PRIVACY POLICY AND PERSONAL DATA PROCESSING OPEN HEALTHCARE
01. GENERAL PROVISIONS
- OPEN Healthcare Kazakhstan (hereinafter referred to as “ OHKZ ”) attaches great importance to the rights of users of the OHKZ website (hereinafter referred to as “Users/Patients”) to maintain the confidentiality and protection of personal data of Users, compliance with the Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V “On personal data and their protection”, Code of the Republic of Kazakhstan dated July 7, 2020 No. 360-VI “On the health of the people and the healthcare system”, as well as international treaties ratified by the Republic of Kazakhstan.
- This privacy and personal data processing policy (hereinafter referred to as the “Policy”) describes the procedure for processing personal data of Users collected through the Internet resource kz.ohc.global (hereinafter referred to as the “Site”), the OHKZ mobile application (hereinafter referred to as the “mobile offer”) and related matters services and tools. In all of these cases, the OHKZ processes the personal data of Users exclusively within the framework of the requirements of the Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V “On personal data and their protection”, the Code of the Republic of Kazakhstan dated July 7, 2020 No. 360-VI “On the health of the people” and the healthcare system”, as well as international treaties ratified by the Republic of Kazakhstan.
- This Policy applies to all Users of the Site and mobile application, and applies to the personal data (information) provided by the User that the OHKZ may receive about the User during registration and use of the Site and mobile application (hereinafter referred to as “personal data”).
- Within the framework of this Policy, OHKZ informs Users about the purposes, methods of collecting and processing personal data provided by Users, informs them about the measures taken by the OHKZ to ensure its safety.
- OHKZ notifies Users of changes to the Policy by publishing notices on the Site (or individually).
- Use of the Site and (or) mobile application by the User means agreement with this Policy and the terms of processing of the User’s personal data.
- In case of disagreement with the terms of the Policy, the User must stop using the Site and (or) mobile application.
- Users should be aware that when clicking on some links posted on the Site or in a mobile application, they may be redirected to sites (applications, etc.) of other companies outside the OHKZ hosting space, where information about Users is collected outside the direct control of OHKZ. In such case, the privacy policies of third party sites and/or applications will govern how these third parties process information received from Users.
02. TYPES OF PERSONAL DATA THAT IS RECEIVED AND PROCESSED BY OHKZ
- In order to register Users, accept applications for services and consultations, as well as sell and deliver goods purchased by the User, OHKZ collects and processes, including, but not limited to, the following personal data of the User:
- last name, first name, patronymic (if available)
- Date of Birth
- floor
- login and password
- email address
- address of the place of work
- address of residence(registration)
- IIN (for foreigners – passport number)
- information about education
- license data
- history of using services
- connection history
- cookies (cookies)
- information about the access IP address
- data of the medical institution
- registration number of the entrepreneur
- When registering the User on the Site, OHKZ also collects and processes the following personal data
Target Category Detail item General member Required Information Name, Username, Password, Gender, Date of Birth, Mobile Phone Number, Email, Duplicate Registration Confirmation Information (DI), Encrypted Identical Individual Identification Information (CI), Name, Mobile Phone, Email, Duplicate Registration Confirmation Information (DI), and Encrypted Identical Individual Identification Information (CI) of Legal Guardian (for domestic users under 14 years old) Optional Information Email Subscription Preference, Company Information,
Insurance InformationGeneral member Required Information Name, Username, Password, Date of Birth, Gender, Mobile Phone Number, Email Overseas Foreign Resident Optional Information Email Subscription Preference Physician Members Required Information Name, Username, Password, Gender, Date of Birth, Medical License Number, Mobile Phone Number, Office Phone Number, Email, Duplicate Registration Confirmation Information (DI), Encrypted Identical Individual Identification Information (CI) Optional Information Fax Number, Alma Mater, Graduation Year, Training Medical Institution, Email Subscription Preference, Access Vehicle Number, Medical Specialty, Training Hospital Mobile App Optional Information Fingerprint, FACE ID
※ These are only used for biometric authentication purposes and are not stored separately.
03. PURPOSES OF COLLECTING PERSONAL DATA
Under this Policy, OHKZ uses collected personal data for the following purposes.
- Carrying out the procedure for identifying the User to receive medical services, including.
- Making an appointment with a doctor: IIN (to identify the patient (User) at the time of the initial appointment), full name, mobile phone, email address of the patient (User)
- Making an appointment with a doctor legal (authorized) representative of the patient: IIN (patient (User) at the time of initial appointment ), full name of the patient, full name, mobile phone and email address of the legal (authorized) representative of the patient
- Registration for a general medical examination: full name of the person submitting the application for registration, gender, mobile phone number, email address, home address, date of birth.
- Express entry: User’s mobile phone number.
- Providing medical services for diagnosis and treatment
- The following information is required to be collected: full name, IIN, identification number of a foreign person, mobile phone number, email address
- At your discretion, the following information is subject to collection: contact information of an authorized representative for the purpose of receiving SMS and email newsletters.
- Medical information: personal medical information, including medical history, including family medical history, for the provision of medical services by PHC staff.
- Information required during the delivery and collection of samples of biological material, the visit of medical personnel of the Public Health Inspectorate to the patient’s home
- The following information is required to be collected: information about the patient (full name, address, mobile phone number)
- At your discretion, the following information is subject to collection: the intercom password at the entrance to the entrance of the patient’s house
- Providing administrative services, including accepting payments for medical services provided, issuing medical certificates:
- Information to be collected when paying for medical services:When paying by bank card: information on the transaction being performed, including the name of the payment card bank and card number
- Information to be collected when issuing medical certificates by OHKZ staff:Hospital registration number, medical department, type of medical certificate (classification, name of medical certificate), list of information about the request (date of request, name of medical certificate, date of treatment, medical department, notes), fact of visit, period of treatment, date of visit, information about payment, date of discharge, attending physician, purpose of treatment.
- Consultations provided by the PSB to potential partners of the PSB, including the provision of other medical advice to third parties
- Application for status as a partner clinic: name of the medical institution, registration data of the medical institution, clinic address, website address, number of rooms (if applicable), main telephone number, fax, information of the person responsible for administrative matters (full name, position, telephone) , doctor’s specialty, personal data of the head doctor (full name, date of birth, gender, medical license number, email address, vehicle information, education information, doctor’s specialty, information about residency (other qualification programs), mobile phone number
- Issuance of a medical referral: doctor’s full name, date of birth, medical license number, work and mobile phone numbers, email address, information about the referred patient (patient’s full name, date of birth, gender, mobile phone number, referral information, desired doctor).
- Surveys and consultations for corporate clients: company name, full name of the person in charge, email address, contact information, content of the question for consultation.
- Determining the procedure and form of feedback for conducting online consultations with clients
- Submitting an online application on the OHKZ Website to receive a consultation: full name, email address, content of the request.
- Placing an order in the online store
- Purchasing goods in an online store:The following information is required to be collected: full name, IIN, identification number of a foreign person, mobile phone number, email address
- Dispatch of goods:The following information is required to be collected: information about the recipient (full name, address, mobile phone number, telephone number).
- At your discretion, the following information is collected: the intercom password at the entrance to the entrance of the recipient’s house.
- Payment for goods and services:When paying by bank card: information on the transaction being performed, including the name of the payment card bank and card number.
- Other cases requiring the collection of personal data
- Providing the OHKZ with clarifications on received requests from Users regarding the services provided by the OHKZ, taking into account statistics of User connection, including personal identification when using services within the user system.
- Processing User requests, including complaints, delivery of notifications
- Use of personal data for marketing and advertising purposes: sending notifications containing advertising information, including information about promotions, new products and services, special offers, various events, collecting information about Users’ actions on the Site, obtaining and generating usage statistics services by Users
- Use of personal data to conduct research and analytical activities in order to improve the services of the Public Health Service.
04. TERM OF STORAGE AND USE OF PERSONAL DATA
The storage period of personal data is determined by the date of achievement of the purposes of their collection and processing, as long as is required to fulfill the above business purposes, unless otherwise provided by the legislation of the Republic of Kazakhstan, as well as international treaties ratified by the Republic of Kazakhstan.
05. PROCEDURE AND METHODS FOR DESTRUCTION OF PERSONAL DATA
- In accordance with this Policy, personal data is subject to immediate destruction after achieving the purpose of their collection and processing, as well as in cases provided for by the current legislation of the Republic of Kazakhstan.
- Procedure and methods for destroying personal information
- The information provided by the User when registering on the Site, upon achieving the goal, is transferred to a separate database (if stored on paper – to a separate file cabinet), where it is stored and subject to destruction upon expiration of the personal data storage period defined in Section 4 of this Policy, in accordance with with the requirements for the protection of personal data provided for by the internal policy of the OHKZ, as well as in accordance with the current legislation of the Republic of Kazakhstan. Personal data of Users located in a separate database is not used for purposes other than those for which they are stored, except as required by applicable law.
- Personal data stored in electronic format is subject to destruction using technical means that do not allow their further reproduction.
06. TRANSFER, DISTRIBUTION AND CHANGE OF PERSONAL DATA
- In accordance with the internal rules of OHKZ, as well as the provisions of this Policy, OHKZ does not have the right to provide personal data of Users to third parties, except for the cases provided for by this Policy, the current legislation of the Republic of Kazakhstan, as well as other applicable requirements of international treaties ratified by the Republic of Kazakhstan
- The User’s personal data may be transferred to a third party by the OHKZ in the following cases.
- as required by applicable law, share information with individuals and government agencies in order to investigate suspected violations of the law or combat any other suspected violations by Users
- if the User has consented to the transfer of his data to a third party, OHKZ has the right to provide personal data to advertisers, partner companies, research organizations in a form that does not allow identification of the subject of personal data (depersonalization of data), for compiling statistics, conducting scientific research or market research, as well as courier services, postal organizations, telecommunication operators, solely for the purpose of fulfilling the User’s order placed on the Site
- In the event that the OHKZ business, or part of this business, is sold or reorganized, and the OHKZ transfers all or substantially all of its assets to a new owner, then Users’ personal data may be transferred to the buyer to ensure continuity of service to the Site.
- In other cases provided for by the legislation of the Republic of Kazakhstan.
- If there is a need to transfer the User’s personal data for any of the above reasons, OHKZ undertakes to notify the User or his legal representative, unless otherwise provided by the laws of the Republic of Kazakhstan, about the fact of transfer of personal data in the manner prescribed by applicable legislation.
- The user reserves the right to withdraw consent to the transfer and processing of personal data.
- As part of the concluded agreements between OHKZ and third parties, OHKZ reserves the right to transfer the User’s personal data to third parties with the consent of the User, unless otherwise provided by applicable law. At the same time, third parties who, on behalf of the OHKZ, have accepted personal data of Users for processing are obligated to comply with the principles and rules for processing personal data provided for by the Law of the Republic of Kazakhstan “On Personal Data”, as well as international treaties ratified by the Republic of Kazakhstan.
- Third parties who have access to the personal data of Users undertake to take all necessary measures to protect personal data in accordance with applicable law. Third parties undertake not to disclose, distribute, or process such personal data to other persons without obtaining the consent of the User, unless otherwise provided by applicable law.
- Before the start of cross-border transfer of personal data, the public authority is obliged to ensure that the foreign state to whose territory it is intended to transfer personal data provides reliable protection of the rights of personal data subjects.
- Cross-border transfer of personal data to the territory of foreign states that do not meet the above requirements can only be carried out if the User has consent in writing to the cross-border transfer of his personal data and/or execution of an agreement to which the User is a party.
- To change, supplement personal data or cancel registration on the Site, the User or his authorized representative must contact the responsible person of the OHKZ and go through the personal identification procedure: viewing or changing the personal data of the User or a minor (under 18 years of age) – “Changing personal data” ( or “Changing User Information”), cancellation of registration on the Site (revocation of consent) – “Cancellation of registration”
- If you contact the OHKZ employee responsible for personal data management in writing, by telephone or email, the OHKZ will take immediate action regarding the relevant request.
- If the OHKZ receives a request or appeal to make changes to the personal data relating to the relevant User, the OHKZ undertakes to block personal data for the period of verification of the identification and (or) elimination of inaccurate personal data or unlawful actions.
- If incorrect or incomplete personal data is provided to a third party, the OHKZ immediately notifies the third party of the changes made for their subsequent correction by the third party.
- Personal data blocked or deleted at the request of the User’s legal representative, or the User himself, will be processed in accordance with applicable law and will not be available for viewing or further use for other purposes.
07. RIGHTS AND OBLIGATIONS OF THE PARTIES
- OHKZ undertakes to comply with the procedure and requirements for the processing, storage, transfer, and protection of personal data in accordance with applicable laws, including the obligation not to transfer Users’ personal data to other persons without obtaining the User’s consent, unless otherwise provided by applicable laws and (or) regulations of this Policy. If there is a need to transfer the User’s personal data, OHKZ undertakes to properly notify the User about to whom and to what extent his personal data will be transferred, as well as obtain the User’s prior consent in the manner and under the conditions provided for by applicable law.
- Users and their authorized representatives have the right to.
- Users and their authorized representatives have the right to
- confirmation of the fact, purpose, sources, methods of collecting and processing personal data
- list of personal data
- terms of processing of personal data, including periods of their storage
- demand from the Public Inspectorate, as well as a third party, changes and additions to your personal data if there are grounds supported by relevant documents
- require the public health authority, as well as third parties, to block their personal data if there is information about a violation of the terms of collection and processing of personal data
- demand from the PSB, as well as a third party, the destruction of their personal data, the collection and processing of which was carried out in violation of the legislation of the Republic of Kazakhstan, as well as in other cases established by this Law and other regulatory legal acts of the Republic of Kazakhstan.
- withdraw consent to the collection, processing, distribution in publicly available sources, transfer to third parties and cross-border transfer of personal data, except in cases provided for by the legislation of the Republic of Kazakhstan.
- give consent (refuse) to the public health authority to distribute their personal data in publicly available sources of personal data.
- and protection of their rights and legitimate interests, including compensation for moral and material damage.
- to exercise other rights provided for by the laws of the Republic of Kazakhstan.
- Users and their authorized representatives have the right to
- In case of loss, leakage, disclosure of personal data, the OHKZ is not responsible if these personal data were lost or disclosed
- through the fault of the User himself
- became public domain before they were lost or disclosed
- were received from a third party prior to its receipt by the OHKZ
- was disclosed with the consent of the User
- in other cases provided for by applicable law
08. RULES FOR PROCESSING, USE, AND REFUSE TO USE DEVICES FOR AUTOMATIC COLLECTION OF PERSONAL DATA
- As part of the activities of its website, OHKZ may collect certain User information using technologies such as Cookies ( cookies ).
- COOKIES are small text files necessary to maintain the Site, which store information directly on the User’s computer, mobile phone or other device .
- OHKZ uses cookies for the following purposes.
- The User has the right to choose to install cookies to receive marketing notifications, and provide the OHKZwith personalized services by analyzing the frequency of connection and time spent on the Site of registered and unregistered Users, determining the preferences and interests of Users, tracking digital traces, as well as determining the degree of participation in various promotions and number of visits to the Site.
- Thus, the User has the right to accept the use of cookies by giving his consent each time he uses the Site, or to refuse their use by disabling cookies in his web browser, as well as to delete the cookies stored in his browser related to the Site.
- How can I refuse the installation of cookies?
- refuse the installation of cookies by selecting the appropriate option in the web browser you are using: allow all cookies , confirming the storage of cookies each time, or refuse to store them.
- Setting example (for Internet Explorer): Tools (at the top of the web browser) > Internet Options > Personal Information. If you refuse to install cookies, difficulties may arise with the provision of OHKZ services
09. PSC PERSONS RESPONSIBLE FOR CONFIDENTIALITY AND PROCESSING OF PERSONAL DATA
- If the User has questions and (or) complaints regarding his personal data, the User can always send a corresponding request to the following responsible persons of the OHKZ for working with personal data and ensuring their protection.
- Manager responsible for working with personal data:
FULL NAME:
Job title:
Tel:
Email: - Responsible for the implementation of this Policy
FULL NAME:
Job title:
Tel:
Email: - Deputy General Director
FULL NAME:
Job title:
Tel:
Email:
- Manager responsible for working with personal data:
10. ADMINISTRATIVE AND TECHNICAL MEASURES TO PROTECT PERSONAL DATA
- The personal data of Users that OHKZ collects is reasonably protected by technical means and security procedures in order to prevent its loss, theft, leakage, unauthorized modification or damage.
- Technical measures to protect personal data
- The User’s personal data is protected by a password. Files and data are stored and managed in encrypted form and are additionally protected by separate technical means.
- OHKZ makes every reasonable effort to prevent leakage or damage to Users’ personal data by computer viruses through the use of anti-virus programs.
- The OHKZ, in preparation for hacker attacks and other external influences, controls unauthorized access from the outside, using a protection system against external intrusion.
- Administrative measures to protect personal data
- Access to personal data is limited to a limited list of persons.
- Persons performing marketing tasks directly in relation to Users
- Persons performing responsibilities for monitoring work with personal data, including responsible persons and employees exercising control over work with personal data.
- Other persons whose job duties involve working with personal data
- Access to personal data is limited to a limited list of persons.
- The OHKZ determines a limited list of persons who have access and are authorized to work with the personal data of Users. Within the framework of this Policy, as well as applicable legislation, the OHKZ conducts training for its employees who have access and are authorized to work with personal data, the rules and responsibilities for the protection of personal data, including by attracting specialists to provide lecture services on the topic of ensuring the safe handling of personal data. personal data of Users.
- In order to protect personal data, each User undertakes to properly monitor and bear responsibility for non-disclosure to third parties of information about their login and password.
- In the event of loss, leakage, change or damage to personal data as a result of an internal error by the administrator of the OHKZ or an incident related to the technical control of personal data, the OHKZ undertakes to immediately notify the User and take appropriate measures to eliminate the consequences in accordance with the current legislation of the Republic of Kazakhstan.
11. SENDING ADVERTISING MATERIALS
- OHKZ undertakes not to send advertising information for commercial purposes without the prior consent of the User.
- When sending advertising information, including information about an OHKZ product, by email for online marketing purposes, OHKZ undertakes to take measures to ensure that the advertising nature of the User’s message is easily recognized by properly marking the subject of the email/message, as follows.
- Subject of the email: the phrase “(Advertising)” will be displayed in the subject line, and its main content will be displayed in the body of the email.
- The name, email address, telephone number and address of the sender, allowing the User to make a decision: to refuse to receive messages, or to familiarize themselves with its contents.
- Information must be indicated in Kazakh and Russian languages.
12. NOTIFICATION OBLIGATION
- This Policy was updated on 11/10/2023. OHKZ may update this Policy from time to time, the new version of the Privacy Policy comes into force from the moment it is posted on the Site, unless otherwise provided by the new version of the Policy. The current version of the Privacy Policy is always located on the page at https://kz.ohc.global/
- This version of the privacy policy comes into force on November 10, 2023.
- If the OHKZ has made any changes to the Policy with which the User does not agree, he is obliged to stop using the services of the Site and (or) the mobile application. The fact of non-cessation of use of the Site and (or) mobile application is confirmation of the User’s consent and acceptance of the relevant edition of the Policy.