Policy on the protection and processing of personal data of users of CLICK JSC services (hereinafter CLICK™)
1. Terms and Definitions
Automated personal data processing - processing of personal data by means of computer technology.
Blocking of personal data - temporary termination of personal data processing (except when processing is necessary to clarify personal data).
Personal Data Information System (PDIS) - a set of personal data contained in electronic databases and information technology and technical means to ensure their processing.
Confidentiality of personal data - the mandatory requirement for CLICK or any other person who has access to personal data to prevent its dissemination without the consent of the personal data owner or other lawful basis.
Processing of personal data - any action (operation) or set of actions (operations) performed with or without the use of automation with personal data, including the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, removal, destruction of personal data.
Depersonalisation of personal data - actions that make it impossible, without the use of additional information, to determine the identity of the personal data to a specific personal data owner.
Pseudonymization and anonymized personal data - processing of personal data that is carried out in such a way that the personal data can no longer be linked to a specific data subject without the use of additional information, provided that the additional information is contained separately and technical and organizational measures are applied to ensure that the personal data is not linked to an identified or identifiable person.
Personal data - any information relating directly or indirectly to an identified or identifiable individual (personal data owner).
CLICK services user - an individual entrepreneur; an individual registered as self-employed; a legal entity (represented by the Sole Executive Body, a proxy (acting under power of attorney)); non-profit organization (NPO) (represented by the Head or a proxy), which has performed actions for registration in the My Account on the Website or in the CLICK Services, having its personal (profile/account); payer (an individual), using the CLICK System according to its functionality.
User Information - any information pertaining to the User, including the Users personal data specified in the Questionnaire (if completed), documents to be provided by CLICK when registering in the System, as well as for the purposes of carrying out Transactions.
Provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain group of people.
Dissemination of personal data - actions aimed at disclosure of personal data to an indefinite group of people.
Services - Website located on the Internet at: https://click.uz, Telegram bot @CLICKUZ, mobile application CLICK™ SUPERAPP, mobile application CLICK™ START.
Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and/or as a result of which the material media of personal data are destroyed.
Law - Law dated 02.07.2019 No. ЗРУ-547 On Personal Data (hereinafter - Personal Data Law).
2. General Provisions
2.1. CLICK operates as a payment organization, which, among other things, provides information exchange services, provides information and technological interaction between the Settlement Participants when carrying out transactions through the CLICK System, and is also an operator of the CLICK electronic money system.
The relationship between CLICK and the Users is built on a contractual basis and is determined by the provisions of the Contracts concluded with them.
In accordance with the terms of the Agreement, CLICK processes the personal data of the Users in order to identify them within the framework of the Law dated 26.08.2004 No. 660-II Prevention of Money Laundering, Terrorism Financing and Financing of Weapons of Mass Destruction Proliferation and the Law dated 01.11.2019 No. ЗРУ-578 On Payments and Payment Systems both before the User signs any Contracts (Agreements) with CLICK and in the process of interaction under the signed Contracts (Agreements).
2.2. This Policy on the Protection and Processing of Personal Data (hereinafter the Policy) establishes the procedure for processing and protecting of the personal data of Users registering in the CLICK Services.
Before registering in the CLICK Services, the User must review the terms of this Policy.
The User, by marking the appropriate form, expresses his full Consent to the terms of this Policy.
2.3. The Policy is developed in accordance with the Constitution of the Republic of Uzbekistan, the Civil Code of the Republic of Uzbekistan, the current legislation of the Republic of Uzbekistan in the field of personal data protection.
2.4. The policy shall remain in effect until it is repealed or revised.
This Policy is published freely available in the information and telecommunications network of the Internet in the CLICK services.
2.5. The purposes of this Policy:
- Ensuring the protection of human and civil rights and freedoms in the processing of personal data, including the protection of rights to privacy, personal and family secrets;
- Elimination of unauthorized actions (unauthorized or accidental access) of any third parties to personal data of Users, as well as destruction, modification, blocking, copying and distribution of personal data;
- Ensuring the legal and regulatory regime of confidentiality and control of personal information of Users in the Services;
- Protection of the constitutional rights of citizens to personal privacy, confidentiality of information constituting personal data, and prevention of the possible threat to the safety of Users registered in My Account.
2.6. Principles of personal data processing:
- processing of personal data must be lawful and fair;
- processing of personal data should be limited to achievement of specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purpose of personal data collection is not allowed;
- The content and scope of processed personal data must be consistent with the stated processing purposes. Processed personal data must not be excessive in relation to the stated purposes of its processing;
- when processing personal data, the accuracy of personal data, its adequacy and relevance in relation to the purposes of personal data processing must be ensured;
- storage of personal data shall not be longer than required by the purposes of personal data processing, unless the period of storage of personal data is established by law, the Contract, the Agreement or the User Agreement, to which the User is a party.
2.7. CLICK does not perform trans-border transfer of personal data
3. Personal Details of the Users
3.1. The User independently provides (when using the System) the following data:
Legal entities
- a list of identifying information. Persons performing legally significant actions on behalf and in the interests of legal entities are subject to identification, namely the head, founder, proxy (acting on the basis of a power of attorney) and the beneficial owner.
The User shall fill in the relevant electronic forms of Questionnaires on the System Website, in which personal data of the Head, Beneficial Owner, the Person authorized to act on behalf of the Company on the basis of a power of attorney or other document (if any) are indicated:
- last name, name and patronymic (if any)
- nationality,
- details of the identity document (passport/ID-card series and number, name of the issuing authority, date of issue, registration address),
- actual residence address,
- Personal Identification Number.
In addition, the User shall enclose scans of corporate documents of the Company to the Questionnaire forms:
- Resolution (Minutes) on establishment (creation) of a legal entity,
- Resolution (Minutes) on election of the Sole Executive Body of the Company,
- Order on assuming of the position of the Sole Executive Body of the Company,
- Charter,
- Certificate of state registration of the legal entity, as well as a scan of the Power of Attorney of the authorized representative of the legal entity (if any).
Non-profit organization (NPO) (represented by the Head or a proxy):
The User shall fill in the relevant electronic form of Questionnaire on the System Website, in which personal data of the Head, the Person authorized to act on behalf of the Company on the basis of a power of attorney or other document (if any) are indicated:
- last name, name and patronymic (if any)
- nationality,
- details of the identity document (passport/ID-card series and number, name of the issuing authority, date of issue, registration address),
- actual residence address,
- Personal Identification Number.
In addition, the User shall enclose scans of corporate documents of the Company to the Questionnaire forms:
- Resolution (Minutes) on establishment (creation) of the Company,
- Resolution (Minutes) on election of the Sole Executive Body of the Company,
- Order on assuming of the position of the Sole Executive Body of the Company,
- Charter,
- Certificate of state registration of the legal entity, as well as a scan of the Power of Attorney of the authorized representative of the Company (if any).
Sole proprietor
The User shall fill in the relevant electronic form of Questionnaire on the System Website, indicating the following:
- last name, name and patronymic (if any)
- nationality,
- details of the identity document (passport/ID-card series and number, name of the issuing authority, date of issue, registration address),
- actual residence address,
- Personal Identification Number.
- cell phone number,
- e-mail address,
- Certificate of state registration.
An individual registered as self-employed person:
The User shall fill in the relevant electronic form of Questionnaire on the System Website, indicating the following:
- last name, name and patronymic (if any)
- details of the identity document (passport/ID-card series and number, name of the issuing authority, date of issue, registration address),
- Personal Identification Number.
- certificate of registration at the tax authorities as a self-employed person.
Payer (an individual who transfers funds by wire transfer and uses an e-wallet):
- cell phone number,
- bank card number,
- date of birth
- Personal Identification Number.
For digital identification:
- biometric passport or ID-card,
- Personal Identification Number.
- date of birth
- photo and/or video recording of the Payer.
All information provided by the User must be valid as of the date of receipt of such information by CLICK.
3.2. The User provides CLICK with the necessary accurate and valid User information to form a My Account.
3.3. Upon receipt of the Information, CLICK checks the provided Information for completeness and accuracy, verifies the authenticity (validity) of the submitted documents, and matching of the submitted documents with the information and data specified in the electronic form of the Questionnaire. For these purposes, CLICK uses information contained in the open information systems of public authorities of the Republic of Uzbekistan, posted on the Internet and other bodies.
3.4. Automatically collected data:
- IP-address,
- cookie data,
- information about the Users browser, technical characteristics of the hardware and software used by the User,
- date and time of access to the site, addresses of requested pages and other similar information.
When you browse the CLICK websites, the following de-identified statistical data about you are automatically collected (from cookies), including:
- type of action performed on the Services website (click, rollover, etc.);
- date and time of the action;
- page URL;
- Referer;
- IP (without the ability to work with IP addresses in statistics);
- User-Agent;
- ClientID (browser ID by cookie);
- screen resolution;
- the class of the HTML element clicked;
- data about the information viewed by the User in the CLICK Services interface;
- Data on the facts of filling in of forms/applications on websites of Services, including errors in filling in.
3.5. The personal data specified in clause 3.1 of the Policy is processed for the purposes:
- Identification of Users as part of performance by CLICK of its obligations under the Agreement,
- Ensuring performance by CLICK of the User Agreement, the Agreements (Contracts) for use of the CLICK Services to which the User is a party.
As well as to provide User access to My Account and to perform operations provided for by the services of My Account, to provide personalized services, to improve the quality of the Site, to conduct statistical and other research on the basis of anonymized personal data.
4. Confidentiality of Personal Data
4.1. Information listed in Article 3 of this Policy is confidential. CLICK ensures the privacy of personal data.
4.2. All measures of confidentiality in the collection, processing and storage of personal data of Users apply to both paper and electronic (automated) media.
4.3. The confidential treatment of personal data is removed in cases of depersonalization or its publication in such sources as the media, the Internet and other public registries.
5. Rights of the User (Personal Data Owner).
5.1. The User has the right to receive information from CLICK, about its location, about the possession by CLICK of personal data relating to the relevant Personal Data Owner, and to become acquainted with such personal data.
5.2. The User has the right to request CLICK to clarify his/her personal data, to block or destroy it if the personal data is incomplete, outdated, unreliable, illegally obtained or are not required for the stated purpose of its processing, and to take measures stipulated by law to protect his/her rights.
5.3. Information about the availability of personal data, must be provided to the CLICK User in an accessible form, and it must not contain personal data relating to other Personal Data Owners.
5.4. CLICK provides access to his or her personal data to the User or his or her legal representative in person or upon receipt of a written request from the Personal Data Owner or his or her legal representative.
The request must contain the number of the basic identity document of the User or its legal representative, information about the date of issue of the said document and the issuing authority, and the handwritten signature of the User or its legal representative. The request can be sent electronically, through My Account on the Site.
5.5. The User has the right to receive the following information from CLICK when contacted in person or when CLICK receives a written request from the User concerning the processing of his or her personal data, including information containing
- confirmation of the processing of personal data by CLICK and the purpose of such processing;
- CLICKs methods of processing of personal data;
- the name and location of CLICK, information about the persons who have access to personal data or to whom such access may be granted;
- the list of processed personal data and the source of receipt thereof;
- the terms of processing of personal data, including the terms of storage thereof;
- Information about what legal consequences for the Personal Data Owner may result from the processing of their personal data.
5.6. The Personal Data Owner has the right to withdraw consent to the processing of personal data, to limit the ways and forms of processing of personal data, to prohibit the dissemination of personal data without his/her consent.
5.7. The Personal Data Owner has the right to appeal the actions or omissions of CLICK to the authorized body for the protection of the rights of Personal Data Owners or in court.
The Personal Data Owner has the right to the protection of his/her rights and legitimate interests, including compensation for losses and compensation for moral damage in court.
6. Processing of Personal Data
6.1. CLICK shall process personal data solely for the purposes set forth in the Policy, the Contracts entered into with the User and internal regulations of the CLICK.
6.2. Personal data processing by CLICK includes:
collection, storage, clarification (updating, modification), transfer (provision, distribution, access), depersonalization, blocking, destruction and protection against unauthorized access.
6.3. Personal data are processed by:
mixed (including automated) processing.
7. Destruction of Personal Data
7.1. Destruction of personal data means actions that make it impossible to restore the content of personal data. In the process of destruction of personal data, physical data media are destroyed.
7.2. The Personal Data Owner has the right to demand in writing the destruction of his/her personal data.
In the event of a relevant request by the Personal Data Owner, CLICK shall be obliged to make the necessary changes, to destroy personal data upon submission by the Personal Data Owner or his/her legal representative of information confirming that the personal data concerning the relevant Owner and processed by CLICK are incomplete, outdated, unreliable, illegally obtained or are not required for the stated purpose of processing.
7.3. CLICK shall notify the Personal Data Owner or his/her legal representative and the third parties to whom this Personal Data Owners personal information has been communicated of the changes made and of the measures taken.
7.4. CLICK will destroy the Users personal information no later than seven (7) business days after receipt of a written request from the User.
7.5. Personal data are destroyed by erasing information using certified software with guaranteed destruction.
7.6. If it is not possible to destroy personal data, CLICK will block such personal data.
7.7. In the event of a written request to CLICK by the User for the destruction of relevant information on personal data, CLICK will cease processing the Users personal data, with the exception of the storage and blocking operation.
7.8. In this case, the User acknowledges and agrees that from the moment of sending of the appropriate request, the use of My Account and (or) certain Services, according to their intended purpose, becomes impossible or the possibility of such use is limited.
8. Blocking of Personal Data
8.1. The blocking of personal data means the temporary termination by CLICK of data processing operations at the request of the User if the User discovers unreliability of the processed data or unlawful actions in relation to his/her data, in the opinion of the Personal Data Owner.
8.2. Personal data on the Site are blocked on the basis of a written request from the Personal Data Owner.
8.3. In this case, the User acknowledges and agrees that from the moment of sending of the personal data blocking request, the use of My Account and (or) certain Services, according to their intended purpose, becomes impossible or the possibility of such use is limited.
9. Transfer of Personal Data
9.1. Personal data may be transferred to third parties in the following cases:
9.1.1. The User has expressly consented to such actions;
9.1.2. The transfer is required for the use of a particular CLICK Service or CLICK partner service, including the execution of the Users order, in particular:
9.1.2.1. Banks of the RUz, credit organizations and other organizations involved in making transfers and/or settlements (payments) in the territory of the RUz.
In order to maintain an appropriate level of security for online payments made using bank cards, CLICK may transmit information, the list of which is established by the security protocols of payment systems, to the acquiring banks/issuers and payment systems.
Transmission of information may be:
- obligatory - information about the Users equipment: IP address, OS, geographic data, hardware ID/type, channel used: browser/application, payment authorization, identification/verification;
- optional - information about address matching indicators; information about the account in the providers system; e-mail address; cell phone number; payment amount; risk level set by the provider of the payment system.
9.1.2.2. CLICK marketing partners and other contractors.
- a. CLICK may provide access to anonymized data about the Users payment transactions, which are the basis for the CLICK partner to determine the possibility of providing discounts (bonuses), incentives due to the fulfillment of certain conditions established by the CLICK partner, as well as about the Loyalty Program Member Bonus Account when such access is due to the possibility of provision of additional conditions for the use of Privileges to the User;
- b. CLICK may provide access to the Users email address, allowing the CLICK partner to ensure the transmission of a fiscal or other document required by the legislation of the Republic of Uzbekistan;
When the User uses the functionality and services provided by CLICK partners, information about the User may be provided to such persons to the extent and for the purposes necessary to properly provide the services to the User or to make them more convenient to use, including, but not limited to, pre-filling of registration forms to speed up the registration process in the services provided by CLICK partners.
9.1.2.3. Partners who provide data storage.
9.1.2.4. Partners, state authorities of RUz, involved in ensuring security and/or preventing actions, using the CLICK services that contradict the requirements of the applicable legislation of RUz, international agreements or the Policy.
9.2. Transfer, distribution of personal data is carried out by CLICK on the basis of the consent of the Personal Data Owner (the User) to the transfer of personal data, which he/she gives when accepting the Offer.
9.3. CLICK may, at its own discretion and without the prior consent of the Users, provide limited access for third parties to anonymized, aggregated data after their pseudonymization for marketing and other research, as well as other non-personal data that allows for the transmission of advertising to the User, including that of third-party organizations, which is relevant and/or may be of interest to the User;
Personal data are transfer to government agencies within their authority in accordance with the laws of the Republic of Uzbekistan.
10. Storage of Personal Data
10.1. Personal data of Users are stored in electronic form on the territory of the Republic of Uzbekistan.
10.2. Personal data of Users shall be stored no longer than required by the purposes of processing of personal data, unless a different period of storage of personal data is not established by law, the Contract or the User Agreement.
10.3. CLICK shall retain documents and information containing personally identifiable information for at least 5 (five) years from the date of termination of legal relations (term of the Agreement).
Thus, for a period of five years from the date of termination of the relationship, the personal data of Users are processed only in terms of storage.
11. Protection of Personal Data of the Users
11.1. CLICK takes the necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution of personal data, as well as from other unlawful actions when processing personal data of Users.
12. Final provisions
12.1. In case of changes in the current legislation of the Republic of Uzbekistan, changes in regulatory documents on protection of personal data, this Policy is valid in the part that does not contradict the current legislation until it is brought in line with such.
12.2. The terms of this Policy shall be set, amended and revoked unilaterally by CLICK without prior notice to the User. The previous version of this Policy shall be deemed null and void as of the date a new version of the Policy is posted on the Site. In the event of material changes to the terms of this Agreement, CLICK shall notify Users by posting an appropriate notice on the Site.