Last Updated: December 15, 2024
Important Update: This Privacy Policy was last updated on December 15, 2024, to reflect changes in data protection regulations and our privacy practices.
Kossan Petroleum ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any capacity.
We comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for European Union residents, the Personal Data Protection Act for Kazakhstan, and other relevant international data protection regulations.
Scope: This Privacy Policy applies to all personal information collected through our website, mobile applications, services, and during business interactions with Kossan Petroleum, its subsidiaries, and affiliates.
We collect several types of information for various purposes to provide and improve our services to you.
Personal information that you voluntarily provide to us, including:
When you visit our website or use our services, we automatically collect:
We may receive information about you from:
We use your personal information for the following purposes:
| Purpose | Type of Data | Legal Basis |
|---|---|---|
| To provide and maintain our services | Contact, Professional, Financial | Contractual necessity |
| To process transactions and payments | Financial, Contact | Contractual necessity |
| To communicate with you | Contact, Communication | Legitimate interest |
| To improve our website and services | Usage, Technical | Legitimate interest |
| To comply with legal obligations | Identification, Professional | Legal obligation |
| For marketing and promotions | Contact, Usage | Consent or legitimate interest |
| To ensure security and prevent fraud | Technical, Usage | Legitimate interest |
We process your personal information based on one or more of the following legal grounds:
Processing is necessary for the performance of a contract to which you are party or to take steps at your request before entering into a contract.
Processing is necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests.
Processing is necessary for compliance with a legal obligation to which we are subject.
You have given clear consent for us to process your personal data for a specific purpose.
Processing is necessary to protect someone's life.
Processing is necessary for the performance of a task carried out in the public interest.
We may share your personal information in the following circumstances:
We engage trusted third-party service providers to perform functions and provide services to us, including:
We may disclose your information where required by law or in response to:
In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
We may share your information with third parties when we have your explicit consent to do so.
Data Processing Agreements: All third-party service providers who process personal data on our behalf are bound by strict data processing agreements that comply with data protection laws.
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, in accordance with legal requirements.
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements.
| Data Category | Retention Period | Rationale |
|---|---|---|
| Customer contact information | 7 years after last contact | Business relationship maintenance |
| Financial records | 10 years | Legal and tax requirements |
| Website analytics data | 26 months | Performance analysis |
| Marketing consents | Until withdrawal | Consent management |
| Contract documentation | 10 years after contract end | Legal protection |
| Compliance records | 7 years | Regulatory requirements |
After the retention period expires, we securely delete or anonymize your personal data.
Depending on your location and applicable data protection laws, you may have the following rights:
You have the right to request copies of your personal information that we hold.
You have the right to request correction of any information you believe is inaccurate or incomplete.
You have the right to request that we erase your personal data, under certain conditions.
You have the right to request that we restrict the processing of your personal data, under certain conditions.
You have the right to object to our processing of your personal data, under certain conditions.
You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable law.
Exercising Your Rights: To exercise any of these rights, please contact us using the details provided in the "Contact Us" section. We will respond to your request within one month of receipt.
We use cookies and similar tracking technologies to track activity on our website and hold certain information.
You can manage your cookie preferences through your browser settings. Most browsers allow you to refuse cookies or delete them. However, disabling essential cookies may affect the functionality of our website.
For more detailed information about the cookies we use, please see our separate Cookie Policy.
Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ.
We ensure appropriate safeguards are in place for international data transfers, including:
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.
If you are a parent or guardian and you believe your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.
Our website may contain links to third-party websites. This Privacy Policy applies only to our website and services. We are not responsible for the privacy practices or content of third-party websites.
We encourage you to review the privacy policies of any third-party sites you visit.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
We will also provide additional notification methods for significant changes, such as email notifications or prominent website notices.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If you have any questions about this Privacy Policy or our data practices, please contact us:
Kossan Petroleum
Astana, Yesil district, Syganak street, building 60/2
Kazakhstan
Email: privacy@kossanpetroleum.kz
Phone: +7 778 231 7826 (Privacy Matters)
For general inquiries, please contact us at sales@kossanpetroleum.kz or visit our Contact Page.
Contact our Data Protection Officer for any questions about your personal data or our privacy practices.
