Entrance

PRIVACY POLICY

PRIVACY POLICY AND PROCESSING OF PERSONAL DATA

DATA OF OSON PAYMENTS LLP

 

This Privacy Policy and Personal Data Processing (hereinafter referred to as the Policy) applies to the information that OSON payments LLP (hereinafter referred to as OSON Payments) may receive about the User during his use of the OSON payment service in the form of a mobile or web application, as well as any other programs, products, services of OSON payments LLP (hereinafter referred to as the OSON Services). The Policy applies only to OSON Services does not control and is not responsible for third-party websites/services to which the User can follow links available from OSON Services, including information about the User processed by third parties. All terms and definitions not given and used in the text of the Policy are given in other agreements/contracts, the subject of which is the procedure for the provision and use of OSON Services by the User.

The use of OSON Services means the User's unconditional consent to this Policy and the terms of processing of his personal information specified in it; in case of disagreement with these terms, the User must refrain from using the OSON Services.

1. Customer information received and processed by OSON:

1.1. Within the framework of this Policy, the User's personal information means:
1.1.1. Personal information that the User provides about himself or herself when registering in any of the OSON Services or in the process of using the OSON Services, including the User's personal data transferred in the course of execution of any OSON agreements with the User. It should be noted that the User's use of certain OSON services is possible only if the necessary data is provided.
1.1.2. Data that is automatically transmitted to OSON in the process of using OSON Services using the software installed on the User's device, including IP address, information from cookies (text files stored in the User's browser), information about the User's browser (or other program with which access to OSON Services is used), access time, address of the requested page.
1.1.2.1. When using OSON Services, the following impersonal statistical data about the User is automatically collected (from cookies), including:

  • the type of action performed on the site (click, hover, etc.);
  • the date and time of the action;
  • Page URL
  • Referer;
  • IP (without the ability to work with IP addresses in statistics);
  • User-Agent;
  • ClientID (browser identifier from the cookie);
  • screen resolution;
  • the class of the HTML element that is clicked;
  • Searches
  • all details on payments, enabled and disabled functions;
  • Geolocation of the User;
  • error reports with detailed information about devices, model, manufacturer, etc.;
  • data on the User's telephone contacts;
  • data on the information viewed by the User in the interface of the OSON Services, including information in the sections: "Payment on the spot"; "Payment for services"; "Transfer of funds"; "My cards"; "Monitoring of payments"; "Fines of the State Traffic Safety Inspectorate"; "Settings", as well as any other sections added in the future;
  • data on the facts of filling out forms/requests on the website and/or in the OSON mobile application, including errors when filling them out.


1.1.2.2. By using any service provided by OSON, the User agrees that OSON may use statistical data and cookies for their subsequent processing by the systems, and may transfer them to a third party to conduct research, perform work or provide services to OSON. The User can independently manage cookies by changing the settings of the browser operating on his equipment. which cookies are blocked, may lead to the unavailability of certain components of the OSON payment service.
1.1.3. OSON may obtain publicly available information when the User uses third-party resources (e.g. chats/forms/social networks). This data may contain information that the User publishes, including in the form of comments or reviews about the OSON Services. OSON uses such information in order to improve the quality of customer service.
1.1.4. OSON may also process certain data (e.g. IP address, user device identifier) in order to identify and/or prevent conditions that contribute to the commission of actions using the OSON Service that are contrary to the requirements of the law and this Policy.

1.1.5. OSON may receive information about the User from its counterparties and/or Partners. For example, when executing an agreement with a counterparty, the latter may transfer to OSON some information that provides the counterparty with the ability to establish a connection between such User and his/her transfer, the information about the performance of which is transferred by OSON to the counterparty.
1.1.6. OSON may receive information in order to maintain the proper level of security of online payments made by the User using bank cards. The list of such information is defined in clause 3.3.2.1. of the Policy.

 

2. Purposes of collecting and processing personal information of Clients

2.1. OSON collects and stores only the personal information that is necessary for the provision of OSON Services or the performance of agreements with the User, except for cases when the legislation provides for the mandatory receipt and storage of certain personal information. Storage of personal information is carried out no longer than required by the purposes of processing, unless the storage period for such personal information is established by the legislation of the Republic Kazakhstan, the Privacy Policy and Personal Data Processing of OSON Payments LLP.
2.2. OSON can use the User's personal information for the following purposes:
2.2.1.Execution of agreements with OSON, as well as agreements concluded with OSON counterparties, including for the purpose of identification/simplified identification of the User, providing the User with the opportunity to use all available OSON services;
2.2.2. Communications. Communication with the User, including sending notifications, requests and information regarding the use of OSON Services / the provision of OSON services, as well as processing requests and applications from the User, including the subsequent transfer of such requests and requests for execution to OSON's counterparties;
2.2.3. Improving the quality of the OSON Services, the convenience of their use, the development of new OSON Services, offering personalized OSON Services to the User;
2.2.4. Conducting statistical and other research based on anonymized data;
2.2.5. Conducting marketing campaigns for Clients, including for the purpose of distributing offers for participation in promotions initiated by OSON in cooperation with Partners/counterparties and receiving prizes/rewards provided for by the promotion; distribution of advertising and information materials via telecommunication networks, including through the use of telephone, facsimile, mobile radiotelephony, or through direct contacts; targeting of advertising materials and other information brought to the attention of the Clients.
2.2.6. Prevention of conditions that contribute to the commission of actions using the OSON Payment Service that are contrary to the requirements of the law or agreement.

3. Terms of processing of the User's personal information and its

transfers to third parties

 

3.1. OSON processes the Clients' personal information in accordance with this Policy, the terms of provision of specific services and OSON's internal regulations.
3.2. Confidentiality of the User's personal information is ensured.
3.3. OSON has the right to transfer the User's personal information to third parties in the following cases:
3.3.1. The User has expressed his/her consent to such actions;
3.3.2. The transfer is necessary for the use of a certain OSON Service or the service of an OSON partner, including for the execution of the User's order. In particular, Personal Information may be transferred to third parties of the following categories:
3.3.2.1. For example, in order to maintain the proper level of security of online payments made using bank cards, OSON may transfer information, the list of which is established by the security protocols of payment systems, to acquiring banks/issuing banks, payment systems.  geographical data, ID/type of equipment, channel used: browser/application, payment authorization, identification/verification or optional, e.g. in terms of information about address match indicators, information about the provider's account, email address, mobile phone number, payment amount, level of risk set by the provider, payment system.
3.3.2.2. Marketing partners and other contractors of OSON.
(a) OSON may provide access to certain data (e.g. statistics) for marketing and other research, as well as to other data that allows the User to receive advertising, including third-party advertising, which is relevant and may be of interest to the Client;
(b) OSON may provide access to some data on the User's payment transactions, which are the basis for the OSON partner to determine the possibility of providing such User with discounts (premiums), incentives due to the User's fulfillment of certain conditions established by the OSON partner, as well as on the Bonus Account of the User – participant of the Loyalty Program, when such access is conditioned by the possibility of providing the User with additional terms of use Privileges;
(c) OSON may provide access to the User's e-mail address, which allows the OSON partner to ensure the transfer of a fiscal or other document provided for by the legislation of the Republic of Kazakhstan;

(d) When the User uses the services provided by OSON's partners, information about the User may be provided to such persons to the extent and for the purposes necessary to properly provide the services to the User or to improve the user-friendliness, for example, to pre-fill registration forms, to speed up the registration process for the services provided by OSON partners.
3.3.2.3. Partners providing data storage.

3.3.2.4. Partners involved in ensuring the prevention of conditions that contribute to the commission of actions using OSON services that are contrary to the requirements of the law or the Policy.

3.3.2.5. Publicly available information.

OSON Services may have forums and/or chats in any social network and channel where Clients can exchange ideas and communicate with each other. When posting a message on a forum or chat area, the User should keep in mind that such information will be publicly available online and such posting is done by the User at his own risk.
3.3.2.6. Transfer of control. The transfer takes place as part of the sale or other transfer of business (in whole or in part), while the acquirer assumes all obligations to comply with the terms of this Policy in relation to the personal information received by him;
3.3.2.7. Transfer is provided for by the legislation of the Republic of Kazakhstan within the procedure established by law;

3.3.2.8. In order to ensure the possibility of protecting the rights and legitimate interests of OSON or third parties in cases where OSON has reasonable grounds to believe that the User violates the terms of the applicable Policy with OSON and/or the requirements of applicable law.
3.3.2.9. When the User uses the services of OSON payments LLP and/or its affiliates, the User's personal information may be transferred to OSON payments LLP and/or its affiliates for processing on the terms and for the purposes specified in this Policy. The User's personal information, for the purposes of this paragraph, means, among other things, data on the balance on the bank card and information about transactions using the OSON Payment Service carried out with the participation of OSON payments LLP software.
3.4. When processing personal data of Clients, OSON is guided by the Law of the Republic of Kazakhstan "On Personal Data and Their Protection" and other regulations governing relations in the field of personal data security.

3.5. Disclosure of anonymous data OSON may also disclose anonymous data (i.e. data that does not reveal the identity of the User either directly or indirectly) as well as aggregated data (data on groups and categories of Clients) to partners. OSON may also allow partners to collect anonymous and aggregated data as part of providing Users with the opportunity to use certain features of the Services, which may subsequently share this data with OSON.

 

4. Modification and deletion of personal information by the User, as well as access to it.

4.1.Within the framework of the OSON Services, the User is provided with a functional opportunity to change (update, supplement) or delete the information provided by the User or part thereof. Withdrawal of the Consent to the processing of personal data must be made in writing and sent by e-mailinfo@oson.com.

4.1.1. To the extent permitted by applicable law, OSON shall notify each recipient to whom the personal information has been disclosed of the modification or destruction of personal information, unless it is impossible or requires disproportionate effort.

4.2. In accordance with the requirements of the law, OSON may be obliged to process/store the User's personal information obtained when using OSON Services. Such processing/storage is carried out by OSON in the cases, on the grounds and within the terms established by law and this Agreement.
4.4. Funds are debited only if the deposit of the bank card from which the debiting is made is equal to or exceeds the amount of the fee for using the Service.

4.3. Right of access

4.3.1. In accordance with applicable law, the User has the right to access the information received by OSON, i.e. has the right to request information regarding:
(a) the purpose of the processing;

(b) the categories of data processed;

(c) the category of recipients to whom the User's personal data have been or will be transferred;
(d) the retention period or the criteria for determining it, as well as other information.
4.3.1.1. Unless otherwise implemented in the OSON Payment Service interface, information (copy) may be provided to OSON in writing or by other means of communication.
4.3.1.2. If OSON has reason to doubt the identity of the User, the User submitting a request in accordance with clause 4.3.1 of this Policy has the right to request additional information necessary to confirm the identity of such User.
4.3.1.3. Consideration of the request for information (copy) shall be carried out within one month (30 days) from the date of its receipt by OSON. OSON shall have the right to extend the said period by two months (60 days), taking into account the complexity and number of requests, OSON shall inform the User of such extension, in any way convenient for OSON, indicating the reasons for such extension.

4.3.1.4. In the event that the request is not clearly justified or in the event of an excessive number of requests, OSON may charge a reasonable fee for the execution of the request (subject to administrative costs) or refuse to comply with the request. OSON will also not be able to provide the User with information about him/her published in the manner provided for in clause 3.3.2.5. Policy.

4.3.1.5. The User has the right to independently transfer the information received from OSON in the manner provided for in this section to another controller.

4.4. Right to object

4.4.1. To the extent permitted by applicable law, the User may withdraw any consent that he or she has previously provided or object, on legitimate grounds, to the processing of his or her personal information. In some situations, withdrawal of consent will mean that the User will not be able to use the OSON Services.
4.4.2. In accordance with applicable law, the User has the right to file a complaint with a supervisory authority.

 

5. Measures used to protect the personal information of the Clients.

5.1. OSON takes the necessary and sufficient organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions with it by third parties.

5.2. OSON protects and processes the User's personal data in accordance with the Law of the Republic of Kazakhstan dated May 21, 2013 No 94-V "On Personal Data and Their Protection", and other regulations governing relations in the field of personal data security.

5.3. When processing personal data, OSON ensures their security and takes the necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution of personal data, as well as from other illegal actions, by establishing a confidentiality regime in relation to such data and monitoring its compliance, as well as by introducing additional measures implementing the requirements of the legislation of the Republic of Kazakhstan, standards and internal organizational and administrative documents of OSON.

 

6. Changes to the Privacy Policy. Applicable law

6.1. OSON has the right to offer the User to change and/or supplement this Policy by publishing a new version of the Agreement. The User's acceptance of such an offer is implicative actions to use any of the OSON Services on new terms.

6.2. This Policy and the relationship between the User and OSON are subject to the legislation of the Republic of Kazakhstan and regulations governing relations in the field of personal data security.