TOOBA’S PERSONAL DATA PROCESSING AND PRIVACY POLICY
The Personal Data Processing and Privacy Policy (hereinafter referred to as the “Policy”) applies to all information that Tooba may receive about the User during his use of the Service and in the course of Tooba’s execution of the Tooba User Agreement.
The usage of the tooba.com Website on the Internet and the Tooba iOS or Android-based hardware and software system available on the Internet (hereinafter referred to as the Service) means the User’s unconditional consent to the Tooba User Agreement, the following Policy and the terms of processing his personal information specified therein, in case of disagreement with these conditions the User must refrain from using the Service.
You may also register for a Tooba account using certain social logins, such as Google and Facebook. If you register for Tooba using a social login, Tooba may receive information about you from your social login provider, including your email address and contacts.
1. GENERAL PROVISIONS
1.1. This Personal Data Processing Policy (hereinafter referred to as the Policy) is an appendix to the Tooba User Agreement, developed to ensure the protection of personal data (hereinafter referred to as Data) of each person using the Service (hereinafter referred to as the User), maintaining the confidentiality of information received as part of the activities of the Service aimed at to fulfill the obligations of Tooba and/or its affiliates, defines Tooba’s policy regarding the processing of personal data (hereinafter referred to as Processing), contains information about the implemented requirements for the protection of personal data, and is regulated by the rules of applicable legislation on personal data and other applicable regulations.
1.2. For purposes of this Policy, the purpose of Data Processing is for Tooba to comply with the Tooba User Agreement, and for statistical and/or research purposes.
1.3. The User confirms that he independently decides on the provision of his Data and agrees to their processing freely, by his own will and in his own interest. Acceptance of the terms of this Policy by the User is made at the time of the conclusion of the User Agreement with Tooba and is consent to the Data Processing. The User confirms that the consent to the Processing of personal data is specific, informed and conscious and is made at the time of Acceptance of the terms of this Policy.
1.4. If, in order to fulfill the User Agreement, it becomes clear that Tooba needs to transfer the User’s personal data to a certain circle of persons, the User gives his consent to the transfer of personal data to third parties solely for the purpose of implementing the above-mentioned User Agreement. If Tooba entrusts the Processing of the User's personal data to another person, Tooba shall be liable to the User for the actions of that person. Data processing is carried out in full compliance with the requirements of current applicable legislation. User Data is under no circumstances subject to disclosure to the general public.
1.5. The data cannot be used for the purpose of causing property and moral harm to citizens, making it difficult to exercise the legal rights and freedoms of a person and a citizen.
2. APPLICATION AREA
2.1. This Policy applies to Data obtained both before and after the entry into force of this Policy.
2.2. Realizing the importance and value of Data, as well as caring about respecting the rights of citizens, Tooba provides reliable Data protection.
3. DEFINITIONS
3.1. Data refers to any information relating to a directly or indirectly identified or identifiable natural person (citizen), that is, such information, in particular, includes: name, surname, e-mail address, telephone number.
3.2. Data processing means any action (operation) or a set of actions (operations) with Data performed using automation tools and / or without the use of such tools. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.
3.3. Data security means the protection of Data from unauthorized and/or unauthorized access to it, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other illegal actions in relation to Data.
4. LEGAL BASIS AND PURPOSE OF DATA PROCESSING
4.1. The processing and security of Tooba Data is carried out in accordance with the requirements of applicable laws and other regulations and by-laws that determine the cases and specifics of Data processing.
4.2. The subjects of the Data processed by Tooba are:
4.2.1. Users of the Service owned by Tooba;
4.3. Tooba processes Subject Data for the following purposes:
4.3.1. implementation of the functions, powers and responsibilities assigned to Tooba by applicable law in accordance with federal laws;
4.3.2. providing information on the functionality and content of the Service, promotions and special offers;
4.3.3. analysis of the quality of the functionality of the Service provided by Tooba and improvement of the quality of service for Users of the Service;
4.3.4. informing about the status of the provision of the Service;
4.3.5. execution of the Tooba User Agreement concluded remotely via the Service.
5. DATA PROCESSING PRINCIPLES AND CONDITIONS
5.1. When processing Data, Tooba adheres to the following principles: the processing of Data is carried out on a lawful and fair basis; Data is not disclosed to third parties and is not distributed without the consent of the Data subject, except in cases requiring disclosure of Data at the request of authorized state bodies, legal proceedings; determination of specific legitimate purposes prior to the processing (including collection) of Data; only those Data are collected that are necessary and sufficient for the stated purpose of processing; merging of databases containing Data, the processing of which is carried out for purposes incompatible with each other is not allowed; the processing of the Data is limited to the achievement of specific, predetermined and legitimate purposes; the processed Data is subject to destruction or depersonalization upon achievement of the purposes of processing or in case of loss of the need to achieve these purposes, unless otherwise provided by federal law.
5.2. Tooba does not process Data related to race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.
5.3. Biometric Data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established and which is used by the operator to identify the Data subject) is not processed by Tooba.
5.4. Tooba does not transfer Data in foreign countries.
5.5. In cases established by applicable law, Tooba has the right to transfer Data to third parties (federal tax service, state pension fund and other state agencies).
5.6. Tooba has the right to entrust the processing of the Data of Data subjects to third parties with the consent of the Data subject, on the basis of an agreement concluded with these parties, including upon agreement with the Tooba User Agreement and the Policy posted on the Service.
5.7. People processing Data on the basis of an agreement concluded with Tooba (instruction of the operator) undertake to comply with the principles and rules for the processing and protection of Data provided for by the Law. For each third party, the agreement defines a list of actions (operations) with Data that will be performed by a third party processing Data, the purposes of processing, establishes the obligation of such a person to maintain confidentiality and ensure the security of Data during their processing, specifies the requirements for protecting processed Data according to the Law.
5.8. Tooba is prohibited from making decisions based solely on automated processing of Data that give rise to legal consequences in relation to the Data subject or otherwise affect his rights and legitimate interests, except as provided for by applicable law.
6. RIGHTS AND OBLIGATIONS OF DATA SUBJECTS, AND TOOBA WITH RESPECT TO DATA PROCESSING
6.1. The subject whose Data is processed by Tooba has the right to:
6.1.1. receive from Tooba:
6.1.1.1. confirmation of the fact of Data processing and information about the availability of Data related to the relevant Data subject;
6.1.1.2. information about the legal grounds and purposes of Data processing; details of Tooba’s Data processing practices; information about the name and location of Tooba;
6.1.1.3. information about persons (excluding Tooba employees) who have access to the Data or to whom the Data may be transferred based on an agreement with Tooba or based on federal law;
6.1.1.4. a list of the processed Data relating to the subject of the Data, and information about the source of their receipt, unless a different procedure for providing such Data is provided for by federal law; information about the terms of Data processing, including the terms of their storage;
6.1.1.5. information on the procedure for exercising by the Data subject of the rights provided for by the Law; the name (full name) and address of the person processing the Data on behalf of Tooba;
6.1.1.6. other information provided for by the Law or other regulatory legal acts of the Russian Federation;
6.1.2. require from Tooba:
6.1.2.1. clarification of their Data, their blocking or destruction if the Data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
6.1.2.2. withdraw the consent to the processing of Data at any time; demand that Tooba’s misconduct in relation to its Data be rectified;
6.1.2.3. challenge Tooba's actions or inaction to an authorized government agency or in court if the Data subject believes that Tooba is processing his Data in violation of the requirements of the Law or otherwise violating his rights and freedoms;
6.1.2.4. protection of the rights and legitimate interests, including for damages and / or compensation for moral damage in court.
6.2. Tooba, when processing Data, is required to:
6.2.1. provide the Data subject, at his request, with information regarding the processing of his Data, or, on legal grounds, provide a refusal within 30 (thirty) days from the date of receipt of the request of the Data subject or his representative;
6.2.2. explain to the Data subject the legal consequences of refusal to provide the Data, if the provision of the Data is mandatory according to federal law;
6.2.3. prior to the start of Data processing (if the Data is not received from the Data subject), provide the Data subject with the following information:
1) name or surname, name, patronymic and address of Tooba or its representative;
2) the purpose of the Data processing and its legal basis;
3) intended Users of the Data;
4) the rights of Data subjects established by the Law;
5) the source of the Data.
6.2.4. take the necessary legal, organizational and technical measures or ensure their adoption to protect the Data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of the Data, as well as from other illegal actions in relation to the Data;
6.2.5. publish on the Internet and provide unrestricted access using the Internet to a document defining its policy regarding Data processing, to information about the Data protection requirements being implemented;
6.2.6. provide the Data subjects and/or their representatives free of charge with the opportunity to familiarize themselves with the Data when making a relevant request within 30 (thirty) days from the date of receipt of such a request;
6.2.7. to block illegally processed Data related to the Data subject, or ensure their blocking (if the Data processing is carried out by another person acting on behalf of Tooba) from the moment of application or receipt of a request for the verification period, in case of detection of illegal Data processing upon the request of the Data subject or his representative or at the request of the Data subject or his representative or an authorized body for the protection of the rights of personal data subjects;
6.2.8. clarify the Data or ensure its clarification (if the Data is processed by another person acting on behalf of Tooba) within 7 (seven) working days from the date of submission of the information and remove the blocking of the Data, if the fact of inaccuracy of the Data is confirmed based on the information provided by the Data subject or his representative;
6.2.9. stop the illegal processing of Data or ensure the termination of the illegal processing of Data by a person acting on behalf of Tooba, in the event that illegal processing of Data is carried out by Tooba or by a person acting on the basis of an agreement with Tooba, within a period not exceeding 3 (three) working days from the date of this detection;
6.2.10. terminate or cause the Data processing to be terminated (if the Data processing is performed by another person acting on the basis of an agreement with Tooba) and destroy or cause the Data to be destroyed (if the Data processing is carried out by another person acting under an agreement with Tooba) after the purpose of the Data processing is achieved, unless otherwise not provided for by the agreement, the party to which, the beneficiary or the guarantor, under which the Data subject is, in case the purpose of Data processing is achieved;
6.2.11. terminate or cause the Data processing to stop and destroy or cause the Data to be destroyed if the Data subject withdraws consent to the Data processing, if Tooba is not entitled to process the Data without the Data subject’s consent;
6.2.12. maintain a register of requests from Data subjects, which should record the requests of Data subjects to receive Data, as well as the facts of providing Data in response to these requests.
7. DATA PROTECTION REQUIREMENTS
7.1. When processing the Data, Tooba takes the necessary legal, organizational and technical measures to protect the Data from unauthorized and/or unauthorized access to it, destruction, modification, blocking, copying, provision, distribution of the Data, as well as from other illegal actions in relation to the Data.
7.2. Such measures according to the Law, in particular, include:
7.2.1. appointment of a person liable for organizing the processing of the Data and a person liable for ensuring the security of the Data;
7.2.2. development and approval of local acts on the processing and protection of Data; application of legal, organizational and technical measures to ensure the security of Data:
7.2.2.1. identification of threats to the security of Data during their processing in information systems of personal data;
7.2.2.2. application of organizational and technical measures to ensure the security of Data during their processing in personal data information systems necessary to fulfill the requirements for Data protection, the implementation of which ensures established levels of Data security;
7.2.2.3. the use of information security tools that have passed the conformity assessment procedure according to the established procedure;
7.2.2.4. assessment of the effectiveness of the measures taken to ensure the security of the Data prior to the commissioning of the personal data information system;
7.2.2.5. accounting for machine media of the Data, if the Data is stored on machine media;
7.2.2.6. detection of facts of unauthorized access to the Data and taking measures to prevent such incidents in the future;
7.2.2.7. recovery of Data modified or destroyed due to unauthorized access to them;
7.2.2.8. establishing rules for access to the Data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with the Data in the personal data information system;
7.2.2.9. control over the measures taken to ensure the security of the Data and the level of security of personal data information systems;
7.2.2.10. assessment of the harm that may be caused to the Data subjects in case of violation of the requirements of the Law, the ratio of the specified harm and the measures taken by Tooba aimed at ensuring the fulfillment of the obligations provided for by the Law;
7.2.2.11. compliance with the conditions that exclude unauthorized access to material data carriers and ensure the safety of the Data;
7.2.2.12. familiarizing Tooba employees directly involved in Data processing with the provisions of applicable Data legislation, including Data protection requirements, local regulations on Data processing and protection, and training Tooba employees.
8. DATA PROCESSING (STORAGE) TERMS
8.1. The terms of Data processing (storage) are determined based on the purposes of Data processing, according to the term of the agreement with the Data subject, the requirements of federal laws, the requirements of Data operators on behalf of which Tooba processes Data, the main rules for the operation of archives of organizations, the limitation period.
8.2. Data whose processing (storage) period has expired must be destroyed, unless otherwise provided by federal law. Storage of Data after the termination of their processing is allowed only after their depersonalization.
9. PROCEDURE FOR OBTAINING EXPLANATIONS ON DATA PROCESSING
9.1. People whose Data is processed by Tooba may obtain clarifications regarding the processing of their Data by contacting Tooba in person or by sending a written request to Tooba’s location.
9.2. If an official request is sent to Tooba, the text of the request must include:
9.2.1. surname, name, patronymic of the Data subject or his representative;
9.2.2. number of the main document proving the identity of the Data subject or his representative, information about the date of issue of the specified document and the authority that issued it;
9.2.3. information confirming that the Data subject has a relationship with Tooba; information for feedback in order to send Tooba a response to the request;
9.2.4. signature of the Data subject (or his representative). If the request is sent electronically, then it must be executed in the form of an electronic document and signed with an electronic signature according to the legislation of the Russian Federation.
10. FEATURES OF PROCESSING AND PROTECTION OF DATA COLLECTED BY TOOBA USING THE INTERNET
10.1. Tooba processes Data received from Users via the Internet.
10.2. There are two main ways Tooba obtains Data over the Internet:
10.2.1. independent entry of Data in the Service;
10.2.2. by receiving the Data to the Tooba email address specified in the relevant section of the Service.
10.3. Tooba may collect and process non-personal information:
10.3.1. information about the interests of users in the Service based on the search queries entered by users of the Service in order to provide up-to-date information when using the Service, as well as to summarize and analyze information about which sections of the Service are most in demand;
10.3.2. processing and storing search queries of Users of the Service in order to summarize and create statistics on the use of sections of the Service. Tooba automatically receives certain types of information obtained in the course of user interaction with the Service, e-mail correspondence, etc. These include technologies and services such as web protocols, cookies, web tags, as well as third party applications and tools. At the same time, web tags, Cookies and other monitoring technologies do not make it possible to automatically receive Data. If the User of the Service, at his own discretion, provides his Data, for example, when filling out a feedback form or when sending an email, then only then will the processes of automatic collection of detailed information be launched for the convenience of using the Service and / or to improve interaction with Users.
10.4. Tooba has the right to use the provided Data in accordance with the stated purposes of its collection with the consent of the Data subject, if such consent is required in accordance with the requirements of applicable Data legislation. The obtained Data, in a generalized and anonymized form, can be used to better understand user needs and improve the quality of service.
10.5. Tooba may outsource the processing of Data to third parties only with the consent of the Data subject. The Data may also be transferred to third parties in the following cases:
10.5.1. as a response to legitimate requests from authorized state bodies, according to laws, court decisions, etc.
10.5.2. data may not be transferred to third parties for marketing, commercial and other similar purposes, unless the prior consent of the data subject is obtained.
10.6. The Service contains links to other web resources, where information may be useful and interesting for users of the Service. At the same time, this Policy does not apply to such other web resources. Users following links to other web resources are advised to read the Data processing policies posted on such web resources.
10.7. The User of the Service may at any time withdraw his consent to the processing of Data by sending a message to the email address: support@tooba.com, or by sending a written notice to the address of Tooba’s location. Upon receipt of such a message, the processing of the User’s Data will be terminated and his Data will be deleted, except in cases where the processing can be continued according to the law.
11. FINAL PROVISIONS
11.1. This Policy is a local regulation of Tooba. This Policy is public. Public availability of this Policy is ensured by publication in the Tooba Service. This Policy comes into effect from the moment of its approval and publication and is binding on the User (from the moment the User starts using the Service, the User accepts the Tooba User Agreement) and all people who have access to the User’s personal data.
11.2. The User is notified of the Processing of his personal data by Tooba from the moment the User starts using the Service and the User accepts the Tooba User Agreement. The User confirms that he independently decides on the provision of his personal data and consents to their processing freely, by his own will and in his own interest. Consent to the Processing of personal data is specific, informed and conscious. The User also consents to the Processing of personal data in order to fulfil the Tooba User Agreement by making direct contact with the User using any means of communication. Consent to the Processing of personal data is given by the User for the duration of the Tooba User Agreement.
11.3. This Policy may be revised in any of the following cases:
11.3.1. when applicable legislation in the field of processing and protection of personal data changes;
11.3.2. in cases of receipt of instructions from the competent state authorities to eliminate inconsistencies affecting the scope of the Policy;
11.3.3. at the discretion of Tooba management;
11.3.4. when changing the purposes and terms of Data processing;
11.3.5. when changing the organizational structure, the structure of information and / or telecommunication systems (or introducing new ones);
11.3.6. when applying new technologies for processing and protecting Data (including transmission, storage);
11.3.7. when it becomes necessary to change the Data processing process related to Tooba’s activities.
11.4. The current version of this Policy is published on the Service and provides open access to it, and is an integral part of the Tooba User Agreement.
12. TOOBA DETAILS
PUBLIC FUND "TOOBA APP"
Business Identification Number (BIN): 230240042861
Address: 050000, Bogenbay Batyra street, 150, 602, Almaty city, Almaty district, Kazakhstan
Email: from any email address containing @tooba.com