1. GENERAL PROVISIONS

Personal data processing policy (here in after - the Policy) is developed in accordance with the Law of the Republic of Uzbekistan from 02.07.2019 №ZRU-547 "On personal data" (hereinafter - the Law).
This Policy defines the procedure for processing personal data and measures to ensure the security of personal data ООО SALUTEDEV (Certificate 2030180, INN 310065396) in order to protect the rights and freedoms of man and citizen in the processing of his personal data, including the protection of rights to privacy, personal and family secrets.
The following basic concepts are used in this Policy:

automated processing of personal data - processing of personal data by means of computer technology;
Blocking of personal data - temporary termination of personal data processing (except when processing is necessary to clarify personal data)
Information system of personal data - a set of personal data contained in databases of personal data and information technologies and technical means ensuring its processing;
depersonalization of personal data - actions, as a result of which it is impossible to determine without the use of additional information what personal data belongs to a particular personal data subject;
Processing of personal data - any action (operation) or a set of actions (operations), performed with or without the use of automation with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data
Operator - a legal entity, independently or together with other persons organizing and (or) carrying out processing of personal data, as well as defining the purpose of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
Personal data - any information related, directly or indirectly to a specific or identifiable individual (personal data subject);
provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
Distribution of personal data - actions aimed at disclosure of personal data to an indefinite circle of persons (transfer of personal data) or to familiarize an unlimited circle of persons with personal data, including publication of personal data in mass media, placement in information and telecommunication networks or providing access to personal data in any other way;
Transboundary transfer of personal data - transfer of personal data to the territory of a foreign state to a foreign authority, a foreign individual or a foreign legal entity.
Destruction of personal data - actions resulting in the impossibility to restore the content of personal data in the information system of personal data and (or) as a result of which tangible carriers of personal data are destroyed.

2.2. PRINCIPLES, OBJECTIVES, CONTENTS AND CONDITIONS OF PERSONAL DATA PROCESSING

-2.1. Principles of personal data processing
The Operator's processing of personal data is based on the following principles:
- Legality and fair basis;
- Restriction of personal data processing to achievement of specific, predetermined and legitimate objectives;
- prevention of personal data processing, incompatible with the purposes of personal data collection;
- not to combine databases containing personal data, processing of which is carried out for purposes, incompatible with each other
- Processing only those personal data that meet the purposes of its processing
- Compliance of the content and volume of processed personal data with the stated processing purposes;
- Inadmissibility of processing of personal data excessive in relation to the stated purposes of its processing
- Ensuring accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
- Destruction or depersonalization of personal data upon attainment of the objectives of personal data processing or in case of loss of necessity in attainment of those objectives, in case of impossibility of the Operator to eliminate violations of personal data, unless otherwise provided by the Law.
- 2.2. The collection and further processing of personal data is carried out for the following purposes:
- To use the User's personal data for the purpose of sending him the Operator's offers, information and advertising messages about the Operator's services, by organizing mailings, SMS mailings, through telephone communication, and mailings by e-mail to the User;
- to provide the User with information related to the execution of the terms of the agreement between the User and "in Science" LLC by sending SMS-messages and emails to the User, as well as by making phone calls to the User.
- to carry out storage and processing in various databases and information systems, including them in analytical and statistical reporting:
- use when publishing the Work (scientific article) on the platform: https://salutedev.com/
- for other purposes to fulfill the terms of the Offer, placed on the platform: https://salutedev.com/
- 2.3. Terms of processing of personal data
The operator performs processing of personal data in the presence of at least one of the following conditions:
- processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
- processing of personal data is necessary for achieving goals, stipulated by the international treaty of the Republic of Uzbekistan or by the Law, for implementing and executing functions, powers and duties, imposed on the operator by the legislation of the Republic of Uzbekistan
- processing of personal data is necessary for administration of justice, execution of a judicial act, act of another body or official, subject to execution in accordance with the legislation of the Republic of Uzbekistan on enforcement proceedings;
- processing of personal data is necessary for execution of the contract, which party or beneficiary or guarantor, under which the subject of personal data is, as well as for the conclusion of the contract on the initiative of the personal data subject or the contract, under which the subject of personal data will be a beneficiary or guarantor
- the processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties or to achieve socially important objectives, provided that this does not violate the rights and freedoms of the personal data subject;
- Processing of personal data, access to which is provided to the unlimited range of persons by the subject of personal data or at his request (hereinafter - publicly available personal data);
- Processing of personal data, subject to publication or compulsory disclosure in accordance with the Law.
- 2.4. Confidentiality of personal data
The operator and other persons who have access to personal data are obliged not to disclose to third parties and not to distribute personal data without consent of the subject of personal data unless otherwise stipulated by the Law, the consent to processing of personal data, or the terms of the Agreement (Offer) concluded between LLC "SALUTEDEV" and the subject of personal data.
- 2.5. Publicly accessible sources of personal data
In order to provide information, the Operator may create publicly available sources of personal data of subjects, including directories. In particular, the operator may use the subject's personal data when publishing the Work (scientific article) on the platform: https://salutedev.com/
Public sources of personal data with written consent of the subject can include: last name, first name, middle name; information about scientific rank and scientific degree; information about the place of work and position held, as well as other information reported by the subject of personal data (in the case of contractual relationship between the operator and the subject.
Information about the subject shall at any time be excluded from publicly available sources of personal data at the request of the subject or by court order or other authorized state bodies.
- 2.6. Special categories of personal data
The Operator's processing of special categories of personal data relating to race, ethnicity, political views, religious or philosophical beliefs, health status, intimate life is permitted in cases where:
- the subject of personal data has given his or her consent in writing to the processing of his or her personal data;
- Personal data is made publicly available by the subject of personal data;
- Processing of personal data is carried out in accordance with the legislation on state social assistance, labor legislation, the legislation of the Republic of Uzbekistan on state pensions, on labor pensions;
- Processing of personal data is necessary for protection of life, health or other vital interests of the subject of personal data or life, health or other vital interests of other persons and obtaining consent of the subject of personal data is impossible;
- Processing of personal data is carried out for medical and preventive purposes, in order to establish a medical diagnosis, to provide medical and medical-social services, provided that the processing of personal data is carried out by a person professionally engaged in medical activities and obliged in accordance with the legislation of the Republic of Uzbekistan to maintain medical secrecy;
- processing of personal data is necessary to establish or exercise the rights of the personal data subject or third parties, as well as in connection with the administration of justice;
- Processing of personal data shall be carried out in accordance with the legislation on compulsory types of insurance, with the insurance legislation.
Processing of special categories of personal data shall be immediately terminated if the reasons, due to which it was processed, are eliminated, unless otherwise stipulated by the Law.
The Operator may process personal data on criminal records only in the cases and in the manner determined in accordance with the law.
- 2.7. Biometric personal data
Information that characterises a person's physiological and biological features, on the basis of which their identity can be established - biometric personal data - may be processed by the Operator only with the subject's consent in writing, including in the form of an electronic document.
- 2.8. Entrusting the processing of personal data to another person
The operator may entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by law, based on a contract to be entered into with that person. The person processing personal data on behalf of the Operator must comply with the principles and rules of personal data processing provided by the Law.
- 2.9. Cross-border transfer of personal data
The operator must ensure that the foreign country to whose territory the transfer of personal data is intended to take place provides adequate protection of the rights of personal data subjects before commencing such transfer.
Cross-border transfer of personal data to the territory of foreign countries, not providing adequate protection of the personal data subjects' rights, may be carried out in cases where
- availability of the personal data subject's consent in writing, including in the form of an electronic document for transborder transfer of his personal data;
- execution of the contract, to which the personal data subject is a party.
- Other cases established by the Law.


3. RIGHTS OF THE SUBJECT OF PERSONAL DATA

- 3.1. The consent of the subject of personal data to the processing of his/her personal data.
The subject of personal data decides to provide his/her personal data and consents to its processing freely, willingly and in his/her own interest. Consent to the processing of personal data may be given by the personal data subject or his/her representative in any form that provides evidence of its receipt, unless otherwise provided by law.
The obligation to provide evidence of the personal data subject's consent to the processing of his/her personal data or evidence of the grounds set forth in the Law shall be borne by the Operator.
- 3.2. Rights of the subject of personal data
The subject of personal data has the right to obtain information from the Operator relating to the processing of his or her personal data, unless such right is restricted by law. The subject of personal data has the right to demand from the Operator clarification of his personal data, their blocking or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take statutory measures to protect their rights.
Processing of personal data in order to promote goods, works, services on the market by direct contact with a potential consumer through means of communication is allowed only with the prior consent of the subject of personal data. This personal data processing shall be deemed carried out without prior consent of the personal data subject, unless the operator proves that such consent was obtained.
The operator shall immediately cease at the request of the personal data subject the processing of his personal data for the aforementioned purposes.
No decision may be made based solely on automated personal data processing that produces legal consequences with respect to the personal data subject or otherwise affects his or her rights and legitimate interests, except in cases provided by law or with the consent in writing of the personal data subject.
If the subject of personal data considers that the operator carries out processing of his personal data with violation of requirements of the Law or otherwise violates his rights and freedoms, the subject of personal data has the right to appeal against actions or inaction of the Operator to the Authorized Body on protection of rights of subjects of personal data or in court, if the dispute will not be settled within 30 days in claim procedure.


4. ENSURING SECURITY OF PERSONAL DATA

Security of personal data processed by the Operator is ensured by implementing legal, organizational and technical measures necessary to ensure the requirements of legislation in the field of personal data protection.
To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
- Appointment of officials responsible for the organization of processing and protection of personal data;
- Limitation of persons having access to personal data;
- Organization of accounting, storage and circulation of data carriers;
- Verification of readiness and efficiency of use of information protection means;
- Use of antivirus and recovery tools of personal data protection system;


5. FINAL PROVISIONS

Other rights and obligations of the Operator, as operator of personal data are defined by legislation of the Republic of Uzbekistan in the field of personal data.