Privacy Policy and Personal data processing

1. This Personal Data Processing Policy (Privacy Policy) (hereinafter referred to as the Privacy Policy) is a public Agreement concluded between the Private Company Kid Security Limited and the User in accordance with Article 387 of the Civil Code of the Republic of Kazakhstan.

1.1. This Privacy Policy defines the purposes and general principles of personal data processing, namely actions aimed at the accumulation, storage, modification, addition, use, dissemination of personal data that the Private Company Kid Security Limited may receive during registration/authorization and/or use of the Service by Users, as well as the measures implemented to protect The Company of Users' personal data.

1.2. The terms of this Policy can be accepted by the User only in full, without any reservations, restrictions and exceptions. Ignorance of the provisions of this Policy does not release the User from responsibility for non-compliance with its terms.

2. Basic concepts used in the Policy

2.1. Website is an information resource hosted on the Internet information and telecommunications network with a domain name https://kidsecurity.org .

2.2. Applications – mobile applications "Kid security" and "Tigrow".

2.3. Service Applications together with the Site and all services provided on the Site and in Applications.

2.4. User – subject of personal data – an individual to whom personal data relates, who has access to the Service, a registered and unregistered User who uses the Service for personal, family, home and other uses not related to the implementation of entrepreneurial activities.

2.5. The company is a private company kid security limited, BIN: 200340900118, Legal address: 010000 Astana, Mangilik El str., d.C-4.6., "Astana Hub", E-mail: support@kidsecurity.org . The Company organizes and (or) collects, processes and protects personal data received from Users, and also determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

2.6. Personal data – any information related directly or indirectly to a specific or identifiable User, information recorded on electronic, paper and (or) other material media.

2.7. Cookies are small text files into which the browser records data from the sites visited by Visitors.

2.8. IP address - a unique network address of a node in a computer network built using the IP protocol, which allows you to determine the location of the User

3. Company Information

3.1. The private company Kid Security Limited is responsible for processing the User's personal information when using the Service in accordance with applicable data protection laws. Kid Security Limited is a limited warranty liability company located at the following address: RK, Astana, Manigilik El Ave., Building 55/8, Astana Hub, block C4.6.

4. Procedure for the adoption of this Policy

4.1. The fact of acceptance of this Policy means the full unconditional consent of the User with its terms and acceptance of the User confirming its conclusion (signing). Ignorance of the provisions of the Policy does not release the User from responsibility for non-compliance with its terms.

4.2. The User accepts the terms of this Personal Data Processing Policy and provides the Company's consent to the processing and transfer of personal data in one of the following ways: by clicking the interactive button on the website: "Continue".

4.3. This Policy is also part of the Terms of Use located at https://kidsecurity.net/termsofus (further - Conditions).

4.4. By clicking the "Continue" button, the User also confirms the fact that he has reached the age of 18, is an adult, a legal and capable citizen and has the right to consent to the processing of his personal data by the Company, and if the User has not reached the age of 18, clicking the button confirms that Consent to processing personal data is provided by his legal representative (parent, guardian, etc.).

4.5. The current version of the Privacy Policy is valid from December 08, 2022.

5. Data processing conditions

5.1. The Company does not verify the accuracy of the personal data provided by the User, and is not responsible for the inaccuracy of the personal data provided by the User. The Company assumes that the information provided by the User is reliable and sufficient.

5.2. The processing of personal data in the Policy means the collection of personal data, their systematization, accumulation, storage, modification, addition, use, dissemination, depersonalization, blocking, deletion and destruction of personal data.

5.3. Personal data voluntarily provided by the User during registration, subscription to the Service:

• Registration and account data, such as name, phone number, email address, country, city, preferred language. Also for the "Tigrow" application - the child's nickname, profile photo and GPS watch;

• Information in the correspondence sent by the User, which may include messages in the Tigrow application chat, emails and phone call records that the Company receives from the User.

5.4. Personal data collected by the Company when using the Service:

• General information about the User's location, including information about the country, region, city, including data about the exact geographical location;

• Information about the use of the Service.

5.5. The Company may collect the following information about Users of the Tigrow application:

• Location (geolocation) - The Company collects and uses the unique user ID and location of the mobile device on which the Tigrow application is installed using GPS, WiFi or wireless network triangulation to obtain the location of the mobile device in order to provide the Service. The Company retains location information only as long as it is reasonable to provide the Service, and then deletes the location data associated with the User's account in the Kid Security mobile application. A company can maintain location data for a longer period of time to analyze aggregate trends and metrics. If the User wishes to opt out of collecting location data, the User should restrict the application's access to location data in the settings on the mobile device on which the application is installed;

• the nickname of the child created by the User. The Company does not collect information about the child's first and last name, any nickname can be used as a User designation.

• Avatar photo, photos from GPS watch. The user can use the image without identifying the Child. The company does not store photos of the Child's image on the server, only the Parent has access to this data;

• sound around the device at the request of the parent - for a 20-second recording on request or broadcast of an audio signal within a radius of no more than two meters from a User with the Tigrow application installed, while listening is provided only to users with the Kid Security mobile application installed who are registered and attached to the same account. At the same time, information is reflected on the Child's mobile device that an audio signal is being recorded. Audio recordings around the device or audio data are stored on the server for 30 (thirty) days or until the Parent deletes this data in the application;

• access to device usage statistics – in order to display the type of sound mode on the child's phone, the battery charge of the child's device, information about the percentage of time using other applications on the child's phone exclusively in the confirmed parent's application. The company stores the above-mentioned data of the Child on the server, only the Parent has access to this data;

• Physical activity data - to display this information in a linked and verified parent profile in the Kid Security app. The company does not store data on the Child's physical activity on the server, only the Parent has access to this data;

5.6. Information that the Company collects automatically using cookies, web beacons, log files or other tracking/recording tools:

• IP address

• browser information

• links to/exits and URLs

• flow data and information about how the User interacts with links on a website, mobile application or Service
• domain names

• landing pages, page views

• cookie data that allows the Company to uniquely identify the User's browser and track the browser behavior on the Company's Website

• type of mobile device

• mobile device identifiers or other permanent identifiers

• location data collected from the User's mobile device

5.7. The Company may collect analytical data or use third-party analytics tools such as facebook events, adjust, userx.pro , appmetrica, to use them to measure traffic and usage trends for the Service. These tools collect information sent by the User's browser or mobile device, including the pages that the User visits, the use of third-party applications and other information that helps in analyzing and improving the service.

5.8. The Company also collects anonymous data about visitors and the use of the Service for the purpose of creating statistical data or reports. However, such data does not relate directly or indirectly to a specific individual, an individual cannot be identified from the anonymous data that the Company collects for these purposes.

5.9. The Company does not collect or process information about the User's race or nationality, political views or membership in any political association, religious or philosophical views, genetic or biometric data.

6. Confidentiality of children's personal data

6.1. The Company takes seriously the confidentiality of information about children. The Company does not collect or store personal data received from children under the age of 14 (hereinafter referred to as the Child). Children under the age of 14 must have the consent of a parent/guardian before providing any personal data. If the Company determines that the user has not reached the age of 14, it will not use or store his personal data without obtaining the consent of his parent / guardian.

6.2. If the Company finds out that it accidentally collected the child's personal data without the consent of the parents, the Company will take appropriate steps to delete this information. The User's parent or guardian must immediately inform the Company that a child under the age of 14 has a registered account in the Service without his consent, by e-mail support@kidsecurity.net so that the Company can delete this child's personal data from the system and terminate any account that the child has created.

6.3. By allowing the child to create a user account and allowing him to use the Service, the parent or guardian expressly agrees to the actions described in this Policy and agrees to the collection, use and disclosure of the child's personal information as described in this Policy.

6.4. The Company may transfer or disclose the child's personal information to its third-party service providers and business partners, in accordance with this Policy. However, the Company does not use or transfer personal information collected from the accounts of children under the age of 14 for marketing or advertising purposes, and also does not allow third-party partners to collect and use such information for advertising purposes.

6.5. Information about the child's profile, his location, sound recording around the child's device, device usage statistics, physical activity data will be transmitted to the Parent in the "Kid Security" application connected to the same profile, according to this Policy.

6.5.1 Tigrow sends a list of installed applications to our server https://rest.kidsecurity.tech and http://rest.gps-watch.kz. Our server transfers data to the parent's phone to the Kid Security application

6.6. A parent/guardian may review, delete, change or refuse further collection or use of their child's personal data by contacting the Company by e-mail support@kidsecurity.net .

7. Principles of personal data processing

7.1. The processing of personal data is carried out on a legal and fair basis.
7.2. The processing of personal data is limited to the achievement of specific, predetermined and legitimate goals. Processing of personal data incompatible with the purposes of personal data collection is not allowed.

7.3. Only personal data that meet the purposes of their processing are subject to processing. The content and volume of the processed personal data correspond to the stated purposes of processing. Redundancy of the processed personal data in relation to the stated purposes of their processing is not allowed.

7.4. The Company takes the necessary measures and/or ensures that they are taken to delete or clarify incomplete or inaccurate data.

7.5. The Company processes Users' personal data no longer than the purposes of personal data processing require.

8. Purposes of using personal data

8.1. Purpose of processing the User's personal data:

• collecting and processing requests, providing responses and communicating with Users;

• to send administrative information to users, for example, information about the Service and about changes in terms and policies. Users cannot refuse to receive such messages, as the information contained in them may be important for the use of the Service.;

• sending Users news materials, advertising materials, additional information about the Company or about the Company's products, surveys, research and other events, in cases where the User has requested or consented to receive such communications;

• improve the Service;
• set the Service settings according to the User's wishes;

• update and develop user accounts;

• analyze and monitor the use of the Services.

8.2. The Company is not obliged to obtain the User's consent for most of the personal data processing operations. However, the Company may require the User's consent for certain types of processing. If the Company requires the User's consent, the Company will inform about the personal data that the Company intends to use and how the Company intends to use it. With the User's consent, the Company may process the User's information for additional specific purposes.

9. Transfer of personal data

9.1. The Company does not sell, transfer, or exchange the User's personal data with third parties for use at their sole discretion (including to law enforcement agencies, other government agencies or civil plaintiffs), unless required by law or a court decision.

10. Links to third-party websites and services

10.1. The Services may contain links (including, without limitation, elements such as images, maps, sound files) to third-party websites and services that the Company does not control and which have different principles of working with personal data than defined by the Policy. If personal data is provided to any such websites and services, their use will be governed by the privacy policies that are adopted on such websites and services. The Company is not responsible for the security or confidentiality of any information collected by third-party websites or services, and strongly recommends that you always familiarize yourself with the privacy policies of the websites and services you visit.</p>

11. Security and protection of personal data

11.1. In order to ensure the security of the User's personal data during their processing, the Company takes the necessary and sufficient legal, organizational, physical and technical measures to protect personal data from unauthorized or accidental access to them, their destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions of third parties.

12. Data storage

12.1. The period of storage of personal data is determined by the date of achievement of the purposes of their collection and processing.
12.2. The Company stores personal data in a form that allows identifying the User, no longer than the purposes of personal data processing require.

12.3. If the User has chosen to receive marketing messages from the Company, the Company will store information about the User's marketing preferences for a reasonable period of time from the moment when the User last showed interest in the Company's products. We store information obtained from cookies and other tracking technologies for a reasonable period of time from the date of receipt of such information.

13. Cross-border transfer of personal data

13.1. The cross—border transfer of Personal Data by the Operator is carried out taking into account the provisions of the Convention on the Protection of Individuals with Automated Processing of Personal Data (concluded in Strasbourg on 28.01.1981; hereinafter - the Convention). Cross-border transfer of Personal Data can be carried out by the Operator to countries that have ratified the above Convention, as well as to countries that provide adequate protection of the rights of Personal Data subjects. If there is a need to carry out Cross-border transfer of Personal Data to countries that have not ratified the Convention, as well as not included in the List of countries that provide adequate protection of Personal Data, the Operator is obliged to obtain a separate consent for this action from the User.
14. User Rights

14.1. The User or his legal representative has the right to:

14.1.1. to receive information concerning the processing of his personal data, except in cases provided for by legislative acts of the Republic of Kazakhstan;

14.1.2. require the Company to change and supplement their personal data if there are grounds confirmed by relevant documents;

14.1.3. require the Company to block its personal data in the event of information about a violation of the terms of collection, processing of personal data;

14.1.4. require the Company to destroy their personal data, the collection and processing of which was carried out in violation of the law;

14.1.5. give consent (refuse) Companies to distribute their personal data in publicly available sources of personal data;

14.1.6. revoke consent to the collection, processing of personal data;

14.1.7. to exercise other rights provided for by the Law on Personal Data.

15. Policy Change

15.1. The Company reserves the right to change the terms of this Policy and all its integral parts without the consent of the User with the notification of the latter by posting on the Website a new version of the Policy or any of its integral parts that have undergone changes.

15.2. The new version of the Policy and/or any of its integral parts comes into force from the moment of publication on the Website, unless another date for the entry into force of the changes is determined by the Company when they are published. The current version of this Policy and all its appendices is publicly available on the Website.
15.3. Revocation of previously given consent to the processing of personal data of the User or his legal representative is carried out by sending the User or his legal representative an application in the form of an electronic document (signed scanned copy of the application) to the Company at the email address support@kidsecurity.org . with an indication in the subject line of the letter "Revocation of previously given consent to the processing and storage of personal data". The User or his legal representative is obliged to stop using the Service immediately after sending the specified application to the Company.

15.4. The User may send any questions, comments or comments regarding this Policy, as well as any requests related to the User's personal information by e-mail to support@kidsecurity.net