1. General Provisions


This personal data processing policy is drafted in accordance with the legislation of the Republic of Kazakhstan, including the Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V “On Personal Data and Their Protection”, and defines the procedure for processing personal data and measures to ensure the security of personal data taken by IP Demvy Academy (hereinafter — the “Operator”).

1.1. The Operator sets as its most important goal and condition for carrying out its activities the observance of human and civil rights and freedoms during the processing of personal data, including the protection of the right to privacy, personal and family confidentiality.

1.2. This Operator’s policy regarding personal data processing (hereinafter — the “Policy”) applies to all information that the Operator may obtain about visitors to the website https://dconnect.cc.



2. Basic Terms Used in the Policy


2.1. Automated processing of personal data — processing using computing equipment.
2.2. Blocking of personal data — temporary suspension of processing (except when required to clarify data).
2.3. Website — a set of graphic and informational materials, as well as software and databases ensuring their availability at https://dconnect.cc.
2.4. Personal data information system — a set of personal data contained in databases and technologies ensuring their processing.
2.5. Depersonalization — actions making it impossible to identify a subject without additional information.
2.6. Processing of personal data — any action or set of actions performed with personal data using automation tools or without them, including collection, recording, systematization, accumulation, storage, clarification, use, transfer, depersonalization, blocking, deletion, destruction.
2.7. Operator — a person who organizes and/or carries out personal data processing and determines its purposes, composition, and actions performed with it.
2.8. Personal data — information relating to an identified or identifiable User of https://dconnect.cc.
2.9. Personal data permitted for dissemination — data made publicly available by the subject in accordance with the legislation of the Republic of Kazakhstan.
2.10. User — any visitor of https://dconnect.cc.
2.11. Provision of personal data — actions aimed at disclosing data to a specific person or group of persons.
2.12. Dissemination of personal data — actions aimed at disclosing data to an indefinite number of persons.
2.13. Cross-border transfer — transfer of personal data to foreign states or entities.
2.14. Destruction — actions resulting in irreversible deletion of personal data.



3. Basic Rights and Obligations of the Operator


3.1. The Operator has the right to:
— receive reliable information and/or documents containing personal data;
— continue processing without consent if legal grounds exist under Kazakhstan law;
— independently determine necessary measures to ensure compliance with data protection laws.

3.2. The Operator is obliged to:
— provide information about personal data processing upon request;
— organize processing in accordance with Kazakhstan law;
— consider requests from data subjects;
— publish or otherwise ensure public access to this Policy;
— implement legal, organizational, and technical security measures;
— stop processing and destroy data when required by law;
— comply with other legal obligations.



4. Rights and Obligations of Data Subjects


4.1. Data subjects have the right to:
— receive information about their personal data processing;
— request correction, blocking, or deletion of inaccurate, outdated, unlawfully obtained, or unnecessary data;
— withdraw consent;
— request termination of processing;
— appeal unlawful actions to authorities or court.

4.2. Data subjects are obliged to:
— provide accurate personal data;
— inform about updates or changes.

4.3. Persons providing false data or data of others without legal grounds bear responsibility under Kazakhstan law.



5. Principles of Personal Data Processing


5.1. Processing is lawful and fair.
5.2. Processing is limited to specific, defined, legitimate purposes.
5.3. Data sets are not merged for incompatible purposes.
5.4. Only data relevant to processing purposes is processed.
5.5. Volume and content correspond to purposes.
5.6. Accuracy and relevance are ensured.
5.7. Storage is limited to necessary periods; data is deleted or anonymized after purposes are achieved.



6. Purposes of Processing Personal Data


Purpose: providing User access to website services, information, and materials.

Personal data: email address, phone numbers.

Legal basis: consent of the data subject and agreements between Operator and User.

Processing types: collection, recording, systematization, accumulation, storage, clarification, use, anonymization, blocking, deletion, destruction, and sending informational messages via email and/or phone.



7. Conditions for Processing Personal Data


7.1. Processing is carried out with consent, except where otherwise provided by law.
7.2. Processing is allowed for contract execution or conclusion initiated by the User.
7.3. Processing is allowed for legitimate interests provided rights are not violated.
7.4. Data subject to publication may be processed.
7.5. Special categories of data are processed only as permitted by law.



8. Procedure for Collection, Storage, Transfer, and Processing


Security is ensured through legal, organizational, and technical measures.

8.1. Operator ensures data security and prevents unauthorized access.
8.2. Data is not shared with third parties except where required by law, contract, or consent.
8.3. In case of inaccuracies, User may update data via email dconnectru@gmail.com (marked “Personal Data Update”).
8.4. Processing period depends on purpose; consent may be withdrawn via email dconnectru@gmail.com (marked “Withdrawal of Consent”).
8.5. Data processed by third-party services is governed by their policies; Operator is not responsible for third parties.
8.6. Confidentiality is ensured unless otherwise required by law.
8.7. Processing may stop upon achievement of purpose, consent withdrawal, or unlawful processing detection.



9. List of Actions with Personal Data


9.1. Collection, recording, systematization, storage, updating, use, transfer, anonymization, blocking, deletion, destruction.

9.2. Processing may be automated or non-automated, with or without data transmission via networks.



10. Cross-Border Transfer


10.1. Carried out in accordance with Kazakhstan law and only on legal grounds.
10.2. Operator ensures adequate protection or obtains consent before transfer.



11. Confidentiality


Operator and other persons with access to data must not disclose or distribute personal data without consent unless required by law.



12. Final Provisions


12.1. User may request clarifications via dconnectru@gmail.com
12.2. Changes to this Policy will be reflected in this document; valid until replaced.
12.3. Current version is available at https://dconnect.cc/datapolicy