Privacy Policy

For the purposes of this Policy, the following terms are used:

Parketiko

We are the personal data operator under Kazakh Law No. 94-V and the data controller under GDPR for the personal data you provide to us. This means we determine the purposes and means of processing your data.

Data you provide directly: - Contact information (name, phone, email) - Project information (project area, address / building, installation pattern) - Content of your messages and inquiries - Messenger conversation history (Telegram, WhatsApp) - Payment information (when paying for an order — invoice details, business ID/BIN for legal entities) Data collected automatically: - IP address and approximate location - Device type, browser, and operating system - Website visit data (pages, time, referral source) - Cookies and similar technologies (see Cookie Policy) Data from external sources: - Information from Bitrix24 (if you filled out the online form via the widget) - Data from analytics platforms (aggregated) - Public company information (designer's business, architectural firm) — for B2B inquiries

Under Kazakhstan Law No. 94-V we process your data based on: - Your consent (filling out the price form, subscribing to a newsletter) - Performance of a supply contract or pre-contractual steps at your initiative - Compliance with legal requirements (bookkeeping) - Protection of our legitimate interests If you are in the EU, under GDPR Art. 6 the same bases apply: Consent — Art. 6(1)(a) - Marketing communications - Cookies (analytics and marketing) Contract Performance — Art. 6(1)(b) - Parquet supply and related services - Payment processing - Warranty service Legitimate Interest — Art. 6(1)(f) - Service improvement - Website security - Basic analytics - Direct marketing to existing customers Legal Obligations — Art. 6(1)(c) - Kazakhstan tax reporting - Responding to lawful authority requests

Service Providers (data processors):

Team: Your data may be processed by Parketiko employees and contractors located in Kazakhstan and other countries to provide services. All of them are bound by confidentiality obligations. Other Recipients: - Kazakhstan government authorities (upon lawful request — tax, courts) - Professional advisors (lawyers, auditors) - Authorized ESTA dealers (with your consent — for regional projects) We carefully select service providers and enter into Data Processing Agreements with them. Specific tools may change, but processing categories remain the same.

Your data may be transferred outside Kazakhstan:

Under Kazakhstan Law No. 94-V cross-border transfer is allowed if the recipient country provides adequate protection of personal data, or with your consent. Security Safeguards: - Data Processing Agreements (DPAs) with each processor - Standard Contractual Clauses (SCCs) for transfers to the USA and third countries - Technical protection measures (HTTPS/TLS, encryption at the service level) - Confidentiality obligations for all employees and contractors

After expiration, data is deleted or anonymized.

Under Kazakhstan Law No. 94-V you have the right to: - Receive information about what data of yours we hold - Request correction of inaccurate data - Withdraw consent for processing - Demand deletion (except where retention is required by law) - File a complaint with the Authorized Body of the Republic of Kazakhstan for personal data protection If you are in the EU, under GDPR additionally:

How to Exercise Rights: - Email: denys.fursov@parketiko.com - Response time: 30 business days (may be extended up to 2 months for complex requests) - Free of charge (except for manifestly unfounded or repetitive requests)

We use cookies and similar technologies. Detailed information is in our Cookie Policy. Cookie Categories:

You can manage cookies through: - Consent banner on the site (shown on first visit) - Your browser settings - Clearing cookies for parketiko.com

Do Not Track (DNT) Some browsers send a "Do Not Track" signal. Currently, we do not respond to DNT signals as there is no uniform standard for processing them. Instead, we honor your choice via the cookie consent banner. Global Privacy Control (GPC) We honor Global Privacy Control signals. If your browser sends GPC, marketing cookies will not be activated automatically — this is equivalent to declining marketing cookies in the consent banner.

Most communication with clients goes through messengers:

Data processing in messengers is also governed by the platforms' policies. By using these channels, you agree to their terms. To opt out of messages: write "STOP" in the messenger or email denys.fursov@parketiko.com.

Our website and services are intended for designers, architects, and property owners — i.e., adults. We do not knowingly collect personal data from persons under 18. If you learn that a minor has provided us with personal data, please contact us, and we will promptly delete this information.

We may use AI tools and chatbots for: - Initial inquiry qualification (project type, area, budget) - Preparing commercial proposals - Generating marketing content (blog articles, descriptions) Important: - Data you share with AI assistants is processed in accordance with this Policy - AI-based decisions are not made fully automatically without human involvement in significant matters (prices, discounts, supply terms) - You can request human review of any automated decision - AI systems may make errors — the final calculation is always confirmed by a manager

We implement technical and organizational measures to protect your data: Technical Measures: - Encryption in transit (HTTPS/TLS on parketiko.com) - Encryption at rest (at the cloud provider level) - Regular backups - Security monitoring and DDoS protection (Cloudflare) - Two-factor authentication in admin panels Organizational Measures: - Access restrictions (need-to-know basis) - Staff training on data protection basics - Internal security policy - Regular access audits Despite our efforts, no method of transmission over the internet is completely secure. In case of a data breach posing a high risk to your rights, we will notify you and the Authorized Body of Kazakhstan (or the relevant EU supervisory authority) within the required time.

We may update this Policy. When making changes: - We update the "Last updated" date at the top of the page - For material changes, we notify subscribed clients via email - We publish changes on this page We recommend checking this page periodically. Continued use of the website after changes means acceptance of the updated Policy.

For data protection inquiries, contact us: Parketiko

Response Time: up to 30 business days. Supervisory Authorities: - Kazakhstan: Ministry of Digital Development, Innovation and Aerospace Industry of the RK — gov.kz - EU: list of GDPR supervisory authorities — edpb.europa.eu