Privacy Policy
1. General Provisions
This personal data processing policy is drafted in accordance with the Law of the Republic of Uzbekistan dated July 2, 2019, No. ZRU-547 "On Personal Data" (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data implemented by LLC "BESH ARCHA" (Republic of Uzbekistan) (hereinafter referred to as the Operator).
1.1. The Operator considers compliance with the rights and freedoms of individuals and citizens in the processing of their personal data, including the protection of the right to privacy, personal and family secrets, as its most important objective and condition for carrying out its activities.
1.2. This Operator's personal data processing policy (hereinafter referred to as the Policy) applies to all information the Operator may receive about visitors to the besharcha.uz website.
2. Basic Terms Used in the Policy
2.1. Automated processing of personal data — processing of personal data using computer technology.
2.2. Blocking of personal data — temporary suspension of personal data processing (except in cases where processing is necessary to clarify personal data).
2.3. Website — a set of graphical and informational materials, as well as computer programs and databases that ensure their availability on the internet at the network address besharcha.uz.
2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical tools that process them.
2.5. Depersonalization of personal data — actions that make it impossible to determine the ownership of personal data to a specific User or another data subject without the use of additional information.
2.6. Processing of personal data — any action (operation) or a set of actions (operations) performed with or without the use of automated means on personal data, including collection, recording, systematization, accumulation, storage, clarification (update, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator — a state authority, municipal authority, legal entity, or individual that organizes and/or carries out personal data processing, determines the purposes for processing personal data, the scope of personal data to be processed, and the actions (operations) performed on personal data, either independently or jointly with others.
2.8. Personal data — any information directly or indirectly related to a specific or identifiable User of the besharcha.uz website.
2.9. Personal data authorized by the data subject for dissemination — personal data made publicly available by the data subject through consent for processing and dissemination as stipulated by the Personal Data Law.
2.10. User — any visitor to the besharcha.uz website.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific circle of persons.
2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or making personal data available to an indefinite circle of persons, including publicizing personal data in the media, posting in information and telecommunications networks, or providing access to personal data by any other means.
2.13. Cross-border transfer of personal data — the transfer of personal data to the territory of a foreign state to a foreign government authority, a foreign natural person, or a foreign legal entity.
2.14. Destruction of personal data — any actions resulting in the irreversible destruction of personal data with the impossibility of further restoration in the personal data information system and/or destruction of the material carriers of personal data.
3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:
4.1. Personal data subjects have the right to:
5. Principles of Personal Data Processing
5.1. Personal data processing is carried out on a lawful and fair basis.
5.2. The processing of personal data is limited to achieving specific, pre-determined, and lawful purposes. Processing of personal data incompatible with the purposes of data collection is not permitted.
5.3. It is prohibited to combine databases containing personal data that are processed for purposes incompatible with each other.
5.4. Only personal data that meets the purposes of processing is subject to processing.
5.5. The content and scope of processed personal data must correspond to the stated purposes of processing. The processed personal data must not be excessive in relation to the stated purposes of their processing.
5.6. The accuracy, sufficiency, and relevance of personal data to the purposes of processing must be ensured. The Operator takes necessary measures to delete or clarify incomplete or inaccurate data.
5.7. Personal data is stored in a form that allows identifying the personal data subject for no longer than required by the purposes of processing, unless a longer retention period is established by federal law or a contract. Personal data is destroyed or anonymized upon achieving the purposes of processing or if the need to achieve these purposes is lost, unless otherwise provided by federal law.
6. Purposes of Personal Data Processing
Purpose of processing:
7.1. The processing of personal data is carried out with the consent of the personal data subject.
7.2. The processing of personal data is necessary to achieve the goals provided for by an international treaty or law, for the implementation of functions, powers, and duties imposed by the legislation of the Russian Federation on the Operator.
7.3. The processing of personal data is necessary for the administration of justice or the execution of a judicial act or act of another body or official subject to execution under the legislation of the Russian Federation on enforcement proceedings.
7.4. The processing of personal data is necessary for the execution of a contract to which the personal data subject is a party, beneficiary, or guarantor, or for concluding a contract on the initiative of the personal data subject.
7.5. The processing of personal data is necessary to protect the rights and legitimate interests of the Operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated.
7.6. Processing is carried out for publicly available personal data provided by the personal data subject.
7.7. Processing is carried out for personal data subject to publication or mandatory disclosure under federal law.
8. Procedure for Collecting, Storing, Transferring, and Other Types of Personal Data Processing
The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary to fully comply with the requirements of applicable legislation in the field of personal data protection.
8.1. The Operator ensures the confidentiality of personal data and takes all possible measures to prevent unauthorized access to personal data by third parties.
8.2. Personal data of the User will never, under any circumstances, be disclosed to third parties, except in cases related to the execution of applicable legislation or when the User has given consent to transfer the data to a third party to fulfill contractual obligations.
8.3. In case of inaccuracies in personal data, the User can update the data independently by sending a notification to the Operator's email address at info@besharcha.uz with the subject line "Updating Personal Data."
8.4. The duration of personal data processing is determined by achieving the purposes for which the data was collected unless a different period is stipulated by contract or applicable legislation. The User can withdraw their consent to personal data processing at any time by sending a notification to the Operator via email at info@besharcha.uz with the subject line "Withdrawal of Consent to Personal Data Processing."
8.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by these parties in accordance with their User Agreement and Privacy Policy. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this paragraph.
8.6. Restrictions established by the personal data subject on the transfer (other than granting access) and processing or conditions for processing personal data made publicly available do not apply in cases of processing personal data in state, public, and other public interests as defined by Russian Federation law.
8.7. The Operator ensures the confidentiality of personal data during its processing.
8.8. The Operator stores personal data in a form that allows identifying the personal data subject no longer than the purposes of processing require unless a longer storage period is required by federal law or contract.
8.9. Personal data processing is terminated when the purposes of processing are achieved, the consent of the personal data subject expires, the consent is withdrawn by the data subject, or unlawful processing of personal data is identified.
9. List of Actions Performed by the Operator with Received Personal Data
9.1. The Operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction.
9.2. The Operator performs automated processing of personal data with or without the transfer of received information via information and telecommunications networks.
10. Cross-border Transfer of Personal Data
10.1. Before commencing cross-border transfer of personal data, the Operator must notify the authorized body for the protection of personal data subjects' rights about its intention to carry out the transfer (this notification is submitted separately from the notification of the intention to process personal data).
10.2. Before submitting the above notification, the Operator must obtain relevant information from foreign state authorities, foreign individuals, or foreign legal entities to which the personal data is planned to be transferred.
11. Confidentiality of Personal Data
The Operator and other persons who have gained access to personal data are obliged not to disclose or disseminate personal data to third parties without the consent of the personal data subject unless otherwise provided by federal law.
12. Final Provisions
12.1. The User may obtain any clarifications on questions of interest regarding the processing of their personal data by contacting the Operator via email at info@besharcha.uz.
12.2. This document will reflect any changes in the personal data processing policy of the Operator. The policy is valid indefinitely until replaced by a new version.
12.3. The current version of the Policy is freely available on the internet at besharcha.uz/privacy.
This personal data processing policy is drafted in accordance with the Law of the Republic of Uzbekistan dated July 2, 2019, No. ZRU-547 "On Personal Data" (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data implemented by LLC "BESH ARCHA" (Republic of Uzbekistan) (hereinafter referred to as the Operator).
1.1. The Operator considers compliance with the rights and freedoms of individuals and citizens in the processing of their personal data, including the protection of the right to privacy, personal and family secrets, as its most important objective and condition for carrying out its activities.
1.2. This Operator's personal data processing policy (hereinafter referred to as the Policy) applies to all information the Operator may receive about visitors to the besharcha.uz website.
2. Basic Terms Used in the Policy
2.1. Automated processing of personal data — processing of personal data using computer technology.
2.2. Blocking of personal data — temporary suspension of personal data processing (except in cases where processing is necessary to clarify personal data).
2.3. Website — a set of graphical and informational materials, as well as computer programs and databases that ensure their availability on the internet at the network address besharcha.uz.
2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical tools that process them.
2.5. Depersonalization of personal data — actions that make it impossible to determine the ownership of personal data to a specific User or another data subject without the use of additional information.
2.6. Processing of personal data — any action (operation) or a set of actions (operations) performed with or without the use of automated means on personal data, including collection, recording, systematization, accumulation, storage, clarification (update, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator — a state authority, municipal authority, legal entity, or individual that organizes and/or carries out personal data processing, determines the purposes for processing personal data, the scope of personal data to be processed, and the actions (operations) performed on personal data, either independently or jointly with others.
2.8. Personal data — any information directly or indirectly related to a specific or identifiable User of the besharcha.uz website.
2.9. Personal data authorized by the data subject for dissemination — personal data made publicly available by the data subject through consent for processing and dissemination as stipulated by the Personal Data Law.
2.10. User — any visitor to the besharcha.uz website.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific circle of persons.
2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or making personal data available to an indefinite circle of persons, including publicizing personal data in the media, posting in information and telecommunications networks, or providing access to personal data by any other means.
2.13. Cross-border transfer of personal data — the transfer of personal data to the territory of a foreign state to a foreign government authority, a foreign natural person, or a foreign legal entity.
2.14. Destruction of personal data — any actions resulting in the irreversible destruction of personal data with the impossibility of further restoration in the personal data information system and/or destruction of the material carriers of personal data.
3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:
- Obtain accurate information and/or documents containing personal data from the data subject;
- Continue processing personal data without the consent of the data subject in cases specified by the Personal Data Law, including when the data subject withdraws consent;
- Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations under the Personal Data Law and related regulations, unless otherwise provided by law.
- Provide the data subject with information concerning the processing of their personal data upon request;
- Organize the processing of personal data in accordance with applicable legislation;
- Respond to inquiries and requests from data subjects or their legal representatives;
- Inform the authorized body for personal data protection upon request within 10 days;
- Publish or otherwise provide unrestricted access to this Policy;
- Take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination, and other unlawful actions;
- Cease the transmission or processing of personal data and destroy personal data as required by the Personal Data Law;
- Fulfill other obligations as stipulated by the Personal Data Law.
4.1. Personal data subjects have the right to:
- Obtain information related to the processing of their personal data, except in cases stipulated by federal laws. The information is provided by the Operator in an accessible form and must not include personal data related to other subjects unless there is a lawful basis for disclosing such data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
- Request the Operator to clarify, block, or destroy their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights;
- Require prior consent for the processing of their personal data for the promotion of goods, works, and services;
- Withdraw their consent to personal data processing and request the termination of processing;
- Appeal against unlawful actions or inaction of the Operator in the processing of their personal data to the authorized body for the protection of personal data subjects' rights or in court;
- Exercise other rights provided for by the legislation of the Russian Federation.
- Provide the Operator with accurate data about themselves;
- Notify the Operator of any updates (changes) to their personal data.
5. Principles of Personal Data Processing
5.1. Personal data processing is carried out on a lawful and fair basis.
5.2. The processing of personal data is limited to achieving specific, pre-determined, and lawful purposes. Processing of personal data incompatible with the purposes of data collection is not permitted.
5.3. It is prohibited to combine databases containing personal data that are processed for purposes incompatible with each other.
5.4. Only personal data that meets the purposes of processing is subject to processing.
5.5. The content and scope of processed personal data must correspond to the stated purposes of processing. The processed personal data must not be excessive in relation to the stated purposes of their processing.
5.6. The accuracy, sufficiency, and relevance of personal data to the purposes of processing must be ensured. The Operator takes necessary measures to delete or clarify incomplete or inaccurate data.
5.7. Personal data is stored in a form that allows identifying the personal data subject for no longer than required by the purposes of processing, unless a longer retention period is established by federal law or a contract. Personal data is destroyed or anonymized upon achieving the purposes of processing or if the need to achieve these purposes is lost, unless otherwise provided by federal law.
6. Purposes of Personal Data Processing
Purpose of processing:
- Informing the User by sending emails.
- Full name;
- Email address;
- Phone numbers.
- Federal Law "On Information, Information Technologies, and Information Protection" dated July 27, 2006, No. 149-FZ.
- Transfer of personal data.
7.1. The processing of personal data is carried out with the consent of the personal data subject.
7.2. The processing of personal data is necessary to achieve the goals provided for by an international treaty or law, for the implementation of functions, powers, and duties imposed by the legislation of the Russian Federation on the Operator.
7.3. The processing of personal data is necessary for the administration of justice or the execution of a judicial act or act of another body or official subject to execution under the legislation of the Russian Federation on enforcement proceedings.
7.4. The processing of personal data is necessary for the execution of a contract to which the personal data subject is a party, beneficiary, or guarantor, or for concluding a contract on the initiative of the personal data subject.
7.5. The processing of personal data is necessary to protect the rights and legitimate interests of the Operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated.
7.6. Processing is carried out for publicly available personal data provided by the personal data subject.
7.7. Processing is carried out for personal data subject to publication or mandatory disclosure under federal law.
8. Procedure for Collecting, Storing, Transferring, and Other Types of Personal Data Processing
The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary to fully comply with the requirements of applicable legislation in the field of personal data protection.
8.1. The Operator ensures the confidentiality of personal data and takes all possible measures to prevent unauthorized access to personal data by third parties.
8.2. Personal data of the User will never, under any circumstances, be disclosed to third parties, except in cases related to the execution of applicable legislation or when the User has given consent to transfer the data to a third party to fulfill contractual obligations.
8.3. In case of inaccuracies in personal data, the User can update the data independently by sending a notification to the Operator's email address at info@besharcha.uz with the subject line "Updating Personal Data."
8.4. The duration of personal data processing is determined by achieving the purposes for which the data was collected unless a different period is stipulated by contract or applicable legislation. The User can withdraw their consent to personal data processing at any time by sending a notification to the Operator via email at info@besharcha.uz with the subject line "Withdrawal of Consent to Personal Data Processing."
8.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by these parties in accordance with their User Agreement and Privacy Policy. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this paragraph.
8.6. Restrictions established by the personal data subject on the transfer (other than granting access) and processing or conditions for processing personal data made publicly available do not apply in cases of processing personal data in state, public, and other public interests as defined by Russian Federation law.
8.7. The Operator ensures the confidentiality of personal data during its processing.
8.8. The Operator stores personal data in a form that allows identifying the personal data subject no longer than the purposes of processing require unless a longer storage period is required by federal law or contract.
8.9. Personal data processing is terminated when the purposes of processing are achieved, the consent of the personal data subject expires, the consent is withdrawn by the data subject, or unlawful processing of personal data is identified.
9. List of Actions Performed by the Operator with Received Personal Data
9.1. The Operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction.
9.2. The Operator performs automated processing of personal data with or without the transfer of received information via information and telecommunications networks.
10. Cross-border Transfer of Personal Data
10.1. Before commencing cross-border transfer of personal data, the Operator must notify the authorized body for the protection of personal data subjects' rights about its intention to carry out the transfer (this notification is submitted separately from the notification of the intention to process personal data).
10.2. Before submitting the above notification, the Operator must obtain relevant information from foreign state authorities, foreign individuals, or foreign legal entities to which the personal data is planned to be transferred.
11. Confidentiality of Personal Data
The Operator and other persons who have gained access to personal data are obliged not to disclose or disseminate personal data to third parties without the consent of the personal data subject unless otherwise provided by federal law.
12. Final Provisions
12.1. The User may obtain any clarifications on questions of interest regarding the processing of their personal data by contacting the Operator via email at info@besharcha.uz.
12.2. This document will reflect any changes in the personal data processing policy of the Operator. The policy is valid indefinitely until replaced by a new version.
12.3. The current version of the Policy is freely available on the internet at besharcha.uz/privacy.