Privacy Policy

1. General Provisions

1.1. This Policy for the processing of personal data of the Limited Liability Company "UNIVERSE GROUP" (hereinafter referred to as the "Policy") is drawn up in accordance with the requirements of the legislation of the Republic of Uzbekistan, including the Law of the Republic of Uzbekistan "On Personal Data" No. ZRU-547 dated 07/02/2019. (hereinafter referred to as the “Law”), and determines the procedure for processing and protecting personal data by the Limited Liability Company “UNIVERSE GROUP” (hereinafter referred to as the “Company”).
1.2. The purpose of the Policy is to respect the rights and freedoms of man and citizen when processing his personal data, including the rights to privacy, personal and family secrets.
1.3. This Policy applies to the main issues related to the processing of personal data by the Company, as well as interactions between the Company, Users and third parties arising in the process of processing personal data.

2. Basic concepts used in the Policy and the composition of personal data

2.1. This Policy uses the following basic concepts:
2.1.1. Personal data is any information recorded on electronic, paper and (or) other tangible media that relates directly or indirectly to a specific or identified User (subject of personal data) or makes it possible to identify him.
2.1.2. User (personal data subject) is an individual who is a visitor/user of a website located at the network address https://universegroup.uz/ on the Internet, to which personal data relates.
2.1.3. Website is a collection of graphic and information materials, as well as computer programs and databases that ensure their availability on the Internet, located at the network address https://universegroup.uz/.
2.1.4. Personal data database is a database in the form of an information system containing personal data.
2.1.5. Processing of personal data is the implementation of one or a set of actions for the collection, systematization, storage, modification, addition, use, provision, distribution, transfer, depersonalization and destruction of personal data.
2.1.6. Automated processing of personal data - processing of personal data using computer technology.
2.1.7. Personal data authorized by the User for distribution - personal data to which an unlimited number of persons have access provided by the User by giving consent to their processing, as well as authorized by the User for distribution in the manner prescribed by law.
2.1.8. Special personal data - personal data about racial or social origin, political, religious or ideological beliefs, membership in political parties and trade unions, as well as data relating to physical or mental health, information about private life and criminal record.
2.1.9. Biographical data - last name, first name, patronymic of the User, personal identification number of an individual, data on the year and place of birth, address and profession, as well as other personal data not included in biometric, genetic and special data.
2.1.10. Biometric data - personal data characterizing the anatomical and physiological characteristics of the User (fingerprints, face, eye lenses, voice characteristics, etc.).
2.1.11. Genetic data - personal data relating to the inherited or acquired characteristics of the User, which are the result of analysis of the User`s biological sample or analysis of another element that allows obtaining equivalent information.
2.1.12. Use of personal data - actions with personal data aimed at achieving the goals of the Company and a third party.
2.1.13. Providing personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons.
2.1.14. Collection of personal data - actions related to obtaining personal data.
2.1.15. Systematization of personal data is an action aimed at combining personal data into a specific system.
2.1.16. Storage of personal data - actions to ensure the integrity, confidentiality and possibility of using personal data.
2.1.17. Dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons or familiarizing with personal data to an unlimited number of persons, including the publication of personal data in the media, posting on the World Wide Web or providing access to personal data to any in a different way.
2.1.18. Change and (or) addition of personal data - change and (or) addition of personal data available in the personal data base;
2.1.19. Cross-border transfer of personal data - transfer of personal data by the Company outside the territory of the Republic of Uzbekistan, including to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
2.1.20. Blocking (restriction) of personal data is a temporary suspension of the processing of personal data (except for cases where processing is necessary to clarify personal data).
2.1.21. Depersonalization of personal data is an action that, as a result, makes it impossible to determine the ownership of personal data to a specific User.
2.1.22. Destruction of personal data - actions as a result of which it becomes impossible to restore personal data.
2.1.23. Third party - any person who is not the User or the Company, but is associated with them by circumstances or relationships regarding the processing of personal data.
2.2. The Company is the operator of the personal data base, processing personal data, as well as the owner of the personal data base, having the right to own, use and dispose of the personal data base.
2.3. The Company may process the following personal data
2.3.1. Biographical information, including:
- FULL NAME;
- Information about education, profession, specialty and qualifications, details of educational documents;
2.3.2. Phone number, email;
2.3.3. Information required to complete the registration form, contact form and/or application on the website.
2.4. The Company does not process other personal data related to special categories of personal data, as well as biometric and genetic personal data.

3. Purposes and types of processing of personal data

3.1. The purposes of processing personal data are:
- clarification of details;
- provision of preliminary information;
- information interaction, including provision of information about activities and services of the Company.
3.2. Type of personal data processing:
- Collection, use, recording, systematization, accumulation, storage, modification, updating, distribution, extraction, blocking, destruction and depersonalization of personal data.
3.3. The Company carries out automated processing of personal data with or without receiving and (or) transmitting the received information via information and telecommunication networks.

4. Principles for processing personal data

4.1. The principles for processing personal data are:
- observance of constitutional rights and freedoms of man and citizen;
- legality of the purposes and methods of processing personal data;
- accuracy and reliability of personal data;
- confidentiality and security of personal data;
- equality of rights of subjects, owners and operators;
- security of the individual, society and state.
4.2. The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
4.3. The content and volume of personal data processed correspond to the stated purposes of processing. Redundancy of the processed personal data in relation to the stated purposes of their processing is not allowed.
4.4. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other.
4.5. When processing personal data, the Company ensures the accuracy, reliability, integrity and safety of personal data, their sufficiency, and, where necessary, relevance in relation to the purposes of processing personal data. The Company takes the necessary measures and (or) ensures their adoption to delete or clarify incomplete or inaccurate personal data in the manner and within the time limits established by law.
4.6. The storage of personal data is carried out by the Company in a form that makes it possible to identify the User, no longer than required by the purposes of processing personal data, unless the storage period for personal data is established by law or by an agreement to which the User is a party.

5. Conditions and procedure for processing personal data

5.1.1. with the User’s consent to the processing of his personal data.
5.1.2. the need to process this data to fulfill an agreement to which the User is a party, or to take measures at the User’s request before concluding such an agreement;
5.1.3. the need to process this data to fulfill the Company’s obligations as determined by law;
5.1.4. the need to process this data to exercise the rights and legitimate interests of the Company and (or) third parties or to achieve socially significant goals, provided that the rights and legitimate interests of the User are not violated;
5.1.5. the need to process this data to protect the legitimate interests of the User or another person;
5.1.6. processing of personal data for statistical or other research purposes, subject to mandatory anonymization of personal data;
5.1.7. if this data is obtained from publicly available sources;
5.1.8. if the processing of personal data authorized by the User for distribution or at his request is carried out;
5.1.9. if personal data is processed that is subject to publication or mandatory disclosure in accordance with the law.
5.2. If it is necessary to process personal data in order to protect the rights and legitimate interests of the User, their processing is permitted without the latter’s consent until the moment when obtaining consent becomes possible.
5.3. Personal data is divided into publicly available and non-public data. Public personal data is personal data that is freely accessible with the consent of the subject or that is not subject to confidentiality requirements. They include personal data posted in publicly available sources of personal data, including electronic information resources, the media and other sources. Personal data that is not publicly available is personal data, access to which is not free without the consent of the subject, and is also limited by legislative acts. They include biographical, biometric, genetic, special and other data related to the subject.
5.4. The processing of personal data is carried out by the Company, as well as by a third party with the consent of the User or his legal representative, except for the cases provided for in paragraphs. 5.1.2.-5.1.9. clause 5.13. Politicians.
5.5. The user consents to the processing of personal data in any form that allows confirmation of its receipt.
5.6. The user or his legal representative may at any time withdraw his consent to the processing of personal data by sending the Company a notification via email to the Company`s email address (hidden) marked “Withdrawal of consent to the processing of personal data.” In this case, the User’s personal data is subject to destruction by the Company no later than the business day following the day of receipt of the application (notification) to terminate the processing of personal data.
5.7. To collect publicly available personal data, obtaining the consent of the User or his legal representative is not required.
5.8. The procedure and principles for systematizing personal data are determined by the Company independently.
5.9. The Company stores personal data in a form that allows the User to be identified, to the extent required by the purposes previously stated when collecting personal data.
5.10. Changes and additions to personal data are carried out by the Company on the basis of an application (request) of the User or his legal representative by sending a notification to the Company to the Company`s e-mail address (hidden) marked “Updating personal data,” as well as in other cases provided for by legislative acts. Changes and additions to personal data are carried out by the Company no later than 3 (three) working days from the date of submission of the User’s application (request), with notification to the User about this. Changes and additions to personal data that do not correspond to reality are made immediately from the moment such discrepancy is established.
5.11. The use of personal data by the Company, as well as by third parties, is carried out only for the previously stated purposes of their collection.
5.12. The Company grants the right of access to personal data for processing only to those of its employees who need access to personal data to carry out their professional, official, and labor duties. The Company`s employees authorized to process personal data are obliged not to disclose personal data that was entrusted to them or became known as a result of the performance of their professional, official, and labor duties. The above-mentioned employees of the Company are prohibited from unauthorized and unregulated copying of personal data onto paper media and any electronic media not intended for storing personal data.
5.13. The Company has the right, with the consent of the User, to entrust the processing of personal data to a third party, provided that such third party observes the confidentiality of personal data and ensures their security during processing. A third party to whom the Company entrusts the processing of personal data is not required to obtain the User’s consent to such processing. The Company bears responsibility to the User for the actions of a third party to whom the Company has entrusted the processing of personal data.
5.14. Distribution of personal data in cases beyond the previously stated purposes of their collection is carried out with the consent of the User.
5.15. When personal data is requested by government agencies, the User is notified of this (except for cases containing information related to state secrets and having limited access in accordance with the law). Business associations, government organizations and institutions, non-governmental organizations are provided with personal data with the consent of the User.
5.16. Notifying the User and obtaining his consent is not carried out if:
- exercise by state bodies of their powers;
- transfer of personal data for processing for historical, statistical, sociological or scientific purposes;
- collection of personal data from publicly available sources.
5.17. When processing personal data for historical, statistical, sociological, scientific research, the Company, as well as third parties, are obliged to anonymize it.To depersonalize personal data, obtaining the User`s consent is not required. Depersonalization of personal data eliminates the possibility of restoring personal data.
5.18. The procedure for providing information regarding the processing of the User’s personal data to a third party is determined by the terms of the subject’s consent to the processing of personal data, as well as the provisions of the Policy and the legislation of the Republic of Uzbekistan.
5.19. The period for processing personal data is determined by the achievement of the purposes for which the personal data were collected, unless a different period is provided for by the contract or current legislation.
5.20. All information that is collected by third-party services, including payment systems, communications and other service providers, is stored and processed by these persons (operators) in accordance with their User Agreement and Privacy Policy or other relevant documents of such operators. The Company is not responsible for the actions of third parties, including the service providers specified in this paragraph, except for cases expressly stated in the Policy.
5.21. The prohibitions established by the User on the transfer (except for providing access), as well as on the processing or conditions for processing (except for gaining access) of personal data permitted for distribution, do not apply in cases of processing personal data in state, public and other public interests determined by the legislation of the Republic of Uzbekistan.
5.22. The condition for terminating the processing of personal data may be the achievement of the purposes of processing personal data, the expiration of the User`s consent, the withdrawal of the User`s consent or a requirement to cease the processing of personal data, as well as the identification of unlawful processing of personal data.

6. Cross-border transfer of personal data

6.1. Cross-border transfer of personal data is carried out to the territory of foreign states that provide adequate protection of the rights of personal data subjects.
6.2. Cross-border transfer of personal data to foreign territories states that do not provide adequate protection of the rights of personal data subjects, the Company carries out exclusively with the written consent of the User, as well as in other cases provided for by the legislation of the Republic of Uzbekistan.

7. Adoption by the Company, as well as by third parties, of measures to protect personal data

7.1. A threat to the security of personal data is a set of conditions and factors that make it possible to destroy, change, block, copy, provide without permission to third parties, unauthorized distribution of personal data and carry out other illegal actions, including as a result of accidental access during the processing of personal data.
7.2. The Company, as well as third parties, take legal, organizational and technical measures to protect personal data, ensuring:
- implementation of the User’s right to protection from interference in his private life;
- integrity and safety of personal data;
- maintaining the confidentiality of personal data;
- prevention of illegal processing of personal data.
7.3. The Company, as well as third parties, take all possible measures to prevent access to personal data of unauthorized persons.
7.4. When processing personal data, the Company, as well as third parties, ensure the confidentiality of personal data.
7.5. In order to ensure the protection of personal data, the Company is obliged to:
- divide personal data into publicly available and non-public data;
- determine the required level of security of personal data in the manner established by the Regulations “On determining the level of security of personal data during their processing” (Appendix No. 1 to the Resolution of the Cabinet of Ministers of the Republic of Uzbekistan No. 570 dated 10/05/2022).- appoint persons who have the right to process personal data or access this data;
- install information security tools, as well as ensure software updates for technical means of processing personal data that are not publicly available;
- ensure recording of the actions of users who have the right to access personal data that is not publicly available;
- apply means of monitoring the integrity of personal data that is not publicly available;
- if there is the consent of the subject, provide personal data that is not publicly available to other persons through secure communication channels and (or) encryption means, except for cases provided for by legislative acts;
- ensure the use of cryptographic information protection means for secure storage of personal data that is not publicly available;
- use means of identification and (or) authentication of users when working with personal data that is not publicly available.


8. Destruction of personal data

8.1. Personal data is subject to destruction by the Company, as well as by a third party within 3 (three) working days:
- upon achieving the purpose of processing personal data or in case of loss of the need to achieve these purposes;
- if there is a withdrawal of the User’s consent to the processing of personal data;
- upon expiration of the period for processing personal data determined by the User’s consent;
- upon entry into force of a court decision.
8.2. The destruction of personal data is carried out automatically and (or) manually, if personal data cannot be completely destroyed in an automated manner. The destruction of personal data is organized by the person responsible for organizing the processing of personal data. Based on the results of manual destruction of personal data, the person responsible for organizing the processing of personal data draws up an act on the destruction of personal data.
8.3. If the User`s personal data is processed in violation of the law, personal data is subject to destruction within 1 (one) business day from the source of its storage based on the request of the User or his legal representative, a court decision or the requirement of another authorized government body.

9. Rights and obligations of the Company

9.1. The society has the right:
9.1.1. Process personal data;
9.1.2. Receive from the User reliable information and (or documents containing his personal data;
9.1.3. If the User withdraws consent to the processing of personal data, as well as sends an application to stop processing personal data, the Company has the right to continue processing personal data without the User’s consent if there are grounds specified in the Law;
9.1.4. Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the duties provided for by the Law and other regulatory legal acts, unless otherwise provided by the legislation of the Republic of Uzbekistan;
9.1.5. entrust the processing of personal data to a third party in the following cases:
- the presence of the User’s consent in writing, including in the form of an electronic document;
- if the decision is made in pursuance of an agreement between the Company and the User or fulfillment of the terms of a previously concluded agreement;
- provided for by this Policy and legislation.
9.2. The Company may have other rights in accordance with the law.
9.3. The society is obliged:
9.3.1. Comply with legislation on personal data;
9.3.2. Provide, upon request from the User, information regarding the processing of his personal data in the manner prescribed by the Law;
9.3.3. Organize the processing of personal data in the manner established by the current legislation of the Republic of Uzbekistan;
9.3.4. Publish or otherwise provide unrestricted access to this Policy;
9.3.5. Take legal, organizational and technical measures to protect personal data;
9.3.6. Stop the transfer (distribution, provision, access) of personal data, stop processing and destroy personal data in the manner and cases provided for by the Law;
9.3.7. Approve the composition of personal data necessary and sufficient for them to perform their tasks;
9.3.8. Change and (or) supplement personal data, subject to documentary confirmation of the accuracy of the new data, or destroy it if it is impossible to make such changes and (or) additions;
9.3.9. Temporarily suspend processing or destroy personal data if there is information about a violation of the conditions for their processing;
9.3.10. Ensure that the user can submit documents electronically for temporary suspension of processing and (or) destruction of his personal data;
9.3.11. Notify the User in writing, as well as other participants in the processing of personal data in cases of change, destruction of personal data and restriction of access to it;
9.3.12. Notify the User of personal data in writing in the event of a request for personal data by government agencies (except for cases containing information related to state secrets and having limited access in accordance with the law).
9.4. The company may bear other obligations in accordance with the law.
9.5. The obligations of the Company, as well as third parties, to protect personal data arise from the moment of collection of personal data and are valid until they are destroyed or depersonalized.
9.6. The Company determines the structural unit or official responsible for work related to the processing and protection of personal data, and ensures its work in accordance with this Policy and the legislation of the Republic of Uzbekistan.

10. Rights and obligations of the User

10.1. The user has the right:
10.1.1. Know that the Company, as well as a third party, has personal data and its composition;
10.1.2. Receive upon request information about the processing of his personal data from the Company;
10.1.3. Give consent to the processing of your personal data and withdraw such consent, except in cases provided for by law;
10.1.4. Request from the Company clarification of his personal data and temporary suspension of their processing if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
10.1.5. Contact an authorized government agency or court regarding the protection of rights and legitimate interests in relation to your personal data;
10.1.6. Give consent to the Company, as well as to a third party, to distribute your personal data in publicly available sources of personal data.
10.2. The user may have other rights in accordance with the law.
10.3. The user is obliged:
10.3.1. Provide the Company with reliable and complete personal data;
10.3.2. Inform the Company about the need to clarify (update, change) your personal data.
10.4. The user may have other responsibilities in accordance with the law.
10.5. Persons who provided the Company with false information about themselves or information about another subject of personal data without the latter’s consent are liable in accordance with the legislation of the Republic of Uzbekistan.

11. Confidentiality of personal data

11.1. The Company does not have the right to disclose personal data to third parties and distribute personal data without the consent of the User, unless otherwise provided by this Policy and the legislation of the Republic of Uzbekistan.

12. Final provisions

12.1. The user can receive any clarification on questions of interest regarding the processing of his personal data by contacting the Company via email to the Company`s email address info@universegroup.uz.
12.2. The current version of the Policy on paper is stored at the address of the location of the sole executive body of the Company. Access to this Policy is not limited.
12.3. The electronic version of the current version of the Policy is publicly available at the network address https://universegroup.uz/privacy/ on the Internet.
12.4. The Company has the right to make changes to this Policy at any time without the consent of Users.
12.5. The new version of the Policy comes into force from the date of its posting on the Company’s website specified in clause 11.3. Policy, unless a different, later date is provided for in the new edition of the Policy.
12.6. In the event that the provisions of the Policy contradict the provisions of the applicable legislation of the Republic of Uzbekistan in the field of processing of personal data, the Company is guided by the provisions of the current legislation.