Personal data protection policy

PERSONAL DATA PROTECTION POLICY

1. Preamble

This personal data processing policy (hereinafter – “the Policy”) of “Birinchi rezinotexnika zavodi” Limited Liability Company (hereinafter – “the Data Controller”) stipulates the purposes, the list and the methods of processing personal data of individuals who are not employees of the Data Controller, is published in public sources and was developed in accordance with the requirements of the Law of the Republic of Uzbekistan No. ЗРУ-547 “On personal data” (hereinafter – “the Law”) dd. July 2, 2019.

Personal data processing is one action or a set of actions undertaken to collect, systematize, store, modify, add, use, provide, disseminate, share, anonymize and destroy personal data.

Personal data processing shall be limited to achieving specific, pre-determined and legitimate purposes. Personal data cannot be processed in any manner that is inconsistent with the purposes of the personal data collection.

This Policy applies to the website https://www.brz.uz/ru; this version of the Policy is effective as of November 1, 2024.

2. The rights of a personal data subject

A personal data subject is entitled to:

- know that the owner and/or data controller or a third party is in possession of his/her personal data and know the scope of such personal data;

- request and receive information on personal data processing from the owner and/or the data controller;

- receive information on the terms and conditions for granting access to his/her personal data from the owner and/or the data controller;

- recourse to a competent government body or a court in order to protect his/her rights and legitimate interests as regards his/her personal data;

- grant his/her consent for the processing of his/her personal data and withdraw such consent except as provided by the Law;

- grant his/her consent to the owner and/or the data controller or to a third party for dissemination of his/her personal data in public sources of personal data;

- demand that the owner and/or the data controller suspend the processing of his/her personal data where the personal data are incomplete, outdated, inaccurate, or were obtained unlawfully or are not necessary for the purposes of the processing.

To exercise his/her rights, the personal data subject may contact the Data Controller in writing, providing the details of his/her personal ID or the personal ID of the representative (type of the document, series and number, the issuing authority, and the date of issue), his/her full name or the full name of the representative and information on the nature of the relationship with the Data Controller, which will serve as proof of the processing of the personal data of the data subject, and his/her signature or the signature of the representative of the personal data subject. 

Information of the personal data subject may be removed from public sources upon his/her request made in the same form as his/her consent or in writing, including as an electronic document, or by virtue of the relevant decision made by a competent government body or a court.

Such communications may be sent to the registered address of the Data Controller: 96 Industrial Zone, SGM “Gulbag”, Angren, Tashkent Region, 110200, Republic of Uzbekistan

3. The purpose of personal data processing

This section describes the purposes and the timing of the processing of personal data of users of the Website. Within the context of the purposes listed herein, the Data Controller will collect, record, systematize, accumulate, store, refine (update, modify), extract, use, share (provide, grant access to), block, delete and destroy personal data. Data that are processed within the context of the purposes listed herein are not special, biometric or genetic personal data and are processed in an automated fashion.

The purposes of personal data processing are as follows:

3.1. Providing the user with information on the Data Controller, goods and services available for purchase, discounts and special offers.

Achieving this goal involves processing the following personal data:

• given name, patronymic, surname
• date of birth;
• telephone number;
• e-mail address.

The legal basis for processing such personal data is the data subject’s written Personal Data Processing Consent for his/her personal data.

Such data are stored and processed throughout the validity period of the Personal Data Processing Consent and destroyed by removing the data from the information systems using means built into the information system within 30 days after the data subject withdraws his/her Personal Data Processing Consent.

The data subject withdraws his/her consent to personal data processing in the same manner as he/she granted such consent.

3.2. Making and performance of civil contracts. 

• given name, patronymic, surname;
• telephone number;
• e-mail address;
• delivery address.

The legal basis for processing such personal data is an agreement.

Such data are stored and processed throughout the term of the contract and, for the purposes of accounting and tax accounting, for five (5) years after the contract has been performed.

Once the said personal data periods have expired, the data are destroyed by being removed from the information systems using the relevant means built into the information system.

3.3. Analysis of the level of interest of website visitors and the quality of the service provided by the Data Controller.

The website uses cookies, i.e. small text files wherein the browser writes data from websites visited by the user. Such data are used to collect information on visitors’ activities on the website in order improve the quality of its content and its capabilities.

A user may change parameters in the settings of his/her browser at any time for the browser to stop saving cookies and notify the user if cookies are sent. In that event, some services and functions may stop working correctly or entirely.

The Data Controller’s cookies policy is also available at https://www.ikontyres.ru/polozenie-o-konfidencial-nosti-i-usloviah-obsluzivania/politika-v-otnosenii-fajlov-cookie/

The website may use traffic statistics services (Yandex.Metrica, Google Analytics) and similar tools, collecting and analyzing anonymized information in order to measure the level of interest of visitors to the website.

3.4. Preparation of responses to complaints and claims. 

• given name, patronymic, surname;
• telephone number;
• e-mail address;
• date of birth;
• city and region of residence;

The legal basis for the processing such personal data is the Personal Data Processing Consent or an agreement.

Such data are stored and processed throughout the validity period of the Personal Data Processing Consent and destroyed by removing the data from the information systems using means built into the information system within 30 days after the data subject withdraws his/her Personal Data Processing Consent.

3.5. Personal data processing by third parties

To provide services, improve their quality, and achieve the declared purposes of personal data processing, the data controller may delegate the personal data processing to third parties or share information with third parties.

Should personal data be shared with a third party, the data controller shall give the data subject a written notice to his effect within three days.

The Data Controller may delegate personal data processing to third parties under an agreement signed with such parties. Parties thus processing personal data for the data controller shall adhere to principles and rules of processing and protection of personal data as provided by the applicable law. 

For each third party, the agreement shall stipulate the following: the list of personal data; the list of actions (operations) with personal data that will be performed by the legal entity processing personal data; the purposes of data processing; and the obligation of such third party to observe confidentiality and ensure security of the personal data during personal data processing, and sets forth requirements regarding protection of personal data subjected to processing.

4. Personal data confidentiality

The data controller shall not disseminate website users’ personal data or disclose such data to any third party without the users’ consent except as provided by the applicable law.

5. Personal data protection

The Data Controller shall take effort that is necessary and sufficient to ensure that it performs its duties provided by the Law or by any regulation adopted under the Law.

The data controller shall, at its own discretion, determine the scope and list of actions that are necessary and sufficient for it to perform such duties, such as:

1. a) appointing the person in charge of personal data processing management;
2. b) developing and approving local regulations on personal data protection and processing;
3. c) taking legal, organizational and technical actions to ensure security of personal data:

• identifying threats to security of personal data during the personal data processing in information systems;
• setting the rules of access to data that are processed in the personal data information system and making sure that all actions with personal data in the personal data information system are registered and kept record of.

1. d) monitoring actions that are taken to ensure security of personal data and the level of protection of personal data information systems;
2. e) assessing the harm that may be caused to the personal data subject by a violation of the requirements of the applicable law, and assessing the balance between such harm and the actions taken by the Data Controller to enforce the duties stipulated by the applicable law;
3. f) maintaining conditions that prevent unauthorized access to tangible media with personal data and ensure preservation of personal data;
4. g) communicating the personal data provisions of the applicable law of the Republic of Uzbekistan, including the personal data protection requirements and local regulations on personal data processing and protection, to the Data Controller’s employees.

To ensure confidentiality of information and protection of personal data, the Data Controller shall maintain an appropriate IT environment and take any and all actions necessary to prevent unauthorized access.

6. Policy changes

The Data Controller reserves the right to make changes to the Policy at any time and hereby asks users to check for updates to the Policy on a regular basis. The Data Controller will use available methods to give notices of changes to the Policy on a regular basis if such changes are significant.