Personal data processing policy


I of .  General Provisions

II .  Application area

III . Definitions

IV . Legal bases and purposes of data processing

The V . Data processing principles and conditions

Vi . Rights and obligations of data subjects and  the company in terms of data processing

Vii .     Data protection requirements

VIII .   Terms of data processing (storage)

IX . Procedure for obtaining clarifications on data processing issues

The X . Features of the processing and protection of data collected by the enterprise using the Internet

XI . Final provisions


I of . General Provisions


1.1. This policy regarding the processing of personal data (hereinafter - the "Policy") has been prepared in accordance the laws of the Republic of Uzbekistan " About principles and guarantees of FOI " and "On Information" and determines the position of the family enterprise IE "JUMAEV INOMJON" (hereinafter - the "Company") in the field of processing and protection of personal data (hereinafter - "Data"), respect for the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrets. 


II . Application area


2.1. This Policy applies to the Data obtained both before and after the entry into force of this Policy. 

2.2. Understanding the importance and value of the Data, as well as taking care of the observance of the constitutional rights of citizens of the Republic of Uzbekistan and citizens of other states, the Company ensures reliable protection of the Data. 


III . Definitions


3.1. Data is understood as any information relating directly or indirectly to a specific or identifiable individual (citizen), i.e. such information, in particular, includes: name, year, month, date and place of birth, address, information about family, social, property status, information about education, profession, income, phone number, e-mail address for communication, information about candidates for vacant positions left by such candidates when filling out the questionnaire, including the information contained in the candidate's resume, as well as other information.

3.2. Data processing means any action (operation) or a set of actions (operations) with the Data performed using automation tools and / or without using such tools. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.

3.3. Data security means the Data security against unauthorized and / or unauthorized access to them, destruction, alteration, blocking, copying, provision, distribution of Data, as well as against other illegal actions in relation to the Data.


IV . Legal bases and purposes of data processing


4.1. The processing and security of the Data in the Enterprise is carried out in accordance with the requirements of the Constitution, Laws, the Labor Code of the Republic of Uzbekistan, bylaws, and other defining cases and features of data processing of the laws of the Republic of Uzbekistan, guidelines and methodological documents of the relevant bodies of the Republic of Uzbekistan.

4.2. The subjects of the Data processed by the Company are:

candidates for vacant positions, including candidates filling out a candidate's questionnaire on the Enterprise's Internet resource: https://easternfashion.shop ;

employees of the Enterprise, relatives of employees of the Enterprise, within the limits determined by the legislation of the Republic of Uzbekistan, if information about them is provided by the employee;

persons who are members of the management bodies of the Enterprise and are not employees;

individuals with whom the Company concludes agreements of a civil nature;

representatives of legal entities - contractors of the Enterprise;

participants in loyalty bonus programs;

clients - consumers, including visitors to the site belonging to the Company: https://easternfashion.shop  (hereinafter referred to as the “Site”), including for the purpose of placing an order on the Site with subsequent delivery to the client, recipients of delivery, adjustment services and installation of household appliances;

individuals whose Data is processed in the interests of third parties - Data operators on the basis of an agreement (instructions from Data operators).

4.3. The Enterprise processes the Data of the subjects in order to implement the functions, powers and duties assigned to the Enterprise by the legislation of the Republic of Uzbekistan in accordance with the laws, including but not limited to the Civil Code, the Tax Code, the Labor Code, the Family Code and other laws of the Republic of Uzbekistan, as well as data operators, the charter and local acts of the Company.

4.3.1. Employees in order to:

compliance with labor, tax and pension legislation of the Republic of Uzbekistan, namely:

- assistance to employees in employment, training and promotion;

- calculation and calculation of wages;

- organization of business trips (business trips) of employees;

- issuing powers of attorney (including for representing the interests of the Company to third parties);

- ensuring the personal safety of employees;

- control of the quantity and quality of work performed;

- ensuring the safety of property;

- compliance with the access control in the premises of the Enterprise;

- accounting of working hours; 

- use of various types of benefits in accordance with the Labor, Tax Codes and other laws of the Republic of Uzbekistan, as well as the Charter and regulations of the Enterprise;

- voluntary life, health and / or accident insurance.

4.3.2. Candidates for vacant positions in order to decide on the possibility of concluding an employment contract with persons applying for open vacancies.

4.3.3. Persons who are members of the management bodies of the Company, who are not employees, in order to fulfill the requirements provided for by law, including mandatory disclosure of information, audit, verification of the possibility of making transactions, including interested-party transactions and / or major transactions.

4.3.4. Individual counterparties for the purposes of:

conclusion and execution of a contract, one of the parties to which is an individual;

considering opportunities for further cooperation.

4.3.5. Representatives of legal entities - counterparties of the Enterprise for the purposes of negotiating, concluding and executing contracts under which the Data of employees of such a legal entity is provided for the purpose of executing an agreement in various areas of economic activity of the Enterprise.

4.3.6. Individuals whose Data is processed in the interests of third parties - Data operators on the basis of an agreement (instructions from Data operators) for the purpose of executing contracts - instructions from Data operators.

4.3.7. Relatives of the Company's employees in order to:

- compliance with the requirements of the legislation of the Republic of Uzbekistan; providing additional benefits;

participation in corporate events.

4.3.8. Members of loyalty bonus programs in order to:

providing information on goods, promotions, the state of the personal account;

identification of the participant in the loyalty program;

- ensuring the accounting procedure for the accumulation and use of bonuses;

fulfillment by the Company of obligations under the loyalty program.

4.3.9. Clients - consumers in order to: 

providing information on goods / services, ongoing promotions and special offers;

analysis of the quality of the service provided by the Company and improvement of the quality of customer service of the Company;

informing about the status of the order;

execution of the contract, including the sale and purchase agreement, including the one concluded remotely on the Site, the provision of paid services;

provision of services for the installation and connection of household appliances, as well as accounting for services provided to consumers for the implementation of mutual settlements;

delivery of the ordered goods to the client who made an order on the Site, return of the goods.


The V . Data processing principles and conditions


5.1. When processing Data, the Company adheres to the following principles:

Data processing is carried out on a lawful and fair basis;

The Data is not disclosed to third parties and is not disseminated without the consent of the Data subject, with the exception of cases requiring the disclosure of Data at the request of authorized state bodies, legal proceedings;

determination of specific legitimate purposes before the start of processing (including collection) of the Data;

only those Data are collected that are necessary and sufficient for the stated purpose of processing;

combining databases containing Data, the processing of which is carried out for purposes incompatible with each other is not allowed;

the processing of the Data is limited to the achievement of specific, predetermined and legitimate purposes;

The processed Data are subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by law.

5.2. The Company may include the Data of subjects in publicly available sources of Data, while the Company takes the written consent of the subject to process its Data.

5.3. The company does not process Data regarding race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.

5.4. The company may process data on the health status of the Data subject in the following cases:

1) in accordance with the legislation;

2) to protect the life, health or other vital interests of the employee or to protect the life, health or other vital interests of other persons and obtaining the consent of the Data subject is impossible;

3) to establish or exercise the rights of an employee or third parties, as well as in connection with the administration of justice;

4) in accordance with the legislation on compulsory types of insurance, with insurance legislation.

5.5. Biometric Data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity and which is used by the operator to establish the identity of the Data subject) are not processed in the Company.

5.6. The Enterprise does not carry out cross-border data transfers. 

5.7. In cases established by the legislation of the Republic of Uzbekistan, the Enterprise has the right to transfer Data to third parties (tax service and other state bodies).

5.8. The company has the right to entrust the processing of the Data of the Data subjects to third parties with the consent of the Data subject, on the basis of an agreement concluded with these persons.

5.9. Persons processing Data on the basis of an agreement concluded with the Company (operator's order) undertake to comply with the principles and rules for processing and protecting Data provided for by the Law. For each third party, the agreement defines a list of actions (operations) with the Data that will be performed by a third party processing the Data, the purposes of processing, the obligation of such a person to maintain confidentiality and ensure the security of the Data during their processing is established, the requirements for protecting the processed Data are specified in accordance with with the Law.

5.10. In order to fulfill the requirements of the current legislation of the Republic of Uzbekistan and its contractual obligations, the processing of Data in the Company is carried out both with and without the use of automation tools. The set of processing operations includes collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Data.

5.11. It is prohibited in the Company to make decisions on the basis of solely automated processing of the Data that give rise to legal consequences in relation to the Data subject or otherwise affect his rights and legitimate interests, with the exception of cases provided for by law.


Vi . Rights and obligations of data subjects and  the company in terms of data processing


6.1. The subject whose Data is processed by the Company has the right to receive from the Company:

- confirmation of the fact of processing of the Data and information about the availability of Data related to the relevant Data subject;

- information on the legal basis and purposes of the Data processing;

- information about the data processing methods used by the Company;

- information about the name and location of the Enterprise;

- information about persons (excluding employees of the Company) who have access to the Data or to whom the Data can be disclosed on the basis of an agreement with the Company or on the basis of law; 

- a list of processed Data related to the Data subject, and information about the source of their receipt, unless another procedure for providing such Data is provided for by law; 

- information about the terms of Data processing, including the terms of their storage; 

- information on the procedure for exercising by the Data subject of the rights provided for by the Law;

- name (full name) and address of the person processing the Data on behalf of the Company;

- other information provided for by the Law or other regulatory legal acts of the Republic of Uzbekistan;

require the Company to clarify its Data, block it or destroy it if the Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;

revoke your consent to the processing of Data at any time;

demand the elimination of illegal actions of the Company in relation to its Data;

to appeal against the actions or inaction of the Company to the relevant authorities or in court if the Data subject believes that the Company is processing his Data in violation of the requirements of the Law or otherwise violates his rights and freedoms;

to protect their rights and legitimate interests, including compensation for damages and / or compensation for moral damage in court.

6.2. The company in the process of processing the Data is obliged to:

to provide the Data subject, upon his request, with information regarding the processing of his personal data, or legally provide a refusal within thirty days from the date of receipt of the request from the Data subject or his representative;

explain to the Data subject the legal consequences of refusing to provide Data if the provision of Data is mandatory in accordance with the law;

prior to the start of data processing (if the Data was not received from the Data subject), provide the Data subject with the following information, except for cases provided for by the legislation of the Republic of Uzbekistan:

1) name or surname, first name, patronymic and address of the Enterprise or its representative;

2) the purpose of the Data processing and its legal basis;

3) intended users of the Data;

4) the rights of Data subjects established by the Law;

5) the source of obtaining the Data.

take the necessary legal, organizational and technical measures or ensure their adoption to protect the Data from unauthorized or accidental access to them, destruction, alteration, blocking, copying, provision, distribution of Data, as well as from other illegal actions in relation to the Data;

publish on the Internet and provide unrestricted access using the Internet to the document defining its policy in relation to the processing of Data, to information about the implemented data protection requirements;

provide data subjects and / or their representatives free of charge the opportunity to familiarize themselves with the Data when submitting an appropriate request within 30 days from the date of receipt of such a request;

to block unlawfully processed Data related to the Data subject, or to ensure their blocking (if the Data processing is carried out by another person acting on behalf of the Enterprise) from the moment of contacting or receiving a request for a verification period, in case of unlawful processing of Data when the Data subject or his a representative or at the request of the Data subject or his representative or an authorized body for the protection of the rights of personal data subjects;

clarify the Data or ensure their clarification (if the Data processing is carried out by another person acting on behalf of the Enterprise) within 7 working days from the date of submission of the information and remove the blocking of the Data, in case of confirmation of the fact of inaccuracy of the Data based on the information provided by the Data subject or his representative;

stop the illegal processing of the Data or ensure the termination of the illegal processing of the Data by a person acting on behalf of the Company, in case of revealing the illegal processing of the Data carried out by the Company or a person acting on the basis of an agreement with the Company, within a period not exceeding 3 working days from the date of this identification;

stop processing the Data or ensure its termination (if the processing of the Data is carried out by another person acting under a contract with the Company) and destroy the Data or ensure their destruction (if the processing of the Data is carried out by another person acting under a contract with the company) to achieve the purpose of processing the Data, unless otherwise is not provided for by an agreement to which the Data subject is a party, beneficiary or guarantor, if the purpose of the Data processing is achieved;

stop processing the Data or ensure its termination and destroy the Data or ensure their destruction if the Data subject withdraws consent to the processing of the Data, if the Company is not entitled to process the Data without the consent of the Data subject;

keep a log of the requests of the subjects of personal data, which should record the requests of the subjects of the data to receive the Data, as well as the facts of providing the Data on these requests. 


Vii . Data protection requirements


7.1. When processing the Data, the Company takes the necessary legal, organizational and technical measures to protect the Data from unauthorized and / or unauthorized access to them, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other illegal actions in relation to the Data.

7.2. Such measures include, in particular:

appointment of the person responsible for organizing the processing of the Data and the person responsible for ensuring the security of the Data;

development and approval of local acts on the processing and protection of Data;

application of legal, organizational and technical measures to ensure data security:

1) identification of threats to the security of the Data during their processing in personal data information systems;

2) the application of organizational and technical measures to ensure the security of the Data during their processing in the information systems of personal data, necessary to fulfill the requirements for the protection of the Data, the implementation of which is ensured by the levels of Data security established by the Legislation and the Government of the Republic of Uzbekistan;

3) the application of the procedure for assessing the conformity of information protection means that have passed in the prescribed manner;

4) assessment of the effectiveness of measures taken to ensure the security of the Data prior to the commissioning of the personal data information system;

5) accounting of machine data carriers, if the storage of the Data is carried out on machine data carriers;

6) detection of facts of unauthorized access to the Data and taking measures to prevent similar incidents in the future;

7) recovery of Data, modified or destroyed due to unauthorized access to them;

8) establishment of rules for access to the Data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with the Data in the personal data information system.

control over the measures taken to ensure data security and the level of security of personal data information systems;

assessment of harm that may be caused to Data subjects in case of violation of the requirements of the Law, the ratio of this harm and measures taken by the Company aimed at ensuring the fulfillment of obligations provided for by the Legislation;

compliance with the conditions that exclude unauthorized access to the material data carriers and ensure the safety of the Data;

familiarization of the employees of the Company who directly process the Data with the provisions of the legislation of the Republic of Uzbekistan on Data, including the requirements for data protection, local acts on the processing and protection of Data, and training of employees of the Company.


VIII . Terms of data processing (storage)


8.1. The terms of processing (storage) of the Data are determined based on the purposes of processing the Data, in accordance with the term of the agreement with the Data subject, the requirements of the legislation, the requirements of the Data operators on whose behalf the Enterprise processes the Data, the basic rules for the work of the archives of organizations, the limitation period.

8.2. Data, the processing (storage) period of which has expired, must be destroyed, unless otherwise provided by law. The storage of the Data after the termination of their processing is allowed only after their depersonalization.


IX . Procedure for obtaining clarifications on data processing issues


9.1. Persons whose Data is processed by the Enterprise can receive clarifications on the processing of their Data by contacting the Enterprise personally or by sending a written request to the location of the Enterprise: 7-A, Ipakchi st, Marghilan, Uzbekistan

9.2. In the case of sending an official request to the Company, the text of the request must indicate:

surname, name, patronymic of the Data subject or his representative;

number of the main identity document of the Data subject or his representative, information on the date of issue of the specified document and the issuing authority;

information confirming that the Data subject has relations with the Company;

information for feedback in order to send the Enterprise a response to the request;

the signature of the Data subject (or his representative). If the request is sent in electronic form, then it must be executed in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Republic of Uzbekistan.


The X .  Features of the processing and protection of data collected by the enterprise using the Internet


10.1. The company processes and protects the Data received from users of the Site, including the Data of Applicants for vacant positions from the resource: https://easternfashion.shop . (hereinafter collectively - the Site), as well as arriving at the corporate mail addresses of the Company ending with support@easternfashion.shop.

10.2. Data collection There are two main ways in which the Company obtains Data via the Internet:

10.2.1. Submission of Data (including last name, first name, position, place of work, position, contact phone number, e-mail address, address, etc.) by subjects by filling out the appropriate forms on the Site and by sending e-mails to the corporate addresses of the Company.

10.2.2. Automatically collected information The Company may collect and process information that is not personal data: 

information about the interests of users on the Site based on the entered search queries of the Site users about the products sold and offered for sale by the Company in order to provide up-to-date information to the customers of the Company when using the Site, as well as generalization and analysis of information about which sections of the Site and products are in greatest demand among clients of the Company;

processing and storing search queries from users of the Site in order to summarize and create client statistics on the use of sections of the Site. The company automatically receives some types of information obtained in the process of user interaction with the Site, correspondence by e-mail, etc. We are talking about technologies and services, such as web protocols, cookies, web marks, as well as applications and tools of the specified third sides.

A cookie is a piece of data that is automatically stored on your computer's hard drive every time you visit a website. Thus, a cookie is a unique browser identifier for a website. Cookies make it possible to store information on the server and make it easier to navigate the web space, as well as allow you to analyze the site and evaluate the results. Most web browsers allow the use of cookies, but you can change your settings to opt out of cookies or track the path they are sent. However, some resources may not work correctly if cookies are disabled in the browser.

Web marks. Business may use "web tagging" technology (also known as "tags" or "fine GIF technology") on certain web pages or emails. Web landmarks help analyze the performance of websites, for example by measuring the number of site visitors or the number of “clicks” made on key positions on a site page. At the same time, web marks, cookies and other monitoring technologies do not make it possible to automatically receive Data. If the user of the Site, at his own discretion, provides his Data, for example, when filling out a feedback form or sending an e-mail, then only then the processes of automatic collection of detailed information are launched for the convenience of using the websites and / or to improve interaction with users.

10.3. Use of Data The enterprise has the right to use the provided Data in accordance with the stated purposes of their collection, subject to the consent of the Data subject, if such consent is required in accordance with the requirements of the legislation of the Republic of Uzbekistan in the field of Data. 

The obtained Data in a generalized and impersonal form can be used to better understand the needs of buyers of goods and services sold by the Company and improve the quality of service.  

10.4. Transfer of Data The company may entrust the processing of Data to third parties only with the consent of the Data subject. 

Also, Data may be transferred to third parties in the following cases:

a) as a response to legitimate requests from authorized state bodies, in accordance with laws, court decisions, etc.

b) the data cannot be transferred to third parties for marketing, commercial and other similar purposes, except in cases of obtaining the prior consent of the Data subject.

10.5. The site contains links to other web resources, which may contain useful and interesting information for the Site users, including links to resources such as: https://easternfashion.shop . However, this Policy does not apply to such other sites. Users who follow links to other sites are advised to familiarize themselves with the Data processing policies posted on such sites.

10.6. The User of the Site may at any time revoke his consent to the processing of Data by sending an e-mail to the e-mail address: https://easternfashion.shop, Or by sending a written notification to the address of the Company: 7-A, Ipakchi st, Marghilan, Uzbekistan. After receiving such a message, the processing of the User's Data will be terminated, and his Data will be deleted, unless the processing can be continued in accordance with the law


XI . Final provisions


11.1. This Policy is a local regulatory act of the Company.

11.2. This Policy is publicly available. The general availability of this Policy is ensured by publication on the Site of the Enterprise.

11.3. This Policy may be revised in any of the following cases:

when changing the legislation of the Republic of Uzbekistan in the field of processing and protection of personal data;

in cases of receipt of instructions from the competent state bodies to eliminate inconsistencies affecting the scope of the Policy;

by decision of the management of the Enterprise;

when the purposes and terms of Data processing change;

when changing the organizational structure, structure of information and / or telecommunication systems (or introducing new ones);

when applying new technologies for processing and protecting Data (including transmission, storage);

when it becomes necessary to change the data processing process related to the activities of the Company.

11.4. In case of failure to comply with the provisions of this Policy, the Company and its employees are liable in accordance with the current legislation of the Republic of Uzbekistan.

11.5. Control over the implementation of the requirements of this Policy is carried out by persons responsible for organizing the processing of the Enterprise's Data, as well as for the security of personal data.