top of page
Scattered Metal Keys

PRIVACY POLICY

​​

Last updated: December 14, 2025
Effective: December 14, 2025

Hello — short version first: we respect your privacy, we only collect what’s necessary, we protect it, and we won’t sell your personal data. Below is the full legal-friendly-but-readable explanation of how IRTech Stroy LLP (“we”, “us”, “IRTech Stroy”) collects, uses, stores and protects personal data on our website. If you want a TL;DR or help filling in the contact blanks, ping us — we’ll make it painless.

1. Who we are

Company: IRTech Stroy LLP
Registered address: 150/230 Abai Street, Almaty - Republic of Kazakhstan
Email (privacy/DPO contact): privacy@irtechstroy.kz

2. Scope & legal framework

This Privacy Policy applies to personal data we collect through our website, communications, forms, recruitment pages and related online services.

Our personal data processing complies with the Law of the Republic of Kazakhstan “On Personal Data and their Protection” (No. 94-V of 21 May 2013) and subsequent implementing rules and amendments, and with the Ministry and state rules relevant to personal data protection (including the rules effective from 2024–2025). For clarity: Kazakhstan law requires lawful processing, appointing a person responsible for personal data processing where applicable, and certain notification/recordkeeping and storage requirements described below. 

3. Definitions (short)

  • Personal data: any information relating to an identified or identifiable natural person (name, IIN, contact details, etc.). Adilet

  • Special (sensitive) personal data: categories which the law treats with extra care (health, biometric data, etc.). We do not normally collect these on the website. Natlex

  • Owner / Operator (Controller/Processor): IRTech Stroy LLP or third parties acting on our behalf.

 

4. What personal data we collect

Depending on how you use the site, we may collect:

From website visitors

  • Contact details submitted via forms: name, company, position, email, phone.

  • Technical data: IP address, device/browser information, pages visited, timestamps (logs).

  • Cookies and analytics identifiers.

From job applicants

  • CVs/resumes, contact details, professional history, references (and only with your consent).

From clients / partners

  • Contractual contact and billing details as required to provide services.

We do not collect more personal data than is necessary for the stated purpose. If we ever need sensitive personal data, we will request explicit separate consent and explain why. 

 

5. Legal bases for processing (Kazakhstan view)

Under Kazakh law we rely on lawful bases including:

  • Consent: where you expressly provide it (e.g., newsletter sign-up, contact form).

  • Performance of a contract / pre-contractual measures: to provide services you requested.

  • Legal / regulatory obligations: where we must process to comply with law.

  • Legitimate interests: limited, documented interests (e.g., website security, fraud prevention), balanced against your rights.

When relying on consent, you may withdraw it at any time (see Section 9). 

 

6. How we use personal data (purposes)

We process personal data to:

  • Respond to inquiries and provide requested information and services.

  • Manage recruitment and hiring processes.

  • Perform contractual obligations (invoicing, delivery, communications).

  • Improve and secure our website (analytics, logs, fraud prevention).

  • Comply with legal obligations (e.g., taxes, regulatory requests).

  • Notify you about updates, events or offers where you have opted in.

We keep processing to the minimum necessary for each purpose and retain records only as long as required by law or business need. 

 

7. Cookies and similar technologies

We use cookies and similar tracking technologies to operate the website, measure usage (analytics), and deliver a better user experience. You can manage or block cookies via your browser settings; note that blocking cookies may affect site functionality.

If we use third-party analytics or advertising services (e.g., Google Analytics), their cookies and privacy practices apply; we ensure contracts and safeguards are in place where required.

 

8. Data storage and localization

Kazakh law requires particular attention to storage/location and protection of personal data. Personal data we collect through our services is stored on secure servers; where we act as the owner/operator, we will as a rule keep databases containing personal data within Kazakhstan if required by law or when the data subject is in Kazakhstan. If cross-border transfers are necessary, we will ensure legal safeguards and inform you where required. 

 

9. Your rights (how to exercise them)

Subject to statutory exceptions, data subjects have rights including:

  • Right to access personal data relating to you.

  • Right to correct inaccurate or incomplete personal data.

  • Right to object / limit processing in certain circumstances.

  • Right to withdraw consent where processing is based on consent.

  • Right to request deletion (erasure) where lawful and applicable.

To exercise rights, contact: privacy@irtechstroy.kz (or the DPO contact listed above). We will respond within the timeframes required by applicable law and provide instructions if any identity verification or formalities are needed. If you are not satisfied, you may also lodge a complaint with the supervisory authority (see Section 13).

10. Data security

We use a combination of administrative, technical and physical measures designed to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Measures include restricted access, encrypted communications (TLS), staff training, and contractual controls for processors. However, no system is 100% secure — if a personal data security incident occurs we will follow the breach procedures described in Section 11. 

 

11. Personal data breaches — what we do

If we detect a personal data security breach, we will:

  1. Contain and mitigate the incident immediately.

  2. Notify the Ministry of Digital Development, Innovations and Aerospace Industry (the authorized state body) within one business day of discovering the breach when notification is required under Kazakh rules. We will also notify affected data subjects without undue delay where the breach is likely to create a high risk to their rights and freedoms. (Procedures adopted by the Ministry and the rules for notification set out required content and method of notification.) 

We will document breaches and remedial actions in line with legal obligations.

 

12. Third parties & processors

We may share personal data with:

  • Service providers who perform services on our behalf (hosting, analytics, email delivery, payment).

  • Professional advisers (lawyers, auditors) where necessary.

  • Government authorities where required by law or court order.

We use contracts and safeguards to ensure third parties process data only per our instructions and in compliance with applicable law. For cross-border transfers, we apply appropriate safeguards and will inform data subjects as required. 

 

13. Supervisory authority & complaints

Kazakhstan’s personal data framework is supervised by national/state bodies. Historically, the Prosecutor’s Office has an inspection/supervisory role, while the Ministry of Digital Development, Innovations and Aerospace Industry now carries responsibilities including breach notification handling and oversight of certain implementation rules. If you believe your rights under Kazakh personal data law have been violated, you may file a complaint with the Ministry or with the Prosecutor’s Office as appropriate. We will cooperate with any official enquiries. 

 

14. Children

Our website and services are not intended for children under 14 (or the local age of consent where applicable). We do not knowingly collect personal data from minors. If you learn we have collected data from a child without appropriate consent, contact us and we will take prompt action. 

 

15. Retention

We retain personal data only as long as necessary to fulfil the purpose for which it was collected, to comply with legal obligations (e.g., tax or employment record keeping), or to protect our legal rights. Specific retention periods will vary by record type; contact us for details. 

 

16. Changes to this policy

We may update this Privacy Policy to reflect legal or operational changes. Material changes will be posted on the website with a revised “Last updated” date. Non-material edits may be made without prior notice.

 

17. Contact / Data protection officer (DPO)

If you have questions, want to exercise your rights, or wish to make a complaint:

Email: privacy@irtechstroy.kz
Post: 150/230 Abai Street, Almaty, Kazakhstan
 

If you prefer, you may also contact the Ministry of Digital Development, Innovations and Aerospace Industry of the Republic of Kazakhstan or the Prosecutor’s Office (official channels) to raise concerns. 

 

18. Practical notes & quick reassurance

  • We will never sell your personal data.

  • We limit access to personal data to employees and contractors who need it.

  • If you want a copy of the personal data we hold about you, ask — we’ll provide it in a readable format.

 

Legal & reference notes (short bibliography)

Key legislative and guidance sources relied on when drafting this policy:

  • Law of the Republic of Kazakhstan “On Personal Data and their Protection” (No. 94-V, 21 May 2013). Adilet

  • Unofficial English translations and explanatory materials (NATLEX / ILO and legal commentaries). Natlex+1

  • Recent legislative amendments and breach-notification rules effective 2024–2025 (Ministry rules; amendments regarding breach notification within one business day). Signum Law+1

  • Practical guidance by international law firms and DLA Piper overview of security and operational obligations. DLA Piper Data Protection

bottom of page