Personal Data Processing Policy

  1. General provisions

This personal data processing policy defines the procedure for processing personal data and measures to ensure the security of personal data taken by MONEYFEST TURAN Limited Liability Company (hereinafter referred to as the Operator).

1.1. The Operator sets as its most important goal and condition for carrying out its activities the observance of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.

1.2. This policy of the Personal Data Processing Operator (hereinafter referred to as the Policy) applies to all information that the Operator may receive about visitors to the

mf-turan.uz

website.

  1. Basic concepts used in the Policy

2.1. Automated processing of personal data – processing of personal data using computer technology;

2.2. Blocking of personal data – temporary cessation of processing of personal data (except for cases when processing is necessary to clarify personal data);

2.3. Website – a set of graphic and information materials, as well as computer programs and databases that ensure their availability on the Internet at the network address mf-turan.uz.

2.4. Personal data information system – a set of personal data contained in databases and the information technologies and technical means that ensure their processing;

2.5. Depersonalization of personal data – actions as a result of which it is impossible to determine without the use of additional information the ownership of personal data by a specific User or another subject of personal data;

2.6. Personal data processing – any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;

2.7. Operator – a government agency, municipal agency, legal entity or individual that independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data;

2.8. Personal data – any information related directly or indirectly to a specific or determinable User of the

mf-turan.uz

website;

2.9. User – any visitor to the mf-turan.uz website;

2.10. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;

2.11. Dissemination of personal data – any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or familiarizing an unlimited number of persons with personal data, including disclosure of personal data in the media, posting in information and telecommunications networks or providing access to personal data in any other way;

2.12. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a government body of a foreign state, a foreign individual or a foreign legal entity;

2.13. Destruction of personal data – any actions as a result of which personal data are irrevocably destroyed with the impossibility of further restoration of the content of personal data in the personal data information system and (or) the destruction of tangible media of personal data.

  1. The Operator may process the following personal data of the User

3.1. Last name, first name, patronymic;

3.2. Phone numbers;

3.3. The website also collects and processes anonymized data about visitors (including cookies) using Internet statistics services (Yandex Metrica and Google Analytics and others).

3.4. The above data are further united by the general concept of Personal data in the text of the Policy.

  1. Purposes of personal data processing

4.1. The purpose of processing the User's personal data is to inform the User by sending emails.

4.2. The Operator also has the right to send the User notifications about new products and services, special offers and various events. The User can always refuse to receive informational messages by sending the Operator an email to finance.mf.uz1@gmail.com with the subject line "Refusal to receive notifications about new products and services and special offers".

4.3. Anonymized User data collected using Internet statistics services is used to collect information about the actions of Users on the site, improve the quality of the site and its content.

  1. Legal grounds for processing personal data

5.1. The Operator processes the User’s personal data only if the User fills it in and/or sends it independently through special forms located on the

mf-turan.uz

website. By filling in the relevant forms and/or sending their personal data to the Operator, the User expresses their consent to this Policy.

5.2. The Operator processes anonymized data about the User if this is permitted in the User's browser settings (the saving of cookies and the use of JavaScript technology are enabled).

  1. Procedure for collecting, storing, transferring and other types of processing personal data

6.1. When processing personal data, the Operator shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.

6.2. Ensuring the security of personal data is achieved, in particular, by the following:

- identifying threats to the security of personal data when processing them in personal data information systems;

- applying organizational and technical measures to ensure the security of personal data when processing them in personal data information systems necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Republic of Uzbekistan;

- using information security tools that have undergone the established procedure for assessing the conformity of information;

- assessing the effectiveness of measures taken to ensure the security of personal data before putting the personal data information system into operation;

- taking into account machine-readable media of personal data;

- detecting facts of unauthorized access to personal data and taking measures;

- restoration of personal data modified or destroyed due to unauthorized access to them;

- establishment of rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;

- control over the measures taken to ensure the security of personal data and the level of protection of personal data information systems.

6.3. In the event that inaccuracies are detected in personal data, the User can update them independently by sending the Operator a notification to the Operator’s e-mail address

finance.mf.uz1@gmail.com

with the subject line “Updating personal data”.

6.4. The period for processing personal data is unlimited. The User can revoke their consent to the processing of personal data at any time by sending the Operator a notification via e-mail to the Operator’s e-mail address

finance.mf.uz1@gmail.com

with the subject line “Revocation of consent to personal data processing”

6.5. Measures to ensure the security of personal data during their processing. When processing personal data, the Operator shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.

6.6. Ensuring the security of personal data is achieved, in particular, by the following:

- identifying threats to the security of personal data when processing them in personal data information systems;

- applying organizational and technical measures to ensure the security of personal data when processing them in personal data information systems, necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Republic of Uzbekistan;

- applying information security tools that have undergone the established procedure for assessing the conformity of information;

- assessing the effectiveness of measures taken to ensure the security of personal data before putting the personal data information system into operation;

- taking into account machine-readable media of personal data;

- detecting facts of unauthorized access to personal data and taking measures;

- restoring personal data modified or destroyed due to unauthorized access to them;

- establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;

- monitoring the measures taken to ensure the security of personal data and the level of protection of personal data information systems.

6.7. The Operator complies with PCI DSS requirements.

PCI DSS contains requirements for protecting cardholder data. They are mandatory and apply to all companies processing data from Visa, MasterCard, American Express, JCB, Mir and other payment systems. Compliance of the cloud infrastructure with PCI DSS requirements allows customers to use cloud services to process payment card data and confirms the high level of security provided by the Operator.

6.8. The Operator’s information security measures comply with international standards, in particular ISO/IEC 27000.

The Operator regularly assesses information security risks, selects competent personnel, etc.

  1. Cross-border transfer of personal data

7.1. Before commencing the cross-border transfer of personal data, the Operator shall ensure that the foreign state to whose territory the personal data is to be transferred ensures reliable protection of the rights of personal data subjects.

7.2. Cross-border transfer of personal data to the territory of foreign states that do not meet the above requirements may only be carried out if there is written consent from the personal data subject to the cross-border transfer of his/her personal data and/or execution of an agreement to which the personal data subject is a party.

  1. Final provisions

8.1. The User may obtain any clarifications on issues of interest regarding the processing of his/her personal data by contacting the Operator via e-mail at

finance.mf.uz1@gmail.com

8.2. This document will reflect any changes to the Operator’s personal data processing policy. The Policy is valid indefinitely until it is replaced by a new version.

8.3. The current version of the Policy is freely available on the Internet at

mf-turan.uz

website.

Limited Liability Company "MONEYFEST TURAN"

TIN: 312170598

Address: TASHKENT CITY, ALMAZAR DISTRICT, QICHQIRIQ MFY, QORA 59-A

E-mail:

finance.mf.uz1@gmail.com

 

 
brand_1
brand_10
brand_2
brand_3
brand_4
brand_5
brand_6
brand_7
brand_8
brand_9
brand_1
brand_10
brand_2
brand_3
brand_4
brand_5
brand_6
brand_7
brand_8
brand_9
brand_1
brand_10
brand_2
brand_3
brand_4
brand_5
brand_6
brand_7
brand_8
brand_9
brand_1
brand_10
brand_2
brand_3
brand_4
brand_5
brand_6
brand_7
brand_8
brand_9