Codpeller

Privacy Policy and Personal Data Processing

Last updated: 06 March 2026

This Privacy Policy and Personal Data Processing Policy (the “Policy”) governs the processing of personal data between Codpeller LLP, BIN 220540029576, address: Z10K2C5, Kazakhstan, Astana, Saryarka district, st. I. Esenberlin, d. 20/1-71 (the “Company”), and the user of the website codpeller.com (the “User”).

1. Definitions

User means a capable natural person who has reached the age of 18 and who uses the website, requests a consultation, places an order, registers, leaves comments, or performs other actions available through the website functionality.

If products/services are purchased by a sole proprietor or organization, communication with the Company is performed through an authorized representative who provides their contact details. In such cases, the Company processes the representative’s personal data (for example, name, email, phone) for communication and performance of obligations.

Website means the Company’s internet resource at codpeller.com, including all pages and domain levels owned by the Company.

Personal data means any information relating to an identified or identifiable natural person.

Personal data processing means any action (operation) or set of actions performed with personal data using automation tools or without such tools, including collection, receipt, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction.

Store ID means a technical identifier of a merchant’s store on a supported online store platform, which helps us determine in which store the Company’s product is installed/used and provide correct support.

2. Scope

This Policy applies to all personal data the Company receives from Users while operating the Website and related services, including when submitting requests, registering, contacting support, and using the Company’s products.

3. Legal basis and applicable law

The Company processes personal data in accordance with the Law of the Republic of Kazakhstan dated 21 May 2013 No. 94-V “On Personal Data and Their Protection” and other applicable laws of Kazakhstan. For Users from certain jurisdictions, additional requirements may apply (for example, GDPR for users from the EEA/UK), to the extent applicable.

Depending on the context, our legal bases may include:

  • performance of a contract and delivery of services/access to the product;
  • consent (for example, where required for marketing communications);
  • legitimate interests (security, service improvement, prevention of abuse);
  • legal obligations (accounting, tax, responding to lawful requests).

4. User consent

The User accepts this Policy by providing their data (for example, name, phone, email, Store ID) in website forms and submitting a request/order, and/or by performing other actions available through the Website functionality. If the User disagrees with this Policy, the User must stop using the Website.

5. What data we collect

Depending on how you use the Website, we may process the following categories of data:

  • Contact data: name, surname (if provided), email address, phone number;
  • Account data: information required for registration/identification (if applicable);
  • Technical data: IP address, browser/OS details, language, time zone, device information, activity logs, access date and time;
  • Store ID: store identifier on a supported online store platform;
  • Support communications: the content of support requests and submitted materials;
  • Cookies and analytics: data from cookies and similar technologies (see Section 10).

6. Payments and Merchant of Record (MoR)

Payments on the Website may be processed by the Company’s authorized payment partners. In some cases, an authorized Merchant of Record (MoR) may act as the seller of record (issuing receipts/invoices, collecting applicable taxes and processing refunds/chargebacks) in accordance with its policies and card network rules.

We do not store full payment card numbers or CVV/CVC codes on our servers. Payment data is entered on a secure page of the payment partner/MoR.

When processing payments, we may receive limited transaction-related information required for accounting, support, and service delivery, such as: payment status, transaction identifiers, payer country, currency, and amount.

7. Purposes of processing

We use personal data for the following purposes:

  • Service delivery and functionality: processing requests/orders, registering and identifying the User, providing access to products and services;
  • Support and communications: responding to User requests, consultations, and status updates;
  • Security and abuse prevention: protecting the Website, detecting suspicious activity, preventing fraud;
  • Analytics and service improvement: evaluating the Website performance and conducting statistical research based on anonymized data;
  • Marketing purposes (when needed): informing about news, updates, promotions and special offers, in accordance with applicable law and with an opt-out option;
  • Legal obligations: accounting and tax compliance, responding to lawful requests.

8. Sharing data with third parties (partners and processors)

The Company may share personal data with third parties only to the extent necessary to achieve the purposes described above, including:

  • Infrastructure and hosting providers (to operate the Website and services);
  • Support and communication services (email, ticketing systems, chat/messaging providers when the User contacts us);
  • Analytics providers (for statistics and Website improvement, primarily on an anonymized basis);
  • Payment partners and MoR (to process payments, refunds and comply with payment network requirements);
  • Legal and governmental authorities where we have a lawful basis and to the extent required by law.

Such third parties are required to ensure confidentiality and security and to process personal data under appropriate contractual and legal obligations.

9. Cross-border data transfers

Personal data may be processed in Kazakhstan and/or transferred to other countries where our service providers operate (for example, hosting, analytics, payment partners/MoR), if necessary to provide services. We take measures to protect data and ensure a lawful basis for such transfers (contract, consent, legitimate interests, or legal requirements), depending on the context.

10. Cookies and analytics

The Website may use cookies and similar technologies to ensure proper operation, remember User preferences, and perform analytics to improve the service. Cookies may contain technical information (for example, a session identifier) and are not intended to store sensitive card data.

You can manage cookies through your browser settings (including blocking or deleting cookies). Disabling certain cookies may affect Website functionality.

11. Data retention

The Company retains personal data no longer than necessary to achieve processing purposes and for the periods required by applicable law. Once the purposes are achieved, data is deleted or anonymized unless a longer retention period is required by law.

12. User rights

The User may request information about the processing of their personal data, request correction (if data is incomplete/inaccurate), deletion, or restriction of processing in cases provided by law. Where processing is based on consent, the User may withdraw consent at any time.

To correct data or request termination of processing, send an email to [email protected] with the subject: “Correct personal data” or “Stop processing personal data”. In your message, include your email address, Store ID, the Company product (software) you use, and the details of your request.

13. Security measures

The Company implements necessary organizational and technical measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including access controls, use of security tools, and evaluation of the effectiveness of such measures.

14. Accuracy of data

The Company does not verify the accuracy of data provided by the User and assumes that the User provides up-to-date and truthful information and keeps it current.

15. Changes to this Policy

The Company may amend this Policy at any time without notifying the User. The current version of the Policy is published on the Website. Continued use of the Website after a new version is published constitutes acceptance of the updated Policy.

16. Contact

If you have any questions about this Policy or personal data processing, contact us at: [email protected].

Company information:
Codpeller LLP
Address: Z10K2C5, Kazakhstan, Astana, Saryarka district, st. I. Esenberlin, d. 20/1-71
BIN: 220540029576