Policy on the Processing of Personal Data in Drop Soft LLC
1. General Provisions
1.1. The Policy on the Processing of Personal Data (hereinafter referred to as the "Policy") is aimed at protecting the rights and freedoms of individuals whose personal data is processed by Drop Soft LLC (hereinafter referred to as the "Operator").
1.2. The Policy has been developed in accordance with the Federal Law No. LRU-547 "On Personal Data" dated July 2, 2019 (hereinafter referred to as the "Personal Data Law").
1.3. The Policy contains information that must be disclosed in accordance with the Personal Data Law and is a publicly available document.
1.2. The Policy has been developed in accordance with the Federal Law No. LRU-547 "On Personal Data" dated July 2, 2019 (hereinafter referred to as the "Personal Data Law").
1.3. The Policy contains information that must be disclosed in accordance with the Personal Data Law and is a publicly available document.
2. Information About the Operator
2.1. The Operator carries out its activities at the following address: 5 S.Rashidov Street, Jizzakh City, the Republic of Uzbekistan.
2.2. The General Director, Denis Vladimirovich Usov (phone: +7 (913) 678 0796), is appointed as the person responsible for organizing the processing of personal data.
2.2. The General Director, Denis Vladimirovich Usov (phone: +7 (913) 678 0796), is appointed as the person responsible for organizing the processing of personal data.
3. Information on the Processing of Personal Data
3.1. The Operator processes personal data lawfully and fairly to fulfill its statutory functions, powers, and obligations, as well as to exercise the rights and legitimate interests of the Operator, its employees, and third parties.
3.2. The Operator collects personal data directly from the data subjects.
3.3. The Operator processes personal data using both automated and non-automated methods, with or without the use of computer technology.
3.4. The processing of personal data includes collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction.
3.2. The Operator collects personal data directly from the data subjects.
3.3. The Operator processes personal data using both automated and non-automated methods, with or without the use of computer technology.
3.4. The processing of personal data includes collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction.
4. Processing of Job Applicants' Personal Data
4.1. The Operator processes the personal data of job applicants (hereinafter referred to as "applicants").
4.2. The Operator processes applicants' personal data for the following purposes:
— Making decisions on employment or refusal of employment;
— Maintaining a personnel reserve.
4.3. The Operator processes applicants' personal data with their written consent, provided for the period necessary to make a hiring decision. Exceptions include cases where an applicant acts through an employment agency with which they have an agreement or when the applicant has independently posted their resume publicly online.
4.4. The Operator processes applicants' personal data for the period necessary to make an employment decision. If employment is denied, the Operator ceases processing the applicant's personal data within 30 days. If the applicant has consented to be included in the personnel reserve, the Operator may continue processing their personal data for the period specified in the consent.
4.5. The Operator does not process special categories of applicants' personal data or biometric personal data.
4.6. The Operator processes the following personal data of applicants:
— Full name;
— Email address.
4.2. The Operator processes applicants' personal data for the following purposes:
— Making decisions on employment or refusal of employment;
— Maintaining a personnel reserve.
4.3. The Operator processes applicants' personal data with their written consent, provided for the period necessary to make a hiring decision. Exceptions include cases where an applicant acts through an employment agency with which they have an agreement or when the applicant has independently posted their resume publicly online.
4.4. The Operator processes applicants' personal data for the period necessary to make an employment decision. If employment is denied, the Operator ceases processing the applicant's personal data within 30 days. If the applicant has consented to be included in the personnel reserve, the Operator may continue processing their personal data for the period specified in the consent.
4.5. The Operator does not process special categories of applicants' personal data or biometric personal data.
4.6. The Operator processes the following personal data of applicants:
— Full name;
— Email address.
5. Processing of Clients' Personal Data
5.1. The Operator processes clients' personal data within the framework of legal relations governed by the Federal Law No. LRU-547 "On Personal Data" dated July 2, 2019 (hereinafter referred to as "clients").
5.2. The Operator processes clients' personal data for the following purposes:
— Entering into and fulfilling contractual obligations with clients;
— Sending company news updates.
5.3. The Operator processes clients' personal data with their consent, provided for the duration of the concluded contracts. In cases required by the Personal Data Law, consent is given in writing. In other cases, consent is deemed granted upon contract conclusion or the performance of conclusive actions.
5.4. The Operator processes clients' personal data for the duration of the contract.
5.5. The Operator processes the following personal data of clients:
— Full name;
— Email address.
5.2. The Operator processes clients' personal data for the following purposes:
— Entering into and fulfilling contractual obligations with clients;
— Sending company news updates.
5.3. The Operator processes clients' personal data with their consent, provided for the duration of the concluded contracts. In cases required by the Personal Data Law, consent is given in writing. In other cases, consent is deemed granted upon contract conclusion or the performance of conclusive actions.
5.4. The Operator processes clients' personal data for the duration of the contract.
5.5. The Operator processes the following personal data of clients:
— Full name;
— Email address.
6. Processing of Personal Data of Newsletter Subscribers
6.1. The Operator processes the personal data of individuals who are "newsletter subscribers".
6.2. The Operator processes the personal data of newsletter subscribers for the following purposes:
— Sending company news updates.
6.3. The Operator processes the personal data of newsletter subscribers with their consent, provided either in writing or through conclusive actions.
6.4. The Operator processes the following personal data of newsletter subscribers:
— Full name;
— Email address.
6.2. The Operator processes the personal data of newsletter subscribers for the following purposes:
— Sending company news updates.
6.3. The Operator processes the personal data of newsletter subscribers with their consent, provided either in writing or through conclusive actions.
6.4. The Operator processes the following personal data of newsletter subscribers:
— Full name;
— Email address.
7. Security Measures for Personal Data
7.1. The Operator appoints a person responsible for organizing the processing of personal data to fulfill duties established by the Personal Data Law and related legal acts.
7.2. The Operator applies a range of legal, organizational, and technical measures to ensure the security of personal data, including:
— Providing unrestricted access to the Policy, with a copy available at the Operator’s location and possibly on the Operator's website (if available);
— Adopting and implementing internal documents such as the "Regulation on Personal Data Processing";
— Informing employees about personal data regulations and internal policies;
— Restricting employees' access to personal data to only what is necessary for their job duties;
— Establishing access rules to personal data in the Operator’s information system and logging all actions related to it;
— Assessing potential harm to data subjects in case of law violations;
— Identifying threats to personal data security and implementing necessary protective measures;
— Detecting unauthorized access to personal data and taking appropriate action;
— Evaluating the effectiveness of security measures before launching information systems;
— Conducting internal audits to ensure compliance with the Personal Data Law and internal policies.
7.2. The Operator applies a range of legal, organizational, and technical measures to ensure the security of personal data, including:
— Providing unrestricted access to the Policy, with a copy available at the Operator’s location and possibly on the Operator's website (if available);
— Adopting and implementing internal documents such as the "Regulation on Personal Data Processing";
— Informing employees about personal data regulations and internal policies;
— Restricting employees' access to personal data to only what is necessary for their job duties;
— Establishing access rules to personal data in the Operator’s information system and logging all actions related to it;
— Assessing potential harm to data subjects in case of law violations;
— Identifying threats to personal data security and implementing necessary protective measures;
— Detecting unauthorized access to personal data and taking appropriate action;
— Evaluating the effectiveness of security measures before launching information systems;
— Conducting internal audits to ensure compliance with the Personal Data Law and internal policies.
8. Rights of Personal Data Subjects
8.1. A personal data subject has the right to:
— Obtain access to their personal data and information regarding its processing;
— Request corrections, blocking, or deletion of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for processing purposes;
— Withdraw their consent for personal data processing;
— Seek legal protection of their rights, including compensation for damages and moral harm;
— File complaints about the Operator’s actions or inaction with the authorized body for personal data protection or in court.
8.2. To exercise their rights, personal data subjects may contact the Operator in person or send a request through an authorized representative.
— Obtain access to their personal data and information regarding its processing;
— Request corrections, blocking, or deletion of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for processing purposes;
— Withdraw their consent for personal data processing;
— Seek legal protection of their rights, including compensation for damages and moral harm;
— File complaints about the Operator’s actions or inaction with the authorized body for personal data protection or in court.
8.2. To exercise their rights, personal data subjects may contact the Operator in person or send a request through an authorized representative.
Чек-лист аудита сайта
Скачайте инструкцию с бесплатными инструментами
Отправляя форму, вы соглашаетесь с политикой конфиденциальности и обработки персональных данных