This Privacy Policy is governed and construed in accordance with the Acting Law of the AIFC and the Processing of Personal Data is made in accordance with the AIFC Data Protection Regulations No.10 of 2017 (“DPR”).
Terms used in this Privacy Policy have the same meanings as they have, from time to time, in the DPR, or the relevant provisions of DPR, unless the contrary intention appears.
Any dispute between User and us arising under or in connection with this Privacy Policy shall be resolved in the AIFC Court under the Rules and Regulations of the AIFC Court.
If any provision (or part of a provision) of this Privacy Policy is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable, or illegal, such term, condition or provision will to that extent be severed from the remaining terms, conditions and provisions which will continue to be valid to the fullest extent permitted by law.
Types of Data collected
Contact form (this Website) and correspondence data
By filling in the contact form with their Data, the User authorizes this Website to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header. The correspondence data may be processed for the purposes of communicating with the User and record-keeping. Personal Data collected: email address, first name and last name, company’s details, communication content and metadata associated with the communication.
Mailing list or newsletter (this Website)
By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Website. User’s email address might also be added to this list as a result of signing up to this Website or after making a purchase. Personal Data collected: email address.
Usage Data
Information collected automatically from this Website (or third party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
System logs and maintenance
For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) or use for this purpose other Personal Data (such as IP Address).
Account and profile data
By creating account and/or profile on the Website, the User authorizes this Website to use these details for the purposes of operating the Website, providing and improving our services, enabling and monitoring User’s use of the Website and services as part of risk management procedures, ensuring the security of the Website and services, maintaining back-ups of our databases and communicating with the User. Personal Data collected: email address, first name and last name, address, telephone number, profile pictures, gender, date of birth, interests, educational details and employment details, company’s details.
Publication data
The Website may process information that the User posts for publication on the Website or through our services. The publication data may be processed for the purposes of enabling such publication and administering the Website and services. Personal Data collected: email address, first name and last name, address, telephone number, publication pictures, gender, date of birth, interests, educational details and employment details, company’s details.
Providing Personal data
The Personal Data is freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.
All Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without any consequences on the availability or the functioning of the service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Any use of Cookies – or of other tracking tools – by this Website or by the owners of third party services used by this Website serves the purpose of providing the service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.
Users are responsible for any third party Personal Data obtained, published or shared through this Website and confirm that they have the third party’s consent to provide the Data to the Owner.
Mode and place of processing the Data
Methods of processing
The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.
Place and International Data transfers
The Data is processed at 55/16 Mangilik El avenue, Astana, Kazakhstan.
The User acknowledges that the Data may be transferred, processed, and stored with reputable cloud service providers located in a jurisdiction outside the AIFC.
Retention time
The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, or to comply with legal or regulatory obligations of Data Controller, and the User can always request that the Data Controller suspend or remove the Data as it is stipulated hereof. The Data shall in any case be withdrawn from our systems after 7 (seven) years except for the Data that we are required to keep for longer on the basis of specific legislation or in the event of ongoing litigation for which Data shall be necessary.
The use of the collected Data
The Data concerning the User is collected to allow the Owner to provide its services.
The Data Controller may disclose personal data of the User to any member of our group of persons (this means our subsidiaries, or otherwise related persons) insofar as reasonably necessary.
The Data Controller may disclose Personal Data of the User to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes. The User’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Website or the related services.
Legal action
In addition to the specific disclosures of Personal Data set out in this Policy, the Data Controller may also disclose User’s Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect User’s vital interests or the vital interests of another person.
The User declares to be aware that the Data Controller may be required to reveal Personal Data upon request of public authorities.
The rights of Users
Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.
This Website does not support “Do Not Track” requests. To determine whether any of the third party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this Policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to this Policy, the User must cease using this Website and can request that the Data Controller remove the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.
Personal Data (or Data)
Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.
User
The individual using this Website, which must coincide with or be authorized by the Data Subject, to whom the Personal Data refers.
Data Subject
The legal or natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
The natural person, legal person, public administration or any other body, association or organization authorized by the Data Controller to process the Personal Data in compliance with this Privacy Policy.
Data Controller and Owner
International Arbitration Centre (the “IAC”).
Owner contact email: booking.bcs@aifc-iac.kz.
This Website
The hardware or software tool by which the Personal Data of the User is collected.
Legal information
This Privacy Policy relates solely to this Website. Links to websites by other providers are not covered by this Privacy Policy.