Compliance

Compliance und Datenverarbeitung

Diese Seite beschreibt, wie DataVin Daten verarbeitet, welche Quellen genutzt werden, welche Sicherheitsmaßnahmen gelten und bestatigt den fehlenden Zugriff auf geschlossene Behordendatenbanken.

1. Operator registration

The data operator is registered as a personal data operator in the Kyrgyz Republic:

Sole proprietor: Mikhail Yuryevich Koshensky

TIN: 23011197940035, OKPO: 35017178, Registration number: 004-2026-169-2066

Address: 163 Moskovskaya St., apt. 8, Pervomaisky district, Bishkek, Kyrgyz Republic

E-mail: info@datavin.info, Phone: +996 500 014 335

The operator acts in compliance with the personal data legislation of the Kyrgyz Republic.

2. Legal basis for processing

Data processing is based on the following grounds:

(a) the user voluntarily uses the service and places an order — performance of a contract (public offer);

(b) the user voluntarily provides data through website forms or messengers — consent;

(c) legitimate interests of the operator in ensuring service operation, security and abuse prevention;

(d) compliance with applicable legal obligations of the Kyrgyz Republic.

Processing is limited to what is strictly necessary for the requested service. No data is processed for incompatible purposes.

3. Data sources

DataVin does not operate, maintain or access any closed state databases, law enforcement systems, nor any restricted government information systems.

All vehicle information is obtained exclusively from the following types of sources:

(a) commercial vehicle-data APIs (authorized partner interfaces, licensed data feeds);

(b) publicly available and legally accessible online databases and registries;

(c) dealer systems and partner networks that provide service history records;

(d) data that the user voluntarily provides (VIN, photos, documents).

All external sources are used strictly in accordance with their terms of service and applicable law. DataVin does not circumvent technical or legal restrictions to obtain data.

4. What data is stored and for how long

DataVin follows a data-minimization principle. Only the following data is stored:

(a) VIN and email — retained while the user account is active;

(b) order history — kept for service continuity, accounting and support;

(c) technical logs (IP, user-agent, timestamps) — retained for security analysis and incident investigation.

Data is deleted when no longer necessary for the stated purposes or upon user request, subject to legal retention requirements.

Full bank card details are never stored on DataVin servers.

5. Risk assessment

The operator has conducted an internal risk assessment for data processing activities. The following measures are in place:

(a) all data transmission is encrypted using TLS;

(b) access to stored data is restricted to authorized personnel only;

(c) authentication is required for any administrative access;

(d) security incidents are logged and investigated;

(e) third-party providers (hosting, payment processors, data partners) are selected based on their security and compliance posture.

The risk level is assessed as low given the limited scope of processed data (vehicle identifiers and contact details only, no sensitive personal data).

6. No access to closed state databases

DataVin explicitly confirms that it does not have and never has had access to closed state databases, including but not limited to:

— law enforcement databases;

— tax authorities' information systems;

— closed vehicle registration databases restricted by law;

— any other non-public government information systems.

All data provided to users is obtained from commercial and public sources that are legally accessible without special authorization.

DataVin does not engage in or facilitate unauthorized access to any information systems.

7. Data protection measures

Technical measures: encrypted connections (TLS), firewalls, access controls, logging and monitoring.

Organizational measures: access is limited to personnel who need it for service operation, data handling procedures are documented, personnel are informed about data protection requirements.

Physical measures: servers are located in professionally managed data centers with physical access controls.

8. Contact for compliance matters

For compliance-related inquiries, data protection requests or regulatory communication, contact:

E-mail: info@datavin.info

Phone: +996 500 014 335

Response time: within 30 calendar days.

Current version dated 25.06.2026.