Unless otherwise defined in this Privacy Policy, terms used but not defined in this Privacy Policy have the same meanings as in the Terms of Service.

“Admitted Products” shall have the meaning given in AIX CSD Business Rules;

“applicable law” or “AIFC Laws” mean the Acting Law of the Astana International Financial Centre as amended from to time;

“AIX” means Astana International Exchange Limited, a private company incorporated under the AIFC Laws which is the owner of the App;

“AIX CSD” means Astana International Exchange Central Securities Depository Ltd., a private company incorporated under the AIFC Laws;

“AIX Registrar” means Astana International Exchange Registrar Limited, a private company incorporated under the AIFC Laws;

“App” means a mobile application developed by AIX under trade name “Tabys” and devoted to facilitating communication between the user and the Licensees, including the user and the Issuers in connection with purchase and sale of Securities pursuant to and in accordance with the conditions of the offering documents, the user and AIX Registrar in connection with recordkeeping of the title to Investor’s Securities under the Registrar Agreement, the user and AIX CSD in connection with custody services under the Custody Agreement, as well as to documenting transactions between the users and the Issuers, in respect of the Issuers’ Securities; the App can be downloaded to any device pursuant to the Terms of Service;

“Custody Agreement” means Agreement on custody services governing relations between the Investor and AIX CSD;

“Depository” means the depository operated by AIX CSD in accordance with AIX CSD Business Rules;

“Depository Account” means a personal custody sub-account in the name of the Investor under AIX CSD’s nominee account established in the Depository pursuant to and in accordance with terms and conditions of the Custody Agreement concluded between AIX CSD and the Investor;

“Device” means the user’s mobile phone which runs an operating system supported by 2 platforms: Android and Apple IOS;

“Investor” means an individual person, who unconditionally accepts the Investor Agreement;

“Issuer” means in relation to any Security, the legal entity by whom it is or is to be issued, including the agent acting on behalf of the Issuer pursuant to and in accordance with the offering documents;

“Licensee” means any body corporate which has proper right to use the App, including AIX Registrar, AIX CSD or the Issuers, based on arrangements with AIX being owner of the App and each of the Licensee;

“Means for fixing and registration of purchase and sale” or “Means” include the website and all facilities provided to the user via the App for purchase and sale of Securities from the Issuer;

“process”, “processing” in relation to Personal Data, shall mean performance of any operation or set of operations on the Personal Data, whether or not by automatic means, and includes collection, recording, organisation, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of the Personal Data;

“Registrar Agreement” means Registry Services Agreement governing relations between the Investor and AIX Registrar on Registrar Account opening and recordkeeping of the title to Investor’s Securities;

“Securities” mean a share, debenture, warrant, certificate, structured product, unit, issued by the Issuer as defined under the AIFC Laws in dematerialised form which are qualified as Admitted Products;

“user” means an individual person who has downloaded the App and uses the App.

While using the App and/or Means, AIX and/or the Licensees may ask the user to provide AIX and/or the Licensees with certain personally identifiable information, including, but not limited to user’s full name, nationality, place of residence, email address, other personal contact details (including telephone number and postal address), job title, employer, date of birth, individual identification number, financial information, bank account/card details, user’s photograph, user’s video during the registration, user’s national identification document or passport, marital status, and also the Usage Data as they defined below (“Personal Data”).

AIX and/or the Licensees may also collect information about whenever the user visits, accesses, and uses the App by or through the Device, including traffic data, logs, and other communication data and the menus of the App that the user accesses and uses, the time and date of user’s visit, the time spent on those menus (“Usage Data”).

AIX and the Licensees use tracking technologies to track the activity on the App and hold certain information. Tracking technologies such as beacons, tags, and scripts are used to collect and track information and to improve and analyze the App.

The App uses the services of the third-party service providers that may collect the Personal Data to maintain and provide the App, its content, and any other information, products or Means that the user requests from AIX and the Licensees. The user can familiarize himself/herself with the privacy policies of some third-party service providers by the following hyperlinks:

• • Google Play Services; 
• • AppsFlyer; 
• • Amplitude; 
• • Google Firebase. 

AIX and/or the Licensees are not responsible for the completeness and performance of the privacy policies of the third-party service providers or any of their obligations in respect of any Personal Data.

AIX and/or the Licensees process the collected Personal Data for various purposes (where applicable), such as:

• • to maintain and provide the App and its contents, and any other information, products or Means that the user requests from AIX and the Licensees;
• • to notify the user about changes to the App, to Means and user’s account;
• • to provide customer support;
• • to gather analysis or valuable information so that AIX can improve the App;
• • to monitor the usage of the App;
• • to detect, prevent and address technical issues;
• • to service, maintain and protect the user’s account;
• • to fulfill legal and regulatory requirements (including recordkeeping requirements and conducting anti-money laundering checks via third party software);
• • to comply with the formal request from a regulator, the police, or another government agency of AIFC or Kazakhstan jurisdiction when applicable.

Legal Basis for processing Personal Data under AIFC Data Protection Regulations

The legal basis for collecting and processing the Personal Data described in this Privacy Policy depends on the Personal Data that AIX and/or the Licensees collect and the specific context in which AIX and/or the Licensees collect it.

AIX and/or the Licensees may process the user’s Personal Data because:

• • hereby the user provides his/her explicit and informed consent to do so;
• • the processing is in AIX’s and the Licensees’ legitimate interests and does not violate the user’s rights;
• • to comply with any legal obligation to which AIX and the Licensees are subject.

Hereby by accepting the Privacy Policy the user represents and warrants that:

• • the user provides AIX and/or the Licensees with his/her explicit and informed consent to collect and process its Personal Data for the purposes and under provisions set out herein;
• • AIX and the Licensees may store, transfer and disclose user’s Personal Data for the purposes set out herein or to the third parties for processing such Personal Data on their behalf or otherwise providing professional or other services in each case wherever located in the world, provided that where user’s Personal Data is transferred to countries or territories outside the jurisdictions that are not recognized by data protection laws applicable to the AIFC as offering an adequate level of data protection, AIX and/or the Licensees shall put in place appropriate data transfer mechanisms as required by the AIFC Data Protection Regulations and Data Protection Rules (“Data Protection Laws”). The User acknowledges that the Personal Data may be transferred, processed, and stored with reputable cloud service providers located in a jurisdiction outside the AIFC;
• • the user will immediately notify AIX and the Licensees on any changes and/or additions to his/her Personal Data, with submission of relevant supporting documents.

AIX and the Licensees will retain user’s Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. AIX and the Licensees will retain and use user’s Personal Data to the extent necessary to comply with any legal obligations (for example, if AIX and the Licensees are required to retain user’s data to comply with applicable laws), resolve disputes, and enforce the legal agreements and policies.

AIX and the Licensees will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the App, or AIX and the Licensees are legally obligated to retain this data for longer time periods. The Data shall in any case be withdrawn from AIX’s and/or the Licensees’ systems after 7 (seven) years except for the Data that AIX and the Licensees are required to keep for longer on the basis of specific legislation or in the event of ongoing litigation for which Data shall be necessary.

While AIX and the Licensees undertake their best endeavors to use appropriate means to protect user’s Personal Data, AIX and the Licensees cannot guarantee its absolute safety based on existing general risks related to electronic and internet storage.

The user may send AIX an email at [email protected] to request access to, correct, amend or delete any Personal Data that the user has provided to AIX and the Licensees. AIX and the Licensees cannot delete user’s Personal Data except by also deleting user’s user account. AIX and the Licensees may not accommodate a request to change or delete information if AIX and the Licensees believe the change or deletion would violate any law or legal requirement or cause the information to be incorrect.

In certain circumstances, if the processing of Personal Data contravenes the Data Protection Laws, the user has the following data protection rights:

• a. Right of access. The user has the right to ask at any time whether his/her Personal Data has been collected, over what period of time, and for what purpose.
• b. Right of rectification. The user has a right to ask that false or incomplete Personal Data be corrected or completed at any time on a simple request.
• c. Right to restriction of processing. The user may request that the processing of his/her Personal Data be limited. This means that the data in question must be “marked” in the computer system and cannot be used for a certain period of time.
• d. Right to erasure. Subject to the exceptions required by AIFC Laws, the user has the right to demand that his/her Personal Data be erased. The Personal Data shall be deleted without delay, in particular, if one of the following reasons applies:

• • user’s Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed;
• • the user revoked his/her consent on which the processing of the Personal Data was based, and there is no other legal basis for the processing;
• • user’s Personal Data has been processed unlawfully.

The right to erasure does not exist insofar as user’s Personal Data is required for the assertion, exercise or defence of AIX’s and/or the Licensees’ legal claims.

Please note that AIX and the Licensees may ask the user to verify his/her identity before responding to such requests.

AIX may update this Privacy Policy from time to time to reflect changes in law or best practice or to deal with additional features which AIX introduces or for other purposes.

AIX will let the user know of any changes via a push notification on the App.

The user is advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted in the App. If the user continues to use the App, the user is deemed to have accepted such variations. If the user does not agree to such variations, the user must immediately uninstall the App and discontinue its use.

This Privacy Policy is governed and construed in accordance with the AIFC Laws and any dispute between the user and AIX and the Licensees arising under or in connection with this Privacy Policy shall be resolved in the AIFC Court under the AIFC Court Rules and Regulations and the user submits to the exclusive jurisdiction of the AIFC Court to resolve any disputes. If any provision (or part of a provision) of this Privacy Policy is found by any court or administrative body of competent jurisdiction to be invalid, unenforceable or illegal, such term, condition or provision will to that extent be severed from the remaining terms, conditions and provisions which will continue to be valid to the fullest extent permitted by law.

Any questions regarding this Privacy Policy may be sent to AIX via email at [email protected].