working days prior to publication.