Logo

1. Data Collection

1.1 Legitimate Purpose

Onyx Trade Ltd. acknowledges that data collection shall solely serve legitimate and lawful purposes, as outlined in the AIFC Data Protection Rules and AIFC Data Protection Regulations. The company commits to collecting only the minimum necessary personal data required to achieve these objectives.

1.2 Lawful Collection

Data collection by Onyx Trade Ltd. will adhere strictly to all applicable laws and regulations, specifically referencing and aligning with the AIFC Data Protection Rules and AIFC Data Protection Regulations. Any data collected shall comply with the Astana International Financial Centre requirements, ensuring the legality of the entire data acquisition process.

1.3 Transparency

The process of data collection shall be transparent. Onyx Trade Ltd. will provide clear and easily understandable information about the collection process, the types of data being collected, and the purposes for which the data is intended to be used. Transparency extends to informing data subjects about any third parties involved in the process, in accordance with the AIFC Data Protection Rules.

1.4 Knowledge of Data Subject

Data shall be collected with the explicit knowledge of the data subject, as stipulated by the AIFC Data Protection Regulations. Onyx Trade Ltd. will implement measures to ensure that data subjects are informed of the data collection and processing activities, including the purpose of the data collection, any potential recipients of the data, and their rights in relation to the collected data.

1.5 Purpose Specification

The company shall explicitly specify the purpose of data collection before or at the time of data collection, aligning with the AIFC Data Protection Rules. Any subsequent use of the data for purposes beyond the initially stated objectives will require further communication and, if necessary, additional consent from the data subject.

1.6 Consent Mechanism

Where required by applicable data protection laws, Onyx Trade Ltd. will obtain explicit and informed consent from the data subject before collecting personal data, as outlined in the AIFC Data Protection Regulations. Consent mechanisms will be designed to be easily understandable, allowing data subjects to provide or withdraw consent freely.

1.7 Legal Basis

In cases where the processing of personal data does not rely on consent, Onyx Trade Ltd. will establish and document an alternative legal basis for such processing, ensuring compliance with relevant data protection regulations, specifically referencing the AIFC Data Protection Rules.

1.8 Documentation and Record-Keeping

The company will maintain comprehensive documentation regarding the purposes of data collection, consent mechanisms, and legal bases for processing, in accordance with the AIFC Data Protection Regulations. Such records will be kept up-to-date and made available to regulatory authorities upon request.

1.9 Continuous Compliance Monitoring

Onyx Trade Ltd. is committed to ongoing monitoring of its data collection practices ensuring continuous compliance with evolving data protection laws and standards, including the AIFC Data Protection Rules. Regular audits and reviews will be conducted to verify adherence to this policy.

This rigorous approach to data collection underscores Onyx Trade Ltd.'s commitment to safeguarding the privacy and rights of data subjects in accordance with the AIFC Data Protection Rules and AIFC Data Protection Regulations.

2. Purposes

2.1 Specified, Explicit, and Legitimate Purposes

Onyx Trade Ltd. underscores that personal data obtained during the employee and client onboarding processes, which may include sensitive information related to employees, potential candidates, customers, and suppliers, shall exclusively serve specified, explicit, and legitimate purposes. The primary purpose of this data processing is to conduct due diligence measures in strict accordance with the Anti-Money Laundering (AML) legislation of Kazakhstan, as well as the applicable laws of the Astana International Financial Centre (AIFC).

2.2 AML Compliance

The company is committed to meticulous due diligence measures, adhering to the AML legislation of Kazakhstan and the prevailing laws of the AIFC. Personal data collected during onboarding will be processed to ensure compliance with these regulatory frameworks, with a particular focus on preventing and detecting money laundering and other financial crimes.

2.3 Data Storage Period

Onyx Trade Ltd. establishes a defined data retention period for the sensitive information collected during onboarding processes. Personal data, including that of employees, candidates, customers, and suppliers, will be securely stored for a period of six (6) years after the termination of the respective agreement. This retention period aligns with regulatory requirements and allows the company to fulfill its legal obligations, address potential disputes, and facilitate audits, if necessary.

2.4 Consistency with AIFC and Kazakhstan Laws

The processing of personal data during onboarding is consistent with the AIFC Data Protection Rules and AIFC Data Protection Regulations, as well as the AML legislation of Kazakhstan. Onyx Trade Ltd. ensures that every step of the data processing aligns with the stipulated legal requirements, providing a robust framework for compliance and protection of individuals' rights.

2.5 Informing Data Subjects

Data subjects, including employees, potential candidates, customers, and suppliers, will be informed about the specific purposes for which their sensitive data is being processed during the onboarding process. This information will be communicated transparently and in accordance with the principles of informed consent, ensuring that individuals are aware of how their data will be utilized to meet legal obligations.

2.6 Documentation and Accountability

Comprehensive documentation of the purposes for processing sensitive data during onboarding will be maintained. This documentation serves as evidence of adherence to legal requirements and will be made available for regulatory scrutiny or audits. Onyx Trade Ltd. acknowledges its accountability for the lawful processing of sensitive data and will uphold this accountability through rigorous internal monitoring and compliance assessments.

2.7 Continuous Compliance Monitoring

A continuous commitment to monitoring and ensuring compliance with the specified purposes of processing sensitive data during onboarding is integral to Onyx Trade Ltd.'s operations. Regular assessments and audits will be conducted to verify adherence to this policy, providing a robust mechanism for maintaining the highest standards of data processing integrity in accordance with the AIFC Data Protection Rules, AIFC Data Protection Regulations, and AML legislation of Kazakhstan.

3. Data Subject Rights

3.1 Right to Access

Data subjects possess the unequivocal right to access their personal data held by Onyx Trade Ltd. This right encompasses the ability to request and obtain confirmation from the company regarding whether their data is being processed, along with comprehensive details about the processing activities. To realize this right, data subjects must submit a written request, clearly specifying the information sought and providing sufficient identification to ensure the security and authenticity of the request.

3.2 Right to Rectify

Data subjects have the right to rectify inaccuracies or incompleteness in their personal data. Onyx Trade Ltd. acknowledges this right and commits to promptly updating or correcting any inaccuracies upon the data subject's request. To exercise this right, data subjects must submit a formal request detailing the specific corrections required, accompanied by supporting documentation if necessary.

3.3 Right to Erase (Right to Be Forgotten)

The right to erasure empowers data subjects to request the deletion or removal of their personal data under specific circumstances. Onyx Trade Ltd. will diligently assess and, where applicable, fulfill such requests, taking into account legal obligations and the purposes for which the data was originally collected. To exercise this right, data subjects must submit a formal request, specifying the grounds for erasure and providing supporting documentation if required.

3.4 Right to Restrict Processing

Data subjects have the right to request the restriction of processing of their personal data under certain conditions.

Onyx Trade Ltd. acknowledges this right and will, upon request, limit the processing activities temporarily. To exercise this right, data subjects must submit a formal request, clearly articulating the reasons for seeking restriction and providing any relevant supporting documentation.-

3.5 Transparent Communication

Onyx Trade Ltd. is committed to transparently communicating with data subjects regarding the processing of their personal data.

This includes providing clear and easily understandable information about the purposes of processing, the categories of data being processed, and any potential recipients of the data.

Any changes in data processing activities will be communicated promptly to data subjects.

3.6 Data Retention Information

Data subjects shall be informed about the retention period of their personal data. Onyx Trade Ltd. will clearly communicate the duration for which the data will be retained, aligning with the purposes for which it was collected.

This information will be provided at the time of data collection and reiterated when necessary. Data subjects have the right to be aware of how long their data will be stored.

3.7 Submission of Requests

To exercise any of the aforementioned rights, data subjects may submit a written request to Onyx Trade Ltd.'s designated contact point, typically the Data Protection Officer.

The request should include clear details about the right being exercised, the specific information or action sought, and sufficient identification to verify the authenticity of the request. The company will respond to such requests within the stipulated timeframe required by applicable data protection laws.

3.8 Verification of Identity

To ensure the security and authenticity of requests, Onyx Trade Ltd. reserves the right to verify the identity of the data subject.

This verification may include requesting additional information or documentation to confirm the identity of the individual making the request.

3.9 No Discrimination

Onyx Trade Ltd. guarantees that the exercise of data subject rights will not result in any discriminatory treatment.

Data subjects will be treated fairly and equally, regardless of whether they choose to exercise their rights.

This comprehensive approach to data subject rights reflects Onyx Trade Ltd.'s commitment to upholding the principles of transparency, fairness, and respect for individual privacy in accordance with applicable data protection laws, including the AIFC Data Protection Rules and AIFC Data Protection Regulations.

4. Rights and Obligations of Data Processor and Data Controller

4.1 Data Controller Responsibilities

As the data controller, Onyx Trade Ltd. assumes the primary responsibility for determining the purposes and means of personal data processing.

The company commits to processing personal data in strict compliance with all applicable data protection laws, including the AIFC Data Protection Rules and AIFC Data Protection Regulations.

4.2 Appointment of Data Processors

Onyx Trade Ltd., when appointing data processors, ensures that such entities adhere to the highest standards of data protection.

The selection of data processors is based on their ability to provide sufficient guarantees regarding the implementation of appropriate technical and organisational measures to meet data protection requirements.

4.3 Written Agreements

The relationship between Onyx Trade Ltd. as the data controller and any appointed data processors is formalised through comprehensive, written agreements.

These agreements explicitly outline the responsibilities, duties, and liabilities of each party, ensuring a clear understanding of their respective roles in the processing activities.

4.4 Legal Compliance

Onyx Trade Ltd. and any appointed data processors commit to processing personal data in strict compliance with applicable data protection laws.

This includes ensuring that the processing activities have a lawful basis, such as consent or any other legitimate basis as outlined in the AIFC Data Protection Rules and AIFC Data Protection Regulations.

4.5 Technical and Organisational Measures

Both the data controller and data processors implement and maintain appropriate technical and organisational measures to ensure the security, confidentiality, and integrity of the personal data being processed.

These measures are designed to protect against unauthorised access, disclosure, alteration, and destruction of personal data.

4.6 Defined Responsibilities

The responsibilities of the data controller and data processors are clearly defined in the written agreements.

The data controller determines the purposes and means of processing, while data processors act only on documented instructions from the data controller, ensuring a well-defined division of responsibilities.

4.7 Liabilities and Duties

Liabilities and duties of both the data controller and data processors are explicitly outlined in the written agreements.

This includes specifying the scope of liability for any breaches or non-compliance with data protection laws and regulations.

4.8 Security of Processing

Onyx Trade Ltd. ensures that personal data is processed securely throughout its lifecycle.

The company and any appointed data processors implement measures to guarantee the confidentiality, integrity, and availability of personal data, as required by applicable data protection laws.

4.9 Data Subject Rights Support

Onyx Trade Ltd. commits to providing necessary support to data subjects in exercising their rights.

This includes cooperating with any requests related to accessing, rectifying, erasing, or restricting the processing of personal data, in accordance with the obligations outlined in the AIFC Data Protection Rules and AIFC Data Protection Regulations.

4.10 Compliance Monitoring

Both the data controller and data processors engage in continuous monitoring of their respective data processing activities to ensure ongoing compliance with applicable data protection laws. Regular audits and assessments are conducted to verify adherence to the agreed-upon obligations and standards.

This meticulous delineation of rights and obligations ensures that personal data processing activities conducted by Onyx Trade Ltd. and any appointed data processors align with legal requirements, promoting transparency, accountability, and the safeguarding of individuals' privacy.

5. Data Processing

5.1 Comprehensive Data Processing Framework

Onyx Trade Ltd. establishes a comprehensive data processing framework, ensuring that all activities involving personal data adhere to the highest standards of security, confidentiality, and integrity.

This framework encompasses the entire data lifecycle, from collection and storage to usage and disposal.

5.2 Security Measures

The company commits to implementing robust technical and organisational measures to safeguard personal data.

These measures are designed to protect against unauthorised access, disclosure, alteration, and destruction of data. Security protocols are continuously reviewed and updated to stay resilient against evolving threats.

5.3 Confidentiality Assurance

Onyx Trade Ltd. ensures the confidentiality of personal data throughout the processing activities.

Access to data is restricted to authorised personnel, and confidentiality is maintained both in electronic and physical formats.

Any disclosure of personal data is limited to instances where it is necessary for the specified purposes and in compliance with applicable laws.

5.4 Integrity of Personal Data

Data integrity is a paramount consideration in the processing activities.

Onyx Trade Ltd. implements measures to ensure that personal data remains accurate, complete, and up to date.

Any necessary corrections or updates are performed promptly to maintain the integrity of the data.

5.5 Risk Mitigation Strategies

The company employs risk mitigation strategies to identify, assess, and address potential risks associated with data processing.

This includes regular risk assessments, vulnerability analyses, and the implementation of measures to mitigate the risk of unauthorised or unlawful processing.

5.6 Data Minimization Principle

Onyx Trade Ltd. adheres to the principle of data minimization, ensuring that only the minimum necessary personal data required for the specified purposes is processed.

Unnecessary or excessive data is not collected, and data processing activities are constrained to what is essential for fulfilling the intended objectives.

5.7 Data Processing Training and Awareness

Employees involved in data processing activities undergo comprehensive training to ensure awareness of data protection principles and compliance requirements.

Training programs include guidelines on secure data handling, confidentiality protocols, and the importance of maintaining the integrity of personal data.

5.8 Incident Response Plan

Onyx Trade Ltd. establishes an incident response plan to address any breaches or incidents affecting the security, confidentiality, or integrity of personal data.

This plan includes protocols for reporting, investigating, and mitigating incidents promptly to minimise potential harm.

5.9 Continuous Compliance Monitoring

The company is committed to continuous monitoring of its data processing activities to ensure adherence to security measures and compliance with applicable data protection laws.

Regular audits and assessments are conducted to verify the effectiveness of implemented measures and to identify areas for improvement.

5.10 Processing Written Requests from Data Subjects

Written requests from data subjects, including those related to accessing, rectifying, erasing, or restricting the processing of personal data, are processed through a structured and transparent mechanism.

Upon receiving a written request, data subjects are required to submit it to the designated Data Protection Officer via the provided email address: dpo@onyxtd.kz.

Upon receiving a request, the Data Protection Officer verifies the identity of the data subject to ensure the security and authenticity of the request. The company commits to responding to such requests within the timeframe stipulated by applicable data protection laws, providing a clear and concise explanation of the actions taken or reasons for any denial of the request.

This rigorous approach to data processing underscores Onyx Trade Ltd.'s commitment to maintaining the highest standards of security, confidentiality, and integrity in the handling of personal data, in strict adherence to applicable data protection laws and regulations.

6. Data Storage

6.1 Secure Data Storage Infrastructure

Onyx Trade Ltd. enforces a secure data storage infrastructure, meticulously designed to safeguard personal data against unauthorized access, disclosure, alteration, and destruction.

The company implements state-of-the-art security measures to create an environment that ensures the utmost protection throughout the entire data storage lifecycle.

6.2 In-House Data Processing and Collection

Onyx Trade Ltd. maintains a strict policy of in-house data processing and collection, eliminating the outsourcing of these critical activities.

This ensures that the company retains direct control over all aspects of data management, upholding the highest standards of security, transparency, and compliance with data protection laws.

6.3 AIFC Jurisdiction for Data Storage

All personal data collected and processed by Onyx Trade Ltd. is securely stored within the jurisdiction of the Astana International Financial Centre (AIFC).

This deliberate choice of jurisdiction is aligned with the company's commitment to uphold the regulatory framework and data protection standards set forth by the AIFC Data Protection Rules and AIFC Data Protection Regulations.

6.4 Protection Against Unauthorized Access

The company implements rigorous access controls and authentication mechanisms to prevent unauthorized access to stored personal data.

Access is restricted to authorized personnel with a legitimate need to access the data for specified purposes.

User access is regularly reviewed and updated based on roles and responsibilities.

6.5 Encryption and Data Confidentiality

Onyx Trade Ltd. employs advanced encryption methods to ensure the confidentiality of stored data.

Personal data is encrypted both during transit and at rest, providing an additional layer of protection against potential threats.

Encryption keys are securely managed to prevent unauthorized access.

6.6 Regular Security Assessments

The company is committed to conducting regular security assessments of its data storage infrastructure.

These assessments include penetration testing, vulnerability scanning, and other measures to identify and address potential security vulnerabilities. Updates and improvements to security measures are promptly implemented to mitigate risks.

6.7 Data Integrity Maintenance

Onyx Trade Ltd. undertakes measures to maintain the integrity of stored data. Regular checks and validations are performed to ensure that personal data remains accurate, complete, and unaltered.

Any discrepancies or anomalies are promptly addressed to uphold the integrity of the stored information.

6.8 Disaster Recovery and Redundancy

To mitigate the risk of data loss or compromise, Onyx Trade Ltd. establishes robust disaster recovery and redundancy measures.

These measures include routine data backups, redundant storage systems, and a comprehensive disaster recovery plan to ensure the availability and recoverability of data in case of unforeseen events.

6.9 Continuous Compliance Monitoring

The company is dedicated to continuous monitoring of its data storage practices to ensure compliance with security measures and regulatory requirements.

Regular internal audits, external assessments, and compliance reviews are conducted to verify the effectiveness of implemented security measures and to address any emerging threats or risks promptly.

This stringent approach to data storage underscores Onyx Trade Ltd.'s unwavering commitment to maintaining the highest standards of security, confidentiality, and integrity in the storage of personal data within the AIFC jurisdiction, in strict adherence to applicable data protection laws and regulations.

7. Data Retention

7.1 Data Retention Policy

Onyx Trade Ltd. commits to establishing a comprehensive data retention policy that aligns with international standards, GDPR (General Data Protection Regulation), and best practices in data management. This policy will be documented and made available to relevant stakeholders, providing clear guidance on the duration for which personal data will be retained.

7.2 Purpose-Limited Retention

Personal data shall be retained only for the duration necessary to fulfill the specific purposes for which it was originally collected.

The retention period will be determined based on the nature of the data, legal requirements, and the objectives for which the data was processed.

Data subjects will be informed of these retention periods at the time of data collection.

7.3 Legal and Regulatory Compliance

Onyx Trade Ltd. ensures that the data retention policy complies with all applicable international standards, including GDPR, and adheres to the legal and regulatory requirements of the AIFC jurisdiction.

The company is committed to staying abreast of changes in relevant laws and adjusting the retention policy accordingly.

7.4 Informed Data Subjects

Data subjects will be transparently informed about the retention periods of their personal data.

This information will be communicated at the time of data collection and reiterated as necessary.

By providing clear and concise information, Onyx Trade Ltd. empowers data subjects to understand how long their data will be stored and for what purposes.

7.5 Periodic Review and Update

The data retention policy undergoes periodic review and updates to ensure its continued alignment with international standards, GDPR, and evolving best practices.

The company conducts regular assessments to verify that the retention periods are still necessary and relevant, making adjustments as needed.

7.6 Sensitive Data Considerations

For sensitive personal data, Onyx Trade Ltd. exercises additional caution, applying shorter retention periods where feasible.

The nature of the data, its sensitivity, and any associated risks are carefully considered to ensure a responsible and secure approach to data retention.

7.7 Data Deletion Procedures

Onyx Trade Ltd. establishes clear procedures for the secure deletion or destruction of personal data when it reaches the end of its retention period.

These procedures include secure erasure methods and documentation to demonstrate compliance with data protection laws and regulations.

7.8 Exceptions and Legal Obligations

Exceptions to the general retention periods may be made in compliance with legal obligations, such as those pertaining to financial or audit records.

Onyx Trade Ltd. will clearly document such exceptions and ensure they align with the specified legal requirements.

7.9 Documentation and Accountability

The company maintains meticulous documentation regarding the data retention policy, including the specified retention periods for different categories of personal data.

This documentation serves as evidence of adherence to international standards, GDPR, and best practices, ensuring accountability in data management.

7.10 Continuous Compliance Monitoring

Onyx Trade Ltd. is committed to continuous monitoring of its data retention practices ensuring compliance with international standards, GDPR, and best practices.

Regular internal audits, external assessments, and compliance reviews are conducted to verify the effectiveness of implemented retention measures and address any emerging requirements or risks promptly.

This rigorous approach to data retention reflects Onyx Trade Ltd.'s commitment to international data protection standards, GDPR compliance, and best practices, ensuring responsible and transparent management of personal data throughout its lifecycle.

8. Amendments and Updates of the Policy

8.1 Regular Review Mechanism

Onyx Trade Ltd. institutes a robust and systematic review mechanism for this data protection policy.

Regular reviews are conducted at predefined intervals, and the policy is thoroughly assessed to ensure its continued relevance, effectiveness, and compliance with evolving data protection laws and regulations.

8.2 Compliance with Evolving Laws

The company is committed to monitoring and adapting to changes in data protection laws on an ongoing basis.

Any amendments or updates to the policy are driven by a comprehensive understanding of the legal landscape, encompassing international standards, GDPR, and any relevant regulations applicable within the AIFC jurisdiction.

8.3 Alignment with Business Processes

The policy is intricately linked with the dynamic nature of business processes within Onyx Trade Ltd. Any changes in business operations or data processing activities are promptly reflected in the policy to ensure that it remains synchronized with the company's practices, strategies, and objectives.

8.4 Necessity-Based Updates

Updates to the policy are conducted based on a necessity-driven approach. If there are substantial changes in data protection laws, business processes, or technology that impact the way personal data is handled, the policy is revised accordingly.

This proactive approach ensures that the policy remains at the forefront of compliance and best practices.

8.5 Communication of Amendments

Any amendments or updates to the policy are communicated to all relevant stakeholders. This includes employees, data subjects, and any third parties involved in data processing activities.

Clear and transparent communication mechanisms are established to convey the nature of the changes and the implications for data protection practices.

8.6 Documentation of Changes

All changes to the policy are meticulously documented. This documentation includes details about the nature of the amendment, the reasons behind it, and the date of implementation.

Such documentation serves as a historical record, providing transparency and accountability in the evolution of the data protection policy.

8.7 Stakeholder Awareness

Relevant stakeholders, including employees and data subjects, are made aware of the importance of the policy and the significance of any updates.

Awareness campaigns, training sessions, and informational materials are employed to ensure that stakeholders are well-informed about the policy changes and their implications.

8.8 Continuous Improvement Culture

Onyx Trade Ltd. fosters a continuous improvement culture regarding data protection. The company encourages feedback from stakeholders and remains open to insights that may contribute to refining and strengthening the policy.

This culture ensures that the policy remains a dynamic and responsive instrument in safeguarding personal data.

8.9 Legal Compliance and Best Practices

All amendments and updates to the policy are conducted with a commitment to legal compliance and adherence to best practices.

The policy is designed not only to meet the minimum legal requirements but also to exceed them, reflecting a dedication to maintaining the highest standards of data protection.

8.10 Continuous Compliance Monitoring

The company engages in continuous monitoring to ensure that the policy's amendments and updates effectively address the evolving data protection landscape.

Regular internal audits and external assessments are conducted to verify compliance, assess the effectiveness of changes, and identify areas for further improvement.

This meticulous approach to the amendments and updates of the data protection policy illustrates Onyx Trade Ltd.'s unwavering commitment to staying abreast of regulatory changes, aligning with best practices, and fostering a culture of continuous improvement in data protection.

9. Data Protection Officer Appointment

9.1 Strategic Importance of the Data Protection Officer (DPO)

Onyx Trade Ltd. recognizes the strategic importance of the Data Protection Officer (DPO) role in ensuring the highest standards of data protection.

The DPO serves as the linchpin for overseeing, implementing, and enhancing the company's data protection activities, ensuring alignment with the regulations prescribed by the Astana International Financial Centre (AIFC) and Astana Financial Services Authority (AFSA).

9.2 DPO Responsibilities

The appointed Data Protection Officer assumes multifaceted responsibilities, including overseeing data protection compliance, serving as a point of contact for data subjects, and liaising with regulatory authorities.

The DPO is entrusted with the critical task of fostering a culture of privacy and compliance within Onyx Trade Ltd.

9.3 Expertise and Competence

The DPO is selected based on their expertise, professional knowledge, and competence in the field of data protection.

Their role requires a deep understanding of the AIFC Data Protection Rules, AIFC Data Protection Regulations, and other relevant data protection laws.

The DPO stays abreast of regulatory developments and industry best practices to ensure proactive and informed guidance.

9.4 Independence and Objectivity

Onyx Trade Ltd. ensures the independence and objectivity of the DPO role.

The DPO operates autonomously, free from any conflicts of interest that could compromise their ability to impartially oversee data protection activities. This independence is essential for promoting unbiased decision-making in the realm of data protection.

9.5 Point of Contact for Data Subjects

The DPO serves as a dedicated point of contact for data subjects, providing them with a direct channel to address inquiries, concerns, or requests related to their personal data.

This accessibility reinforces transparency and empowers data subjects to exercise their rights under applicable data protection laws.

9.6 Liaison with Regulatory Authorities

In accordance with Section 19(2) of the AIFC Data Protection Regulations, the DPO is specifically designated to facilitate reporting to the AIFC Data Commissioner.

The DPO acts as a liaison with regulatory authorities, ensuring timely and accurate reporting of data protection activities and any incidents in line with regulatory obligations.

9.7 Appointment Process

The appointment of the Data Protection Officer undergoes a meticulous process, considering the individual's qualifications, experience, and dedication to data protection.

The appointment is formalized through a documented procedure, and the DPO is provided with the necessary resources and authority to fulfill their role effectively.

9.8 Training and Professional Development

Onyx Trade Ltd. invests in the continuous training and professional development of the DPO.

This commitment ensures that the DPO remains well-versed in emerging trends, technological advancements, and changes in data protection laws, reinforcing their ability to fulfil their role effectively.

9.9 Policy Adherence Expectation

All employees and stakeholders of Onyx Trade Ltd. are expected to adhere to this data protection policy.

The DPO plays a pivotal role in communicating and enforcing compliance with the policy, fostering a culture of accountability, and ensuring that data protection principles are ingrained in the company's ethos.

9.10 Continuous Improvement

The role of the DPO is dynamic and evolving. Onyx Trade Ltd. encourages the DPO to contribute to the continuous improvement of data protection practices within the organization.

This includes recommending enhancements to policies, procedures, and training initiatives to adapt to changing regulatory landscapes and emerging risks.

This rigorous approach to the appointment and responsibilities of the Data Protection Officer underscores Onyx Trade Ltd.'s unwavering commitment to protecting personal data in accordance with the AIFC Data Protection Rules, AIFC Data Protection Regulations, and the broader regulatory framework established by the Astana International Financial Centre and Astana Financial Services Authority.