Privacy policy

LEGAL DATA

This privacy policy has been prepared based on provisions of multiple legislations, including Regulation (EU) 2016/679 (General Data Protection Regulation).

KEY DEFINITIONS

Personal data (or Data) 
Any data that directly, indirectly, or in connection with other data—including a personal identification number—allows for the identification or identifiability of a natural person.

Usage Data 
Data collected automatically through our application and/or our website (or third-party services employed by us), which can include: the IP addresses or domain names of your computer, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, and other), the country of origin, the features of the browser and the operating system utilized by you, the various time details per visit (for example, the time spent on each page within the Application and/or our website), and the details about the path followed within the Application and/or our website with special reference to the sequence of pages visited, and other parameters about the device operating system and/or your IT environment.  

Who are we (owner and data controller)? 
Individual Entrepreneur AdMax, incorporated under the laws of Turkey, with registered address: Deniz Sokak 98 29262 Adana, (hereinafter also referred to as “We” and “Company Company”) is committed to protecting your privacy and ensuring the security of any personal data we collect from you.  You can always contact us by sending an e-mail to: admin@astrix.kz

 What is this policy for? 
The purpose of this policy is to explain to you what personal data we collect and how we and our associated companies may use it. Companies are associated with us if they are our subsidiaries or we are both subsidiaries of the same corporate entity.  We are the controller of any personal data you provide to us, which means that we decide the purposes and means of the processing of that personal data.  

How do we obtain and store your personal data? 
We obtain your personal data through applications, emails, letters, telephone calls, text messages, cookies, and conversations when you register in our services and work with them. 
We may monitor and maintain a record of all emails and electronic communications we send or receive. We follow strict security procedures during the processes of storage and disclosure of personal data that you have given to us in order to prevent unauthorized access to such data.  

Types of personal data that we may collect and process:

your (or your company’s) name;
your (or your company’s) contact details, including email details and phone numbers;
your age or date of birth;
your gender;
your (or your company’s) usernames and passwords to our Services (if any);
additional details of your company, such as: banking details, information about the owners and/or executives etc.

Additionally, we may collect:

your IP address;
your phone device type;
operating system of the PC or notebook you use to get an access to our services;
your device ID;
your cookie ID;
data about your use of our services, products, and facilities;
usage data.

How do we check your identity? 
To comply with applicable regulations, we may need to confirm the name and address of our clients and certain third parties. We may ask you to provide physical forms of identity verification when you open your account. Alternatively, we may use a 3rd party agency to verify your identity. Our search is conducted with the use of all necessary security measures in order to make sure that the personal data we get is strictly confidential, and unauthorized parties cannot access it.  

How do we use your personal data? 
As well as checking your identity, the personal data we hold may be used for: 

complying with our legal and regulatory obligations;
performing our obligations under any contract we have with you;
administering our relationship with you including resolving queries or issues;
establishing and managing your account(s);
reviewing your ongoing needs;
providing you with the data, products and services that you request from us;
checking your requests to us;
investigating any complaint you may make;
providing evidence in any dispute or anticipated dispute between you and us;
enhancing our customer service and products;
undertaking product development and analysis;
detecting or preventing fraud or other crimes;
contacting you—we may send you marketing material from time to time by post, email, telephone, SMS, mobile push notifications, web push notifications, messengers (Viber, Telegram, Facebook messenger, and other), or other electronic messaging services

When may we share your personal data? 
We may share your personal data with: 

relevant regulatory or tax authority;
such third parties as we reasonably consider necessary in order to prevent crime, for instance, the police;
our associated companies;
third-party service providers and advisers who provide us with administrative, financial, research, or other services in connection with the services we provide to you;
our commercial partners;
our professional advisers;
our auditors for the purposes of carrying out financial and regulatory audits;
our agents, including credit reference agencies, acting on our behalf, carrying out such credit and identity checks, including compliance regulatory reporting, and fraud prevention checks;
courts, tribunals, regulatory or tax authorities, and government agencies to enable us to enforce our agreement with you or to comply with the requirements of a court, regulator, tax authority, or government agency;
other parties which may be necessary to involve in order to provide the best service to you as our customer. Generally, we require that organizations outside our associated companies with whom we share your personal data acknowledge the confidentiality of your data, undertake to respect your right to privacy and comply with the data protection principles and this policy.

How may we share your personal data? 
The data we may collect is anonymous and will help us improve your user experience with our services.  Rest assured that none of the anonymous data we may collect involves personal or financial data, other sensitive data, or user-generated private content. Also, any data we may transmit will not include your device's camera, microphone, or other user inputs. All transmitted data is protected by SSL encryption.  

What is the legal basis for our processing of personal data? 
The legal basis for our processing of personal data will depend on why we process your personal data.  Where you wish to enter into or have signed a contract to receive services from us, we will process your personal data to enable us to enter into and perform our contract with you. If you do not provide the personal data requested, we may not be able to provide some or all of those services to you.  We may also need to process your personal data to comply with our legal and regulatory obligations including in relation to performing different checks, complaints, and investigations or litigation. 
We also have a legitimate interest to process your personal data for: 

performing the services or supplying the products or data you have agreed to receive from us;
ongoing management of our relationship with you and to maintain contact with you;
our internal business purposes which may include business and disaster recovery, document retention/storage, IT service continuity (for example, back-ups and help desk assistance) to ensure the quality of the services we provide to you;
corporate transactions;
marketing analytics including marketing campaign optimization and web analytics to enable us to develop and target the marketing of our products and services;
keeping our records updated and studying how customers use our products/services;
developing our products and services, growing our business, and informing our marketing strategy;
defining the types of customers for our products and services and keeping our website(s) and platform(s) updated and relevant;
portfolio analysis and experience studies to enable us to improve the products and services we offer to customers. In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

What is the place of processing? 
The data is processed at our operating offices and in any other places where the parties involved in the processing are located.  Depending on your location, data transfers may involve transferring your personal data to a country other than yours. To find out more about the place of processing of such transferred personal data, you can check the ‘Using Your Personal Data' section.  If any such transfer takes place, you can inquire with us via admin@astrix.kz.  Please note that we use Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. All the data is sent over an encrypted TLS 1.2 connection.  

For how long will we keep your personal data? 
We hold personal data about you on electronic and/or paper files whilst you are a customer and for at least three years after you cease to be a customer. Please note that pursuant to the applicable legislation some of your personal data must be retained for a term of five years. Such personal data includes: 

your (or your company’s) full name;
your (or your company’s) residential/registration address;
your age/date of birth;
your passport details;
your photos of your identity documents;
data regarding your (or your company’s) activities;
your (or your company’s) telephone number;
your (or your company’s) email address;
your (or your company’s) communication history with the support (chats/emails/calls).
In addition, the above data shall be stored for our defense of legal claims during the limitation periods envisaged by the applicable legislation.  Please be informed that the above personal data will be encrypted and securely stored in our IT system, will not be used for any purposes other than for the purposes indicated above and will be erased from our system at the expiration of the seven-year period. Please be assured that access to the above personal data will be restricted during the whole period of storage.

What is a Cookie and why do we use it? 
Cookies are small pieces of data that are stored on your computer by a website you visit in order to enable you to perform certain functions on the website and regulate its content to your preference. They can store data on the pages for which you have provided key data (for example, when you provide a password), but only once you are asked and you accept the storage of this data. Cookies may be used on some pages of the site for us to provide you with a more customized web browsing experience. They are not used to determine the personal identity of anyone merely visiting the site.  Types of cookies we use: 

session cookies
These cookies are temporary cookies as they are deleted as soon as you close your browser. Session cookies are used to retain the data you provide us with as you navigate through each section of our website. You can choose to decline session cookies via your browser’s privacy settings but please note that this may have a negative impact on your browsing experience and particularly if these are declined across all websites 
analytical cookies
Analytical cookies may include both temporary and more persistent cookies that we use to track how you use our website and for how long. Analytical cookies do not divulge any identifying data specific to your person but they do help us improve how we provide you with our content. Refer to your browser’s privacy settings on how you can opt out of analytical cookies 
functional cookies
Functional cookies record and save your choices in order to provide a more seamless experience across our website. One way functional cookies do this is by remembering your language selection each time you visit us. Refer to your browser’s urgent privacy settings on how you can opt out of functional cookies 
third-party cookies
These cookies are used by third parties and mostly by social media websites like Google+, Facebook, or YouTube. Third-party cookies allow us to offer you easy ways to share our content throughout your social media and also present you with the videos we post on YouTube. You can disable the use of these cookies through your browser’s privacy settings but please do note that this will also disable all the functions described above.  As already mentioned, we use cookies to ensure the optimal functionality of our website and cater our content to your personal preferences. If you have further questions, please do not hesitate to contact us via admin@astrix.kz.

How can you get more help? 
If you want help with our Privacy Policy or have questions about it, please contact us via admin@astrix.kz.  If you are unhappy about any aspect of the way we collect, share, or use your personal data, we would like you to tell us. You can contact us using the details above.  

What are your privacy rights? 
The section below explains your rights in relation to your personal data in more detail.  To exercise any of the rights described below, please contact us via admin@astrix.kz.

ACCESSING YOUR PERSONAL DATA  

When can you request access? 
You have the right to: 

confirm that your personal data is being processed;
access your personal data.

You can request copies of the paper and electronic records about you that we hold, share, or use. To deal with your request, we can request proof of identity and enough personal data to enable us to locate the personal data you request.  

When will access not be provided? 
We can only provide you with your personal data, not personal data about another person. Also, where access would adversely affect another person’s rights, we are not required to provide this. Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.  Please clearly set out in your access request the personal data that you are requesting. If this is not clear, we may come back to you to ask for further personal data by way of clarification.  

CORRECTING YOUR PERSONAL DATA  

How can you correct your personal data?  You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. If you tell us that the personal data we hold on you is incorrect, we will review it and if we agree with you, we will correct our records. If we do not agree with you, we will let you know. If you wish, you can tell us in writing that you believe our records still to be incorrect and we will include your statement when we give your personal data to anyone outside of our company.  You may also have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Whether or not this is appropriate in any particular case depends on the purposes for which your Personal data is being processed.  We need to notify any third parties with whom we have shared your personal data that you have made a rectification request. We will take reasonable steps to do this, but if it is not possible or may involve disproportionate effort we may not be able to do this or ensure they rectify the Personal data they hold.  

What are the limitations on access to and correcting your personal data?  Generally, we will let you see the personal data that we hold about you, or take steps to correct any inaccurate personal data, if you ask us in writing.  Due to legal privilege, we may not be able to show you anything that we learned in connection with a claim or legal proceeding.  

ERASING YOUR PERSONAL DATA  

When can you request erasure? 
You have a right to have your personal data erased, and to prevent processing, where: 

the personal data is no longer necessary for the purpose it was originally collected/processed;
you withdraw consent (where previously provided);
you object to the processing and our legitimate interests in being able to keep processing your Personal data do not take priority;
we have been processing your personal data in breach of data protection laws;
the personal data has to be erased in order to comply with a legal obligation.

When can we refuse erasure requests? 
The right to erasure does not apply where we are required to retain it for legal or regulatory purposes or where your personal data is processed for certain specified reasons, including for the exercise or defense of legal claims. 
More importantly, if we have to erase your data, we may not be able to provide you with part or all of our services.  

Do we have to tell other recipients of your personal data about your erasure request? 
Where we have provided the personal data you want to be erased to third parties, we need to inform them about your erasure request, so they can erase the personal data in question. We will take reasonable steps to do this, but this may not always be possible or may involve a disproportionate effort.  It may also be that the recipient is not required/able to erase your personal data because one of the exemptions above applies.   

RESTRICTING PROCESSING OF YOUR PERSONAL DATA  

When is restriction available? 
You have the right to restrict the processing of your personal data: 

where you disagree with the accuracy of the personal data, we need to restrict the processing until we have verified the accuracy of the personal data;
when processing is unlawful and you oppose erasure and request restriction instead;
if we no longer need the personal data but you need this to establish, exercise, or defend a legal claim;
where you have objected to the processing in the circumstances detailed in paragraph (a) of ‘Objecting to Processing’, and we are considering whether those interests should take priority.

Do we have to tell other recipients of your personal data about the restriction? 
Where we have disclosed your relevant personal data to third parties, we need to inform them about the restriction on the processing of your personal data, so that they do not continue to process this.  We will take reasonable steps to do this, but this may not always be possible or may involve a disproportionate effort.  We will also let you know if we decide to lift a restriction on processing.

TAKING YOUR PERSONAL DATA WITH YOU  

When does the right to data portability apply? 
The right to data portability only applies: 

to the personal data you have provided to us (which means, not any other data);
where the processing is based on your consent or for the performance of a contract;
when processing is carried out by automated means.

When can we refuse requests for data portability? 
We can refuse your data portability request if the processing does not satisfy the above mentioned criteria. Also, if the personal data concerns more than one individual, we may not be able to transfer this to you if doing so would prejudice that person’s rights.    

OBJECTING TO PROCESSING  

You can object to processing in the following circumstances: 

legitimate interests
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests. 
If we can show compelling legitimate grounds for processing your personal data that overrides your interests, rights, and freedoms, or we need your personal data to establish, exercise, or defend legal claims, we can continue to process it. Otherwise, we must stop using the relevant personal data. 
direct marketing.

If you receive newsletters or other email messages from us, you can opt out at any time free of charge by contacting us via admin@astrix.kz.