Back to website
Neo Pay LLP

Privacy and Personal Data Processing Policy

Published at neopay.tech

PRIVACY AND PERSONAL DATA PROCESSING POLICY

Neo Pay LLP This Policy defines the procedure for the collection, use, storage, transfer, and protection of personal data processed by Neo Pay LLP when the website https://neopay.tech is used, when payment services are provided, and in the course of interaction with clients. The Policy is applied in accordance with the legislation of the Republic of Kazakhstan.

1. Company Information

Operator: Neo Pay Limited Liability Partnership BIN: 220440025470 Registration of the payment organization: Certificate No. 02-22-127 (Register of Payment Organizations of the National Bank of the Republic of Kazakhstan) Regulatory authority: National Bank of the Republic of Kazakhstan Person responsible for organizing personal data processing: Denis Davydov, e-mail: info@neopay.tech Address: 80 Tole bi St., apt. 2, Almalinsky district, Almaty, Republic of Kazakhstan E-mail: info@neopay.tech Website: https://neopay.tech

2. Scope

The Policy applies to website visitors, clients, prospective clients, representatives of legal entities, beneficial owners, counterparties, service providers, and other individuals whose personal data the Company obtains by lawful means.

3. Legislation

The Company processes personal data in accordance with the Law of the Republic of Kazakhstan “On Personal Data and Its Protection”, the Law “On Payments and Payment Systems”, the legislation on combating money laundering and the financing of terrorism (AML/CFT), and other applicable regulatory legal acts.

4. Processing Principles

Processing is carried out on the principles of lawfulness, fairness, data minimization, purpose limitation, storage limitation, confidentiality, and the application of necessary organizational and technical protection measures.

5. Categories of Personal Data

The Company may process: identification data; contact details; information on representatives and beneficial owners; bank details and information on payment transactions; AML/KYC information; technical data (IP address, cookies, browser, device, event logs).

6. Sources of Data

Data may be obtained directly from the personal data subject, from the Company's clients, banks, payment partners, state registers, KYC/AML service providers, and other lawful sources.

7. Purposes of Processing

Personal data is used for: concluding and performing agreements; client identification; compliance with AML/CFT requirements; processing payments; fraud prevention; compliance with legal requirements; handling enquiries; and ensuring the operation of the website and information security.

8. Legal Grounds

Processing is carried out on the basis of the consent of the personal data subject, performance of a contract, requirements of the legislation of the Republic of Kazakhstan, AML/CFT requirements, and other grounds provided for by law.

9. Data Transfer

The Company does not sell personal data. Transfer is permitted to banks, payment systems, KYC/AML providers, cloud infrastructure providers, IT contractors, auditors, state authorities, and other persons in the cases provided for by legislation.

10. Cross-Border Transfer

Cross-border transfer of personal data is carried out only in the cases permitted by the legislation of the Republic of Kazakhstan and necessary for the provision of services, performance of agreements, or compliance with legal requirements.

11. Data Storage

Primary collection and storage of personal data is carried out in databases located in the territory of the Republic of Kazakhstan. Storage periods are determined by legislation and the purposes of processing.

12. Security

The Company applies organizational and technical protection measures, including access segregation, logging, backup, encryption of communication channels, monitoring, access control, and regular vulnerability assessment. Payment card data is processed in accordance with the requirements of the PCI DSS standard and the rules of international payment systems.

13. Rights of Data Subjects

Personal data subjects have the right to receive information about the processing of their data, to demand its rectification, blocking, or destruction in the cases provided for by law, to withdraw consent (upon withdrawal of consent, the Company ceases processing of personal data within fifteen business days, unless storage or processing of the data is required in accordance with the legislation of the Republic of Kazakhstan, or provides a reasoned refusal), and to apply to the authorized bodies and the courts.

14. Cookies

The website uses essential, functional, and analytical cookies. Cookies are managed by the user through browser settings or other tools where provided by the website.

15. Amendments to the Policy

The Company may amend this Policy. The current version is always published at https://neopay.tech.