RULES FOR PROCESSING PERSONAL DATA
The rules for processing personal data of “——” (abbreviated name — LLC “——” (TIN ——, OGRN ——) have been developed in accordance with the provisions of the legislation of the Republic of Uzbekistan and the Privacy Policy posted on the website https://kelyanmedia.com/ at the address: ____________ (hereinafter referred to as the Privacy Policy),
Terms and definitions.
***
Parties – the Operator and any User registered in the Application.
Personal data (PD) is any information that relates directly or indirectly to a specific or identifiable individual (subject of personal data).
Processing of personal data is any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Dissemination of personal data is actions aimed at disclosing personal data to an indefinite number of persons.
Provision of personal data is an action aimed at disclosing personal data to a specific person or a specific group of persons.
Blocking of personal data is a temporary cessation of the processing of personal data (except in cases where processing is necessary to clarify personal data);
Destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
Anonymization of personal data is an action that makes it impossible to determine the ownership of personal data by a specific personal data subject without the use of additional information.
Information is data (messages, data) regardless of the form of its presentation.
Documented information is information recorded on a tangible medium by documenting it with details that make it possible to identify such information or its tangible medium.
Confidentiality of personal data is a mandatory requirement for the Operator or another person who has gained access to personal data to prevent their dissemination without the consent of the personal data subject or the presence of another legal basis.
1. General Provisions.
1.1. The Personal Data Rules establish the Operator's obligations to maintain confidentiality and ensure the protection of the privacy of personal data provided by the User.
1.2. Use of the Service by the User constitutes consent to the Personal Data Rules and the terms of processing of the User's personal data by the Operator.
In case of disagreement with the terms of the Personal Data Rules, the User undertakes to stop using the Service.
1.3. Personal data permitted for processing within the framework of these PD Rules is provided by the User voluntarily by filling out various forms during registration in the Application and use of the Service and includes the following information: last name, first name, patronymic, date, month and year of birth, details of the identity document (passport), TIN number, photo and video of their personal image, telephone number, registration address, other similar information provided by the User about themselves, and on the basis of which identification of the subject of personal data is possible.
1.4. The Operator has the right to carry out all necessary legal actions with the personal data of Users obtained, which are solely related to achieving the goals specified in Section 2 of the Rules.
1.5. Any other personal and confidential information not specified above is subject to secure storage and non-dissemination by the Operator and the User.
2. Basic principles and purposes of collecting personal information. 2.1. The Operator processes personal data necessary to provide the Service to the User. 2.2. The User hereby authorizes the Operator and agrees that the Operator:
— processes the User's personal data for the purpose of providing access to the Service and its functionality, verifying, researching and analyzing such data to support and improve the current functionality of the Service, developing new functionality, as well as for other purposes stipulated by these Personal Data Rules;
— takes all necessary measures to protect the User’s personal data from unauthorized access, modification, disclosure or destruction;
— provides access to the User’s personal data only to those employees, contractors, and agents of the Operator who need this information to ensure the functioning of the Service and provide Users with access to its use;
— will and has the right to use the information provided by the User, including personal data, in order to ensure compliance with the requirements of the current legislation of the Republic of Uzbekistan (including for the purpose of preventing and/or suppressing illegal and/or unlawful actions of Users).
2.3. Principles of processing Users' personal data:
— the processing of personal data must be carried out exclusively on legal grounds and in the interests of Users;
— the processing of personal data must be limited to the achievement of specific legitimate purposes;
— when processing personal data, the accuracy, sufficiency, and, where necessary, relevance of personal data is ensured;
— the storage of personal data must be carried out in a form that allows the identification of the subject of personal data, for no longer than is required by the purposes of processing personal data.
2.4. The Operator processes the User’s personal data for the following purposes:
— execution of agreements with the User to provide access to the functionality of the Service, for administration of the Service;
— identification of the User upon registration in the Application and authentication of the User when using the Service;
— provision of services, processing requests and applications from the User;
— establishing feedback with the User, including sending notifications and requests;
— confirmation of the completeness of personal data provided by the User;
— concluding agreements with the User and making mutual settlements;
— collecting statistics;
— improving the quality of the Service, its ease of use and developing new services;
— conducting marketing (advertising) events, sending proposals, promoting services in the market
by making direct contacts with potential consumers.
2.5. The User is aware and agrees that, for the purposes provided for in the Personal Data Rules, the Operator has the right to:
— collect and use additional information related to the User, obtained during the User’s access to the Service or from third parties, and including data on technical means (including mobile devices) and methods of technological interaction with the Service (including the host IP address, the User’s operating system type, browser type, geographic location, provider data, etc.), on the User’s activity on the Service, Cookies, information on errors returned to Users, on downloaded files, videos, tools, as well as other data obtained by the methods established by the Personal Data Rules;
— manage statistical information related to the functioning of the Service, as well as information of Users for the purposes of organizing the functioning and technical support of the Service and fulfilling the terms of these Rules.
3. Terms of processing personal information.
3.1. The processing of the User's personal data is carried out within the timeframes specified in paragraph 3.5 of the PD Rules, by any legal means, including in personal data information systems, using automated means (in the form of electronic document images), except in cases where non-automated processing of personal data is necessary in connection with compliance with legal requirements. The processing of Users' personal data is carried out in accordance with the Law of the Republic of Uzbekistan dated 02.07.2019 No. ZRU-547 "On Personal Data".
3.2. The source of information regarding all personal data of the User is the Service User themselves. By completing any form and/or attaching a file during registration in the Application and while using the Service, the User thereby consents to the processing of their personal data for the purposes specified in Section 2 of the Personal Data Policy. The User confirms the rights and obligations regarding the account thus created.
3.3. The User's personal information remains confidential, except in cases where the User voluntarily makes their personal information publicly available to an unlimited number of people. By using the Service, the User agrees that certain portions of their personal information, as a result of their actions, become publicly available to other Users of the Service and Internet users and may be copied and/or distributed by such Users, subject to available privacy settings.
The following personal information of Users is publicly available: last name, first name, patronymic, telephone number, and passport series and number, masked (e.g., 65** 04***2). 3.4. The Operator takes the necessary organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, and other illegal actions by third parties.
3.5. The Operator stores information about the User for the period during which the User is granted access to the Service, as well as for three (3) months following the termination of such access for any reason. If the Operator receives a request from the User to revoke consent to the processing of personal data, the Operator will cease processing the User's personal data from the date specified in the request, but not earlier than the date following the date the Operator actually receives the revocation.
3.6. The Operator stores the personal data of the User and its employees. The User guarantees that it has obtained the consent of each of its employees to transfer their personal data to the Operator.
The Operator, as the processor of personal data on behalf of the User, is not required to obtain the consent of the User's employees to process their personal data. By unconditionally accepting the terms of these Rules, the User confirms that they have obtained prior consent from their employees to transfer their personal data to the Operator.
The User shall bear sole responsibility to the User's employees whose personal data is processed by the Operator on behalf of the User.
The Operator processes the personal data of the User's employees in full accordance with the provisions set out in these Rules.
3.7. The Operator processes personal data in the following ways: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of the User's personal data.
The storage of Users' Personal Data is carried out exclusively on electronic media and processed using automated systems, except in cases where non-automated processing of personal data is necessary in connection with compliance with legal requirements.
3.8. The Operator may transfer Users' personal data, including cross-border transfer to the territory of foreign states, subject to obtaining the User's consent and ensuring the necessary protection of the rights of personal data subjects, to the Operator's counterparties engaged by the Operator to provide services to maintain the proper technical condition, operability, and modification of the Service.
3.9. If the User does not consent to the Operator's processing of their personal data, including biometric data, the User must not publish this information or disclose this data when registering in the Application or using the Service. Once the User provides their personal data, including biometric data, when registering in the Application or using the Service, it will be available to the Operator and other users of the Service.
4. Obligations of the parties.
4.1. The User is obliged to:
— Provide correct information about personal data necessary for the purposes specified in Section 2 of the Personal Data Rules.
— Update and supplement the provided information regarding personal data in the event of changes to this information.
4.2. The operator is obliged to:
— Use the information received solely for the purposes specified in Section 2 of the Personal Data Rules.
— Ensure that confidential information is kept confidential.
— Take precautions to protect the confidentiality of the User's personal data in accordance with the procedure generally used to protect such information in existing business practices.
— Block personal data related to the relevant User, from the moment of the User's request or appeal, or of their legal representative, or of the authorized body for the protection of the rights of personal data subjects during the verification period, in the event of detection of inaccurate personal data or illegal actions.
4.3. When processing personal data, the Operator is obliged to take the necessary legal, organizational and technical measures to protect personal data from unauthorized, unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data, by:
— development and implementation of documents in the organization regulating work with personal data;
— restrictions and regulations on the composition of employees who have access to personal data;
— implementation of a permitting system for User access to information resources, software and hardware for processing and protecting information;
— implementation of anti-virus control, prevention of the introduction of malicious programs (virus programs) and software backdoors into the corporate network;
— detection of intrusions into the Operator’s corporate network that violate or create preconditions for the violation of established requirements for ensuring the security of personal data;
— backup of information.
4.4. When determining the volume and content of personal data processed, the Operator is guided by the Law of the Republic of Uzbekistan dated 02.07.2019 No. ЗРУ-547 "On Personal Data".
4.5. The Operator undertakes to ensure the prevention of unauthorized and inappropriate access to the personal data of the Service Users.
In this case, authorized and targeted access to the personal data of the Service Users will be considered to be access by persons authorized by the Operator within the framework of the objectives of the activities and subject matter of the Service.
5. Responsibility of the parties and dispute resolution.
5.1. The Operator, if it fails to fulfill its obligations, shall be liable to the User for direct actual damages in connection with the unlawful use of personal data in accordance with the legislation of the Republic of Uzbekistan.
5.2. In case of loss or disclosure of personal data, the Operator shall not be liable if this information:
— became publicly known prior to its loss or disclosure;
— was received from a third party prior to its receipt by the Operator;
— was disclosed with the consent of the User.
5.3. The current legislation of the Republic of Uzbekistan shall apply to the Personal Data Rules and the relationship between the User and the Operator.
Should any disputes or disagreements arise regarding the implementation of these Personal Data Rules, the User and the Operator will make every effort to resolve them through negotiations. If the disputes are not resolved through negotiations, they will be resolved in accordance with the procedures established by the current legislation of the Republic of Uzbekistan.
5.4. Before filing a claim in court regarding disputes arising from the relationship between the User and the Operator, it is mandatory to file a claim.
If no agreement is reached, the dispute will be referred to a judicial authority in accordance with the current legislation of the Republic of Uzbekistan.
6. Final provisions.
6.1. These Personal Data Rules are valid for an indefinite period, and with respect to the User's consent to the processing of personal data, they remain valid until the User revokes it by sending a corresponding notice to the Operator's email address or by written request to the Operator's legal address. The chosen method of communication must ensure that the Operator can reliably identify the person making the request. 6.2. These Personal Data Rules are an open and publicly accessible document and are located on the APPLICATION.ru website at: _________________.
6.3. The User may contact the Operator with a request to clarify, change, block, revoke, etc. their personal data by email at kelyanmedia@gmail.com.