Get EDS

Privacy Policy for Personal Information

1. General Provisions

1.1. This Policy regarding the processing of personal data (hereinafter referred to as the "Privacy Policy") is prepared in accordance with the Laws of the Republic of Uzbekistan "On Personal Data", "On Principles and Guarantees of Freedom of Information", and "On Informatization". It defines the position of LLC "RealSoft" (hereinafter referred to as the "Company") in the field of processing and protecting personal data (hereinafter referred to as the "Data"), ensuring the rights and freedoms of each individual, particularly the right to privacy within the information system "RS-IMZO" (hereinafter referred to as the Information System).

2. Scope of the Privacy Policy

2.1. This Policy applies to Data obtained both before and after the implementation of this Policy. 2.2. Recognizing the importance and significance of the Data, as well as ensuring compliance with the constitutional rights of citizens of the Republic of Uzbekistan and citizens of other states, the Company provides reliable protection of the Data.

3. Terms and Definitions

3.1. Personal data is information recorded on electronic, paper, and/or other material media relating to a specific individual or enabling their identification.

This also includes any information relating directly or indirectly to an identified or identifiable individual (citizen), including: full name, year, month, date, and place of birth, address, information about family, social, property status, education, profession, income, phone number, email address for communication, information about job candidates provided by such candidates when filling out forms, including information contained in a candidate's resume, and other information.

3.2. The subject of personal data (subject) means a natural person to whom the personal data relates.

3.3. Processing of personal data means the implementation of one or a combination of actions involving the collection, systematization, storage, modification, supplementation, use, provision, distribution, transmission, depersonalization, and destruction of personal data.

This also includes any action (operation) or combination of actions (operations) with Data performed using automation tools and/or without using such tools. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.

3.4. Data security means the protection of Data from unauthorized and/or unauthorized access to them, destruction, alteration, blocking, copying, provision, distribution of Data, as well as from other unauthorized actions concerning Data.

4. Legal grounds and purposes of processing personal data

4.1. Processing and ensuring the security of Data in the Information System are carried out in accordance with the requirements of the Constitution, Laws, Labor Code of the Republic of Uzbekistan, subordinate legislation, other laws of the Republic of Uzbekistan governing cases and features of data processing, guiding and methodological documents of relevant authorities of the Republic of Uzbekistan.

4.2. The Information System processes Data of subjects for the purpose of performing functions, powers, and obligations imposed on the Company by the legislation of the Republic of Uzbekistan, including, but not limited to, the Civil Code, Tax Code, Labor Code, Family Code, and other laws of the Republic of Uzbekistan, as well as Data operators, the charter, and local acts of the Company.

4.3. Representatives of legal entities - counterparts of the Company for the purpose of conducting negotiations, concluding and executing contracts, under which the Data of employees of such legal entity are provided for the purpose of fulfilling the contract for various areas of the Company's economic activities.

4.4. By filling out the appropriate forms and/or submitting their personal data to the information system, the User expresses their consent to the Personal Data Processing Policy.

4.5. The subject of personal data independently decides to provide their personal data and gives consent freely, by their own will, and in their own interest.

5. Principles and Conditions of Data Processing

5.1 When processing Data, the Information System adheres to the following principles:

  • Respect for constitutional rights and freedoms of individuals;
  • Legality of purposes and methods of personal data processing;
  • Accuracy and reliability of personal data;
  • Confidentiality and security of personal data;
  • Equality of rights of subjects, owners, and operators;
  • Security of individual, society, and state.

6. Conditions for Processing Personal Data

6.1. Processing of personal data must be carried out in accordance with the above basic principles.

6.2. Processing of personal data is carried out in the following cases:

  • Consent of the subject to the processing of such data;
  • Necessity of processing such data to perform a contract to which the subject is a party or to take measures at the request of the subject prior to entering into such a contract;
  • Necessity of processing such data to fulfill the obligations of society defined by legislation;
  • Necessity of processing such data to protect the legitimate interests of the subject or another person;
  • Necessity of processing such data to pursue the rights and legitimate interests of society or a third party, or to achieve socially significant goals provided that the rights and legitimate interests of data subjects are not violated;
  • Processing of such data for statistical or other research purposes with mandatory anonymization of personal data;
  • If such data is obtained from publicly available sources.
  • When it is necessary to process personal data to protect the rights and legitimate interests of the subject, such processing is allowed without the consent of the subject until consent becomes possible.

7. Rights and Responsibilities of Data Subjects and Society in Data Processing

7.1. The subject whose data is processed by the Information System has the right to receive from the Information System:

  • Confirmation of the fact of data processing and information on the presence of data relating to the respective data subject;
  • Information on the legal grounds and purposes of data processing;
  • Information on the methods of data processing applied by the Information System;
  • Information on the name and location of the society;
  • Information on persons (excluding society employees) who have access to the data or to whom the data may be disclosed on the basis of a contract with society or on the basis of legislative acts;
  • A list of processed data relating to the data subject and information about the source of their receipt, unless otherwise provided by legislative acts;
  • Information on the periods of data processing, including the periods of their storage;
  • Information on the procedure for exercising rights by the data subject provided by legislative acts;
  • Name (full name) of the person processing data in the Information System;
  • Other information provided by law or other regulatory legal acts of the Republic of Uzbekistan;
  • To demand that society clarify their data, block or destroy it if the data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing;
  • Withdraw their consent to the processing of data at any time;
  • Demand the elimination of illegal actions of society regarding their data;

7.2. During the processing of data, the Information System is obliged to:

  • Provide the data subject, upon request, with information regarding the processing of their personal data, or to lawfully refuse within the time period established by legislation from the date of receipt of the data subject's or their representative's request;
  • Explain to the data subject the legal consequences of refusing to provide data if providing such data is mandatory under the law;
  • Before processing data (if the data is not obtained from the data subject), provide the data subject with the following information, except as provided by the legislation of the Republic of Uzbekistan:
  • The name or surname, name, patronymic and address of the society or its representative;
  • The purpose of data processing and its legal basis;
  • Intended data users;
  • Rights of data subjects established by law;
  • The source of data receipt.

Take necessary legal, organizational, and technical measures or ensure their adoption to protect data from unauthorized or accidental access to it, destruction, alteration, blocking, copying, provision, distribution of data, as well as from other illegal actions with data;

Publish on the Internet and ensure unlimited access using the Internet to a document defining its data processing policy, information about the requirements for data protection being implemented;

May have other obligations provided by law.

8. Data Protection Requirements

8.1. When processing data, the Information System takes necessary legal, organizational, and technical measures to protect data from unauthorized and/or unauthorized access to it, destruction, alteration, blocking, copying, provision, distribution of data, as well as other illegal actions regarding data.

8.2. Among such measures are:

  • Appointment of a person responsible for organizing data processing and a person responsible for data security;
  • Development and approval of local acts on data processing and protection issues.

Application of legal, organizational, and technical measures to ensure data security:

  • Identification of threats to data security during their processing in personal data information systems;
  • Application of organizational and technical measures to ensure data security during their processing in personal data information systems, necessary to meet the requirements for data protection, compliance with which ensures the levels of data security established by the Legislation and Government of the Republic of Uzbekistan;
  • Application of procedures for assessing the compliance of information security means in the established order;
  • Evaluation of the effectiveness of measures taken to ensure data security before putting personal data information systems into operation;
  • Accounting for data carriers if data storage is carried out on data carriers;
  • Detection of facts of unauthorized access to data and taking measures to prevent such incidents in the future;
  • Restoration of data modified or destroyed due to unauthorized access to them;
  • Establishment of rules for access to data processed in personal data information systems, as well as ensuring the registration and logging of all actions performed with data in personal data information systems.

Monitoring the measures taken to ensure data security and the level of protection of personal data information systems;

  • Assessment of the harm that may be caused to data subjects in case of violation of the Law's requirements, the ratio of such harm and measures taken by the Enterprise aimed at ensuring compliance with legal obligations;
  • Compliance with conditions excluding unauthorized access to physical data carriers and ensuring data integrity.

9. Data Processing (Storage) Periods

9.1. The periods for processing (storage) of data are determined based on the purposes of data processing, in accordance with the term of the contract with the data subject, legislative requirements, requirements of data operators for whom the company processes data, main rules of organization archives operation, and limitation periods.

9.2. Data whose processing (storage) period has expired must be destroyed, unless otherwise provided by legislation. Storage of data after the termination of their processing is allowed only after their anonymization.

9.3. Along with this, personal data must be destroyed by the company and third parties:

  • Upon achieving the purpose of processing personal data;
  • Upon withdrawal of consent by the data subject to the processing of personal data;
  • Upon expiration of the processing period of personal data determined by the consent of the data subject;
  • Upon entry into force of a court decision.

10. Procedure for Obtaining Clarifications on Data Processing Issues

10.1. Individuals whose data is processed by the Information System may obtain clarifications regarding the processing of their data by personally contacting the Enterprise or by sending a corresponding written request to info@realsoft.uz.

10.2. When submitting an official request to the company, the following must be specified in the request:

  • Full name of the data subject or their representative;
  • Number of the main identity document of the data subject or their representative, information on the date of issue of the specified document and the issuing authority;
  • Information confirming the existence of relations between the data subject and the Enterprise;
  • Contact information for feedback in order for the Enterprise to respond to the request;
  • Signature of the data subject (or their representative). If the request is sent electronically, it must be in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Republic of Uzbekistan.

11. Special Conditions for Processing Personal Data of Citizens of the Republic of Uzbekistan

11.1. When processing personal data of citizens of the Republic of Uzbekistan using information technologies, including on the World Wide Web, the Information System must ensure their collection, systematization, and storage in databases of personal data on technical means physically located on the territory of the Republic of Uzbekistan and registered in the State Register of Databases of Personal Data.

12. Confidentiality of Personal Data

12.1. Confidentiality of personal data requires the owner and the Enterprise or any other entity that has access to personal data to comply with the requirement of non-disclosure and dissemination of such data without the consent of the data subject or other lawful basis.

12.2. The Enterprise and other entities having access to personal data are obliged not to disclose or distribute personal data without the consent of the data subject.

13. Final Provisions

13.1. This Policy is a local regulatory act of the Enterprise.

13.2. This Policy is publicly accessible. Public accessibility of this Policy is ensured by its publication on a comprehensive information system.

13.3. This Policy may be revised in any of the following cases:

  • Changes in the legislation of the Republic of Uzbekistan in the field of personal data processing and protection;
  • Receipt of prescriptions from competent state authorities to eliminate discrepancies affecting the scope of the Policy;
  • Decision of the Enterprise's management;
  • Changes in the purposes and terms of data processing;
  • Changes in the organizational structure, structure of information and/or telecommunication systems (or introduction of new ones);
  • Application of new technologies for data processing and protection (including transmission, storage);
  • Need for changes in the data processing process related to the activities of the Enterprise.

13.4. Failure to comply with the provisions of this Policy by the Enterprise and its relevant employees entails liability in accordance with the current legislation of the Republic of Uzbekistan.

13.5. Compliance with the requirements of this Policy is monitored by persons responsible for organizing data processing of the Information System and for the security of personal data.

13.6. Any matters not provided for in this document are regulated by relevant legal acts of the Republic of Uzbekistan.

14. Feedback

14.1. Questions or comments regarding the Policy can be directed to the email address: info@realsoft.uz.

15. Policy Changes

15.1. The Enterprise reserves the right to make changes to the Policy. The Data Subject, demonstrating due diligence and prudence, agrees to review the Policy each time they use the Website (kasbiy-talim.uz) or enter into a new service agreement.

15.2. The new version of the Policy comes into effect upon its publication in the relevant section of the Information System. Continuing to use the Information System or its services after the publication of the new version of the Policy signifies full and unconditional acceptance of the Policy and its terms by the Data Subject. In case of disagreement with the terms of the Policy, the Data Subject must immediately cease using the Website.

"REALSOFT" LLC
Address: Tashkent city, Yunusabad district, Kichik halqa yoli, M.Ulugbek avenue, 38
Bank: AKB "Asia Alliance" Shaykhontokhur branch
MFO: 01095
Account number: 20208000000510463001
Tax ID (INN): 303465075
Phone: (998 71) 205 84 84, (998 99) 211 84 84
OKED: 62010
Email: info@realsoft.uz