1. General Provisions
This Privacy Policy has been developed in accordance with the requirements of the Law of the Republic of Uzbekistan dated July 2, 2019, No. ZRU-547 (hereinafter referred to as the “Personal Data Law”) and defines the procedures for processing personal data and the security measures implemented by LLC “MEBELSOFT” (hereinafter referred to as the “Operator”) to ensure the protection of personal data.
1.1. The Operator’s primary objective and a fundamental condition of its operations is the observance of human and civil rights and freedoms in the processing of personal data, including the protection of rights to privacy, personal and family secrets.
1.2. This Privacy Policy of the Operator regarding the processing of personal data (hereinafter referred to as the “Policy”) applies to all information that the Operator may obtain about visitors of the website
https://mebelsoft.uz.
2. Key Definitions Used in the Policy
2.1.
Automated processing of personal data – processing of personal data using computing equipment.
2.2.
Blocking of personal data – temporary suspension of personal data processing (except in cases where processing is necessary for clarifying the personal data).
2.3.
Website – a collection of graphic and informational materials, as well as computer programs and databases that ensure their availability on the internet at the network address
https://mebelsoft.uz.
2.4.
Personal data information system – a set of personal data contained in databases, along with the information technologies and technical means that support their processing.
2.5.
Anonymization of personal data – actions as a result of which it becomes impossible to identify the specific User or another data subject without using additional information.
2.6.
Processing of personal data – the implementation of one or a combination of actions such as collection, systematization, storage, modification, supplementation, use, disclosure, dissemination, transfer, anonymization, and destruction of personal data.
2.7.
Personal data operator (operator) – a state authority, individual, and/or legal entity carrying out the processing of personal data.
2.8.
Personal data – information relating to a specific individual or enabling their identification, recorded on electronic, paper, or any other physical medium.
2.9.
Personal data authorized by the data subject for dissemination – personal data for which the data subject has granted access to an unlimited circle of persons by providing consent for processing such data in accordance with the procedure established by the Personal Data Law (hereinafter referred to as “data authorized for dissemination”).
2.10.
User – any visitor of the website
https://mebelsoft.uz.
2.11.
Disclosure of personal data – actions aimed at revealing personal data to a specific person or a defined group of persons.
2.12.
Dissemination of personal data – any actions aimed at revealing personal data to an indefinite group of persons (transfer of personal data), or making personal data accessible to an unlimited group of persons, including publication in mass media, placement in information and telecommunications networks, or providing access to personal data by any other means.
2.13.
Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state, a foreign governmental authority, a foreign individual, or a foreign legal entity.
2.14.
Destruction of personal data – any actions resulting in the irreversible destruction of personal data, making it impossible to restore the content of personal data in the personal data information system and/or the destruction of physical media containing personal data.
3. Main Rights and Obligations of the Operator
3.1. The Operator has the right to:
– obtain accurate information and/or documents containing personal data from the data subject;
– continue processing personal data without the data subject’s consent in case of withdrawal of such consent, provided that legal grounds for processing exist as specified in the Personal Data Law;
– independently determine the composition and list of measures necessary and sufficient to fulfill the obligations established by the Personal Data Law and relevant regulatory legal acts adopted in accordance with it, unless otherwise stipulated by the Personal Data Law or other laws of the Republic of Uzbekistan.
3.2. The Operator is obliged to:
– provide the data subject, upon request, with information regarding the processing of their personal data;
– organize the processing of personal data in accordance with the current legislation of the Republic of Uzbekistan;
– respond to inquiries and requests from data subjects and their lawful representatives in compliance with the requirements of the Personal Data Law;
– provide the authorized body for the protection of data subjects’ rights with the necessary information within 30 days from the date of receiving a request from this body;
– publish or otherwise ensure unlimited access to this Privacy Policy regarding personal data processing;
– implement legal, organizational, and technical measures to protect personal data against unlawful or accidental access, destruction, modification, blocking, copying, disclosure, dissemination, as well as against any other unlawful actions involving personal data;
– cease the transfer (dissemination, disclosure, access) of personal data, discontinue processing, and destroy personal data in accordance with the procedures and cases specified by the Personal Data Law;
– fulfill other obligations established by the Personal Data Law.
4. Main Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right to:
– obtain information regarding the processing of their personal data, except in cases established by laws of the Republic of Uzbekistan. The information shall be provided by the Operator to the data subject in an accessible form and must not contain personal data relating to other data subjects, except where there are lawful grounds for disclosing such data. The list of information and the procedure for its receipt are defined by the Personal Data Law;
– require the Operator to clarify, block, or delete their personal data if the data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the declared processing purpose, as well as take legally prescribed measures to protect their rights;
– require prior consent for the processing of personal data for marketing purposes related to goods, works, or services;
– withdraw consent for the processing of personal data at any time;
– file a complaint with the authorized body for the protection of personal data subjects’ rights or initiate legal proceedings against unlawful actions or omissions by the Operator in connection with the processing of their personal data;
– exercise other rights granted by the legislation of the Republic of Uzbekistan.
4.2. Personal data subjects are obligated to:
– provide the Operator with accurate information about themselves;
– inform the Operator of any corrections (updates, changes) to their personal data.
4.3. Individuals who provide the Operator with false information about themselves or disclose personal data relating to another data subject without that person’s consent shall bear legal responsibility in accordance with the legislation of the Republic of Uzbekistan.
5. The Operator may process the following personal data of the User
5.1. Surname, first name, and patronymic.
5.2. Email address.
5.3. In addition, the website collects and processes anonymized data about visitors (including “cookie” files) using web analytics services (Yandex Metrica, Google Analytics, and others).
5.4. The above-listed data are collectively referred to as
Personal Data throughout this Policy.
5.5. The Operator does
not process special categories of personal data relating to race, ethnicity, political views, religious or philosophical beliefs, or intimate life.
5.6. Processing of personal data authorized for dissemination that belong to special categories specified in Part 1 of Article 10 of the Personal Data Law is permitted only if the restrictions and conditions established by Article 10.1 of the Personal Data Law are observed.
5.7. Consent from the User for the processing of personal data authorized for dissemination must be provided separately from other consents for processing their personal data. In this case, the conditions specified, in particular, in Article 10.1 of the Personal Data Law must be fulfilled. The requirements for the content of such consent are established by the authorized body for the protection of personal data subjects.
5.7.1 The User provides consent for the processing of personal data authorized for dissemination directly to the Operator.
5.7.2 The Operator is obliged to publish, within no later than three working days from the date of receiving such consent, information about the processing conditions, as well as about any restrictions and conditions regarding the processing of personal data authorized for dissemination by an unlimited circle of persons.
5.7.3 The transfer (dissemination, disclosure, access) of personal data authorized by the data subject for dissemination must be terminated at any time upon the data subject’s request. This request must include the data subject’s surname, first name, patronymic (if applicable), contact information (phone number, email address, or postal address), and a list of personal data whose processing must be ceased. The personal data listed in such a request may be processed only by the Operator to whom the request is addressed.
5.7.4 Consent for the processing of personal data authorized for dissemination ceases to be valid from the moment the Operator receives the request specified in Clause 5.7.3 of this Privacy Policy.
6. Principles of Personal Data Processing
6.1. Personal data processing is carried out in a lawful and fair manner.
6.2. Processing of personal data is limited to achieving specific, pre-defined, and legitimate purposes. Processing of personal data incompatible with the purposes for which they were collected is not permitted.
6.3. Merging databases containing personal data processed for mutually incompatible purposes is prohibited.
6.4. Only personal data that are relevant to the intended processing purposes are subject to processing.
6.5. The content and scope of the processed personal data must correspond to the declared processing purposes. Excessive personal data, relative to the declared processing purposes, must not be processed.
6.6. Personal data must be accurate, sufficient, and, where necessary, up to date in relation to the purposes of processing. The Operator takes, or ensures the taking of, all necessary measures to delete or correct incomplete or inaccurate data.
6.7. Personal data are stored in a form that allows identification of the data subject no longer than necessary for the processing purposes, unless a longer storage period is established by federal law, contract, or where the data subject is a party, beneficiary, or guarantor under the contract. Personal data are destroyed or anonymized upon achieving the processing purposes or when the necessity for processing ceases, unless otherwise required by federal law.
7. Purposes of Personal Data Processing
7.1. The purpose of processing User’s personal data:
– informing the User via electronic mail (email).
7.2. The Operator also has the right to send the User notifications regarding new products and services, special offers, and various events. The User may at any time opt out of receiving such messages by sending an email to
info@mebelsoft.uz with the subject line:
“Отказ от уведомлений о новых продуктах и услугах и специальных предложениях” (“Unsubscribe from notifications about new products, services, and special offers”).
7.3. Anonymized User data collected through web analytics services (such as Yandex Metrica and Google Analytics) are used to analyze User behavior on the website, improve website quality, and enhance its content.
8. Legal Grounds for Processing Personal Data
8.1. The legal grounds for the Operator’s processing of personal data are:
– the charter (founding) documents of the Operator;
– federal laws and other regulatory legal acts in the field of personal data protection;
– the User’s consent to the processing of their personal data, including consent to the processing of personal data authorized for dissemination.
8.2. The Operator processes the User’s personal data only if the User has voluntarily filled in and/or submitted them through special forms located on the website
https://mebelsoft.uz or sent to the Operator via email. By completing the relevant forms and/or sending their personal data to the Operator, the User explicitly expresses their agreement with this Privacy Policy.
8.3. The Operator processes anonymized data about the User in cases where this is permitted by the User’s browser settings (i.e., if cookies are enabled and JavaScript technology is allowed).
8.4. The personal data subject independently decides whether to provide their personal data and gives consent freely, of their own will, and in their own interest.
9. Conditions for Processing Personal Data
9.1. Personal data are processed with the consent of the data subject for the processing of their personal data.
9.2. Processing of personal data is necessary to achieve the purposes established by an international treaty of the Republic of Uzbekistan or by law, or to carry out functions, powers, and duties imposed on the Operator by the legislation of the Republic of Uzbekistan.
9.3. Processing of personal data is necessary for the administration of justice, enforcement of a court decision, or an act of another authority or official, which must be executed in accordance with the enforcement legislation of the Republic of Uzbekistan.
9.4. Processing of personal data is necessary for the performance of a contract to which the data subject is a party, or a beneficiary, or guarantor, as well as for concluding a contract initiated by the data subject or a contract under which the data subject will be a beneficiary or guarantor.
9.5. Processing of personal data is necessary to exercise the rights and legitimate interests of the Operator or third parties, or to achieve socially significant purposes, provided that the rights and freedoms of the data subject are not violated.
9.6. Processing is carried out for personal data to which an unlimited circle of persons has been granted access by the data subject or at their request (hereinafter referred to as “publicly available personal data”).
9.7. Processing is carried out for personal data that are subject to publication or mandatory disclosure in accordance with the law of the Republic of Uzbekistan.
10. Procedure for Collection, Storage, Transfer, and Other Types of Processing of Personal Data
The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary to fully comply with the requirements of current legislation on personal data protection.
10.1. The Operator ensures the confidentiality of personal data and takes all possible measures to prevent unauthorized access to them.
10.2. The User’s personal data will never be disclosed to third parties under any circumstances, except in cases stipulated by applicable law or if the data subject has provided written consent to the Operator for transferring data to a third party to fulfill obligations under a civil law contract.
10.3. If any inaccuracies in personal data are detected, the User may update them independently by sending a notification to the Operator’s email address
info@mebelsoft.uz with the subject line: “Update of Personal Data”.
10.4. The processing period for personal data is determined by the achievement of the purposes for which the data were collected, unless otherwise specified by a contract or applicable law. The User may withdraw their consent to the processing of personal data at any time by sending a notice via email to the Operator at
info@mebelsoft.uz with the subject line: “Withdrawal of Consent to Personal Data Processing”.
10.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by these parties (operators) in accordance with their Terms of Service and Privacy Policy. The data subject and/or User is responsible for independently reviewing these documents in a timely manner. The Operator is not liable for the actions of third parties, including the service providers mentioned in this clause.
10.6. Restrictions established by the data subject on the transfer (except granting access), processing, or conditions of processing (except granting access) of personal data authorized for dissemination do not apply in cases of processing carried out in the state, public, or other public interests as defined by the legislation of the Republic of Uzbekistan.
10.7. The Operator ensures the confidentiality of personal data during processing.
10.8. The Operator stores personal data in a form that allows identification of the data subject no longer than necessary for the processing purposes, unless a longer storage period is established by federal law, contract, or where the data subject is a party, beneficiary, or guarantor under the contract.
10.9. Processing of personal data may be terminated upon achieving the processing purposes, expiration of the consent term, withdrawal of consent by the data subject, or upon detection of unlawful processing of personal data.
11. List of Actions Performed by the Operator with Personal Data
11.1. The Operator carries out the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, disclosure, access), anonymization, blocking, deletion, and destruction of personal data.
11.2. The Operator performs automated processing of personal data with the receipt of and/or transmission of such data via information and telecommunications networks or without them.
12. Cross-Border Transfer of Personal Data
12.1. Before initiating a cross-border transfer of personal data, the Operator must ensure that the foreign country to which the data are to be transferred provides reliable protection of personal data subjects’ rights.
12.2. Cross-border transfer of personal data to countries that do not meet the above requirements may be carried out only if the data subject has provided written consent for the cross-border transfer of their personal data and/or when fulfilling a contract to which the data subject is a party.
13. Confidentiality of Personal Data
The Operator and any other persons who have obtained access to personal data are obligated not to disclose or disseminate such data to third parties without the data subject’s consent, unless otherwise permitted by applicable law.
14. Final Provisions
14.1. The User may obtain any clarifications regarding questions about the processing of their personal data by contacting the Operator via email at
info@mebelsoft.uz.
14.2. Any changes to the Operator’s personal data processing policy will be reflected in this document. This Policy remains in effect indefinitely until it is replaced by a new version.
14.3. The current version of the Policy is freely available online at:
https://mebelsoft.uz/en/policy/.