Legal address of the individual entrepreneur «PHOTOSAFARI TRAVEL»: Kazakhstan, Almaty, KAZYBEK BI, house 104, apartment/office 2.
Actual address of the individual entrepreneur «PHOTOSAFARI TRAVEL»: Kazakhstan, Almaty, KAZYBEK BI, house 104, apartment/office 2.

When processing personal data, we comply with the requirements of the legislation of the Republic of Kazakhstan, in particular, the Law of the Republic of Kazakhstan dated May 21, 2013, No. 94-V «On Personal Data and Their Protection», as well as norms and rules established in the Individual Entrepreneur «PHOTOSAFARI TRAVEL».
An integral part of this Policy and their part is the User Agreement.

The use of the www.photosafari-travel.kz website by the Subject, the purchase of a tourist product or receiving consultation (including in the company's sales offices of photosafari-travel.kz) confirms full and unconditional agreement with this Policy regarding the processing and protection of personal data of the Subject in accordance with the Law of the Republic of Kazakhstan «On Personal Data and their Protection».

The policy of the individual entrepreneur «PHOTOSAFARI TRAVEL» (photosafari-travel.kz) (hereinafter referred to as the Travel Agency) regarding the processing of personal data (hereinafter — the Policy) defines the position and intentions of the Travel Agency in the field of processing and protecting personal data, in order to respect and protect the rights and freedoms of every person, including the right to privacy, personal and family secrets, as well as protecting one's honor and good name.

The policy is strictly followed by the management and employees of all structural divisions of the individual entrepreneur «PHOTOSAFARI TRAVEL».

This Policy applies to all personal data of Subjects processed by the Travel Agency both with and without automation tools.

Any Subject of personal data has access to this Policy. This Policy regarding the processing and protection of personal data applies exclusively to the website www.photosafari-travel.kz. The Travel Agency does not control and is not responsible for third-party websites that the Subject can access through links available on the site www.photosafari-travel.kz.

By personal data security, the Travel Agency means the protection of these data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions in relation to personal data. The Travel Agency takes the necessary legal, organizational and technical measures to protect personal data.

When processing personal data, the Travel Agency is guided by the following principles:

• Legality and fair basis.
• Limitation of personal data processing to achieve specific, predetermined and legitimate goals.
• Prevention of processing of personal data incompatible with the purposes of their collection.
• Prohibition of combining databases containing personal data for incompatible purposes.
• Processing of personal data that are relevant to the purposes of their processing.
• Compliance of content.

A travel agency processes personal data only if at least one of the following conditions is met:

• The processing of personal data is carried out with the consent of the subject for such processing.
• The processing is necessary to achieve purposes stipulated by law and to fulfill obligations imposed by the legislation of the Republic of Kazakhstan on the owner of the database.
• The processing is necessary for the performance of a contract to which the personal data subject is a party or for the conclusion of a contract at the initiative of such a subject.
• The processing is necessary to exercise the rights and legitimate interests of the travel agency or third parties, provided that this does not violate the rights and freedoms of the personal data subject.
• The processing of data is carried out with access granted by the subject or at their request.
• The processing of data is carried out in cases where such data is subject to publication or mandatory disclosure in accordance with the legislation of the Republic of Kazakhstan.

A travel agency is entitled to delegate the processing of personal data to third parties under a contract if this is necessary for providing services related to booking a travel product and fulfilling the Subject's order. This includes airlines, tour operators, hotels, visa centers, consulates, courier services, postal organizations, internet service providers, and organizations responsible for sending emails. Third parties processing data on behalf of the agency are required to comply with the established rules and principles for the processing and protection of personal data as stipulated by the "Law on Personal Data and Their Protection." For each such party, a list of actions with personal data, the purposes of processing, and requirements for confidentiality and data security during processing are defined.
In cases provided for by the legislation of the Republic of Kazakhstan, the travel agency has the right to transfer citizens' personal data.
The agency destroys or anonymizes personal data after the purposes of processing have been achieved, when the need for processing is no longer present, or if the subject withdraws their consent to the processing of personal data.
The processing of personal data by the agency is carried out with the subject's consent unless otherwise stipulated by the legislation of the Republic of Kazakhstan in the field of personal data.

Email addresses and phone numbers obtained by the travel agency may be used to send messages to subjects, including newsletters informing them about commercial and/or non-commercial activities, promotions, and terms of travel services, as well as advertising and informational materials from third parties. Subjects may unsubscribe from such newsletters in the future by using the form specified in the newsletter or by contacting c.kikvidze@gmail.com.
The travel agency is not obliged to verify the accuracy of the information provided by the subject and does not control the subject's legal capacity. However, the agency assumes that the subject provides accurate and sufficient personal information in the appropriate fields designated in the registration form and maintains this information in an up-to-date state. The subject bears the risk of providing inaccurate information.

A subject whose personal data is processed by the travel agency has the right to receive the following information from the agency:

• Confirmation of the fact that their personal data is being processed.
• Information on the legal grounds and purposes of personal data processing.
• Details about the methods used by the agency to process personal data.
• The name and location of the travel agency.
• Information on individuals who have access to personal data or to whom personal data may be disclosed under a contract with the agency or in accordance with the legislation of the Republic of Kazakhstan.
• A list of personal data processed concerning the subject and the source of its collection unless otherwise provided by the legislation of the Republic of Kazakhstan.
• Information on the duration of personal data processing, including storage periods.
• The name and address of the party processing personal data on behalf of IP "PHOTOSAFARI TRAVEL".
• Other information as stipulated by the "Law on Personal Data and Their Protection."

A subject whose personal data is processed by the travel agency has the right to:

• Request the correction, blocking, or deletion of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing.
• Withdraw their consent for the processing of personal data.
• Demand the rectification of unlawful actions taken by the agency regarding their personal data.
• Protect their rights and legitimate interests, including the right to compensation for damages and/or moral harm through legal proceedings.

In the event of non-compliance with the provisions of this Policy, the travel agency bears responsibility in accordance with the current legislation of the Republic of Kazakhstan.

When processing personal data, the travel agency takes all necessary legal, organizational, and technical measures to protect the data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, and other unlawful actions.

These measures include:

• Identifying threats to the security of personal data during their processing in information systems.
• Implementing organizational and technical measures to ensure the security of personal data, in compliance with the legislative requirements of the Republic of Kazakhstan.
• Using information protection tools that have undergone the established conformity assessment procedure.
• Detecting unauthorized access to personal data and taking appropriate measures.
• Establishing access rules to personal data in information systems and ensuring the registration and accounting of all actions performed with such data.
• Familiarizing employees of the agency, its branches, and representative offices involved in processing personal data with the provisions of the legislation of the Republic of Kazakhstan and internal regulations of the agency regarding personal data, including requirements for their protection, as well as training these employees.
• Monitoring the measures taken to ensure personal data security and the level of protection of information systems.

The current version of the “IP 'PHOTOSAFARI TRAVEL' Personal Data Processing Policy” is published in open access on the Internet at: www.photosafari-travel.kz.

The travel agency reserves the right to make changes to the "Privacy and Personal Data Protection Policy" unilaterally, including without prior notice to subjects.