Privacy policy

Last Updated:10 December 2025

Edition 1.1, approved by Order No.06-О/Д dated 10 December 2025

Purpose of the Privacy Policy
1. We, “ioka fintech” LLP (or the “Company”), manage the website https://ioka.kz/ (hereinafter referred to as the “Website”), and we are aware of the importance of the privacy of the data of users of the Website and, in this regard, take the necessary measures to protect them
2. This Privacy Policy (hereinafter referred to as the “Policy”) includes general provisions on the collection and processing of information that can be obtained through Your (hereinafter referred to as the “User”) use of the Website.
Conceptual framework
- “ioka fintech” LLP– the operator of the personal data collected when the User uses the Website and when sending requests (feedback). The operator of personal data means a person who collects, processes and protects personal data.
- User– the subject of personal data, who owns the personal data.
- Personal data– information related either to a specific User or to a User determined on its basis, recorded on electronic, paper and (or) other material media
- Website– an online resource with a unique URL https://ioka.kz/ and the information inside.
Application of the Privacy Policy
1. This Policy applies to:
- Website https://ioka.kz/;
- E-mails
User Rights
1. to know about the availability of the User’s personal data by the Company, to receive information containing confirmation of the fact, purpose, sources, methods of collecting and processing personal data; a list of personal data; terms of processing personal data, including the terms of their storage;
2. to require the Company to change and supplement the User’s personal data in the presence of supporting documents;
3. to require blocking of the User’s personal data;
4. to require the destruction of the User’s personal data;
5. to revoke consent to the collection and processing of personal data;
6. other rights provided for by the Law of the Republic of Kazakhstan “On Personal Data and their protection”.
Is it necessary to provide valid data?
1. This is optional, but in any case, we treat any data transmitted by the User as personal data.

What data do we process, for what purpose, on what basis, and for what period?

Purpose	Basis	Personal data	Period of storage
To ensure the implementation of payments and the financial security of the User	Consent/Request from the issuing bank	Last name, first name and patronymic (if any); Individual Identification Number (IIN); Subscriber number; E-mail address; Transaction data – date and time of the transaction, cost, currency, positions of selected goods (works, services); Payment card details	5 years from the date of payment (consent)
To respond to the User’s request	Request received via feedback forms	Last name, first name and patronymic (if any); Subscriber number; E-mail address; The content of the request	Until the User withdraws consent to the processing of personal data
To inform the User by E-mail about making payments	Consent	E-mail address	Until the User withdraws consent to the processing of personal data

Is it possible to change the data?
1. The User has the right to send a request to change the data, with the exception of data on making payments, to the address indicated in the Contact Information
How to destroy my own data?
1. The User may destroy their data by sending a request to the address indicated in the Contact Information.
2. The procedure for the destruction of personal data can be found in the Personal Data Destruction Policy.

To whom and what data can be transferred, for what purpose, on what basis, and for what period?

Purpose of the transfer	To whom it is transferred	Basis	Personal data	Period of storage
Making payments	To the supplier of goods (works, services), whose goods (works, services) are paid for by the User	Purchase of goods (works, services)	Last name, first name and patronymic (if any); Individual Identification Number (IIN); Subscriber number; E-mail address; Transaction data – date and time of the transaction, cost, currency, positions of selected goods (works, services)	5 years from the date of payment (consent)
Making payments	Second-tier banks of the Republic of Kazakhstan	Purchase of goods (works, services)	Last name, first name and patronymic (if any); Individual Identification Number (IIN); Subscriber number; E-mail address; Transaction data – date and time of the transaction, cost, currency, positions of selected goods (works, services); Payment card details	5 years from the date of payment (consent)

Transfer of information to government agencies and authorized persons
1. The Company may transfer personal data to the relevant government authorities or authorized persons only if there is an official request authorized by an authorized official. However, the transfer of data is strictly regulated, the Company cannot transfer personal data outside of compliance with the procedures established by law.
Information security
1. We take measures to ensure the security of the User's personal information and prevent unauthorized access to it. However, the transfer of information over the Internet is not absolutely secure, and we cannot guarantee the security of the User’s information. At the same time, we guarantee the security of information stored directly by the Company.
Changes to the Privacy Policy
1. We reserve the right to change this Privacy Policy at any time. Any changes will be posted in the “Legal Information” section of the https://ioka.kz/ Website. We recommend that you visit this section regularly to keep up to date with updates
Contact information
1. If you have any questions, you can contact us at: 15 Inzhenernaya Street, Medeu district, Almaty, Republic of Kazakhstan.
  Phone number: +7 701 540 18 02
  E-mail address: support@ioka.kz

Personal Data Destruction Policy

Last Updated:10 December 2025

Edition 1.1, approved by Order No.06-О/Д dated 10 December 2025

General provisions
1. We, “ioka fintech” LLP (or the “Company”), manage the website https://ioka.kz/ (hereinafter referred to as the “Website”), and we are aware of the importance of complying with the requirements of the Law of the Republic of Kazakhstan “On Personal Data and their Protection” and other regulatory legal acts regulating legal relations related to the collection, processing, storage and destruction of personal data, and, in this regard, we hereby approve the procedure for the destruction of personal data.
2. This Personal Data Destruction Policy (hereinafter referred to as the “Policy”) includes general provisions on the procedure for the destruction of personal data.
Conceptual framework
- “ioka fintech” LLP — – the operator of the personal data collected when the User uses the Website and when sending requests (feedback). The operator of personal data means a person who collects, processes and protects personal data.
- User– the subject of personal data, who owns the personal data
- Personal data– information related either to a specific User or to a User determined on its basis, recorded on electronic, paper and (or) other material media.
- Website– an online resource with a unique URL https://ioka.kz/ and the information inside.
- Processing of personal data– actions aimed at accumulation, storage, modification, addition, use, dissemination, depersonalization, blocking and destruction of personal data.
- Destruction of personal data– actions, as a result of which it is impossible to restore personal data.
- Responsible person– the person responsible for organizing the processing of personal data, authorized to do so by order of the head of the Company.
Application of the Policy
1. This Policy applies to:
- Website https://ioka.kz/;
- E-mails.
User Rights
1. to demand the destruction of their personal data by sending a request to the Company using the contact details specified in this Policy;
2. to contact the authorized body for the protection of the rights of personal data subjects in case of refusal to destroy personal data;
3. other rights provided for by the Law of the Republic of Kazakhstan “On Personal Data and their protection”.
Company’s liabilities
1. In cases of violation of the terms of collection and processing of personal data:
  1. 5.1.1. The Company processes the User’s request for violation of the terms of collection and processing of personal data within 3 (three) business days from the date of receipt of the request.
  2. 5.1.2. The Company blocks personal data related to the User within 1 (one) business day if there is information about a violation of the terms of collection and processing of personal data.
  3. 5.1.3. The Company destroys personal data within 1 (one) business day in case of confirmation of the fact of their collection, processing in violation of the legislation of the Republic of Kazakhstan or in other cases established by the Law of the Republic of Kazakhstan “On Personal Data and their protection” and other regulatory legal acts of the Republic of Kazakhstan.
2. In cases of withdrawal of the User’s consent to the processing of personal data/the User’s request for the destruction of personal data:
  1. 5.2.1. The Company processes the User’s withdrawal of consent to the processing of personal data/the User’s request for the destruction of personal data within 3 (three) business days from the date of receipt of the withdrawal /request.
  2. 5.2.2. The Company blocks personal data related to the User within 1 (one) business day after processing the withdrawal/consent.
  3. 5.2.3. The Company shall destroy personal data within 30 (thirty) calendar days from the date of receipt of the withdrawal/consent.
Cases of destruction of personal data
1. Personal data received by the Company is destroyed in the following cases:
  1. 6.1.1. the period for processing personal data has expired.
  2. 6.1.2. the purpose of personal data processing has been achieved.
  3. 6.1.3. The User has requested the destruction of their personal data, except in cases contrary to the laws of the Republic of Kazakhstan.
  4. 6.1.4. The User has withdrawn consent to the processing of personal data, except in cases where this is contrary to the laws of the Republic of Kazakhstan.
  5. 6.1.5. the processing of personal data was carried out in violation of the legislation on personal data.
  6. 6.1.6. the effective decision of the court or the authorized body on the destruction of personal data
  7. 6.1.7. other cases provided for by the legislation of the Republic of Kazakhstan.
Procedure for the destruction of personal data
1. The destruction of personal data is carried out using specialized software that ensures the irrevocable deletion of information.
2. The destruction of personal data is carried out according to the following procedure:
  1. 7.2.1. personal data is deleted from all Company databases;
  2. 7.2.2. material media containing personal data are subject to destruction by physical destruction (for example, by destruction, rewriting, demagnetization, formatting and other methods that do not allow the recovery of personal data).
  3. 7.2.3. after the procedure for the destruction of personal data, the Company draws up a Certificate of destruction of personal data (Annex No. 1).
  4. 7.2.4. if necessary, the Certificate of destruction of personal data is transmitted to the User in order to confirm the fact of destruction of personal data.
  5. 7.2.5. The Certificate of destruction of personal data is signed by the responsible person
Employee training
1. We provide training to employees with access to personal data on the protection of personal data and the procedure for the destruction of personal data.
2. Training is performed when applying for a job on a compulsory basis and then periodically at least once a year.
Final provisions
1. We reserve the right to change this Policy at any time. Any changes will be posted in the “Legal Information” section of the Website https://ioka.kz/. We recommend that you visit this section regularly to keep up to date with updates.
2. Our employees who have access to personal data are required to comply with this Policy, and it is also mandatory for all Users who contact us with requests for the destruction of their personal data.
3. This Policy terminates upon expiration of its validity period or in case of adoption of a new version of the Policy.
4. This Policy is posted on the official website of the Company and is available for review by all interested parties.
Contact information
1. If you have any questions, you can contact us at: 15 Inzhenernaya Street, Medeu district, Almaty, Republic of Kazakhstan.
  Phone number: +7 701 540 18 02
  E-mail address: support@ioka.kz

Privacy policy

Purpose of the Privacy Policy

Conceptual framework

Application of the Privacy Policy

User Rights

Is it necessary to provide valid data?

What data do we process, for what purpose, on what basis, and for what period?

Is it possible to change the data?

How to destroy my own data?

To whom and what data can be transferred, for what purpose, on what basis, and for what period?

Transfer of information to government agencies and authorized persons

Information security

Changes to the Privacy Policy

Contact information

Personal Data Destruction Policy

General provisions

Conceptual framework

Application of the Policy

User Rights

Company’s liabilities

Cases of destruction of personal data

Procedure for the destruction of personal data

Employee training

Final provisions

Contact information