1. General provisions

The personal data policy (hereinafter – “the Policy”) sets the procedure for processing personal data of persons using online services of the EBRD Regional Small Business Program in Central Asia (hereinafter – “the Program” or “we”).

This Policy has been developed pursuant to the personal data protection laws of the Republics of Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan, and Uzbekistan (hereinafter – “the Countries of the Program").

Personal data is any information that allows you to identify an individual. This type of data is necessary for the provision of services under the Program.

Personal data processing refers to personal data handling, including personal data collection, systematization, accumulation, storage, clarification (updating, modification), use, distribution (including transfer), depersonalization, blocking, and destruction.

The purpose of your personal data processing is to ensure the provision of services to you and to achieve the Programme goals.

With your consent, we collect, use and store your personal data that you provide to us when using our website (hereinafter - “the website”) from any device and when communicating with us in any form, in accordance with this Policy.

By using our website and providing us with your personal data, you give your consent to your personal data processing in line with the purposes and conditions described in this Policy. 

2. Data collected

We collect:

  • Personal data that a user must enter in the process of registration.

The user’s first and last names, login and password, e-mail address. This data should be entered in order to get access to the Knowledge Sharing and Exchange Platform (KSEP);

  • Data that the user can provide in the process of registration.

Apart from the above data indicated, no other additional data is required for getting access to and using the platform. However, the user can provide additional information about himself/herself;

  • statistical data accumulated in the system in the process of using the platform: in particular, the time of the user login to the course web page; and, where applicable, information about completion on a certain online training unit by the user, as well as his learning results.
  • results of using training materials, including test results and user protocols in the LMS.
  • data entered by users themselves in the process of using the KSEP: for example, posting on forums or in the KSEP "Documents" section;
  • personal data and other information contained in the messages you send us;
  • technical data that is automatically transmitted by the device through which you use our websites, including technical specifications of the device, IP address, information saves in the cookies that were sent to your device, browser information, date and time of access to the website, the addresses of the pages requested on our website, and the like;
  • other data about you that you wished to provide for our website.

These data can be accessible to the donors and the project participants in the course of fulfilment of their professional duties.

3. Purposes of data processing

We process your personal data exclusively for the purposes for which it is provided, including for:

  • your registration on our website in order to give you access to its sections;
  • giving you access to our services;
  • organization of the training, evaluation, and certification processes, including corporate;
  • checking issued certificates for validity;
  • communicating with you when you address us;
  • sending you our news materials;
  • exercising our powers and duties assigned to us by the legislation of the Countries of the Programme;
  • other purposes - with your consent.

We process technical data received from the user for the purposes of:

  • ensuring the functionality and security of our websites;
  • improving the quality of our websites.

We do not release your personal data to sources with public access, except in cases when we have obtained your explicit consent thereto.

4. Term of personal data storage

The lifetime of the Programme.

5. Your rights

Ensuring the protection of your rights and freedoms in the field of personal data is an important condition of the Programme operation.

For the purposes of ensuring the protection of your personal data, upon your request, we will:

  • confirm whether we process your personal data and give you an opportunity to familiarize with it;
  • inform you about the source and the composition of your personal data that we process;
  • inform you about the legal grounds, purposes, timing and methods of your personal data processing;
  • make the necessary changes to your personal data if you inform us that it is incomplete, inaccurate or irrelevant, and provide us with data for correction; we will also notify you of the changes made;
  • upon your request, inform you about any transborder transfer of your personal data; transborder transfers will be made only to countries ensuring personal data protection;
  • exclude you from our mailing lists for sending our news materials;
  • stop processing your personal data within 30 days from the date of receipt of your consent withdrawal, if there are no other legal grounds for personal data processing stipulated by the legislation of the Countries of the Programme;
  • stop processing your personal data if it is confirmed that we process it unlawfully and notify you of the measures taken;
  • erase/destroy your personal data if it is confirmed that it has been illegally received or does not comply with the stated processing objectives, and notify you of the measures taken;
  • answer your questions regarding your personal data, which we process.

6. Contact us

You can make an enquiry regarding your personal data processing by sending us a message marked “Personal data enquiry” in the subject line, to the e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it..

7. Personal data security measures

Personal data storage is regulated by the legislation of the Countries of the Program.

In order to ensure the security of your personal data in the course of its processing, we take the necessary and sufficient legal, organizational and technical measures to protect personal data from unauthorized or incidental access, destruction, modification, blocking, copying, passing to third parties, dissemination, and other unlawful actions in respect of your personal data.

In order to ensure adequate protection of your personal data, we perform an assessment of the harm that may be caused by a breach of your personal data security, and identify relevant threats to the security of your personal data when processing it in the personal data information systems.

The Programme has personal data processing procedures in place. Responsible officers who have access to personal data have undertaken not to disclose personal data.

8. Cross-border transfer of personal data

We transfer your personal data to the territories of foreign states for the purpose of services provision to you and for fulfilling the Programme objectives. Ensuring your personal data safety in a transborder transfer is very important for us. We take all the necessary measures to ensure the confidentiality and security of your personal data.

We do not make any transborder transfers of personal data to the territories of foreign states that do not ensure adequate personal data protection.

9. Termination of personal data processing

We terminate your personal data processing in the following cases:

  • upon fulfilment of conditions for personal data processing termination or upon expiration of established time limits;
  • when the goals of personal data processing are achieved or these goals are no longer relevant;
  • at your request, if your personal data was illegally received or is not necessary for the stated purpose of the processing;
  • in case of detecting wrongful personal data processing, if it is impossible to ensure the legality of processing;
  • upon expiration or withdrawal of your consent to personal data processing, if there are no other legal grounds for personal data processing provided by the laws of the Countries of the Programme;
  • upon termination of the Program.

10. Cookies

We use cookies on our website. Cookies are small text files that are saved to the hard disks of your devices in the process of using different websites.  Cookies are used for customization of the user interface according to your preferences.

All popular browsers allow you to renounce the receipt of cookies and delete them from your hard disk.

11. Links to third party websites

Our websites may contain links to third-party websites and services that we cannot control. We are not responsible for the security or confidentiality of any information collected by third-party websites or services.

12. Policy updating

We can periodically update this Policy as necessary. We recommend you to check this Policy for up-to-datedness from time to time. By using our websites after any changes in the Policy have been made, you agree with these changes.

If you have any questions about this Policy, please contact the Programme officer responsible for personal data processing by sending a message marked "Personal Data Enquiry" in the subject line to the e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it..