Privacy policy

Privacy policy

1. General provisions

1.1. This Policy is carried out by the Organization «OOO LATMEDIA GROUP» (hereinafter referred to as the "Organization") in relation to the processing and protection of personal data of individuals (subjects of personal data) on the basis of Article 12. No. ZRU—547 of the Republic of Uzbekistan.

1.2. The Policy applies to all personal data (subjects) that can be obtained by the Organization in the course of its activities, including the Organization's customers.

1.3. The purpose of the Policy is to provide the persons providing their personal data with the necessary information to assess which personal data and for what purposes are processed by the Organization, which methods of ensuring their security are implemented.

1.4. The Policy ensures the protection of the rights and freedoms of subjects when processing their personal data with or without the use of automation tools, and also establishes the responsibility of persons with access to personal data for non-compliance with the requirements governing the processing and protection of personal data.

1.5. Clients, using the services and services of the Organization, having informed the Organization of their personal data, including through the mediation of third parties, acknowledge their consent to the processing of personal data in accordance with this Policy.

1.6. Consent to the processing of personal data may be revoked by the subject of personal data. If the personal data subject withdraws consent to the processing of personal data, the operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified by the current legislation or, otherwise, to refuse to provide the service, if the personal data is necessary for the provision of such a service.

1.7. This Policy may be changed by the Organization.

2. The concept and composition of personal data

2.1. For the purposes of this Policy, personal data means any information related directly or indirectly to a certain individual (subject of personal data).

2.2. Depending on the subject of personal data, the Organization may process personal data of the following categories of subjects in order to carry out its activities and fulfill its obligations:

personal data — information recorded on electronic, paper and (or) other material media relating to a specific individual or enabling his identification;

personal data subject (subject) — an individual to whom personal data relates;

personal data database — a database in the form of an information system containing personal data in its composition;

personal data processing is the implementation of one or a set of actions for the collection, systematization, storage, modification, addition, use, provision, dissemination, transfer, depersonalization and destruction of personal data;

personal data database operator (operator) — a state body, an individual and (or) a legal entity that processes personal data;

owner of the personal data database (owner) — a state body, an individual and (or) a legal entity that has the right to own, use and dispose of a database of personal data;

a third party is any person who is not a subject, owner and/or operator, but is connected with them by circumstances or relations related to the processing of personal data.

3. Grounds and purposes of personal data processing

3.1. The Organization processes personal data to carry out its activities, including providing services to Customers. The organization has the right to:

The processing of personal data is carried out in the following cases:

  • consent of the subject to the processing of this data;
  • the need to process this data in order to fulfill the contract to which the subject is a party, or to take measures at the request of the subject prior to the conclusion of such a contract;
  • the need to process this data in order to fulfill the obligations of the owner and (or) the operator defined by law;
  • the need to process this data to protect the legitimate interests of the subject or another person;
  • the need to process this data in order to exercise the rights and legitimate interests of the owner and (or) the operator or a third party or to achieve socially significant goals, provided that the rights and legitimate interests of personal data subjects are not violated;
  • processing of these data for statistical or other research purposes, subject to mandatory depersonalization of personal data;
  • if this data is obtained from publicly available sources.
  • If it is necessary to process personal data in order to protect the rights and legitimate interests of the subject, their processing is allowed without the consent of the latter until the moment when obtaining consent becomes possible.

3.2. The Organization may use the Client's personal data for the following purposes:

  • provision of services to the Client;
  • identification of the Client within the framework of contracts;
  • communication with the Client, if necessary, including sending offers, notifications, information and requests, both related and unrelated to the provision of services, as well as processing applications, requests and applications of the Client;
  • improving the quality of services provided by the Organization;
  • targeting of advertising materials;
  • conducting statistical and other research based on depersonalized data;

4. Terms of personal data processing

4.1. The terms of processing of personal data are determined based on the purposes of processing in the information systems of the Organization, in accordance with the term of the contract, agreement with the subject of personal data.

5. The circle of persons admitted to the processing of personal data

5.1. In order to achieve the objectives of Article 3 of this Policy, only those employees of the Organization who are assigned such a duty in accordance with their official (labor) duties are allowed to process personal data. Access of other employees may be granted only in cases stipulated by law. The organization requires its employees to respect the confidentiality and security of personal data when processing them.

5.2. The Organization has the right to transfer personal data to third parties in the following cases:

  • The subject of personal data has explicitly expressed his consent to such actions, including: when providing services to Clients, he has accepted the terms of the public offer agreement;
  • Передача предусмотрена узбекским или иным применимым законодательством в рамках установленной законодательством процедуры;
  • At the same time, the acquirer assumes all obligations to comply with the conditions for ensuring the security of personal data in accordance with the current legislation of the Republic of Uzbekistan and international agreements with respect to the data received by him.

6. Methods of personal data processing

6.1. In the process of providing services, when carrying out on-farm activities, the Organization uses automated and non-automated processing of personal data.

7. Implementation of personal data protection

7.1. The Organization's activity in processing personal data in information systems is inextricably linked with the Organization's protection of the confidentiality of the information received. All employees of the Organization are obliged to ensure the confidentiality of personal data, as well as other confidential information established by the Organization, if this does not contradict the current legislation of the Republic of Uzbekistan.

7.2. The security of personal data during their processing in the information systems of the Organization is ensured by the information security system.

7.3. The exchange of personal data during their processing in the personal data information system is carried out via secure communication channels.

7.4. When processing personal data in the Organization's personal data information system, the following are provided::

  • carrying out measures aimed at preventing unauthorized access to personal data and (or) transferring them to persons who do not have the right to access such information;
  • application of inter-network shielding;
  • physical protection of premises and technical means enabling the processing of personal data;
  • timely detection of unauthorized access to personal data;
  • prevention of physical impact on the technical means of automated workplaces, as a result of which their functioning may be disrupted;
  • the possibility of immediate recovery of personal data modified and destroyed due to unauthorized access to them;
  • constant anti-virus monitoring;
  • continuous analysis of personal data security;
  • using security attributes;
  • control of the integrity of the personal data processing software environment;
  • other means and measures in accordance with the current legislation.