PRIVACY POLICY

This Privacy Policy (hereinafter referred to as the "Policy") governs the processing of information that the "Social Card" Information System (hereinafter referred to as "Baraka") may collect about the User while using the "Baraka" mobile application, available as a mobile or web application, as well as any other programs, products, or services provided by Baraka (hereinafter referred to as the "Services").

This Policy applies solely to the Services. Baraka does not control and is not responsible for third-party websites or services that the User may access via links available within the “Baraka” mobile application, including any information processed by third parties about the User or their family members.

All terms and definitions not specified in this Policy but used in its text are defined and disclosed in other agreements or contracts governing the provision and use of the “Baraka” mobile application by the User.

Using the “Baraka” mobile application confirms the User's full acceptance of the provisions of this Policy, as well as the terms of processing their personal information outlined in this document. If the User does not agree with the specified terms, they are advised to refrain from using the Baraka mobile application.

1. Terms and definitions
The Information System "Social Card" (hereinafter referred to as "Baraka") is a software complex hosted on the hardware infrastructure (servers) of LLC "______". It facilitates database management, implementation, and management of the functions of the social card, including the "Baraka" mobile application and the User's personal account on the Internet;

The "Baraka" mobile application is a specialized software product of the "Social Card" Information System, designed to operate on mobile devices. It enables remote access to comprehensive services in real time, based on electronic data exchange transmitted or received remotely through telecommunication systems;
LLC "______" is a legal entity established and operating in accordance with the legislation of the Republic of Uzbekistan. Its activities are aimed at implementing the Presidential Decree of the Republic of Uzbekistan No. PP-267 dated July 18, 2024, titled "On the Fundamental Improvement of the Procedure for Providing State Social Support to the Population.";
identification – identification of a person on the basis of identity documents;
Electronic notification – a short notification of a standard form sent by the System to mobile devices (SMS notification, PUSH messages) and/or to the email address of a person via the global information network “Internet” and/or mobile communications.

User – A legally capable individual who is a recipient of state social benefits and services and a holder of a social card

Personal data - information related to a specific individual or enabling his/her identification, provided by the User for use by the mobile application.

Processing of personal data is the implementation of one or a set of actions to collect, systematize, store, modify, supplement, use, provide, distribute, transfer, depersonalize and destroy personal data;

By accepting the Public Offer and starting to use Baraka, the User also agrees to this Privacy Policy and grants LLC "___" consent to process their personal data in accordance with the personal data legislation of the Republic of Uzbekistan. This consent includes the processing of the following data (but is not limited to): payment credentials, mobile phone number, bank card numbers, full name, registration details, and other personal data required for using the services available in the mobile application.

The processing of personal data may include collection, recording, organization, accumulation, storage, clarification (updating, modification), retrieval, usage, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction, either using automation tools or without them, and is carried out solely for the purpose of fulfilling this Public Offer.

The User also consents to the transfer of the provided personal data, including data shared with LLC "___" under the Public Offer and this Privacy Policy, to third parties for its execution. The retention period of personal data is limited to achieving the purposes of its collection and processing, after which the data must be deleted or destroyed.

LLC "___" conducts automated processing of the User's personal data to provide financial services through the “Baraka” mobile application. This means decisions related to the use of the service may be made automatically based on algorithms and data analysis without direct human involvement. This approach is used for:

•  Creditworthiness assessment: Analyzing financial information to make quick decisions on granting loans or other financial services.

• Fraud detection: Automatically identifying suspicious activity to protect the User and prevent financial losses.

• Service personalization: Offering recommendations and suggestions based on the User's individual preferences and behavior.

Automated data processing enhances the speed and accuracy of service delivery while

1. Information About Users Collected and Processed by Baraka Through the Baraka Mobile Application
1.1. Personal information of the User under this Policy includes the following categories of data:
1.1.1. Personal data provided voluntarily by the User during registration in the “Baraka” mobile application or while using its services. This includes personal data submitted to fulfill the terms of any agreements between the User and Baraka. Please note that access to certain features of the “Baraka” mobile application is only possible upon providing the necessary information.

1.1.2. Information automatically collected by Baraka during the use of the “Baraka” mobile application, including data transmitted by the software installed on the User's device. Such data includes:

• IP address;

• Information from cookies (text files stored in the User’s browser);

• Data about the User's browser (or other software used to access the “Baraka” mobile application);

• Time of access and address of the requested page.
   

1.1.2.1. When using the services of the “Baraka” mobile application, the following anonymized statistical data about the User is automatically collected from cookies and other sources:
 

• Type of action performed on the site (e.g., click, cursor hover);

• Date and time of the action;

• URL of the page;

• Referrer;

• IP address (without the ability to identify the User);

• User-Agent;

• ClientID (browser identifier obtained from cookies);

• Screen resolution;

• Class of HTML element clicked;
   

• Search queries;

• Details about payments, enabled or disabled features;

• User's geolocation;

• Error reports with detailed information about the device, including model, manufacturer, and other parameters;

• Data about the User’s phone contacts;

• Information about the content viewed by the User within the "Baraka" mobile application interface, including sections: "On-Site Payment," "Service Payment," "Funds Transfer," "My Cards," "Payment Monitoring," "VAT Cashback," "Settings," "Social Payments and Services," "Inson Centers," "Directory," "My Benefits," unified documents, and any other sections added in the future;

• Data from forms or inquiries submitted via the “Baraka” website and/or mobile application, including information about errors during their completion.

1.1.2.2. The following technologies are used in the operation of Baraka:

Camera data. Used for capturing images or videos as part of features such as identity verification, document scanning, or other specific functions.
Audio recording.Used for enabling Text-to-Speech (TTS) and Speech-to-Text functions for accessibility. Examples include visually impaired users, hands-free interaction, language learning, and improving the user experience with assistive technologies.
Biometric data.Enables biometric authentication, such as fingerprint or facial recognition, to enhance security and convenience.
Fingerprint data.Supports authentication based on fingerprints for app login or transaction approval.
Vibration.Provides haptic feedback for user interactions, such as notifications or responses to certain actions.
Notification delivery.Allows the application to send notifications, including updates, reminders, and important alerts.
Read and write access to external storage.Reading and writing of files are limited to the local database and key storage within the application.Enables access to files stored on the device, such as uploaded documents or images.Allows saving files or data to the device, such as downloaded documents or offline content.

1.1.2.3. Users are pre-registered in our system and can log into the application in the following ways:
By using their PINFL (Personal Identification Number of an Individual) and mobile phone number.
By providing documents such as a birth certificate, passport, ID card, or other valid documentation.
The following data is required from users in all cases:
Date of birth;
Mobile phone number;
Email address."
 

1.1.2.4. By using any service provided by the “Baraka” mobile application, the User agrees that Baraka may use statistical data and cookies for further processing by its systems and may transfer them to third parties for research, task execution, or service provision in Baraka's interests. The User has the ability to manage cookies independently by changing the browser settings on their device. However, changes that block cookies may result in limited access to certain components of the mobile application.
 

1.1.3. The “Baraka” mobile application may collect publicly available information when the User interacts with external resources (e.g., chats, forms, social networks). This data may include information published by the User, such as comments or reviews about the Services. Baraka uses this data to enhance service quality.
 

1.1.4. Baraka may process specific data (e.g., IP address, User device identifier) to detect and prevent actions that may violate the laws of the Republic of Uzbekistan or the provisions of this Policy.
 

1.1.5. Baraka may receive information about the User from its contractors and/or partners. For example, under an agreement with a contractor, the latter may transfer certain data to the social protection authority, enabling the contractor to link the User to their transaction, information about which is transmitted to the contractor through the “Baraka” mobile application.
 

1.1.6. Baraka may collect information to ensure the security of online payments made by the User using bank cards. The list of such data is specified in Clause 3.3.2.1 of this Policy.
 

2. Purpose of Collecting and Processing Users' Personal Information
2.1. Baraka collects and retains only the personal information necessary to provide the Services or fulfill agreements with the User, except in cases where the legislation of the Republic of Uzbekistan requires the retention of certain data. Personal information is stored no longer than necessary to achieve the purposes of processing unless otherwise required by law or provisions of this Policy.
 

2.2. Users' personal information may be used by the system for the following purposes:
 

2.2.1. Fulfillment of agreements with Baraka, as well as contracts and agreements concluded with Baraka's contractors, including purposes related to the identification/simplified identification of the User and providing them with access to all available services.
 

2.2.2. Interaction with the User. Communication with the User, including sending notifications, requests, and information related to the use of the Services or the provision of services, as well as processing User inquiries and requests, with the possibility of forwarding them to Baraka's contractors for execution.
 

2.2.3. Improving the user experience through personalized notifications and process optimization, enhancing the functionality of the application, and resolving technical issues.
 

2.2.4. Conducting statistical and other research based on anonymized data.
 

2.2.5. Preventing actions that violate the legislation of the Republic of Uzbekistan or the terms of agreements executed through the “Baraka” mobile application.

2.2.6. Transmitting data for payment processing. Information necessary for processing payments is transferred to acquirer banks, issuer banks, and payment systems.

2.2.7. Ensuring the security of online payments. The collected data is used to comply with payment system security protocols, including fraud prevention.

3. Terms of Processing Users' Personal Information and Its Transfer to Third Parties
 

3.1. Baraka processes Users' personal information in accordance with this Policy, the terms of specific services provided, and internal regulations.

3.2. The confidentiality of Users' personal information is fully ensured.
"Data storage. All data is processed and stored in compliance with the legislation of the Republic of Uzbekistan. Biometric data, if used, is stored exclusively on the User's device and is not transmitted to external servers.
Data security. Encryption and industry-standard security protocols are used to protect data from unauthorized access or leaks.

3.3. Baraka is entitled to transfer the User's personal information to third parties in the following cases:
 

3.3.1. The User has given consent for such actions.
 

3.3.2. The transfer is necessary to provide a specific Service or partner service of Baraka, as well as to execute the User’s instructions. For example, personal information may be transferred to the following categories of third parties:

3.3.2.1. Credit institutions and other participants involved in payment processes.For instance, to ensure the required level of security for online payments made using social and bank cards, Baraka may transfer data, as specified by the security protocols of payment systems, to acquiring/issuing banks and payment systems. The transfer of data may be mandatory, for example, regarding information about the user’s device:

• IP address;

• Operating system;

• Geographical location;

• Device ID/type;

• Access channel (browser or application);

• Payment authorization;

• Identification/verification.

The transfer may also be optional, for example, regarding:
Address matching data;
Information about the account with the provider;
Email address;
Mobile phone number;
Payment amount;
Risk level determined by the provider or payment system.

3.3.2.2. Marketing partners and other contractors of Baraka.
"Baraka may provide access to specific data (e.g., statistical data) for scientific research and other analyses.
Baraka may provide access to User payment data used by Baraka’s partner to determine the possibility of offering discounts, bonuses, or other incentives, provided the User meets the requirements set by the partner.
Baraka may provide access to the User’s email address to allow Baraka’s partner to send fiscal or other documents required by the legislation of the Republic of Uzbekistan.
When the User utilizes services provided by Baraka’s partners, the User’s information may be transferred to such partners to the extent and for the purposes necessary for proper service delivery or enhanced user convenience. For example, the data may be used to pre-fill registration forms, accelerating the registration process for services provided by Baraka’s partners.

3.3.2.3. Partners providing data storage services.

3.3.2.4. Partners ensuring the prevention of actions violating legal requirements or provisions of this Policy.

3.3.2.5. Baraka’s services may include forums or chats on any social network or channel where Users can communicate. Information published by the User becomes public, and the User is responsible for its disclosure.

3.3.2.6. If the “Baraka” mobile application is transferred to a new owner, all obligations under this Policy will be assumed by the new owner.

3.3.2.7. Data may be transferred as part of procedures established by law.

3.3.2.8. To protect the rights and legitimate interests of Baraka or third parties in cases where Baraka has sufficient grounds to believe that the User is violating the terms of the applicable Policy and/or the requirements of the legislation of the Republic of Uzbekistan.

3.3.2.9. When using Baraka’s services and/or those of its affiliates, the User’s personal information may be transferred to Baraka and/or its affiliates for processing under the terms and purposes established in this Policy. Personal information under this clause includes, but is not limited to:
Balance information on social and bank cards;
Details of transactions conducted using the mobile application with the involvement of Baraka’s software.

3.4. When processing Users' personal data, Parties adhere to the Law of the Republic of Uzbekistan "On Personal Data" and other regulatory legal acts governing the security of personal data.
 

3.5. Baraka may disclose anonymized data (i.e., data that does not directly or indirectly identify the User) and aggregated data (data about groups and categories of Users) to its partners. Baraka may also permit partners to collect anonymized and aggregated data as part of providing specific Service features, which may then be transferred back to Baraka.
4. Modification and Deletion of Personal Information by the User, and Access to It
 

4.1. The User has the ability to modify (update, supplement) or delete information provided by them within the Services. Withdrawal of consent to process personal data must be submitted in writing and sent to the following email address: __________.
 

4.1.1. Within the limits established by the applicable legislation of the Republic of Uzbekistan, Baraka is obligated to notify each recipient to whom personal information was disclosed about its modification or destruction, except in cases where this is impossible or requires disproportionate effort.
 

4.2. In accordance with the legislation of the Republic of Uzbekistan, Baraka may be required to process and/or store the User's personal information collected through the “Baraka” mobile application. Such processing and/or storage is conducted in cases, on grounds, and for periods defined by the legislation of the Republic of Uzbekistan and this Policy.

4.3. Right to Access
4.3.1. In accordance with the applicable legislation of the Republic of Uzbekistan, the User has the right to access information collected by Baraka, including the right to request information regarding:"
"the purpose of processing;
the categories of data being processed;
the categories of recipients to whom the User's personal data has been or will be disclosed;
the storage period or the criteria for determining it, as well as other related information.
"

4.3.1.1. If the “Baraka” mobile application does not provide such functionality, the information (copy) may be provided by Baraka in writing or through other communication channels.

4.3.1.2. If Baraka has grounds to doubt the identity of the User submitting a request under Clause 

4.3.1 of this Policy, it may request additional information necessary to confirm the User's identity.

4.3.1.3. The User has the right to request information about the purpose of data processing, the duration of its storage, and its transfer to third parties, as well as to request the deletion of their account and personal data, subject to applicable legal and regulatory requirements.

4.3.1.4. A request for information (copy) is reviewed within one month (30 days) from the date of its receipt by Baraka. Baraka may extend this period by an additional two months (60 days) depending on the complexity and number of requests. The User will be notified of the extension through a method convenient for Baraka, including the reasons for the extension.

4.4. Right to Object
4.4.1. Within the framework established by the applicable legislation of the Republic of Uzbekistan, the User has the right to withdraw any previously granted consent or raise objections on legitimate grounds regarding the processing of their personal information. In some cases, withdrawing consent may result in the inability to continue using Baraka's Services.
 

4.4.2. In accordance with the applicable legislation of the Republic of Uzbekistan, the User has the right to file a complaint with an authorized supervisory authority.
 

5. Measures for Protecting Users' Personal Information
5.1. Baraka takes all necessary and sufficient organizational and technical measures to protect the User's personal information from unlawful or accidental access, destruction, alteration, blocking, copying, dissemination, and other unauthorized actions by third parties.
 

5.2. Baraka processes and protects Users' personal data in compliance with the Law of the Republic of Uzbekistan "On Personal Data" and other regulatory legal acts governing the security of personal information.
5.3. When processing personal data, Baraka ensures its confidentiality and security by implementing organizational and technical measures aimed at protecting personal information from unauthorized or accidental access, destruction, alteration, blocking, copying, or dissemination. Additionally, Baraka employs protection measures that meet the requirements of the legislation of the Republic of Uzbekistan and its internal regulatory documents.
 

6. Changes to the Privacy Policy and Applicable Legislation6.1. The Privacy Policy may be updated to reflect changes in the application or legal requirements. Users will be notified of significant changes through the application or other communication channels.
6.1.1. If the User disagrees with the updated Privacy Policy, they are obligated to immediately stop using Baraka and submit a corresponding withdrawal of consent for the processing of personal data.
 

6.2. This Policy and all relations between the User and Baraka are governed by the legislation of the Republic of Uzbekistan and regulatory acts governing the protection of personal data.
 

7. Interaction with Users Regarding the Processing of Personal Information
7.1. Questions or comments related to this Agreement may be sent to the following email address: support@oxustech.uz .

7.2. Baraka reserves the right not to respond to questions that are not related to the provisions of this Policy. However, this does not restrict the User from sending such questions to Baraka's address.