RUKZUZKGEN
RUҚАЗUZKGEN
GDPR compliant Data protection Transparency

Privacy Policy

Last updated: January 25, 2024. This document describes how Envidicy collects, uses and protects your personal data.

What data we collect How we protect data

1. General provisions

This Privacy Policy (the "Policy") defines the procedure for processing and protecting personal data of users (the "User" or "You") by Envidicy (the "Company", "we", "us").

By using our website and services, you agree to this Policy. If you do not agree with the Policy, please do not use our website and services.

Key principles:

  • We collect only data necessary to provide services
  • We do not transfer data to third parties without your consent
  • We use modern data protection technologies
  • You have the right to access, correct and delete your data

2. What data we collect

We collect the following categories of data:

2.1. Data provided by you:

  • Registration data: full name, email, phone, company name
  • Contact data: address, contact details
  • Documents: passport scans, registration certificates, taxpayer ID
  • Payment data: billing details
  • Ad account data: account IDs, access tokens (for top-ups only)

2.2. Automatically collected data:

  • Technical data: IP address, browser type, operating system
  • Usage data: visited pages, time on site, clicks
  • Cookies: for website operation and analytics
  • Device data: device type, screen resolution

2.3. Data from third parties:

  • Partners: during joint promotions and offers
  • Public sources: data from public registries for verification
  • Advertising platforms: data on account verification status

3. How we use your data

Purpose of use Which data Legal basis
Service provision registration data, account data Contract performance
Payment processing payment details, documents Contract performance
Customer support contact data, request history Legitimate interests
Marketing and analytics usage data, cookies Consent
Legal compliance documents, transaction data Legal obligations
Service improvement anonymized usage data Legitimate interests

We do NOT use your data for:

  • sale or transfer to third parties for marketing
  • automated decision-making with legal consequences
  • creating profiles for untargeted advertising

4. How we protect your data

4.1. Technical protection measures:

  • Encryption: all data is transmitted via secure HTTPS (TLS 1.2+)
  • Server protection: servers are located in secure data centers with 24/7 security
  • Backups: daily data backups
  • Attack protection: firewall, intrusion detection systems, DDoS protection
  • Storage encryption: sensitive data is stored encrypted

4.2. Organizational measures:

  • Need-to-know access: employees have access only to necessary data
  • Employee training: regular personal data protection training
  • Security policies: internal policies and procedures
  • Audit and monitoring: regular security system audits
  • Confidentiality agreements: with all employees and contractors

4.3. Measures for different data types:

Personal data

Access only by authorized employees, encryption at rest, limited storage period.

Payment data

Stored by payment providers (CloudPayments, Stripe). We do not store card data.

Documents

Secure encrypted cloud storage with two-factor authentication access.

5. Data transfer to third parties

5.1. When we transfer data:

  • Payment providers: for payment processing (only necessary data)
  • Hosting providers: for storing data on secure servers
  • Advertising platforms: only account IDs for balance top-ups
  • Government authorities: upon lawful request in accordance with law
  • Legal advisers: when legal support is needed

5.2. International transfer:

Your data may be transferred to and processed in other countries where we have servers or partners. In such cases, we ensure an adequate level of protection:

  • EU standard contractual clauses
  • Privacy Shield certification where applicable
  • adequate data protection solutions

Important exclusions:

We do NOT transfer your personal data:

  • for direct marketing without your explicit consent
  • to random third parties
  • to countries without adequate data protection

6. Your rights

Right of access

You may request a copy of your personal data that we process.

Right to correction

You may correct inaccurate or incomplete data in your profile.

Right to deletion

You may request deletion of your data if there are no legal grounds for storage.

Right to restriction

You may restrict processing of your data in certain cases.

Right to portability

You may receive your data in a structured format for transfer to another operator.

Right to object

You may object to processing of your data for direct marketing.

How to exercise your rights:

To exercise your rights, send a request by email: privacy@envidicy.kz

We will respond within 30 calendar days. For complex requests, the period may be extended to 60 days with notice to you.

Send a rights request

7. Use of cookies

7.1. What cookies are:

Cookies are small text files stored on your device when you visit our website.

7.2. Types of cookies we use:

Cookie type Purpose Storage period
Necessary for website operation (authorization, cart) Session
Functional remembering settings (language, currency) 1 year
Analytics website usage analysis (Google Analytics) 2 years
Marketing targeted advertising (only with consent) 1 year

7.3. Managing cookies:

You can manage cookies through your browser settings:

  • block all cookies (may affect website operation)
  • delete existing cookies
  • configure cookie notifications

On your first visit to our website, you will see a banner requesting consent to use cookies. You can change your settings at any time by clicking the "Cookie settings" link in the website footer.

8. Data storage period

We store your data only as long as necessary for the purposes described in this Policy:

Data category Storage period Basis
Account data 5 years after last activity Contractual obligations
Financial data 10 years Tax law
Documents 7 years Legal requirements
Access logs 1 year Security
Marketing data 3 years after consent Consent

Data deletion:

After the storage period expires or upon your request, data is deleted securely:

  • Electronic data: multiple overwriting
  • Paper documents: shredding
  • Backups: deletion from all systems

9. Children privacy

Our services are not intended for persons under 18. We do not knowingly collect personal data from children.

If you are a parent or guardian:

If you believe your child has provided us with personal data, please contact us by email: privacy@envidicy.kz

We will delete such data as soon as possible.

10. Changes to the Policy

We may update this Privacy Policy from time to time. All changes will be published on this page.

Notice of changes:

  • Significant changes: we will notify by email 30 days in advance
  • Minor changes: we will publish them on this page
  • Effective date: specified at the beginning of the document

Change history:

  • 25.01.2026: First publication of the Privacy Policy

11. Contact information

If you have questions, comments or requests regarding this Privacy Policy, contact us:

Data Protection Officer

Ivan Petrov
Email: dpo@envidicy.kz

General questions

Email: privacy@envidicy.kz
Phone: +7 777 823 26 83

Legal address

Kazakhstan, Almaty
Baitursynov St., 55

Complaints to regulators:

If you believe that we have violated your data protection rights, you may file a complaint with the authorized personal data protection authority:

For Kazakhstan residents:

Personal Data Protection Committee of the Ministry of Digital Development, Innovations and Aerospace Industry of the Republic of Kazakhstan

Your privacy matters to us

We strive to protect your personal data and ensure transparency in how we process it.

This Privacy Policy was updated on January 25, 2024.

Ask a privacy question Return home