Privacy and Personal Data Protection Policy

1.1. This Privacy Policy (hereinafter referred to as the Policy) applies to all information that the Operator receives about the Customer in the course of using the ZOOD Service or other services and/or Services and/or Goods within the ZOOD ECOSYSTEM.

1.2. Using the services of the ZOOD Service or other services and/or Services and/or Goods within the ZOOD ECOSYSTEM means the unconditional consent of the Customer to this Policy and the conditions for processing information about the Customer specified therein. In case of disagreement with these terms, the Customer must refrain from using the ZOOD Service or other services and / or Services and / or Goods within the ZOOD ECOSYSTEM.

1.3. The Operator has the right to unilaterally make changes to this Policy in accordance with the User Agreement.

2.1. In order to provide services to Clients under this User Agreement, the Operator receives and processes the following data:

2.1.1. Personal data of the Customer, including last name, first name and patronymic (unless otherwise follows from the law or national custom) of the Customer, citizenship, date of birth, details of the Customer’s identity document, personal identification number of an individual (PINFL), individual taxpayer number (TIN), address of residence (registration) or place of stay of the Customer, subscriber telephone number allocated to the Customer by the telecom operator, as well as other information that allows directly and/or indirectly to identify the Customer.

2.1.2. Data on all stages of interaction with the ZOOD Service, obtained automatically from the Device from which the ZOOD Service is accessed, including, but not limited to:

(a) Information about phone numbers from the address book of the device (used to facilitate the Customer's money transfer transactions, accounting for these transactions, etc.)

(b) Information about the location of the Customer's device (based on data from the mobile operator's network and GPS signals, it is used to inform about additional services available to the Client and due to its location, collect analytics on the use of the application depending on the location, etc.)

(c) Photo images taken using the camera and stored in the device’s memory (for filling out a profile, identification, reading QR codes, etc.)

(d) Information about Customer's mobile device, such as mobile device model, operating system version, unique device identifiers, as well as mobile network data and mobile phone number.

(e) Information about the Transactions performed, such as the place, time and amount of the Transactions performed, the type of payment method, information about the Merchant from which the Goods were purchased, as well as other information related to the performance of the above Operations.

2.1.3. Data about the Customer obtained within the framework of agreements concluded by the Operator with Partners for the purpose of providing services to Customers by the Operator or the relevant Partners, including, but not limited to, Credit Information.

2.1.4. Data received from the Customer at the time of communication with the Customer via telephone, interactive voice messaging systems (IVR and similar systems) or services of telephone notification centers (contact or call centers).

2.1.5. Using any Service provided by the Operator, the Customer agrees that the Operator may use the data for their subsequent processing by automated systems and may receive and transfer to counterparties and Partners of the Operator to provide services to Customers.

2.2. By accepting this information, the Operator proceeds from the fact that this information was obtained legally, and its transfer to the Operator was carried out with the permission of the Customer.

2.3. The Operator guarantees that any third party (counterparties and Partners) gaining access to the Customer's data obtained in accordance with this Policy will ensure unconditional compliance with the terms of this Policy and data protection in accordance with this Policy.

2.4. The Operator may receive publicly available information when the Customer uses third-party resources

2.5. The Operator is not able to verify the Customer's legal capacity, and also does not verify the information provided by the Customer. The Operator proceeds from the fact that the Customer has provided sufficient, reliable and up-to-date information about him/herself.

3.1. The Operator collects and stores only that personal information that is necessary for the provision of Services within the ZOOD ECOSYSTEM or the execution of other agreements with the Customer, except when the law provides for the mandatory receipt and storage of certain personal information. The storage of personal information is carried out no longer than required by the purposes of processing, unless the period of storage of such personal information is established by the legislation of the Republic of Uzbekistan or this Policy.

3.2. The Customer's personal data may be used for the following purposes:

3.2.1. Execution of agreements with the Operator, as well as agreements concluded with counterparties and Partners of the Operator, including for the purpose of identification / simplified identification, E-KYC processes, Operator Scoring, Bank scoring, as well as providing the Customer with the opportunity to use all available services within the ZOOD ECOSYSTEM;

3.2.2. Communication with the Customer, processing incoming requests from the Customer, including the subsequent transfer of such requests and requests for execution to the Partners of the Operator;

3.2.3. Identification of Customers in accordance with the Rules and other acts of legislation and regulations, in accordance with which the Operator and/or its respective Partner may be assigned the relevant powers and responsibilities;

3.2.4. Taking measures to counter the legalization of proceeds from crime, the financing of terrorism and the financing of the proliferation of weapons of mass destruction, including due diligence and customer identification;

3.2.5. Identification and (or) prevention of conditions that facilitate the commission of actions using the ZOOD Service that contradict the requirements of the law and this Policy;

3.2.6. Offering personalized Services to Customers within the ZOOD ECOSYSTEM;

3.2.7. Conducting statistical and other research based on anonymized data;

3.2.8. Carrying out marketing campaigns for Customers, including for the purpose of distributing offers to participate in promotions initiated by the Operator jointly with Merchants and / or other Partners and receiving prizes / rewards provided for by the corresponding promotion;

3.2.9. Distribution of advertising and information materials, including targeting of advertising materials and other information delivered to the Customers;

3.2.10. Improving the quality of the Operator's Services, the convenience of their use, the development of new services.

3.2.11. Ensuring the fulfillment of the Customer’s obligations in the event of an Overdue Debt.

4.1. The Operator takes the necessary and sufficient organizational and technical measures to protect the Customer’s information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties with it.
In particular, the Operator is constantly improving the ways of collecting, storing and processing data, including physical security measures, to counter unauthorized access to the Operator's systems for the purpose of theft of property, phishing and other types of fraud. The Operator also limits the access of employees, contractors and agents to the information of Customers, providing for strict contractual obligations in the field of confidentiality, for the violation of which sanctions and penalties are provided.

4.2. The Operator has the right to transfer the Customer's personal data to third parties (including cross-border data transfer) in the following cases:

4.2.1. The transfer is necessary to provide the Customer with services, Services within the ZOOD ECOSYSTEM, as well as the Services of Partners and counterparties of the Operator.

4.2.2. Transfer of information to the Partners of the Operator, including affiliates, within the framework of joint projects;

4.2.3. The transfer of information to third parties is necessary for the proper fulfillment by the Operator of an agreement or contract with this Customer;

4.2.4. Transfer of information to third parties that support the services of the Operator to the extent necessary for the implementation of such technical support;

4.2.5. The transfer is provided for by the legislation of the Republic of Uzbekistan;

4.2.6. The transfer occurs as part of the sale or other transfer of the business (in whole or in part), while all obligations to comply with the terms of this Policy are transferred to the acquirer;

4.2.7. In order to ensure the possibility of protecting the rights and legitimate interests of the Operator or third parties in cases where the Operator has reasonable grounds to believe that the Customer violates the requirements of applicable law;

4.2.8. Data obtained from publicly available sources.

4.3. Third parties undertake to comply with the terms of this Policy.

4.4. The Operator has the right to distribute and / or provide third parties with access to information about the Customer without any restrictions after the processing of the relevant information, which resulted in the removal of information that allows the identification of the Customer (depersonalization of information), as well as after the statistical processing of this information.

4.5. The Operator has the right to use information about the Customer for the purposes of analyzing the interests and preferences of its audience, adapting the Operator's Services according to the results obtained from the above analysis, as well as for the purposes of advertising on the Internet to the extent necessary to display it to the target audience.

5.1. The Customer has the right:

5.1.1. be aware of the availability of the Operator, as well as a third party, of their personal data and their composition;

5.1.2. receive, upon request, information on the processing of personal data from the Operator;

5.1.3. receive information about the conditions for granting access to their personal data from the Operator;

5.1.4. apply for protection of rights and legitimate interests in relation to their personal data to the authorized state body or court;

5.1.5. give consent to the processing of their personal data and withdraw such consent, except as otherwise provided by the Law "On Personal Data";

5.1.6. give consent to the Operator, as well as to a third party, to distribute their personal data in publicly available sources of personal data;

5.1.7. require the Operator to temporarily suspend the processing of their personal data, if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the purposes of processing.

5.2. The Customer's right to access data processed by the Operator is confirmed by the Customer's request to the Operator. The Operator has the right, when identifying the Customer and having doubts about the identification of the Customer, to request from the Customer additional information necessary for the true identification of the Customer.

5.3. Customer data that is made public by the Customer or obtained from a public source shall not be provided to the Customer at his request.

5.4. Consideration of the Customer's request is carried out within 30 calendar days and this period can be extended taking into account the complexity of its processing.

5.5. The instruction of personal data of a subject recognized as incapable or limited in capacity is carried out by his legal representative.

5.6. The obligation of the subject is to provide his personal data in order to protect the foundations of the constitutional order of the Republic of Uzbekistan, morality, health, rights and legitimate interests of citizens of the Republic of Uzbekistan, to ensure the defense of the country and the security of the state.

6.1. The Operator provides Customers with the opportunity to request deletion of their account (Personal Account) through the settings of the corresponding ZOOD Interface.

6.2. The withdrawal of consent to the processing of personal data is carried out by the Customer and contains the following stages:

Stage No.1

A Customer sends a written request for the deletion of its personal data from an email address registered under Personal Account of Customer to email address uz@zoodmall.com indicating the following personal data, which allows to identify the Customer:
(a) PINFL;
(b) Email address (as indicated in ZOOD Interface);
(c) Phone number (as indicated in ZOOD Interface).

Stage No.2

The Operator automatically responds with automatically generated email to the Customer, which contains a One Time Password (OTP).

Stage No.3

Once the Customer enters the OTP in its ZOOD Interface, the Operator depersonalizes the Customer's personal data.
Please pay attention!
At the same time, the Customer agrees that some data may be stored by the Operator, within the time limits stipulated by the legislation of the Republic of Uzbekistan.

6.3. In the event as provided in clause 6.2 above, the Customer may be limited access to the Services within the ZOOD ECOSYSTEM due to the inability to identify the Customer, in connection with the withdrawal of consent to the processing of personal data.
At the same time, the Customer unconditionally agrees that if the Customer has an Overdue and/or Current Debt, the ZOOD Technological Solution and the ZOOD Pay Payment Solution remain available to the Customer within the limited functionality defined by the Operator, and all relevant Personal Data required for the Operator in order to ensure the fulfillment of obligations related to such Overdue/Current Debts, remain at the disposal of the Operator (and can be processed by the Operator) until the last obligation to repay the Customer’s Current/Overdue Debt is fulfilled.

6.4. In the event of a request to delete personal data, the following rules apply:

6.4.1. The Operator has the right to partially retain the Customer's personal data within the legitimate interests of the Operator's business, including to combat fraud and improve security.

6.4.2. The Operator has the right to store and use the Customer’s personal data to the extent necessary to comply with legal requirements;

6.4.3. Information that the Customer has shared with others (for example, reviews, forum posts) may remain publicly available even after the removal of data about this Customer, and the attribution of this Customer will be removed. Some copies of the Customer's information may be stored in the Operator's database without any possibility of personal identification;

6.4.4. in connection with the implementation of a system of protection against accidental or intentional damage or loss of data, backup copies of the Operator's personal data will be deleted with a certain delay.

PRIVACY POLICY AND PROTECTION OF PERSONAL DATA

1. GENERAL PROVISIONS

2. INFORMATION ABOUT CUSTOMERS WHICH IS RECEIVED AND PROCESSED BY THE OPERATOR

3. PURPOSE OF COLLECTING AND PROCESSING PERSONAL DATA OF CUSTOMERS

4. PROCEDURE AND CONDITIONS FOR PROCESSING, STORING AND TRANSFER OF PERSONAL DATA

5. RIGHTS AND OBLIGATIONS OF THE CUSTOMER

6. CHANGING AND DELETING DATA