SRDI “Caspiymunaygas” JSC

Personal Data Processing Policy

1. General provision

This Policy of personal data processing is designed in accordance with requirements of the Law of the Republic of Kazakhstan No. 94-V dated May 21, 2013 “On Personal Data and their protection” (hereinafter referred as the Law on Personal Data) and defines the procedure of personal data processing and measures to ensure the security of personal data undertaken “Scientific Research Design Institute “Caspiymunaygas” JSC (hereinafter referred to as the Operator).

1.1. The Operator sets as its most important goal and conditions of its activity the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the rights of privacy, personal and family secrets.

1.2. This Operator’s policy on personal data processing (hereinafter referred to as the Policy) applies to all information that the Operator may receive about visitors of the website. https://nipi-cmg.kz/

2. Basic concept used in Policy

1) biometric data – personal data, which characterize physiological and biological features of the subject of personal data, on the basis of which it is possible to establish his identity;

2) personal data – information, related to specific or defined on the basis of the subject of personal data, recorded on an electronic, paper and (or) other physical media.

2-1) state service to control access to personal data (hereinafter referred to as the state service) – service that provides information interaction between of owners and (or) operators, third parties with the subject of personal data and the authorized body when accessing personal data contained in the objects of informatization of state bodies and (or) state legal entities, including obtaining from the subject of personal data consents to the collection, processing of personal data or their transfer to third parties;

2-2) non-state service to control access to personal data (hereinafter referred to as the non-state service) – service that provides  information interaction between owners and (or) operators, third parties with the subject of personal data when accessing personal data contained in non-state informatization facilities, including obtaining from the subject of personal data consents to the collection, processing of personal data or their transfer to third parties;

3) blocking of personal data – actions on temporary cessation of the collection, accumulation, change, addition, use, distribution, depersonalization and destruction of personal data;

4) accumulation of personal data – actions to systematize personal data by entering them into database containing personal data;

5) collection of personal data – actions aimed at obtaining personal data;

6) destruction of personal data – actions, as a result of which it is impossible to restore the personal data

7) depersonalization of personal data – actions,  as a result of which it is impossible to determine the identity of personal data to the subject of personal data;

8) a database, containing personal data (hereinafter referred to as the database) – set of ordered personal data;

9) the owner of the database, containing personal data (hereinafter referred to as the owner) – state body, an individual and (or) legal entity, exercising the rights of possession, use and disposition of the database, contained the personal data in accordance with the Law of the Republic of Kazakhstan;

10) operator of the database, containing personal data (hereinafter referred to as the operator) – state body, individual and (or) legal entity, that collects, processes and protects personal data;

11) protection of personal data –  set of measures, including legal, organizational and technical, carried out for the purposes established by this Law;

11-1) authorized body in the field of personal data protection (hereinafter referred to as the authorized body) – the central executive body responsible for the management of personal data protection;

12) processing of personal data  – actions, aimed at accumulation, storage, change, addition, use, distribution, depersonalization, blocking and destructions of personal data;

13) use of personal data – actions with personal data, aimed at realizing the goals of the owner, operator and third party;

14) storage of personal data – actions to ensure the integrity, confidentiality and accessibility of personal data;

15) distribution of personal data – actions that result in the transfer of personal data, including through the mass media or providing access to personal data in any other way; 

16) the subject  of personal data (hereinafter referred to as the subject) is an individual, to whom the personal data relate

17) the third party – person who is not a subject, owner and (or) operator,  but is associated with them (him) by circumstances or legal relations for the collection, processing and protection of personal data;

18) Website – set of graphic and information materials, as well as computer programs and databases that ensure their availability on the Internet at a network address https://nipi-cmg.kz .

19) Personal data — any information related directly or indirectly to a specific or identifiable User of the website https://nipi-cmg.kz .

20) User — any visitor to the website https://nipi-cmg.kz .

3. Basic Rights and Obligations of the Operator

3.1 The Operator has the right to:

– receive from the subject of personal data reliable information and/or documents containing personal data;

– in case of withdrawal by the subject of personal data of consent to the processing of personal data, as well as sending a request to terminate the processing of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Law on Personal Data;

– independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws.

3.2 Operator shall:

– approve the list of personal data, necessary and sufficient for the fulfillment of their task, unless otherwise provided by the Law of the Republic of Kazakhstan;

1-1) approve documents defining the operator’s policy regarding the collection, processing and protection of personal data;

2) take and comply with necessary measures, including legal, organizational and technical, to protect of personal data in accordance with legislation of the Republic of Kazakhstan;

3) comply with the legislation of the Republic of Kazakhstan on personal data and its protection;

3-1)  provide, at the request of the authorized body, as part of the consideration of appeals from individuals and legal entities, information on the methods and procedures used to ensure compliance by the owner and (or) operator with the requirements of this Law;

4) take measures to destroy personal data if the purpose of their collection and processing is achieved, as well as in other cases established by this Law and other regulatory legal acts of the Republic of Kazakhstan;

5) provide evidence of obtaining the consent of the subject to the collection and processing of his/her personal data in cases provided for by the legislation of the Republic of Kazakhstan;

6) upon the request of the subject to provide information related to him/her, within the time limits provided for by the legislation of the Republic of Kazakhstan;

7) in case of refusal to provide information to the subject or his/her legal representative, provide a reasoned response within the time limits provided for by the legislation of the Republic of Kazakhstan;

8) within one working day:

change and (or) supplement personal data on the basis of relevant documents confirming Its authenticity, or to destroy personal data if it is impossible to change and (or) supplement them;

Block personal data related to the subject,  if there is information about a violation of the terms of its collection, processing;

Destroy personal data in case of confirmation of the fact of its collection, processing in violation of the legislation of the Republic of Kazakhstan, as well as in other cases, established by this Law and other regulatory legal acts of the Republic of Kazakhstan;

remove the blocking of personal data in case on non-confirmation of the fact of the violation of the terms of collection, processing of the personal data;

9) provide, free of charge, the subject or his legal representative with the opportunity to get acquainted with personal data related to this subject;

10) appoint a person responsible for organizing the processing of personal data if the owner and (or) the operator are legal entities.

The effect of subparagraph 10) of part one of this paragraph does not apply to the processing of personal data in the activities of courts.

– perform other obligations provided by the Law of the personal data.

4. Basic rights and obligations of the subject of personal data

4.1 Subject of personal data has the right to:

1) to know about the availability of the owner and (or) the operator, as well as a third party, of their personal data, as well as to receive information containing:

confirmation of the fact, purpose, sources, methods of collecting and processing personal data;

List of personal data;

Time frames for processing of personal data including the storage limits

2) require the owner and (or) the operator to change and supplement their personal data if there are grounds confirmed by relevant documents;

3) require the owner and (or) the operator, as well as a third party, to block their personal data if there is information about a violation of the terms of collection and processing of personal data;

4) require the owner and (or) the operator, as well as a third party, to destroy their personal data, the collection and processing of which was carried out in violation of the legislation of the Republic of Kazakhstan, as well as in other cases established by this Law and other regulatory legal acts of the Republic of Kazakhstan;

5) revoke consent to the collection, processing, distribution in publicly available sources, transfer to third parties and cross-border transfer of personal data, except in cases provided for in paragraph 2 of Article 8 of the Law “On Personal Data and their Protection”;

6) give consent (refuse) to the owner and (or) the operator to distribute their personal data in publicly available sources of personal data;

7) protect their rights and legitimate interests, including compensation for moral and material harm;

8) exercise other rights provided by this Law and other laws of the Republic of Kazakhstan.

.

4.2 Subject of personal data shall:

– provide the Operator with reliable information about yourself;

– notify the Operator about the clarification (updating, change) of their personal data.

4.3 Persons who have provided the Operator with inaccurate information about themselves or information about another subject of personal data without the consent of the latter shall be held liable in accordance with the legislation of the Republic of Kazakhstan.

5. Principles of personal data processing

The collection, processing and protection of personal data are carried out in accordance with the principles of:

1) observation of constitutional human and civil rights and freedoms;

2) legality;

3) confidentiality of personal data of limited access;

4) equality of rights of subject, owners and operators;

5) ensuring the security of the individual, society and the state.

6. Purposes of personal data processing

Purpose of processing                                      

  • informing the User by sending e-mails

Personal data          

  • Surname, first name, patronymic.
  • E-mail address
  • Phone numbers

Legal basis  

  • Law of the Republic of Kazakhstan No. 94-V dated May 21, 2013 “On personal data and their protection”

Types of personal data processing         

  • Sending information letter to e-mail address
7.      Condition of personal data processing
  1. The collection and processing of personal data is carried out by the owner and (or) the operator, as well as by a third party with the consent of the subject or his/her legal representative in accordance with the procedure determined by the authorized body, except for the cases provided for in paragraph 5 of this Article and Article 9 of the Law on Personal Data.
  2. The collection and processing of personal data of a deceased (recognized by the court as absent or declared dead) subject is carried out in accordance with the legislation of the Republic of Kazakhstan.
  3. The distribution of personal data in publicly available sources is allowed with the consent of the subject or his legal representative.
  4. Requirements of paragraph 3 of this Article do not apply to information holders in cases of publication of information, the obligation to post which is established by the laws of the Republic of Kazakhstan.
  5. Repeated collection, processing and distribution by third parties of personal data published on the basis of paragraphs 3 and 4 of this article is allowed, provided that there is a link to the source of information.
  6. Processing of personal data in the form of cross-border transfer of personal data, except for the cases provided for in Article 16 of this Law, the distribution of personal data in publicly available sources, as well as their transfer to third parties, is subject to the consent of the subject.
  7. Specifics of the collection and processing of personal data in electronic information resources containing personal data are established in accordance with the legislation of the Republic of Kazakhstan on informatization, taking into account the provisions of this Law.
  8. Processing of personal data shall be limited to achieving specific, predetermined and legitimate goals.  Processing of personal data incompatible with the purpose of personal data collection is not allowed.
  9. Personal data, the content and volume of which are excessive in relation to the purposes of their processing, are not subject to processing.
8. Procedure for collection, storage, transfer and distribution of personal data
  1. Accumulation of personal data is carried out by collection personal data, sufficient to perform tasks, implemented by the owner and (or) the operator, as well as third party.
  2. Personal data is stored by the owner and (or) the operator, as well as third party in the database located on the territory of the Republic of Kazakhstan.

Period of storage of personal data is determined by the date of achievement of purpose of their collection and processing, unless otherwise provided by the legislation of the Republic of Kazakhstan.

  1. Use of personal data shall be carried out by the owner, the operator and a third party only for the previously stated purposes of their collection.
  2. Distribution of personal data is allowed subject to the consent of the subject or his/her legal representative, if the legitimate interests of other individuals and (or) legal entities are not affected.
  3. Distribution of personal data in cases that go beyond the previously stated purposes of their collection is carried out with the consent of the subject or his/her legal representative.
9. List of actions performed by the Operator with the received personal data

9.1 Operator carried out the collection, recording, systematization, accumulation, storage, clarification (update, change),

extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

9.1 Operator performs automated processing of personal data with or without receiving and/or transmitting the information received via information and telecommunication networks.

  1. Cross-border transfer of personal data
  2. Cross-border transfer of personal data is the transfer of personal data to the territory of foreign countries.
  3. In accordance with this Law the cross-border transfer of personal data to the territory of foreign countries is carried out only if these countries ensure the protection of personal data.
  4. Cross-border transfer of personal data to the territory of foreign countries that do not ensure the protection of personal data may be carried out in the following cases:

1) the consent of the subject or his/her legal representative for the cross-border transfer of his/her personal data;

2) provided by international treaties, ratified by the Republic of Kazakhstan;

3) provided by the laws of the Republic of Kazakhstan, if necessary in order to protect constitutional system, security of public order, human and civil rights and freedoms, public health and morals;

4) protection of the constitutional human and civil rights and freedoms, if obtaining the consent of the subject or his/her legal representative is impossible.

  1. Cross-border transfer of personal data to the territory of foreign countries may be prohibited or limited by the laws of the Republic of Kazakhstan
  2. Specifics of cross-border transmission of subscribers and (or) users of communication services are determined by the Law of the Republic of Kazakhstan “On Communications”.
  3. Confidentiality of personal data
  4. Owners and (or) operators, as well as third parties, who gain access to restricted personal data, ensure their confidentiality by complying with the requirements not to allow their distribution without the consent of the subject or his/her legal representative or the presence of other legitimate grounds.
  5. Persons who have become aware of personal data of limited access due to professional, official necessity, as well as labor relations, are obliged to ensure their confidentiality.
  6. Confidentiality of biometric data is established by the legislation of the Republic of Kazakhstan.
  7. Final provisions

12.1 User can receive any clarifications on issues of interest related to the processing of his/her personal data by contacting to the Operator via e-mail yelemessov.i@cmg.kz

  1. 2. This document will reflect any changes the Operator’s personal data processing policy. The policy is valid indefinitely until it is replaced by a new version.
  2. 3. The current version of the Policy is freely available on the Internet at https://nipi-cmg.kz/privacy-policy

Содержание

Design documentation approval process:

•Preparation of terms of reference
•Obtaining optimal technical conditions for connecting the facility to utility system
•Obtaining an Architectural and Planning assignment in the Department of Architecture and Urban Development 
•Carrying out of public hearings
•Approval of motor road projects with the Policy Department
•Approval of projects in Water resources inspection
•Approval of design solutions in the Department of Industrial Safety
•Development and expertise of Declarations of industrial safety with obtainment of registration numbers
•Carrying out of Energy expertise
•Preparation of traffic diagram with indication of material delivery points.
•Approval of a Plot plan with the Chief Architect
• Analysis of detailed documentation for compliance with standards in the field of architecture and construction, environmental protection and sanitary-epidemiological welfare
•Uploading of design documentation to the web-portal of Comprehensive extradepartmental expertise
•Work with experts, solving the arising issues, approval of technical and economic indicators
•Obtaining a positive expertise conclusion
•Obtaining an environmental emission permit
•Obtaining a coupon for commencement of construction and assembly works.