Cashiva

PRIVACY POLICY

1. General Information About the Privacy Policy

1.1. This Privacy Policy (hereinafter referred to as the “Policy”) is prepared in accordance with the requirements of the Law of the Kyrgyz Republic “On Personal Information” and defines the procedure for collecting, processing, and protecting personal data, as well as the measures taken by Kashiva Community LLC (hereinafter referred to as the “Operator”) as the holder of a personal data set.

1.2. The Operator considers the observance of human and civil rights and freedoms during the processing of personal data, including the protection of the right to privacy, as one of its most important goals and conditions for its activities.

1.3. This Policy applies to all information that the Operator may receive from visitors to its Platform in the course of their use.

2. Key Terms Used in the Policy

2.1. Automated processing of personal data – processing performed using computer technologies.

2.2. Blocking of personal data – temporary suspension of processing personal data (except where processing is necessary to clarify such data).

2.3. Cross-border transfer of personal data – the transfer of personal data to the territory of a foreign state, a foreign government authority, or a foreign individual or legal entity.

2.4. Cookies – small text files stored on the User’s device for accounting purposes.

2.5. Data on criminal offenses – personal data related to convictions or criminal acts.

2.6. Personal data processor – any person (other than an Operator’s employee) who processes data on behalf of the Operator under a contractual agreement.

2.7. Anonymization of personal data – actions making it impossible to determine, without additional information, the association of personal data with a specific user or data subject.

2.8. Distribution of personal data – any actions intended to disclose personal data to an indefinite number of persons or actions resulting in such disclosure.

2.9. Destruction of personal data – actions resulting in the irreversible destruction of personal data with no possibility of recovery.

2.10. Platform – a set of audiovisual materials that are the intellectual property of the Operator or its partners, placed on the Internet under a single domain name belonging to the Operator. The term “Platform” may also refer to a mobile or desktop application.

2.11. Personal data – any information directly or indirectly relating to a specific or identifiable User of the Platform, including identifiers such as name, identification number, location data, online identifiers, or other factors related to a person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

2.12. Personal data information system – a set of personal data contained in databases, including technologies and technical means for their processing.

2.13. Processing of personal data – any operation or set of operations performed on personal data, whether automated or manual, including collection, recording, systematization, storage, modification, use, transfer, anonymization, blocking, or destruction.

2.14. Provision of personal data – disclosure of personal data to a specific person or group of persons.

2.15. Special categories of personal data – data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for identification, health data, or information about a person’s sexual life or orientation.

2.16. User – an individual registering for access to the Platform’s functionality and accepting this Policy and other Operator documents.

2.17. Visitor – any individual or legal entity that visits the Platform without the right to use its services.

3. Personal Information of the User

3.1. Most personal information is voluntarily provided by the User. The Operator collects this information to ensure effective cooperation and to provide the best possible experience. It also collects data required for internal control programs in compliance with the laws of the Kyrgyz Republic on combating terrorism financing and money laundering. The User may provide information during account creation, subscription, feedback, participation in promotions, or reporting technical issues.

3.2. The information collected about the User includes: full name, residential address, contact details, blockchain addresses used for transactions, date and place of birth, gender, nationality, bank account details, funding sources, assets and liabilities, status as a politically exposed person, identity verification documents, and visual or audiovisual representations of the User.

3.3. Automatically collected data includes: IP address, domain name, login data, browser type, time zone, operating system, browsing history, response time, error logs, visit duration, user interactions, and other technical information.

3.4. The Operator may also receive data from banks, payment systems, business partners, advertising networks, analytics providers, and identity verification services. Personal information may be stored for up to five (5) years, even if registration is incomplete or canceled.

4. Personal Data Processors

4.1. The Operator applies standard industry security technologies and organizational measures to protect personal data from unauthorized access, use, or disclosure.

4.2. Data hosting and database maintenance are performed by authorized processors under confidentiality agreements. Upon contract termination, processors return the data or transfer it to another designated processor and delete all copies.

4.3. Processors acting on behalf of the Operator may store or process User data strictly in accordance with the Operator’s written instructions.

5. Use of Personal Information

5.1. The Operator may use personal data to perform agreements and provide services, including: delivering requested services, account management and support, research and analysis, communications regarding products or services, enforcement of internal policies, and effective information management.

5.2. Financial data may be used to prevent or detect fraudulent transactions and for business management purposes.

5.3. The Operator may share personal data with authorized service providers performing functions on its behalf, such as payment processing, customer support, analytics, and marketing. Such providers may access only the information required for their tasks and are prohibited from using it for other purposes.

6. Disclosure of Personal Information

6.1. The Operator may disclose User information in response to court or government requests, investigations of illegal activity, for protection of rights or property, or as required by law of the Kyrgyz Republic.

6.2. The Operator does not sell or transfer User data to third parties without consent, except as specified in this Policy.

7. Minors

7.1. The Operator does not provide services to individuals under 18 years of age or those lacking full legal capacity unless permitted by the laws of the Kyrgyz Republic.

8. Purposes of Personal Data Processing

8.1. The purpose of processing personal data is the conclusion, execution, and termination of civil contracts, as well as providing access to the Platform’s services and content.

8.2. The Operator may send notifications about new products, services, or events. The User may opt out by emailing the Operator with the note “Unsubscribe.”

8.3. Anonymous data collected via web analytics is used to analyze User activity and improve site quality.

9. Cookies

9.1. The Operator uses cookies to recognize Users and remember their preferences.

9.1.1. Authentication cookies – used to display personalized content.

9.1.2. Session cookies – store session identifiers to restore sessions without re-entering credentials.

9.1.3. Security cookies – help detect malicious activities.

9.1.4. Preference cookies – store language and other User settings.

9.1.5. Analytics cookies – used to evaluate Platform performance.

9.1.6. Third-party cookies – may be used by authorized partners for analysis and performance improvement.

10. Legal Grounds for Processing Personal Data

10.1. The Operator processes personal data only when voluntarily provided by the User through the Platform’s forms. By submitting personal data, the User agrees to this Policy.

10.2. The Operator may process anonymous data when allowed by the User’s browser settings (cookies, JavaScript, etc.).

11. Collection, Storage, Transfer, and Other Processing Procedures

11.1. The Operator ensures personal data security through legal, organizational, and technical measures consistent with Kyrgyz law.

11.2. The Operator takes all reasonable measures to prevent unauthorized access to personal data.

11.3. Personal data is not shared with third parties except as required by law.

11.4. Users may update their data by sending an email to the Operator with the note “Personal Data Update.”

11.5. Personal data is processed without time limits. Users may withdraw consent at any time by sending an email labeled “Withdrawal of Consent for Personal Data Processing.”

11.6. The User has the right to request deletion, restriction, or transfer of personal data in accordance with the laws of the Kyrgyz Republic.

12. Cross-Border Transfer of Personal Data

12.1. Before transferring data abroad, the Operator ensures that the foreign state provides adequate protection of personal data subjects’ rights.

12.2. Transfers to countries lacking adequate protection may only occur with the User’s written consent.

13. Final Provisions

13.1. The User may contact the Operator via email for any questions regarding the processing of their personal data.

13.2. This Policy remains in force indefinitely until replaced by a new version.

13.3. The current version of the Policy is available on the Platform.