BizdeBar
← Back to home

PRIVACY POLICY of the BizdeBar Service

(Translation from Russian. In case of discrepancies, the Russian version shall prevail.)

Effective date: March 02, 2026

1. General Provisions

1.1. This Privacy Policy (hereinafter referred to as the “Policy”) sets out the procedures for collecting, processing, storing, using, and protecting personal data of users (hereinafter referred to as the “User”, “You”) of the BizdeBar service (hereinafter referred to as the “Service”, “BizdeBar”, “We”).

1.2. BizdeBar is an AI assistant and marketplace available through a mobile application and a Telegram bot, designed for searching for goods and services, posting listings, and providing answers to everyday queries.

1.3. The personal data controller is LLC “Bizde Bar” (hereinafter referred to as the “Controller”, “Company”), TIN: 02002202610551, registered in the Kyrgyz Republic, registration number: 325873-3301-OOO, registered address: Kyrgyz Republic, Bishkek, Pervomaysky District, Logvinenko St., Bldg. 55, Apt. 32.

1.4. Personal data is processed in accordance with:

  • the Constitution of the Kyrgyz Republic;
  • the Law of the Kyrgyz Republic “On Personal Information” dated April 14, 2008, No. 58 (as last amended on July 12, 2022);
  • Resolution of the Government of the Kyrgyz Republic dated November 21, 2017, No. 759;
  • the General Data Protection Regulation of the European Union (GDPR) 2016/679 - to the extent applicable to the cross-border transfer and storage of data on servers located in Finland (EU);
  • other legal and regulatory acts of the Kyrgyz Republic in the field of personal data protection.

1.5. By using the Service, You confirm that You have read this Policy and consent to the processing of Your personal data under the terms set forth herein.

1.6. If You do not agree to the terms of this Policy, You must discontinue Your use of the Service.

2. Key Terms and Definitions

Personal data - any information relating to a directly or indirectly identified or identifiable natural person (data subject).

Processing of personal data - any action (operation) or set of actions performed on personal data, including collection, recording, systematization, accumulation, storage, updating, extraction, use, transfer, depersonalization, blocking, deletion, and destruction.

Data subject - a natural person to whom the respective personal data relates.

Data holder (controller) - the Controller who determines the purposes and methods of personal data processing.

Data processor - a natural or legal person who processes personal data on behalf of the Controller pursuant to a contract.

Cross-border transfer of personal data - the transfer of personal data by the holder (controller) to holders subject to the jurisdiction of other states.

3. Data We Collect

3.1. Data provided by the User

  • Phone number - for registration and authorization;
  • Name (nickname) - for identification within the Service;
  • Message content - text messages sent to the chatbot and the application;
  • Photographs and media files - when creating listings;
  • Listing information - descriptions of goods and services, prices, categories, contact details;
  • Preferences and settings - language, categories of interest, search history.

3.2. Data collected automatically

  • Device identifier and operating system type;
  • IP address;
  • Telegram account data (user ID, username) - when using the Telegram bot;
  • Cookies and similar technologies (when using the web version);
  • Information about activities within the Service (activity logs, time and frequency of use);
  • Geolocation - only with the explicit consent of the User, for the purpose of providing relevant results.

3.3. Data from third-party sources

We may receive minimally necessary data from third-party authorization services (such as Telegram Login) if You use them to sign in to the Service.

4. Purposes of Personal Data Processing

We process Your personal data for the following purposes:

  • Service delivery - processing queries, searching for goods and services, posting listings, matching offers;
  • Registration and authorization - User identification within the Service;
  • Service improvement - analyzing user behavior, personalizing results, training AI models on depersonalized data;
  • Security - detecting fraud, preventing abuse, protecting against unauthorized access;
  • Communication - sending notifications about listing statuses, system messages, responding to support requests;
  • Legal compliance - fulfilling the requirements of legal and regulatory acts of the Kyrgyz Republic and other applicable jurisdictions;
  • Marketing and information - sending informational and promotional messages (only with the User’s consent, with an option to unsubscribe at any time).

Personal data is processed on the following legal grounds (in accordance with Article 9 of the Law of the Kyrgyz Republic “On Personal Information”):

  • Consent of the data subject - You provide consent upon registration and use of the Service;
  • Performance of a contract - processing is necessary for the provision of services under the User Agreement;
  • Legitimate interest of the Controller - ensuring the security of the Service, preventing fraud, improving service quality, provided that such interest does not infringe upon Your rights and freedoms;
  • Legal requirements - in cases prescribed by the legal and regulatory acts of the Kyrgyz Republic.

6. Transfer of Personal Data to Third Parties

6.1. We do not sell or transfer Your personal data to third parties for commercial purposes.

6.2. We may transfer Your data in the following cases:

  • To other Users - within the marketplace functionality (for example, contact details in response to a listing) and only to the extent necessary for conducting a transaction;
  • To data processors - service providers who process data on our behalf (hosting providers, analytics services, AI model providers) under contracts ensuring data protection;
  • To government authorities - pursuant to lawful requests by authorized bodies of the Kyrgyz Republic in the manner prescribed by law;
  • In the event of reorganization - in the case of a merger, acquisition, or sale of the Company’s assets, with an equivalent level of data protection ensured.

6.3. When transferring data to Processors, we enter into contracts containing obligations to maintain the confidentiality and security of personal data in accordance with the requirements of the legislation of the Kyrgyz Republic.

7. Cross-Border Transfer of Personal Data

7.1. The Service’s servers are located in the Republic of Finland (European Union). Accordingly, when using the Service, Your personal data is transferred across borders from the Kyrgyz Republic to the EU.

7.2. In accordance with Article 25 of the Law of the Kyrgyz Republic “On Personal Information”, cross-border transfer of personal data is permitted provided that the receiving party ensures an adequate level of protection of the rights and freedoms of data subjects. Finland, as an EU member state, ensures a high level of personal data protection under the GDPR (2016/679).

7.3. Furthermore, the cross-border transfer is carried out on the basis of Your consent, which You provide upon acceptance of this Policy.

7.4. We may also use third-party AI service providers (large language model providers) for processing queries. In doing so, we take measures to minimize the data transferred and to depersonalize information where technically feasible.

7.5. We ensure that any cross-border transfer of data is carried out in compliance with the legislation of the Kyrgyz Republic and with appropriate safeguards in place.

8. Personal Data Security

8.1. We take the necessary organizational and technical measures to protect personal data from unauthorized access, destruction, modification, blocking, copying, distribution, and other unlawful actions.

8.2. Security measures include, among others:

  • Encryption of data in transit (TLS/SSL) and at rest;
  • Role-based access control for personal data;
  • Regular security audits;
  • Storage of data on secured servers with restricted physical and logical access;
  • Monitoring and logging of data access;
  • Regular updates of software and security tools.

8.3. Access to personal data is granted only to authorized employees of the Company and data processors acting under contracts and bound by confidentiality obligations.

9. Personal Data Retention Periods

9.1. Personal data is retained for no longer than necessary to achieve the purposes of processing, unless otherwise provided by the legislation of the Kyrgyz Republic.

9.2. Approximate retention periods:

  • Account data - for the entire period of Service use and 1 (one) year after account deletion;
  • Listing content - for the posting period and 6 (six) months after delisting;
  • Activity logs - up to 12 (twelve) months;
  • Message data - for the period of Service use and 30 (thirty) days after account deletion;
  • Depersonalized and aggregated data - may be stored without time limitation.

9.3. Upon expiration of the retention periods, personal data shall be destroyed or depersonalized.

10. Rights of the Data Subject

In accordance with the Law of the Kyrgyz Republic “On Personal Information”, You have the following rights:

  • Right of access - to obtain information about what personal data is being processed, the purposes and methods of processing;
  • Right to rectification - to request the correction of incomplete or inaccurate personal data;
  • Right to erasure - to request the deletion (destruction) of personal data where there are no lawful grounds for further processing;
  • Right to restriction - to request temporary suspension of personal data processing;
  • Right to object - to object to the processing of personal data;
  • Right to withdraw consent - to withdraw previously given consent to personal data processing at any time;
  • Right to lodge a complaint - to file a complaint with the State Agency for Personal Data Protection under the Cabinet of Ministers of the Kyrgyz Republic, or with a court of law.

To exercise the above rights, You may contact us using the contact details provided in Section 14 of this Policy. We shall process Your request within 30 (thirty) calendar days.

11. Cookies and Similar Technologies

11.1. When using the web version of the Service, we may use cookies and similar technologies to ensure the functioning of the Service, personalize content, and analyze usage.

11.2. Types of cookies used:

  • Essential (technical) - required for the Service to function and cannot be disabled;
  • Analytical - help us understand how users interact with the Service;
  • Functional - store Your settings and preferences.

11.3. You may manage cookie settings through Your browser settings. Disabling certain cookies may affect the functionality of the Service.

12. Data Processing Using Artificial Intelligence

12.1. The Service uses artificial intelligence (AI) technologies and large language models (LLMs) for processing User queries, classifying listings, matching goods and services, and providing answers to questions.

12.2. When Your queries are processed by the AI system:

  • The content of Your query may be transmitted to AI model providers for response generation;
  • We take measures to minimize the volume of personal data transmitted and to depersonalize it;
  • We do not use Your personal data to train third-party AI models without Your explicit consent;
  • Responses generated by the AI system are informational in nature and do not constitute professional advice.

12.3. BizdeBar may store Your preferences and query history to improve service quality. You may request the deletion of such data at any time.

13. Personal Data of Minors

13.1. The Service is not intended for persons under 16 (sixteen) years of age. We do not knowingly collect personal data of minors.

13.2. If we become aware that we have received personal data of a person under 16, we will promptly take measures to delete such data.

13.3. If You are a parent or legal guardian and believe that Your child has provided us with personal data, please contact us.

14. Contact Information

For any questions related to personal data processing, You may contact:

Controller: LLC “Bizde Bar” TIN: 02002202610551 Address: Kyrgyz Republic, Bishkek, Pervomaysky District, Logvinenko St., Bldg. 55, Apt. 32 Phone: 0703097129 Email: ceo@bizdebar.com Director: Zhumabekov Tursunbek Tolonbekovich

15. Supervisory Authority

Oversight of compliance with personal data legislation is carried out by the State Agency for Personal Data Protection under the Cabinet of Ministers of the Kyrgyz Republic (dpa.gov.kg).

You have the right to file a complaint with this authority if Your personal data rights are violated.

16. Amendments to This Policy

16.1. We reserve the right to amend this Policy. The current version of the Policy is published on bizdebar.de and in the mobile application.

16.2. In the event of material changes, we shall notify You through the Service, push notifications, or Telegram messages.

16.3. Continued use of the Service after the amendments have been introduced constitutes Your acceptance of the updated Policy.