Unofficial translation
In accordance with subparagraph 8-1) of Article 8 of the Law of the Republic of Kazakhstan "On public services" dated April 15, 2013, I HEREBY ORDER:
1. To approve the attached Rules for collection, processing and storage of biometric data of individuals for their biometric authentication in the provision of public services
2. The Committee for Public Services of the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan, in accordance with the established legislative procedure, shall ensure:
1) state registration of this order with the Ministry of Justice of the Republic of Kazakhstan;
2) posting this order on the Internet resource of the Ministry of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan;
3) within ten working days after the state registration of this order, submission to the Legal Department of the Ministry of Digital Development, Defense and Aerospace Industry of the Republic of Kazakhstan the information on the implementation of the measures provided for in subparagraphs 1) and 2) of this paragraph.
3. Control over the implementation of this order shall be entrusted to the supervising Vice-Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan.
4. This order shall come into effect upon the expiration of ten calendar days after the day of its first official publication.
Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan |
B. Mussin |
Approved by Order of the Minister of Digital Development, Innovation and Aerospace Industry of the Republic of Kazakhstan dated October 27, 2020, No. 406/НҚ |
The Rules for collection, processing and storage of biometric data of individuals for their biometric authentication in the provision of public services
Chapter 1. General Provisions
1. These Rules for collection, processing and storage of biometric data of individuals for their biometric authentication in the provision of public services (hereinafter referred to as the Rules) have been developed in accordance with subparagraph 8-1) of Article 8 of the Law of the Republic of Kazakhstan dated April 15, 2013 "On public services" and shall determine the procedure for collection, processing and storage of biometric data of individuals for their biometric authentication in the provision of public services.
2. The following concepts shall be used in these Rules:
1) employee of the non-profit joint-stock company “State Corporation “Government for Citizens” (hereinafter referred to as the State Corporation) - an employee of the city (district) department for servicing the population of branches of the State Corporation in the regions and cities of Nur-Sultan, Almaty, Shymkent, collecting and processing biometric data;
2) biometric database (hereinafter referred to as the Base) - an organized structure intended for storing, changing, and processing biometric data.
Other concepts and terms used in these Rules shall be applied in accordance with the legislation of the Republic of Kazakhstan.
Chapter 2. Collection and processing of biometric data
3. Before collecting and processing biometric data, an employee of the State Corporation shall identify the service recipient using identity documents and receive written consent from an individual to collect, process, and store biometric data in accordance with the Annex to these Rules.
The conditions and grounds for the use of his biometric data in the provision of public services shall be explained to the service recipient.
4. Collection and processing of biometric data for authentication in the provision of public services shall be carried out from individuals who have reached the age of eighteen, voluntarily.
5. Collection and processing of biometric data from an individual whose incapacity (limited legal capacity) has been established by the court shall be carried out in the presence and based on a written application of his custodian (trustee)
6. The process of collecting biometric data shall be carried out by an inkless method by scanning all existing fingers of both hands with a fingerprint scanner.
7. If an individual has open wounds and other injuries, on individual nail phalanges of the fingers, temporarily excluding their collection, and also has deformed joints, the collection of biometric data shall be carried out on undamaged or less deformed fingers.
8. Individuals who have previously passed the collection of biometric parameters shall undergo the collection procedure again with his written consent if the person who has passed the collection of biometric data is not recognized from the biometric database due to acquired irreversible damage to the papillary patterns of the nail phalanges of the finger (for example, cuts, scars due to skin diseases, significant injuries).
9. An employee of the State Corporation shall replace the biometric data of an individual whose data has previously been collected with new data, after making changes and (or) additions, in the case provided for in paragraph 9 of these Rules, while the previous data shall be archived in the biometric database.
10. The collection and processing of biometric data are not subject to persons with the following physical disabilities, which exclude the possibility of fingerprinting:
1) the absence of all fingers on both hands;
2) the absence of papillary patterns on the nail phalanges of all fingers of both hands.
Chapter 3. Storage and destruction of biometric data
11. When an individual has passed the collection of biometric data or from a legal representative, the custodian of individual, whose incapacity is established by a court with a statement on the wish to destroy his/her biometric data from the Database on the day of receipt of the appeal, shall be destroyed when applying.
A statement about the wish to destroy their biometric data from the Database shall be submitted to any city (district) department for servicing the population of the branches of the State Corporation in the regions and cities of Nur- Sultan, Almaty, Shymkent.
12. The State Corporation shall ensure the organization of collection, processing and storage of biometric data of individuals for their biometric authentication in the provision of public services, including in accordance with applicable law.
13. The storage and transmission of biometric data shall be carried out using cryptographic information protection tools with parameters not lower than the third security level in accordance with the standard of the Republic of Kazakhstan ST RK 1073-2007 "Cryptographic information protection tools. General technical requirements".
CONSENT
to the collection and processing of personal data
I, ______________________________________________________________________
( full name )
"___" __________ | IIN | |||
(day, month in uppercase, and year of birth) | (affixed with IIN) |
in accordance with article 8 of the Law of the Republic of Kazakhstan "On personal data and their protection" I hereby declare that I consent to the non-profit joint-stock company "State Corporation" Government for Citizens" to collect and process biometric data necessary for the provision of public services to me.
I hereby confirm that I will not have any claims regarding the collection and processing of personal data in the future, provided that the non-profit joint-stock company State Corporation "Government for Citizens" observes the requirements of the Law and/or our agreements.
I have read the text of this consent, I have no additions, comments and objections.
"___" ____________ 20___ _________________
(date of consent) (signature)
Consent was accepted by: _____________________________________ _______________
surname, name, patronymic (if any), (signature)
PLACE OF THE STAMP
(stamped or sealed)
* In accordance with article 1 of the Law of the Republic of Kazakhstan dated May 21, 2013, N94-V "On personal data and their protection":
1) biometric data - personal data that characterize the physiological and biological characteristics of the subject of personal data, based on which his/her identity may be established;
5) collection of personal data - actions aimed at obtaining personal data;
12) processing of personal data - actions aimed at the accumulation, storage, change, addition, use, distribution, depersonalization, blocking, and destruction of personal data.