PERSONAL DATA PROCESSING POLICY
JS Consulting LLP

1. General Provisions

This Personal Data Processing Policy is developed in accordance with the requirements of the Law of the Republic of Kazakhstan No. 94-V of May 21, 2013, “On Personal Data and Their Protection” (hereinafter referred to as the Law) and defines the procedure for the processing and protection of personal data carried out by JS Consulting LLP (hereinafter referred to as the Operator).

1.1. This Policy applies to all information received by the Operator from personal data subjects (hereinafter referred to as Users) through the website http://jsconsulting.kz or other methods.

1.2. The main objective of the Operator’s activities is to ensure the confidentiality of personal data and protect the rights of personal data subjects during their processing.

1.3. This Policy applies to all users of services and visitors to the Operator’s website.

2. Key Concepts

For the purposes of this Policy, the following key terms are used:

2.1. Personal Data – any information related to an identified or identifiable natural person.

2.2. Processing of Personal Data – any action with personal data, including collection, recording, storage, modification, use, transfer, and deletion.

2.3. Operator – a legal entity that organizes and carries out the processing of personal data.

2.4. Automated Data Processing – processing of personal data using information systems.

2.5. Subject’s Consent – voluntary permission from the subject to process their personal data.

2.6. Confidentiality of Personal Data – the mandatory requirement not to disclose personal data without the consent of the subject or other legal grounds.

3. Principles of Personal Data Processing

The processing of personal data at JS Consulting LLP is based on the following principles:

3.1. Legality and fairness of processing.
3.2. Transparency and openness of data processing.
3.3. Compliance of processing purposes with predetermined and lawful tasks.
3.4. Minimization of the scope of processed data.
3.5. Ensuring data security through technical and organizational measures.

4. Purposes of Personal Data Processing

Personal data of users are processed for the following purposes:
• To fulfill obligations related to the sale of goods (sutures, hemostatic sponges);
• To provide consulting and technical services;
• To carry out product delivery;
• To provide service support;
• To improve the quality of service;
• To fulfill obligations stipulated by contracts and legislation.

5. Legal Grounds for Processing

Personal data processing is carried out based on:
• The consent of the personal data subject;
• The necessity of performing a contract in which the data subject is a party;
• The Operator’s obligation to comply with the laws of the Republic of Kazakhstan.

6. Scope and Categories of Processed Personal Data

The Operator processes the following categories of personal data:
• Last name, first name, patronymic;
• Contact information (phone number, email);
• Order and payment data;
• Data collected through website forms.

The Operator does not process biometric or other special categories of personal data.

7. Conditions for Data Processing and Storage

7.1. Personal data is processed with the subject’s consent and only to achieve specific goals.
7.2. Data is stored for the period necessary to achieve the processing goals, unless otherwise required by law.
7.3. The Operator takes all necessary measures to protect data from unauthorized access, loss, alteration, or distribution.
7.4. In the event of withdrawal of consent, data will be deleted or anonymized.

8. Rights of Personal Data Subjects

Personal data subjects have the right to:
• Request information about their data processed by the Operator;
• Request correction, blocking, or deletion of their data;
• Withdraw consent to data processing;
• Appeal the Operator’s actions to the authorized bodies or in court.

9. Rights and Obligations of the Operator

9.1. The Operator’s Rights:
• To process data in accordance with legislation and with the subject’s consent.
• To suspend data processing in case of withdrawal of consent by the subject.

9.2. The Operator’s Obligations:
• To maintain the confidentiality of data.
• To provide subjects with access to information about the processing of their data.
• To ensure the protection of personal data.

10. Cross-Border Transfer of Personal Data

10.1. Cross-border transfer of data is carried out only to countries that provide adequate protection for personal data.
10.2. Data transfer may occur with the subject’s consent or other legal grounds.

11. Protection of Personal Data

11.1. The Operator applies organizational and technical measures to protect data, including encryption, access control, and regular system audits.
11.2. All employees with access to data undergo mandatory training on personal data protection.

12. Final Provisions

12.1. The Personal Data Processing Policy is publicly available and posted on the Operator’s website.
12.2. In case of changes in legislation, the Policy may be reviewed and updated.
12.3. Any questions regarding the processing of personal data can be sent to the email: info@jsconsulting.kz.