Privacy Policy

 

 

 

1. General provisions

This Privacy Policy regarding the processing of personal data (hereinafter referred to as the “Policy”) defines the procedures for collecting, processing, storing, and protecting personal data that may be obtained from a user (hereinafter referred to as the “User”) of the “Social card” mobile application (hereinafter referred to as the “Mobile application”) or its web-based personal account within the “Social Card” information system.

This Policy applies to all data that may be obtained from the User in connection with their use of the services (hereinafter referred to as the “Services”) provided within the “Social Card” information system.

1. 1. In accordance with legislation, “SocialTech” LLC is assigned the responsibilities of developing, testing, deploying in industry, and continuously improving the system, as well as providing technical, consulting, and training support to interested parties, system users, and third parties.
2. 2. “SocialTech” LLC does not control and is not responsible for third-party websites or services accessible through links within the Services, including any processing of the User’s personal data by such third parties.

Terms and definitions not specified in this Policy but used in its content are defined in other agreements relating to the provision and use of the Mobile application.

By using the Services, the User confirms that they have read and fully agree to the terms of this Policy. If the User does not agree with these terms, it is recommended that they refrain from using the Services.

 

2. Terms and definitions
3. The following terms are used in this Policy:
   
   

“Social Card” Information System (hereinafter referred to as the “Social Card IS”) – an information system located on the server infrastructure of the social protection agency, designed to manage databases, operate Social Card functions, including the Mobile application and the user’s personal account.

“Social card” Mobile Application – a specialized software product that operates on mobile devices and enables remote access to comprehensive services in real time via telecommunication systems and electronic requests.

“SocialTech” LLC – a legal entity assigned with the development, testing, industrial implementation, continuous improvement of the system, and provision of technical, consulting, and training assistance to stakeholders, users, and third parties, in accordance with legislation.

Identification – the process of verifying a person’s identity based on official documents.

Electronic Notification – standard-format short messages sent by the system to mobile devices (e.g., SMS, push notifications) and/or to an individual’s email address via the Internet and/or mobile communication.

User – a natural person who receives state social payments and/or services, and who uses the social card independently or through a legal representative in case of limited legal capacity, and manages financial resources.

Personal Data – personal or other types of data provided by the User within the application that identify or can identify a specific individual, as outlined in the list approved by Annex 4 to the Presidential Decree PQ-267 dated July 18, 2024.

Personal Data Recipient – a physical or legal entity (including government authorities and law enforcement agencies) that receives the User’s personal data in accordance with this Policy and applicable legislation. Recipients are required to use the data solely for the specified purposes and to ensure confidentiality and protection as required by Uzbek law.

Processing of Personal Data – any operation or set of operations performed on personal data such as collection, retrieval, formation, systematization, activation, storage, modification, supplementation, use, provision, distribution, transmission, and deletion.

Services – all software solutions, products, and services provided via the mobile and web applications within the scope of the Social Card IS.

Social Protection Authority – the National Agency for Social Protection under the President of the Republic of Uzbekistan.

Third Party – government bodies, banks, service providers, or any other persons not party to this Policy but who, under applicable legal regulations or contractual agreements, may process the User’s personal data for purposes such as registration, card issuance, transaction processing, and other services necessary for system operations.

4. 4. The User also consents to the transfer of personal data, including those provided under this Policy and the Public Offer, to third parties for implementation purposes. Personal data is stored only for the duration necessary to fulfill the purpose of collection and processing, after which the data must be deleted or destroyed.
5. The personal data provided by the User to “SocialTech” LLC is processed for the following purposes:
6. Main purposes:

6.1. Compliance checking and evaluation – Ensuring that social payment recipients meet the established criteria;

6.2. Secure fund distribution – Processing state funds and transferring them to the appropriate recipients;

6.3. Fraud prevention and risk management – Identifying and preventing illegal use, duplication, or fraudulent claims;

6.4. Transaction monitoring and reporting – Maintaining transparent reports for fund distribution and compliance with requirements for auditing purposes;

6.5. User profile management – Ensuring the secure updating and management of users’ personal and banking data.

7. Secondary purposes (Supporting system efficiency and compliance):

7.1. Integration with other state systems – Comparing data with tax databases and other systems;

7.2. Improving policies based on data – Analyzing trends in social payment distribution to improve the efficiency of state programs;

7.3. User support and dispute resolution – Providing assistance to payment recipients regarding payments and technical issues.

8. 8. For the provision of services through the Mobile application, “SocialTech” LLC processes the User’s personal data in an automated manner. This means that decisions related to the use of the Service may be made automatically based on the algorithms and data analysis outlined in the Public Offer, without direct involvement of the User. This approach is applied for the following:

• Fraud detection: Automatically identifying suspicious actions to protect the User and prevent financial losses.
• Service personalization: Providing recommendations and offers based on the User’s personal preferences and behavior.

9. 9. Automated processing of data improves the speed and accuracy of service delivery and enhances the User’s experience. However, this may have legal consequences affecting the User’s rights and legitimate interests.
10. 10. If consent for personal data processing or consent for automated processing of personal data is revoked, the provision of services will become impossible, and the User must cease using the “Social Card” AT.
11. User’s Data Collected and Processed Through the Application
12. 11. For the purposes of this Policy, the following categories of personal data about the User are considered:

11.1. Personal data voluntarily provided by the User during registration or use of the Mobile application. This includes any personal data transferred to fulfill the terms of agreements between the User and “SocialTech” LLC. Some features of the Mobile application can only be accessed if the required data is provided.

11.2. Data automatically collected during use of the Mobile application, including data transmitted by the software installed on the User’s device.

This may include:

• Authentication and session data
• Authentication token
• Refresh token
• User ID (stored only during active session and deleted afterward)
• App settings
• Selected language
• Preferred dark mode setting
• Device information
• SRK ID of registration request (temporarily stored during registration)
• Device ID (unique identifier)
• Device brand
• Device model
• Platform
• Operating system version
• Core data, terms, and conditions
• Document type
• Document number
• Financial agent’s email address
• Region
• Ethnicity
• User account
• Citizen’s account
• Citizen’s documents
• Citizen’s benefits
• Address (city, street, district, postal code, neighborhood)
• Citizenship
• Place of birth
• Father’s name
• Family status
• Personal ID (JSHSHIR)
• Date of birth
• Mobile phone number
• Email address

 

12. Anonymized statistical data automatically collected through cookies and other sources when using the Mobile application:

• Authentication and session data
• Authentication token
• Refresh token
• User ID (session-based only)
• App settings
• Language and dark mode preferences
• Device data (brand, model, platform, OS)
• SRK ID (temporary)

 

13. Technologies used in the “Social Card” IS may include:

• Camera data: Used for identity verification, document scanning, or other image/video-based functions.
• Audio recordings: Used for Text-to-Speech (TTS) and Speech-to-Text features to assist users with visual impairments, voice-based interaction, or enhanced user experience.
• Biometric data: Includes facial recognition for security and ease of use.
• Haptics: Used for feedback notifications or interactions via touch.
• Notifications: Allows the app to send updates, reminders, and alerts.

 

Enables reading and writing of files for secure data and key storage on the device.

 

Grants access to view or save content on the User’s device.

14. 14. Before registering, Users can access an FAQ section, as well as a detailed guide including instructional videos explaining the registration process and core functionalities.
15. By using any service offered by the Mobile application, the User consents to the use of statistical data and cookies within the Social Card IS for processing, research, operations, or transfer to third parties.The User may manage cookie settings independently through their device browser preferences.
16. 16. “SocialTech” LLC may process certain data (e.g., IP address, device ID) to detect and prevent actions potentially violating this Policy or the laws of the Republic of Uzbekistan.
17. “SocialTech” LLC may also obtain information about the User from third parties – for example, in the course of executing agreements with social protection bodies, facilitating communication between the User and third-party service providers via the Mobile application.
18. Purpose of Collection and Processing of Users’ Personal Data
19. “SocialTech” LLC collects and stores only the personal data necessary to provide Services or fulfill agreements made with the User, unless otherwise required by the laws of the Republic of Uzbekistan. Unless otherwise specified by legislation or this Policy, personal data will not be stored longer than is necessary to fulfill the purposes of processing.
20. “SocialTech” LLC may use the User’s personal data and information for the following purposes:

19.1. To fulfill agreements, including those made with third parties, such as verifying the User’s identity and ensuring access to all available services.

19.2. Interaction with the User: to communicate with the User, including sending notifications, requests, and information related to the Services, as well as processing and forwarding the User’s inquiries and applications to third parties.

19.3. Improving the User experience by customizing notifications and optimizing processes, enhancing application functionality, and resolving technical issues.

19.4. Conducting statistical and other research based on anonymized data.

19.5. Preventing activities via the Mobile application that may violate the laws of the Republic of Uzbekistan or the terms of agreements.

19.6. Transmitting data to perform payment operations: necessary data may be shared with acquiring banks, issuing banks, and payment systems.

19.7. Ensuring the security of online payments: collected data is used to comply with payment system security protocols and protect against fraud.

 

5. Conditions for Processing and Transferring Users’ Personal Data to Third Parties
6. 20. “SocialTech” LLC processes Users’ personal data in accordance with the laws of the Republic of Uzbekistan, this Policy, the terms for specific services, and its internal procedures.
7. 21. The confidentiality of the User’s personal data and information is fully ensured by “SocialTech” LLC.

• Data storage: All data is processed and stored in accordance with the laws of the Republic of Uzbekistan.

Biometric data (such as Face ID, which characterizes the User’s anatomical and physiological features) — if used via the Social card app — is stored on the User’s device and securely transmitted to the social protection agency’s servers.

• Data security: Encryption is used to protect data from unauthorized access or leakage.

22. With the User’s consent, data may be transferred through automated systems of government bodies, non-governmental organizations, and other institutions to provide public, educational, medical, social, banking, and other services. “SocialTech” LLC has the right to transfer the User’s personal data to third parties in the following cases:

22.1. When the transfer is necessary to provide specific services or fulfill User instructions. For example, personal data may be shared with the following types of third parties:

22.1.1. Credit institutions and other participants involved in the transaction process.

To ensure adequate security for online payments made using social or bank cards, “SocialTech” LLC may transmit data specified by payment system security protocols to acquiring/issuing banks and payment systems.

Mandatory data may include:

• IP address
• Operating system
• Geolocation
• Device ID/type
• Access channel (browser or app)
• Payment authorization
• Identification/verification

Optional data may include:

• Address matching details
• Third-party account information
• Email address
• Mobile phone number
• Payment amount
• Risk level
• Other parameters as defined by third parties or payment systems

22.1.2. “SocialTech” LLC may:

(a) Allow third parties to use specific data (e.g., statistical data) for scientific research or other analysis.

(b) Permit third parties to access the User’s payment transaction data in order to offer discounts, rewards, or incentives, provided that the User meets conditions defined by the third party.

(d) Grant third parties access to the User’s email address to facilitate the delivery of fiscal or other documents as required by Uzbek law.

(e) Share User data with third-party service providers to ensure the proper delivery or usability of services — for example, pre-filling registration forms to accelerate onboarding on third-party platforms.

22.2. If “SocialTech” LLC has reasonable grounds to believe that the User is violating the terms of this Policy, any agreement with “SocialTech” LLC, or applicable legislation, it may share data to protect its legal rights and interests.

23. 23. When using the “Social Card” IS services, the User’s personal data may be processed by “SocialTech” LLC and/or its affiliates under the terms and purposes outlined in this Policy. This may include personal data for which the User has given processing consent, such as transaction and expenditure monitoring data.
24. 24. Both parties agree to comply with the Law of the Republic of Uzbekistan “On Personal Data” and other regulatory legal acts governing the security of personal data processing.
25. 25. “SocialTech” LLC may disclose anonymous data (i.e., data that does not directly or indirectly identify the User), as well as aggregated data (i.e., grouped information about User categories or groups) to third parties. It may also allow third parties to collect such anonymous or aggregated data within the scope of providing specific service features, which may later be transmitted to “SocialTech” LLC.
26. Modification, Deletion, and Use of Personal Data by the User
27. 26. Within the scope of the services, the User has the ability to modify (update, supplement) or delete the personal data they have provided. The User has the right to revoke their consent to personal data processing via the Unified Interactive Public Services Portal, the “Inson” Social Services Center, social workers, or financial agents, in writing or in electronic document format.

26.1. As stipulated by the legislation of the Republic of Uzbekistan, “SocialTech” LLC is required to notify each recipient of disclosed personal data about any changes or deletion of such data, except in cases where it is not feasible or would require disproportionate effort.

27. 27. In accordance with the laws of the Republic of Uzbekistan, “SocialTech” LLC may be obligated to continue processing and/or storing the User’s personal data obtained via the Mobile application. Such processing and/or storage will be carried out under the conditions, purposes, and timeframes established by the relevant legislation and this Policy.
28. Right of Access

28.1. In accordance with the laws of the Republic of Uzbekistan, the User has the right to access the data collected by “SocialTech” LLC, including information on:

(a) the purposes of processing;

(b) the categories of processed data;

(d) the categories of recipients to whom personal data has been or may be disclosed;

(e) the duration of data retention or the criteria for determining such duration; and other relevant details.

28.1.1. If the functionality of the Mobile application does not allow access to this information, it can be requested in writing or via other communication methods directly from “SocialTech” LLC.

28.1.2. If “SocialTech” LLC has doubts about the identity of the User making the request as per clause 28.1, it may request additional information to verify the User’s identity.

28.1.3. The User has the right to request information about the purposes of processing, storage duration, and the transfer of data to third parties, as well as the deletion of their account and personal data.

28.1.4. Requests for copies of data will be reviewed within one month (30 days) of receipt by “SocialTech” LLC. Depending on the complexity and number of requests, this period may be extended to two months (60 days). In such cases, the User will be informed in a timely manner using an appropriate communication method, including an explanation of the reasons for the extension.

29. Right to Object

29.1. In accordance with the legislation of the Republic of Uzbekistan, the User has the right to withdraw previously given consent to the processing of their personal data or to object on lawful grounds. Withdrawing consent will limit the User’s ability to use services provided by the Social Card IS.

29.2. The User has the right to lodge a complaint with the authorized supervisory authority in accordance with Uzbek legislation.

7. Measures to Protect Users’ Personal Data
8. “SocialTech” LLC processes and protects Users’ personal data in accordance with the Law of the Republic of Uzbekistan “On Personal Data” and other regulatory legal acts that govern the security of personal data.
9. “SocialTech” LLC takes the necessary organizational and technical measures to protect Users’ personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, or other unauthorized actions.
10. Amendments to the Privacy Policy and Applicable Law
11. 32. “SocialTech” LLC reserves the right to unilaterally make changes to this Policy. Users will be notified of any significant changes within 3 working days from the date the changes are made, via the Mobile application or other communication channels.

32.1. If the User disagrees with the updated Privacy Policy, they are required to immediately stop using the Social Card IS and submit a relevant statement regarding their refusal to consent to personal data processing.

33. 33. This Policy, as well as all relations between the User and “SocialTech” LLC, are governed by the legislation of the Republic of Uzbekistan and by other regulatory legal acts that regulate the protection of personal data.
34. Interaction with Users on Personal Data Processing Issues
35. 34. The User may send questions or feedback related to this Policy to the email address baraka@ihma.uz.

35. “SocialTech” LLC reserves the right not to respond to questions that are not related to the provisions of this Policy. However, this does not limit the User’s ability to send such questions to the email address baraka@ihma.uz.