1. Introduction
This policy explains how STI-12 (OPEN Healthcare Kazakhstan) secures and stores users' personal information. The organization commits to protecting customer privacy and complying with Kazakhstan data protection laws.
Users accepting the service agree they have read, understood, and fully agreed to comply with the terms of our policy.
2. Data Protection Commitment
STI-12 pledges full compliance with Kazakhstan regulations protecting personal data. The organization implements appropriate management, technical, and legal measures to ensure data security.
The company takes responsibility for reporting and coordinating with personal data protection authorities to promptly handle security incidents or data breaches in accordance with applicable laws.
3. Data Protection Measures
3.1 Management Measures
- Designate department/staff for data protection oversight
- Regularly assess security risks and conduct cybersecurity audits
- Establish and disseminate internal data protection policies
3.2 Technical Measures
- Encrypt data using AES-256 standards during storage and transmission
- Secure the system with TLS/SSL protocols to ensure safe data exchange
- Implement strict access control through Two-Factor Authentication (2FA)
- Permanently delete unnecessary personal data
3.3 Sensitive Personal Data Protection
Sensitive data receives enhanced security standards, restricted access to authorized personnel only, and notification to data subjects about processing.
3.4 Regulatory Authority Cooperation
STI-12 collaborates with competent authorities and reports security breaches per legal requirements.
4. Server Location and Data Storage
STI-12 complies with Kazakhstan data protection regulations. Data storage meets ISO 27001 standards with a retention period of 5 years, except upon user request for deletion.
5. Disclaimer
STI-12 disclaims liability for:
- User-caused unauthorized access from disclosing login information
- Cyberattacks and system errors beyond organizational control
- Third-party service incidents (hosting providers, payment gateways)
- Legal policy changes affecting data security
- User data modification or misuse
- System maintenance and service interruptions
Users are responsible for protecting their personal accounts, following STI-12's security instructions, and not sharing personal information with any unauthorized parties.
6. Policy Changes
STI-12 reserves modification rights for privacy policies and terms to meet legal requirements and improve service quality. Any significant changes will be notified at least seven (07) days in advance via STI-12's website or service platform.
Continued service use constitutes acceptance of revised terms.
7. Terms of Compensation for Damages
STI-12 shall not be liable for any direct, indirect, incidental, consequential, or special damages arising from the use of its services, security breaches, or any incidents beyond STI-12's reasonable control.
Users indemnify STI-12 from claims arising from:
- Policy or law violations
- Service misuse causing damage
- Unauthorized third-party data disclosure
- Fraudulent activities
Liability caps at amounts paid for affected services within 12 months prior to claims.
8. Governing Law, Complaints and Dispute Resolution
Laws of the Republic of Kazakhstan govern all policies. Complaint resolution occurs within thirty (30) working days from the date STI-12 receives the complaint, with complex cases potentially exceeding this timeframe.
Disputes receive priority resolution through negotiation. Unresolved disputes proceed to competent courts at STI-12's headquarters location, with losing parties bearing legal costs.
9. Contact Information
STI-12 (OPEN Healthcare Kazakhstan)
- Address: Almaty, Kazakhstan
- Phone: +7 (727) 000-0000
- Email: support@sti12.kz
- Website: www.sti12.kz