Cart
Your shopping cart is empty!
It's never too late to make things right :)
Privacy Policy
1. General provisions
1.1. This Privacy Policy (the “Policy”) sets out the procedure and conditions for the collection, processing, storage, protection and disclosure of personal data of users of the website [cassida.kz] (the “Website”), as well as the measures implemented to ensure the security of personal data.
1.2. The personal data operator is [cassida.kz] (the “Operator”). Where additional details of the owner/administrator (name, Business Identification Number and address) are stated on the Website, such information forms part of the Operator’s identification.
1.3. The Policy has been prepared in accordance with the laws of the Republic of Kazakhstan, including the Law of the Republic of Kazakhstan “On Personal Data and Their Protection”, and other regulatory legal acts of the Republic of Kazakhstan governing personal data protection, information, communications and electronic services.
1.4. By using the Website, including browsing pages, completing forms, submitting enquiries, placing requests/orders, subscribing to mailings and any other interaction, the user confirms that they have read this Policy and agree to its terms. Where explicit consent is required by law (for example, for marketing mailings), processing is carried out only upon provision of such consent.
1.5. The Policy applies to all information the Operator may receive about the user in the course of using the Website and/or in performing contracts and requests placed via the Website. The Policy does not govern the processing of data on third-party websites to which the user may be redirected via links from the Website.
2. Terms and definitions
2.1. Personal data means information relating to an identified or identifiable data subject, recorded on an electronic, paper and/or other tangible medium.
2.2. Personal data subject means the individual (the Website user) to whom the personal data relates.
2.3. Processing of personal data means any action (operation) or set of actions (operations) performed on personal data, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, provision, access), anonymisation, blocking, deletion and destruction.
2.4. Confidentiality of personal data means the requirement binding upon the Operator and/or any person who has obtained access to personal data not to disclose personal data without the data subject’s consent or other lawful basis.
2.5. Third parties mean persons other than the Operator and/or the user who may be engaged by the Operator to achieve the purposes of processing (including IT service providers, courier services, call centres, payment providers, analytics services) or to whom data must be disclosed by operation of law.
3. Categories of personal data that may be collected
3.1. The Operator may collect the following categories of data (depending on the user’s actions on the Website and the services used):
3.1.1. Identification and contact data: surname, first name, patronymic (if any), telephone number, email address, delivery address (city, street, building, flat/office), and other information the user enters in the Website forms or provides to the Operator when making an enquiry.
3.1.2. Order/request and service-related data: name and quantity of goods/services, price, delivery details, preferred method of communication, content of support enquiries, records of communications (where applicable and subject to notice), and history of interaction with the Website.
3.1.3. Technical and network data: IP address, browser and device information (device type, model, OS version, language), device identifiers, session data, date and time of access, URLs of pages visited, referral source, information about actions on pages (clicks, scrolling, duration), cookies and similar technologies.
3.1.4. Data provided by the user at their own initiative: information from messages, attached files, reviews, comments and requests, which may include personal data of third parties (in which case the user confirms that they have lawful grounds to provide such data to the Operator).
3.2. The Operator does not request or process special categories of personal data (e.g. health information, biometric data, religious beliefs etc.), unless directly required by the nature of the services provided and permitted by law. The user undertakes not to post such information on the Website or send it to the Operator without necessity.
4. Sources of personal data
4.1. Personal data may be obtained:
4.1.1. directly from the user when completing Website forms, placing an order/request, registering (if available), subscribing to mailings, or contacting via chat/messengers/email/telephone;
4.1.2. automatically when using the Website (technical data, cookies, server logs);
4.1.3. from the Operator’s partners/contractors to the extent necessary to fulfil an order/contract (e.g. courier services, payment providers), provided lawful grounds exist and the requirements of the laws of the Republic of Kazakhstan are observed.
5. Purposes of processing personal data
5.1. The Operator processes personal data solely for specified, pre-declared and lawful purposes, including:
5.1.1. providing the Website functionality and handling users’ enquiries and requests;
5.1.2. placing, confirming, fulfilling and supporting orders/requests, including delivery, returns, warranty service and complaints handling;
5.1.3. identifying the user when contacting support and improving service quality;
5.1.4. issuing invoices, carrying out settlements, and preparing accounting and primary documents (to the extent required by law and for performance of contractual obligations);
5.1.5. sending informational messages related to an order/services (statuses, delivery notifications, changes to terms);
5.1.6. sending marketing and advertising materials (including mailings) only where the user has given the relevant consent or where other lawful grounds exist under applicable law;
5.1.7. analytics and statistics on Website usage, improving user experience, ensuring proper operation of the Website, testing and developing products;
5.1.8. ensuring security, preventing fraud, protecting the rights and legitimate interests of the Operator and users, and resolving disputes;
5.1.9. complying with the laws of the Republic of Kazakhstan, including responding to requests from authorised state bodies in cases and in the manner prescribed by law.
6. Lawful bases for processing personal data
6.1. Personal data is processed on the following lawful bases (depending on the particular circumstances):
6.1.1. the data subject’s consent to the processing of their personal data, provided in a manner enabling confirmation that consent was obtained (e.g. ticking a box in a form, taking an action that unambiguously expresses the user’s will, or other mechanisms implemented on the Website);
6.1.2. necessity for the conclusion and/or performance of a contract to which the user is a party, or for taking steps at the user’s request;
6.1.3. compliance with obligations imposed on the Operator by the laws of the Republic of Kazakhstan (including in the area of accounting, tax compliance, consumer protection and other applicable fields);
6.1.4. protection of the Operator’s legitimate interests, provided such processing does not infringe the rights and freedoms of the personal data subject and complies with the laws of the Republic of Kazakhstan.
6.2. Where consent is the lawful basis, the user may withdraw it in the manner provided by this Policy and the laws of the Republic of Kazakhstan; processing carried out prior to withdrawal is deemed lawful.
7. Processing conditions, access to personal data and disclosure to third parties
7.1. Access to personal data is granted only to authorised employees/representatives of the Operator who require such access to perform their duties and achieve the processing purposes.
7.2. The Operator may entrust the processing of personal data to third parties (processors) under a contract, provided that such persons comply with confidentiality and personal data security requirements and process the data only on the Operator’s instructions.
7.3. For the purposes of processing, personal data may be disclosed to the following categories of third parties (to the minimum extent necessary):
7.3.1. IT infrastructure and service providers (hosting, cloud services, technical support, customer relationship management systems, mailing services) to the extent necessary for the operation of the Website and communications;
7.3.2. courier and logistics organisations for the delivery of orders;
7.3.3. payment organisations and/or banks for accepting and processing payments (as a rule, the Operator does not receive or store full bank card details; payment data is processed by the relevant payment provider in accordance with its own rules and security standards);
7.3.4. partners and contractors involved in providing services or performing works at the user’s request;
7.3.5. consultants and professional advisers (lawyers, auditors) where required to protect the Operator’s rights and legitimate interests and subject to confidentiality;
7.3.6. authorised state bodies of the Republic of Kazakhstan where required by law, upon a lawful request, within competence and in accordance with established procedure.
7.4. The Operator does not make personal data publicly available without the user’s separate consent, unless otherwise required by the laws of the Republic of Kazakhstan.
8. Cross-border transfer of personal data
8.1. Due to the use of certain software tools, communication platforms and analytics services, processing of personal data may involve cross-border transfer and/or storage of data on servers located outside the Republic of Kazakhstan.
8.2. In such cases, the Operator takes reasonable measures to ensure the protection of personal data and compliance with the laws of the Republic of Kazakhstan, including selecting providers that apply appropriate security measures and contractual confidentiality obligations.
8.3. By providing data and using the Website, the user consents to the possible cross-border transfer of personal data to the extent necessary to achieve the processing purposes, provided such transfer is not prohibited by the laws of the Republic of Kazakhstan and/or is carried out in compliance with the established requirements.
9. Storage of personal data, place of storage and retention periods
9.1. Personal data is processed and stored in a form allowing the data subject to be identified for no longer than required by the purposes of processing, unless a different retention period is established by the laws of the Republic of Kazakhstan or by a contract with the user.
9.2. Storage may be carried out:
9.2.1. in the Operator’s and/or authorised processors’ information systems (including hosting provider servers, CRM and other systems);
9.2.2. on tangible media (where documentation is required), subject to restricted access arrangements.
9.3. Indicative retention periods (unless otherwise required by law or contract):
9.3.1. order/request data and correspondence: for the period of performance of obligations and a subsequent period necessary to handle claims, returns, warranty matters and to protect the Operator’s rights, but not less than the periods established by law for relevant documents;
9.3.2. accounting and primary documents: for the periods established by the laws of the Republic of Kazakhstan;
9.3.3. data for marketing mailings: until consent is withdrawn or the purpose of processing ceases to be relevant;
9.3.4. technical data and event logs: for reasonable periods necessary to ensure security and proper operation of the Website (typically from several months up to 3 years, depending on the type of data and purposes), unless otherwise required by law or incident investigations.
9.4. Upon achieving the purposes of processing, withdrawal of consent (where processing is based on consent), or in the absence of other lawful grounds, personal data shall be destroyed or anonymised in accordance with the laws of the Republic of Kazakhstan and the Operator’s internal procedures.
10. Measures to protect personal data
10.1. The Operator implements necessary legal, organisational and technical measures to protect personal data against unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination and other unlawful actions, including but not limited to:
10.1.1. access control and application of the “need-to-know” principle;
10.1.2. use of information security tools, anti-virus protection, monitoring and logging of security events;
10.1.3. use of secure data transmission channels where technically possible (e.g. HTTPS);
10.1.4. back-up (where necessary), integrity and availability controls;
10.1.5. internal policies and staff training, confidentiality undertakings;
10.1.6. risk assessment and measures to prevent incidents.
10.2. At the same time, the user understands that no method of transmission over the Internet and no method of electronic storage can be absolutely secure. The Operator takes measures to reduce risks but cannot guarantee absolute security.
11. User rights (rights of the personal data subject)
11.1. The user, as a personal data subject, is entitled to exercise the rights provided by the laws of the Republic of Kazakhstan, including (where applicable):
11.1.1. the right to obtain information on whether the Operator holds the user’s personal data, and information on the purposes, lawful bases, composition and methods of processing;
11.1.2. the right to request clarification (updating, modification) of personal data if it is incomplete, outdated or inaccurate;
11.1.3. the right to request blocking or destruction of personal data on the grounds provided by the laws of the Republic of Kazakhstan (in particular, where data is processed unlawfully, or the purpose of processing has been achieved and no other lawful grounds for retention exist);
11.1.4. the right to withdraw consent to the processing of personal data where processing is based on consent (withdrawal does not affect the lawfulness of processing prior to withdrawal and does not cancel processing necessary for performance of a contract and/or compliance with legal obligations);
11.1.5. the right to object to processing in cases and in the manner provided by law;
11.1.6. the right to protect one’s rights and legitimate interests, including by contacting the Operator, authorised bodies and/or courts in accordance with the laws of the Republic of Kazakhstan.
11.2. To exercise these rights, the user may send a request to the Operator using the methods specified in section 14 of this Policy. The Operator may request information necessary to identify the user and confirm that the personal data relates to the requesting person, in order to prevent unauthorised access to data.
11.3. A response to the request will be provided within the time limits and in the manner established by the laws of the Republic of Kazakhstan, or within a reasonable time where no specific time limit is prescribed, taking into account the complexity of the request and the lawfulness of the requirements.
12. Cookies, similar technologies and analytics services
12.1. The Website uses cookies and similar technologies (e.g. pixels, tags) to ensure operability, enhance usability, personalise content, compile statistics and analytics, and ensure security.
12.2. Cookies are small data fragments stored on the user’s device that allow the browser/device to be recognised, settings and preferences to be saved and statistics to be collected.
12.3. The following types of cookies may be used on the Website:
12.3.1. strictly necessary (technical) cookies: ensure the Website’s operation and its core features;
12.3.2. functional cookies: remember user choices (e.g. language, region) and improve convenience;
12.3.3. analytics/statistical cookies: help understand how users interact with the Website, which sections are most used, and identify errors;
12.3.4. marketing cookies (where applicable): used to display relevant offers and evaluate advertising effectiveness, subject to lawful grounds.
12.4. The Website may use analytics services, including Google Analytics or similar tools. Such services may collect technical and statistical data (including IP address, cookie identifiers, and interaction data) and process it in accordance with the relevant providers’ policies.
12.5. The user may manage cookies via browser settings (allow, restrict or delete cookies). Disabling or deleting cookies may result in incorrect operation of certain Website functions. Where the Website uses a cookie consent banner/panel, the user may also configure preferences via that interface (if available).
12.6. When using third-party services (embedded maps, video players, widgets, social network buttons, messengers), the relevant providers may set their own cookies and collect data in accordance with their policies. The Operator recommends that the user reviews the privacy policies of such third parties.
13. Processing of minors’ personal data
13.1. The Website is intended for use by persons who have the requisite legal capacity under the laws of the Republic of Kazakhstan.
13.2. The Operator does not intentionally collect personal data of minors without the consent of their legal representatives. If it is discovered that a minor has provided personal data without appropriate consent, the Operator may take measures to delete such data where lawful grounds exist and identification is possible.
14. Contact details and request procedure
14.1. For matters relating to the processing of personal data, exercising data subject rights, withdrawal of consent, rectification of data, as well as security and confidentiality matters, the user may contact the Operator:
14.1.1. via the contact details stated on the Website [cassida.kz] in the “Contacts” section (telephone, email address, business address, if available);
14.1.2. by sending a written request to the Operator’s details stated on the Website.
14.2. It is recommended that requests be prepared in a manner that enables identification of the user and describes the essence of the request (which data, which actions are required, for what period).
14.3. To withdraw consent for marketing mailings, the user may also use the “unsubscribe” function (if available) in the email message or submit a corresponding request to the Operator.
15. References to other documents and consents
15.1. Where specific operations require separate consent or other terms, additional documents may be posted on or provided via the Website, including but not limited to:
15.1.1. Consent to the processing of personal data (including for marketing mailings);
15.1.2. User Agreement/Public Offer (where applicable);
15.1.3. Cookie Policy (where set out as a separate document);
15.1.4. Return/exchange rules, delivery and payment terms (where applicable).
15.2. In the event of inconsistencies between this Policy and the documents referred to above, provisions ensuring a higher level of protection of the user’s personal data shall apply, unless otherwise required by the nature of the regulation or the laws of the Republic of Kazakhstan.
16. Changes to the Policy
16.1. The Operator may amend and/or supplement this Policy unilaterally in the event of changes to the Website functionality, applicable business processes, legal requirements and/or data processing practices.
16.2. The new version of the Policy enters into force upon its publication on the Website, unless otherwise stated in the new version. Users are advised to review the current version of the Policy regularly.
16.3. Where amendments affect material terms of personal data processing and/or require additional consent, the Operator ensures that such consent is obtained in the manner provided by the laws of the Republic of Kazakhstan and the Website functionality.
17. Final provisions
17.1. This Policy is effective indefinitely until replaced by a new version.
17.2. The invalidity of any individual provision of the Policy shall not affect the validity of the remaining provisions.
17.3. In all matters not governed by this Policy, the Operator shall be guided by the laws of the Republic of Kazakhstan.
17.4. The current version of the Policy is published on the Website [cassida.kz].
