Без выходных
RUQZEnglish
Справочная информация
Язык:
RUQZEnglish
Без выходных
Пн-Вс: 09:00 - 21:00

Privacy Policy regarding the Processing of Personal Data of LLP “MFO Credit365 Kazakhstan” (“Credit 365 Kazakhstan”)

Last updated: 01.10.2025

1. Personal Data Operator
LLP “MFO ‘Credit365 Kazakhstan’”
BIN: 200940032913
Address: Republic of Kazakhstan, Almaty Region, Qonayev city, Microdistrict 2, building 19, apartment 1, postal code 040803
E-mail: [email protected]
Phone: +7 708 365 0000
License ARRFР No. 02.21.0065.М dated 05.04.2021

2. Purposes and Legal Grounds for Processing Personal Data
Personal data is processed for the following purposes:
— conclusion and execution of a microcredit agreement;
— client identification, including verification via NBK CID and BMG;
— creditworthiness assessment and scoring;
— fraud prevention;
— compliance with the legislation of the Republic of Kazakhstan;
— ensuring the security of online services;
— sending notifications, receipts, and legally significant messages;
— technical support and service quality improvement.
Legal grounds:
— consent of the personal data subject;
— conclusion and execution of the agreement;
— legal requirements, including AML/CFT laws.

3. Categories of Processed Personal Data
3.1. Basic identification data:
Full name, IIN, date of birth, gender, citizenship, marital status, residence and registration address, phone number, e-mail.

3.2. Identity document data:
Type of document, series, number, issuing authority, date of issue, expiration date, document photo.

3.3. Biometric data:
Selfie photo, series of photos and video stream for liveness detection, result of biometric comparison with the ID document photo.

3.4. Socio-economic data:
Employer information, type of employment, type of ownership, income level (if required).

3.5. Payment data:
Card data (token, BIN, last 4 digits), transaction confirmations via 3‑D Secure.

3.6. Technical device data:
IP address, cookies, browser type, operating system, device model, Android/iOS version, Android ID, advertising ID, provider domain name, visited URLs, access time, session statistics, error logs and technical events.

4. Geolocation Data
The application may collect the user’s approximate geolocation.
Geodata is used only for fraud prevention, for verification during identification, and for technical analysis.
Geolocation is collected only with the user’s permission.

5. Sources of Data Collection
The Company receives data:
— from the user;
— from NBK CID;
— from BMG;
— from credit bureaus;
— from government authorities;
— from payment organizations;
— from technical contractors and analytics services.

6. Transfer of Personal Data to Third Parties

7. Rights of the Personal Data Subject
The user has the right to:
— obtain information on data processing;
— request correction or deletion of data;
— withdraw consent;
— restrict processing;
— appeal automated decisions;
— submit a complaint to the Company or ARRFР.
To exercise these rights, please contact us: E-mail: [email protected]
Response time to requests: 14 calendar days.

8. Personal Data Retention Periods
— application data — 3 years;
— credit files — 7 years after contract completion;
— call recordings — 6 months;
— technical and analytics data — up to 12 months;
— other categories — in accordance with legal requirements.

9. Protection of Personal Data
The Company uses encryption (TLS, AES‑256), multi-factor authentication, user action logging, backup systems, access control, and information security audits.
In case of a security incident, notification to ARRFР and users is sent no later than 72 hours.

10. Contact Information
E-mail: [email protected]