PERSONAL DATA PROCESSING POLICY1. General ProvisionsThis Personal Data Processing Policy has been developed in accordance with the legislation of the Republic of Uzbekistan dated July 2, 2019, No. ZRU-547 "On Personal Data" (hereinafter referred to as the Personal Data Law) and is aimed at ensuring the protection of the rights and freedoms of individuals in the processing and protection of their personal data carried out by the website
https://medevent.uz (hereinafter referred to as the Operator).
1.1. The Operator's primary goal and condition for its activity is the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family secrets.
1.2. This Policy of the Operator regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may obtain about visitors to the website
https://medevent.uz/.
2. Basic Terms Used in This Policy2.1. Automated processing of personal data — processing of personal data using computer technology.
2.2. Personal data database — a database in the form of an information system containing personal data.
2.3. Blocking of personal data — temporary suspension of personal data processing (except when processing is necessary for personal data clarification).
2.4. Website — a collection of graphical and informational materials, as well as software and databases that ensure their availability on the internet at the address
https://medevent.uz/.
2.5. Personal data information system — a set of personal data contained in databases and ensuring their processing through information technologies and technical means.
2.6. Depersonalization of personal data — actions that result in the inability to determine the subject of personal data without the use of additional information.
2.7. Personal data processing — any action (operation) or set of actions (operations) performed with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.8. Operator — a state body, individual, or legal entity that organizes and/or carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.9. Personal data — any information relating directly or indirectly to a specific or identifiable individual (personal data subject).
2.10. User — any visitor to the website
https://medevent.uz/.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of people.
2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite group of people (transfer of personal data) or providing access to personal data to an unlimited group of people, including making personal data public in the media, placing them in information and telecommunication networks, or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state, a foreign state authority, a foreign individual, or a foreign legal entity.
2.14. Third party — any person other than the personal data subject, operator, or person authorized to process personal data on behalf of the operator.
2.15. Destruction of personal data — any actions resulting in the permanent deletion of personal data without the possibility of further recovery in the personal data information system and/or destruction of material media on which personal data are stored.
3. Main Rights and Obligations of the Operator3.1. The Operator has the right to:
— receive from the personal data subject reliable information and/or documents containing personal data;
— independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations under the Personal Data Law and regulatory legal acts adopted in accordance with it.
3.2. The Operator is obliged to:
— provide the personal data subject, upon their request, with information concerning the processing of their personal data;
— respond to requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
— publish or otherwise provide unlimited access to this Personal Data Processing Policy;
— take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions related to personal data;
— cease the transfer (distribution, provision, access) of personal data, cease processing, and destroy personal data in the manner and cases provided for by the Personal Data Law;
— fulfill other obligations established by the Personal Data Law.
4. Main Rights and Obligations of Personal Data Subjects4.1. Personal data subjects have the right to:
— know about the presence of their personal data with the operator and third parties, as well as the composition of their personal data;
— receive, upon request, information from the operator about the processing of their personal data;
— receive information about the conditions for providing access to their personal data, including third parties;
— appeal to the authorized state body or court to protect their rights and legitimate interests in relation to the processing of their personal data;
— give consent to the processing of their personal data and withdraw such consent, except in cases provided by law;
— require the operator or third parties to stop processing personal data if the data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the purposes of processing.
4.2. Personal data subjects are obliged to:— provide the Operator with accurate information about themselves;
— inform the Operator of any updates (corrections, changes) to their personal data.
5. Principles of personal data processing5.1. Personal data processing is carried out on a lawful and fair basis.
5.2. The processing of personal data is limited to achieving specific, pre-defined, and lawful purposes. Processing that is incompatible with the purposes of collecting personal data is not allowed.
5.3. The combination of databases containing personal data, which are processed for purposes that are incompatible with one another, is not permitted.
5.4. The content and volume of processed personal data must correspond to the stated purposes of processing. The processing of excessive personal data in relation to the stated purposes is not allowed.
5.5. The accuracy of personal data is ensured during processing. Personal data must be adequate, and where necessary, up-to-date in relation to the purposes of their processing. The Operator shall take necessary measures and/or ensure that inaccurate or incomplete data is deleted or clarified.
5.6. Personal data is stored in a form that allows identifying the data subject, no longer than necessary to achieve the purposes of personal data processing unless the period of data storage is defined by law or by a contract, where the personal data subject is a party, beneficiary, or guarantor. The processed personal data shall be destroyed or depersonalized upon the achievement of the processing purposes or when they are no longer required.
6. Purposes of personal data processingThe purpose of processing personal data is to provide the User with access to services, information, and/or materials available on the website. Personal data includes:
— surname, first name, patronymic;
— email address;
— phone numbers.
Types of personal data processing:
— collection, recording, systematization, accumulation, storage, destruction, and depersonalization of personal data;
— sending informational emails to the email address.
7. Conditions for personal data processing7.1. Personal data processing is carried out with the consent of the personal data subject to the processing of their personal data.
7.2. The processing of personal data is necessary for the administration of justice, the execution of a court ruling, or a decision of another authority or official, which is subject to execution according to the legislation of the Russian Federation on enforcement proceedings.
7.3. Personal data processing is necessary for the performance of a contract, where the personal data subject is a party, beneficiary, or guarantor, or for the conclusion of a contract at the request of the personal data subject.
7.5. Personal data processing is necessary to exercise the rights and legitimate interests of the Operator or third parties, or to achieve socially significant goals, provided this does not violate the rights and freedoms of the personal data subject.
7.6. Personal data processing involves personal data made publicly available by the personal data subject or at their request (hereinafter referred to as publicly accessible personal data).
8. Procedure for collecting, storing, transferring, and other types of personal data processing8.1. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized access to personal data.
8.2. The User's personal data will never, under any circumstances, be transferred to third parties, except in cases related to the execution of current legislation or if the personal data subject has given consent to the Operator to transfer data to a third party for the execution of civil law contracts.
8.3. If inaccuracies in personal data are identified, the User can update them independently by sending a notification to the Operator's email address forum@medevent.uz, marked "Updating personal data."
8.4. The period of personal data processing is determined by achieving the purposes for which personal data were collected unless a different period is specified by the contract or applicable legislation.
8.5. The User may revoke their consent to the processing of personal data at any time by sending a notification to the Operator via email to forum@medevent.uz, marked "Revocation of consent to personal data processing."
8.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by those parties (Operators) in accordance with their User Agreements and Privacy Policies. The personal data subject must familiarize themselves with these documents. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this clause.
8.6. Restrictions imposed by the personal data subject on the transfer (other than granting access), as well as on processing or conditions of processing (other than access) of personal data permitted for distribution, do not apply in cases where the processing of personal data is carried out for state, public, or other publicly significant interests as defined by the legislation of the Russian Federation.
8.7. The Operator ensures the confidentiality of personal data during processing.
9. List of actions performed by the Operator with received personal data9.1. The Operator performs the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
9.2. The Operator performs automated processing of personal data with the receipt and/or transfer of the received information through information and telecommunication networks or without such.
10. Cross-border transfer of personal data10.1. Before starting the cross-border transfer of personal data, the Operator must notify the authorized body for the protection of personal data subjects' rights of its intention to transfer personal data across borders (this notification is sent separately from the notification of the intention to process personal data).
10.2. Before submitting the aforementioned notification, the Operator must obtain relevant information from the foreign state authority, foreign individuals, or foreign legal entities to whom personal data is planned to be transferred.
11. Confidentiality of personal data11.1. The Operator and third parties who have gained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the personal data subject unless otherwise provided by law.
12. Final Provisions12.1. The User may obtain any clarifications on questions of interest regarding the processing of their personal data by contacting the Operator via email at forum@medevent.uz.
12.2. This document will reflect any changes in the personal data processing policy by the Operator. The policy is valid indefinitely until it is replaced by a new version.
12.3. The current version of the Policy is freely available on the internet at
https://medevent.uz/privacy.