Login to personal account
RULES for implementation of activities in the payment organization FREEDOM PAYMENTS JSC
RULES for implementation of activities in the payment organization FREEDOM PAYMENTS JSC
1. General Provisions
1.1. These Rules (hereinafter referred to as the Rules) of the payment organization Freedom Payments JSC define uniform conditions and procedures ensuring the implementation of transactions in the System of the Payment Organization Freedom Pay, and establish general requirements for the procedure for the System functioning, for the provision of payment services and for interaction between the System Participants.
1.2. The Rules have been developed in accordance with the Law of the Republic of Uzbekistan "On Payments and Payment Systems" and other regulatory legal acts of the Republic of Uzbekistan.
1.3. These Rules are mandatory for adherence by all the System Participants. Either Participant shall guarantee to the other Participants that it has the necessary legal capacity (legal personality), as well as all the rights and powers necessary and sufficient to access these Rules and fulfill obligations in accordance with all their terms and conditions.
2. Terms and Definitions
The terms used in the text of these Rules have the following meaning:
Authentication is a set of procedures established by the System Operator and communicated to the System Participants, and a set of measures to confirm the authenticity and correctness of the composition of electronic messages, as well as to establish the fact of transmission of the electronic message directly by the System Participant indicated as the payer.
Uninterrupted System Operation is an integrated property of the System, denoting its ability to prevent disruptions in proper functioning (including preventing the suspension (termination) of operations or their improper performance), as well as to restore proper functioning in the event of a disruption.
Identification is a procedure consisting in establishing the identity of an individual and/or legal entity on the basis of a provided set of documents certifying the identity of the individual and the constituent documents of the legal entity, necessary for identifying clients and registering them in the System with the entry of relevant data into the System.
Client/Payer is an initiator, a resident or non-resident, an individual who has the necessary legal capacity in accordance with the legislation of the Republic of Uzbekistan to make Payments.
Payment recipient/Service provider – beneficiary, resident or non-resident, legal entity and/or individual registered as an individual entrepreneur who has entered into a separate agreement with the Payment Organization, and in whose favor the Client makes a payment for goods, works and/or services, or an individual accepting funds from the Client that are not related to entrepreneurial activity as part of the functioning of the Electronic Money System.
Payment Organization/System Operator is Freedom Payments JSC.
Freedom Pay System/System is a set of software and hardware tools, documentation, organizational and technical measures that ensure the implementation of payments.
Settlement Participants include
Bank, Payer and Service Provider.
Chargeback (Dispute Financial) is a demand by the issuing bank for the need to return to the cardholder the amount of the disputed payment, in the event of improper performance by the Service Provider of its obligations to provide services, or in the event of receipt by the issuing bank of an application from the cardholder from whose card account the payment was made, regarding the unlawful debiting of money from this card account in order to pay for services.
Payment is a non-cash payment transaction using the System, paid by the Payer to the Payment Recipient/Service Provider for goods/works/services sold by the latter.
3. Description of Payment Services Provided by the Payment Organization
3.1. Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments.
Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments are carried out through the interaction between the Payment Organization System and the Bank System and in compliance with the requirements of applicable legislation of the Republic of Uzbekistan.
4. Procedure and Terms for Providing Payment Services to Clients of the Payment Organization
4.1. Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments (hereinafter referred to as the Service) are carried out as follows:
4.1.1. The Payment Organization, within the framework of the agreement concluded with the Bank (servicing the Payment Organization), ensures the acceptance of payments initiated by the Payer using bank cards indicating the purpose and the beneficiary of the corresponding payment, and subsequently submits the payment details for its execution to the corresponding Bank, and the Bank, in turn, executes the Client's instructions transmitted through the Payment Organization in electronic form.
4.1.2. The Client initiates transactions/payments via WEB-applications, online applications, mobile applications (applications for mobile devices), self-service terminal software, widgets and other applications that make the Client capable of initiating electronic orders to debit funds from the Client's bank account/the Client's bank card, with their crediting to the Bank for subsequent execution of the Client's order/instruction received by the Payment Organization from the Client and transferred by the Payment Organization to the Bank.
4.1.3. When providing the payment service, the Payment Organization shall ensure the following algorithm of actions:
1. The Client logs into the relevant application/website of the Payment Recipient via the Internet/mobile phone, selects the required amount of goods/works/services and initiates the payment procedure;
2. The System payment page appears before the Client, where the Client gets acquainted with the relevant application and/or website and agrees to the terms of these Rules and the Policy on the collection, processing and security of personal data of the Payment Organization within the framework of the activities of the Payment Organization. The Client also provides the Payment Organization with consent to the collection, processing, storage and cross-border transfer of personal data; the Client initiates a payment in favor of the Payment Recipient via the application/website in the payment showcase without following to external resources;
3. The Client enters the details for the payment execution by the Bank in the payment showcase;
4. To make the payment, the Client enters the bank card details;
5. The Payment Organization initiates the Client's order received in electronic form by sending a relevant request to the Bank;
6. The Bank, having received confirmation from the Payment Organization and the Client, debits the Client's bank card with the amount of the transaction initiated by the Client, taking into account the commission fee due to the Bank and the Payment Organization, if there is a condition on withholding the commission fee in the public offer or in another document, the terms of which were agreed by the Client;
7. The Payment Organization receives confirmation of the Payment execution from the Bank;
9. The Payment Organization issues the Client an electronic confirmation of the Payment executed by the Client and the debiting of the Payment Organization's commission fee from the Client, if there are conditions provided on withholding the commission fee;
10. The Bank, based on the data received electronically in the course of the Payment, transfers funds for the Payments to the Bank's transit account, for the purpose of subsequent transfer of these funds in favor of the Service Provider, after deduction of the commission fee due to the Bank and the Payment Organization. The terms of funds transfer in favor of the Service Provider are stipulated within the framework of the concluded agreement between the Service Provider and the Payment Organization. Transfers of funds within the framework of the activities of the Payment Organization in favor of the Service Provider are carried out taking into account the applicable legislation of the Republic of Uzbekistan.
5. Cost of Payment Services (Tariffs) Provided by the Payment Organization
5.1 Once the Payment Organization/Bank receives a Chargeback request, the Payment Organization shall submit a written request (in hard or electronic form) to the Service Provider to provide documents confirming the fulfillment of obligations to supply goods/works/services.
5.2. The Service Provider shall provide the Payment Organization with the documents requested by the Payment Organization in accordance with the terms of these Rules within 2 (two) business days from the date of receipt of such request.
5.3. In the absence of the documents from the Service Provider required for submission to the Payment Organization/Bank in accordance with paragraphs 5.1, 5.2 of the Rules, or in the event of their failure to submit them within the period specified in paragraph 5.2 of the Rules, or in the event that the Service Provider agrees with the fact of non-fulfillment or improper fulfillment of the Service Provider's obligations to the Payer/Client, or in the event that the Payment is indisputably recognized by the International Payment System (hereinafter referred to as the "IPS") or the Bank as fraudulent, the Payment Organization, at its own expense, shall return the Payment to be returned to the Payer, and subsequently withhold this amount from the funds to be transferred to the account of the Service Provider. The Service Provider hereby expresses its consent to the withholding by the Payment Organization of amount of the Payment returned by the Payment Organization or the Bank to the Payer/Client, from the funds to be transferred to the account of the Service Provider.
5.4. Crediting of funds for Payments to the Service Provider's account by the Payment Organization does not mean final and indisputable recognition of the authorization of such Payments. Such Payments may be recognized as unauthorized in accordance with the legislation of the Republic of Uzbekistan, these Rules and/or the rules of the IPS. The Service Provider hereby assumes all risks associated with the possible recognition of the Payment as fraudulent and undertakes to unconditionally return the money to the Payment Organization in the event of receiving a Chargeback from the Payment Organization.
5.5. Should the Bank or the Payment Organization identify a Payment, the authorization of which raises suspicions in the Bank or the Payment Organization, the Payment Organization may suspend provision of Payments for goods/works/services in the Online Store or other platforms of the Service Provider using bank cards through the Payment Organization's Payment System and crediting of the funds for such Payments to the Service Provider's account. The crediting of funds shall be suspended for the period of investigation of the authorized nature of Payments, but not more than 180 (one hundred eighty) calendar days from the date of the Payment.
5.6. Should the payment system of the Republic of Uzbekistan and/or the international payment system recognize the unauthorized nature of the Payment before the Payment Systems assign sanctions to the Bank and/or the Payment Organization, the Payment Organization may, in order to ensure execution, not to transfer the amounts relating to unauthorized Payments to the Service Provider’s account.
5.7. If, before the expiration of periods stipulated by the requirements of the Payment Systems for assigning sanctions for Payments, such sanctions are assigned, the Payment Organization shall reimburse the Payment Systems for the amounts of unauthorized Payments at the expense of the Service Provider.
5.8. If upon expiration of the periods stipulated by the requirements of the Payment Systems for the assignment of sanctions for Transactions, such sanctions are not assigned, or if the Payment Systems recognize the authorized nature of the Transactions, the amounts, which have been withheld by the Payment Organization in accordance with this paragraph of the Rules, shall be returned by the Payment Organization to the Service Provider’s account.
5.9. If the Chargeback amount exceeds 1 (one) % of the amount of all Payments in relation to the Service Provider preceding the date of exceeding the specified percentage, the Payment Organization may suspend processing of Payments (including crediting of funds to the Service Provider’s accounts) for a period of up to 180 (one hundred eighty) calendar days.
5.10. If the reports of the Payment Systems indicate suspicious card transactions and/or the amount of Chargeback on the payments of the Service Provider exceeds 5 (five) % of the amount of all payments of the Service Provider for one year, the Payment Organization may stop processing of the payments of the Service Provider, including crediting of funds to the Service Provider’s account.
6. Procedure for Interaction with Third Parties Providing Technological Support for Payment Services Rendered by a Payment Organization
6.1. The Payment Organization interacts with Service Providers within the framework of concluded agreements for the provision of services in the Freedom Pay system. In this case, Service Providers are checked for the presence of risks in accordance with the legislation of the Republic of Uzbekistan on combating the legalization (laundering) of proceeds from crime, the financing of terrorism and the financing of proliferation of weapons of mass destruction.
6.2. The Service Provider shall be independently liable to the Payer for all claims/lawsuits arising from the sale of Goods, the provision of services, and the performance of work to the Payer.
7. Interaction of the Payment Organization with the Payment System Operator and Payment System Participants
7.1 The risk management system in the Payment Organization is a set of measures taken by the Payment Organization for timely identification, measurement, control and monitoring of risks to ensure financial stability and stable functioning.
For the purpose of effective risk management, the Payment Organization has developed a risk management policy, which consists of:
- identification, measurement, control and monitoring of risks;
- assessment of the effectiveness of their application;
- control over the execution of all monetary transactions;
- development and practical implementation of measures to prevent and minimize risks.
7.2. The main objective of risk regulation in the Payment Organization is to maintain acceptable ratios of profitability with safety and liquidity indicators in the course of managing the assets and liabilities of the Payment Organization, i.e. minimization of losses. The risk management process in the Payment Organization includes:
- risk anticipation, determination of their probable extent and consequences;
- development and implementation of measures to prevent or minimize losses associated therewith.
7.3. All this implies the development of an in-house risk management strategy in such a way as to use all the development opportunities of the Payment Organization in a timely and consistent manner and at the same time keep the risks at an acceptable and manageable level.
7.4. The risk management system is characterized by such elements as management measures and methods. Risk management measures include: determination of the organizational structure of risk management that ensures control over the fulfillment by agents and subagents of the Payment Organization of the risk management requirements established by the risk management rules of the Payment Organization; communication of relevant information on risks to the management bodies of the Payment Organization; determination of the indicators and procedure for ensuring the smooth functioning of the Payment Organization; determination of risk analysis methods; determination of the procedure for exchanging information necessary for risk management; determination of the procedure for interaction in controversial, non-standard and emergency situations, including system failure cases; determination of the procedure for changing operational and technological means and procedures; determination of the procedure for ensuring the protection of information in the Payment Organization.
7.5. Requirements for storing information about cards and transactions made using them. The Payment Organization shall ensure compliance with the following basic requirements for storing information about cards and transactions made using them:
- Do not store following details under any circumstances:
The full content of any track of the magnetic strip on the back of the card; Card validation code - a 3-digit number printed on the signature panel located on the card;
- Store only that part of the card details that is essential for the business (i.e. cardholder name, card number, card expiration date);
Ensure the protection of information stored by the Payment Organization about cards and transactions made using them in accordance with the requirements of PCI DSS (Payment Card Industry Data Security Standard);
- Store all documents containing information about cards and transactions made using them in a safe place, accessible only to authorized persons;
- Destroy or erase all data carriers containing outdated data on transactions made using cards;
7.6. Risk management in the Payment Organization is determined by such methods as order execution sequence control by officials; making settlements within the limits of funds provided by the agents of the Payment Organization; making settlements in the Payment Organization by close of business; ensuring the limits provision possibility; and other methods of risk management.
7.7. Accumulation and storage of Clients' funds until they are received by the beneficiary is carried out on a special transit account of the Bank provided by the Bank to the Payment Organization for the provision of Payment Services to the Payment Organization.
1.1. These Rules (hereinafter referred to as the Rules) of the payment organization Freedom Payments JSC define uniform conditions and procedures ensuring the implementation of transactions in the System of the Payment Organization Freedom Pay, and establish general requirements for the procedure for the System functioning, for the provision of payment services and for interaction between the System Participants.
1.2. The Rules have been developed in accordance with the Law of the Republic of Uzbekistan "On Payments and Payment Systems" and other regulatory legal acts of the Republic of Uzbekistan.
1.3. These Rules are mandatory for adherence by all the System Participants. Either Participant shall guarantee to the other Participants that it has the necessary legal capacity (legal personality), as well as all the rights and powers necessary and sufficient to access these Rules and fulfill obligations in accordance with all their terms and conditions.
2. Terms and Definitions
The terms used in the text of these Rules have the following meaning:
Authentication is a set of procedures established by the System Operator and communicated to the System Participants, and a set of measures to confirm the authenticity and correctness of the composition of electronic messages, as well as to establish the fact of transmission of the electronic message directly by the System Participant indicated as the payer.
Uninterrupted System Operation is an integrated property of the System, denoting its ability to prevent disruptions in proper functioning (including preventing the suspension (termination) of operations or their improper performance), as well as to restore proper functioning in the event of a disruption.
Identification is a procedure consisting in establishing the identity of an individual and/or legal entity on the basis of a provided set of documents certifying the identity of the individual and the constituent documents of the legal entity, necessary for identifying clients and registering them in the System with the entry of relevant data into the System.
Client/Payer is an initiator, a resident or non-resident, an individual who has the necessary legal capacity in accordance with the legislation of the Republic of Uzbekistan to make Payments.
Payment recipient/Service provider – beneficiary, resident or non-resident, legal entity and/or individual registered as an individual entrepreneur who has entered into a separate agreement with the Payment Organization, and in whose favor the Client makes a payment for goods, works and/or services, or an individual accepting funds from the Client that are not related to entrepreneurial activity as part of the functioning of the Electronic Money System.
Payment Organization/System Operator is Freedom Payments JSC.
Freedom Pay System/System is a set of software and hardware tools, documentation, organizational and technical measures that ensure the implementation of payments.
Settlement Participants include
Bank, Payer and Service Provider.
Chargeback (Dispute Financial) is a demand by the issuing bank for the need to return to the cardholder the amount of the disputed payment, in the event of improper performance by the Service Provider of its obligations to provide services, or in the event of receipt by the issuing bank of an application from the cardholder from whose card account the payment was made, regarding the unlawful debiting of money from this card account in order to pay for services.
Payment is a non-cash payment transaction using the System, paid by the Payer to the Payment Recipient/Service Provider for goods/works/services sold by the latter.
3. Description of Payment Services Provided by the Payment Organization
3.1. Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments.
Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments are carried out through the interaction between the Payment Organization System and the Bank System and in compliance with the requirements of applicable legislation of the Republic of Uzbekistan.
4. Procedure and Terms for Providing Payment Services to Clients of the Payment Organization
4.1. Services related to electronic payment processing and transferring the necessary information to the bank to make payments or accept funds under these payments (hereinafter referred to as the Service) are carried out as follows:
4.1.1. The Payment Organization, within the framework of the agreement concluded with the Bank (servicing the Payment Organization), ensures the acceptance of payments initiated by the Payer using bank cards indicating the purpose and the beneficiary of the corresponding payment, and subsequently submits the payment details for its execution to the corresponding Bank, and the Bank, in turn, executes the Client's instructions transmitted through the Payment Organization in electronic form.
4.1.2. The Client initiates transactions/payments via WEB-applications, online applications, mobile applications (applications for mobile devices), self-service terminal software, widgets and other applications that make the Client capable of initiating electronic orders to debit funds from the Client's bank account/the Client's bank card, with their crediting to the Bank for subsequent execution of the Client's order/instruction received by the Payment Organization from the Client and transferred by the Payment Organization to the Bank.
4.1.3. When providing the payment service, the Payment Organization shall ensure the following algorithm of actions:
1. The Client logs into the relevant application/website of the Payment Recipient via the Internet/mobile phone, selects the required amount of goods/works/services and initiates the payment procedure;
2. The System payment page appears before the Client, where the Client gets acquainted with the relevant application and/or website and agrees to the terms of these Rules and the Policy on the collection, processing and security of personal data of the Payment Organization within the framework of the activities of the Payment Organization. The Client also provides the Payment Organization with consent to the collection, processing, storage and cross-border transfer of personal data; the Client initiates a payment in favor of the Payment Recipient via the application/website in the payment showcase without following to external resources;
3. The Client enters the details for the payment execution by the Bank in the payment showcase;
4. To make the payment, the Client enters the bank card details;
5. The Payment Organization initiates the Client's order received in electronic form by sending a relevant request to the Bank;
6. The Bank, having received confirmation from the Payment Organization and the Client, debits the Client's bank card with the amount of the transaction initiated by the Client, taking into account the commission fee due to the Bank and the Payment Organization, if there is a condition on withholding the commission fee in the public offer or in another document, the terms of which were agreed by the Client;
7. The Payment Organization receives confirmation of the Payment execution from the Bank;
9. The Payment Organization issues the Client an electronic confirmation of the Payment executed by the Client and the debiting of the Payment Organization's commission fee from the Client, if there are conditions provided on withholding the commission fee;
10. The Bank, based on the data received electronically in the course of the Payment, transfers funds for the Payments to the Bank's transit account, for the purpose of subsequent transfer of these funds in favor of the Service Provider, after deduction of the commission fee due to the Bank and the Payment Organization. The terms of funds transfer in favor of the Service Provider are stipulated within the framework of the concluded agreement between the Service Provider and the Payment Organization. Transfers of funds within the framework of the activities of the Payment Organization in favor of the Service Provider are carried out taking into account the applicable legislation of the Republic of Uzbekistan.
5. Cost of Payment Services (Tariffs) Provided by the Payment Organization
5.1 Once the Payment Organization/Bank receives a Chargeback request, the Payment Organization shall submit a written request (in hard or electronic form) to the Service Provider to provide documents confirming the fulfillment of obligations to supply goods/works/services.
5.2. The Service Provider shall provide the Payment Organization with the documents requested by the Payment Organization in accordance with the terms of these Rules within 2 (two) business days from the date of receipt of such request.
5.3. In the absence of the documents from the Service Provider required for submission to the Payment Organization/Bank in accordance with paragraphs 5.1, 5.2 of the Rules, or in the event of their failure to submit them within the period specified in paragraph 5.2 of the Rules, or in the event that the Service Provider agrees with the fact of non-fulfillment or improper fulfillment of the Service Provider's obligations to the Payer/Client, or in the event that the Payment is indisputably recognized by the International Payment System (hereinafter referred to as the "IPS") or the Bank as fraudulent, the Payment Organization, at its own expense, shall return the Payment to be returned to the Payer, and subsequently withhold this amount from the funds to be transferred to the account of the Service Provider. The Service Provider hereby expresses its consent to the withholding by the Payment Organization of amount of the Payment returned by the Payment Organization or the Bank to the Payer/Client, from the funds to be transferred to the account of the Service Provider.
5.4. Crediting of funds for Payments to the Service Provider's account by the Payment Organization does not mean final and indisputable recognition of the authorization of such Payments. Such Payments may be recognized as unauthorized in accordance with the legislation of the Republic of Uzbekistan, these Rules and/or the rules of the IPS. The Service Provider hereby assumes all risks associated with the possible recognition of the Payment as fraudulent and undertakes to unconditionally return the money to the Payment Organization in the event of receiving a Chargeback from the Payment Organization.
5.5. Should the Bank or the Payment Organization identify a Payment, the authorization of which raises suspicions in the Bank or the Payment Organization, the Payment Organization may suspend provision of Payments for goods/works/services in the Online Store or other platforms of the Service Provider using bank cards through the Payment Organization's Payment System and crediting of the funds for such Payments to the Service Provider's account. The crediting of funds shall be suspended for the period of investigation of the authorized nature of Payments, but not more than 180 (one hundred eighty) calendar days from the date of the Payment.
5.6. Should the payment system of the Republic of Uzbekistan and/or the international payment system recognize the unauthorized nature of the Payment before the Payment Systems assign sanctions to the Bank and/or the Payment Organization, the Payment Organization may, in order to ensure execution, not to transfer the amounts relating to unauthorized Payments to the Service Provider’s account.
5.7. If, before the expiration of periods stipulated by the requirements of the Payment Systems for assigning sanctions for Payments, such sanctions are assigned, the Payment Organization shall reimburse the Payment Systems for the amounts of unauthorized Payments at the expense of the Service Provider.
5.8. If upon expiration of the periods stipulated by the requirements of the Payment Systems for the assignment of sanctions for Transactions, such sanctions are not assigned, or if the Payment Systems recognize the authorized nature of the Transactions, the amounts, which have been withheld by the Payment Organization in accordance with this paragraph of the Rules, shall be returned by the Payment Organization to the Service Provider’s account.
5.9. If the Chargeback amount exceeds 1 (one) % of the amount of all Payments in relation to the Service Provider preceding the date of exceeding the specified percentage, the Payment Organization may suspend processing of Payments (including crediting of funds to the Service Provider’s accounts) for a period of up to 180 (one hundred eighty) calendar days.
5.10. If the reports of the Payment Systems indicate suspicious card transactions and/or the amount of Chargeback on the payments of the Service Provider exceeds 5 (five) % of the amount of all payments of the Service Provider for one year, the Payment Organization may stop processing of the payments of the Service Provider, including crediting of funds to the Service Provider’s account.
6. Procedure for Interaction with Third Parties Providing Technological Support for Payment Services Rendered by a Payment Organization
6.1. The Payment Organization interacts with Service Providers within the framework of concluded agreements for the provision of services in the Freedom Pay system. In this case, Service Providers are checked for the presence of risks in accordance with the legislation of the Republic of Uzbekistan on combating the legalization (laundering) of proceeds from crime, the financing of terrorism and the financing of proliferation of weapons of mass destruction.
6.2. The Service Provider shall be independently liable to the Payer for all claims/lawsuits arising from the sale of Goods, the provision of services, and the performance of work to the Payer.
7. Interaction of the Payment Organization with the Payment System Operator and Payment System Participants
7.1 The risk management system in the Payment Organization is a set of measures taken by the Payment Organization for timely identification, measurement, control and monitoring of risks to ensure financial stability and stable functioning.
For the purpose of effective risk management, the Payment Organization has developed a risk management policy, which consists of:
- identification, measurement, control and monitoring of risks;
- assessment of the effectiveness of their application;
- control over the execution of all monetary transactions;
- development and practical implementation of measures to prevent and minimize risks.
7.2. The main objective of risk regulation in the Payment Organization is to maintain acceptable ratios of profitability with safety and liquidity indicators in the course of managing the assets and liabilities of the Payment Organization, i.e. minimization of losses. The risk management process in the Payment Organization includes:
- risk anticipation, determination of their probable extent and consequences;
- development and implementation of measures to prevent or minimize losses associated therewith.
7.3. All this implies the development of an in-house risk management strategy in such a way as to use all the development opportunities of the Payment Organization in a timely and consistent manner and at the same time keep the risks at an acceptable and manageable level.
7.4. The risk management system is characterized by such elements as management measures and methods. Risk management measures include: determination of the organizational structure of risk management that ensures control over the fulfillment by agents and subagents of the Payment Organization of the risk management requirements established by the risk management rules of the Payment Organization; communication of relevant information on risks to the management bodies of the Payment Organization; determination of the indicators and procedure for ensuring the smooth functioning of the Payment Organization; determination of risk analysis methods; determination of the procedure for exchanging information necessary for risk management; determination of the procedure for interaction in controversial, non-standard and emergency situations, including system failure cases; determination of the procedure for changing operational and technological means and procedures; determination of the procedure for ensuring the protection of information in the Payment Organization.
7.5. Requirements for storing information about cards and transactions made using them. The Payment Organization shall ensure compliance with the following basic requirements for storing information about cards and transactions made using them:
- Do not store following details under any circumstances:
The full content of any track of the magnetic strip on the back of the card; Card validation code - a 3-digit number printed on the signature panel located on the card;
- Store only that part of the card details that is essential for the business (i.e. cardholder name, card number, card expiration date);
Ensure the protection of information stored by the Payment Organization about cards and transactions made using them in accordance with the requirements of PCI DSS (Payment Card Industry Data Security Standard);
- Store all documents containing information about cards and transactions made using them in a safe place, accessible only to authorized persons;
- Destroy or erase all data carriers containing outdated data on transactions made using cards;
7.6. Risk management in the Payment Organization is determined by such methods as order execution sequence control by officials; making settlements within the limits of funds provided by the agents of the Payment Organization; making settlements in the Payment Organization by close of business; ensuring the limits provision possibility; and other methods of risk management.
7.7. Accumulation and storage of Clients' funds until they are received by the beneficiary is carried out on a special transit account of the Bank provided by the Bank to the Payment Organization for the provision of Payment Services to the Payment Organization.
8. Information about Risk Management System used by the Payment Organization
8.1. In the presence of mandatory provisions of the legislation in force in the territory of the state, excluding the application of contractual terms in relations related to the implementation of activities by the Payment Organization, the abovementioned mandatory provisions shall have priority over the terms and conditions set out in the Rules.
8.2. Any discrepancies between the Settlement Participants, the Payment Organization, related to the implementation of activities by the Payment Organization, which may serve as the basis for the emergence of the need for judicial consideration of disputes, shall be considered based on the pre-trial claim procedure.
8.3. The claim of the Settlement Participant, set out in writing on official letterhead signed by its authorized official, shall be sent to the other party by registered mail or by other means confirming delivery of the claim to the addressee. The claim must be filed within 10 (ten) business days after the grounds for the claim arose, and contain the circumstances serving as the basis for its filing, as well as the date of occurrence of the abovementioned circumstances. Claims received after the expiration of the specified period will not be taken into consideration.
8.4. Consideration of claims includes the study of circumstances that allow establishing the fulfillment (non-fulfillment) by the Settlement Participants of their functions and obligations arising from these Rules and the agreements concluded therewith. The Payment Organization may request from the Settlement Participants any information necessary to clarify the aforementioned circumstances.
8.5. Resolution on the claim must be made within 15 (fifteen) calendar days from receipt of the claim and sent to the Settlement Participant in writing.
8.6. If it is impossible to resolve disagreements in the claim procedure, the disputes shall be resolved in the competent court of the Republic of Uzbekistan.
9. Procedure for Settling and Resolving Disputes with Clients
9.1. The Settlement Participants and the Payment Organization shall maintain confidentiality of non-public information about other Settlement Participants that has become known to the Settlement Participants in connection with accessing these Rules, except for cases when such information:
- was disclosed upon the request or with the permission of the Settlement Participant who is the owner of this information;
- is subjected to provision to third parties in the amount necessary to fulfill the obligations stipulated by these Rules;
- requires disclosure on the grounds stipulated by the legislation of the Republic of Uzbekistan.
9.2. Provision of confidential information to a third party for the purpose of fulfilling the Rules and other agreements of the Settlement Participants; provision of confidential information upon the legal request of law enforcement and other authorized state bodies, as well as in other cases stipulated by the applicable legislation of the Republic of Uzbekistan shall not constitute a violation of the confidentiality and security of the Settlement Participants.
9.3. The Payment Organization shall ensure the uninterrupted functioning of the System in 24/7/365 mode (24 hours a day, 7 days a week, 365 days a year), except for the time necessary for maintenance.
9.4. The Payment Organization and the Settlement Participants shall take all necessary measures to ensure the security and protection of information and documents exchanged within the Payment Organization or which are available to the Settlement Participants in connection with the use of the system, as well as for the purpose of identifying (preventing) fraud and combating the legalization of proceeds from crime, financing of terrorism and financing of proliferation of weapons of mass destruction.
9.5. The means and measures to prevent unauthorized access to software and hardware used in the Payment Organization, including software and hardware protection tools, must ensure the level of information protection and maintenance of its privacy in accordance with the requirements established by the legislation of the Republic of Uzbekistan. The Settlement Participants shall take all necessary measures to maintain confidentiality, prevent unauthorized use and protect identification data from unauthorized access by third parties.
9.6. Fault tolerance:
The fault tolerance of the service is ensured by distributing the load between two application servers. In case of unavailability of one of the servers (communication channel drop, high current load, server failure), all requests will be without delay automatically switched to the server that remains online. Thus, a balance is achieved in the performance of the servers in the basic operating mode and ensures uninterrupted transaction processing in the event of unforeseen circumstances, when one of the servers temporarily fails for some reason. The database server operates in the Master-Slave replication mode with a backup server, and in the event of a failure of the main server, the transaction processing nodes are automatically switched to the backup one.
9.7. Backup:
The database server is backed up using built-in MySQL tools. The backup scheme is as follows: every hour + final at 1:00 with deletion of hourly copies. Backups older than one month are deleted in order to prevent the data storage from overfilling. The relevance and preservation of the transaction processing system code base is ensured by the version control system.
9.8. Use of cryptographic data protection methods:
The payment organization uses cryptographic data protection methods when storing confidential information in databases, when transmitting confidential information via communication channels, and when verifying payment transactions for integrity and authenticity.
All cryptographic protection tools are represented by built-in modules of corresponding components of the information system and repeat the life cycle of the component in full.
Key information is generated as part of the commission. Backup storage of key information, if necessary, is ensured in accordance with the instructions of the manufacturer of the cryptographic tool in compliance with the best practices in the field of cryptographic protection tools.
9.9. Server infrastructure access security:
Administrative access to any of the servers is possible only with a 2048-bit SSH2-RSA key. It is impossible to gain access to the server infrastructure by brute-forcing passwords or any other unauthorized means. Client access to the personal account, as well as access of the Payment Organization administrator to the transaction management account, is carried out only through two-factor authorization.
9.10. Anti-fraud:
All transactions with payment cards after their transfer from the System service to the bank's payment system pass through the anti-fraud filter. Based on a set of rules, such as the presence of a card mask for sale on the black market, the reliability of the IP address from which the transaction is made, the use of a TOR client, etc., the filter calculates the risk level of the transaction and assigns it a certain rating. Depending on the level of transaction reliability set by the merchant, the bank's system processes or rejects the transaction.
10. Procedure for Compliance with Information Security Measures
10.1. Changes and/or additions to the Rules may be made either by approving a new version of the Rules or by preparing the text of changes and/or additions to the Rules.
10.2. If the Participant disagrees with the changes and/or additions to the Rules, the Participant may refuse further use of the System.
10.3. Subsequent changes and/or additions to the Rules may be made in the manner prescribed in this section of the Rules.
10.4. Further use of the Payment Organization after the entry into force of any changes and/or additions to the Rules means the Participant’s consent with such changes and/or additions.
8.1. In the presence of mandatory provisions of the legislation in force in the territory of the state, excluding the application of contractual terms in relations related to the implementation of activities by the Payment Organization, the abovementioned mandatory provisions shall have priority over the terms and conditions set out in the Rules.
8.2. Any discrepancies between the Settlement Participants, the Payment Organization, related to the implementation of activities by the Payment Organization, which may serve as the basis for the emergence of the need for judicial consideration of disputes, shall be considered based on the pre-trial claim procedure.
8.3. The claim of the Settlement Participant, set out in writing on official letterhead signed by its authorized official, shall be sent to the other party by registered mail or by other means confirming delivery of the claim to the addressee. The claim must be filed within 10 (ten) business days after the grounds for the claim arose, and contain the circumstances serving as the basis for its filing, as well as the date of occurrence of the abovementioned circumstances. Claims received after the expiration of the specified period will not be taken into consideration.
8.4. Consideration of claims includes the study of circumstances that allow establishing the fulfillment (non-fulfillment) by the Settlement Participants of their functions and obligations arising from these Rules and the agreements concluded therewith. The Payment Organization may request from the Settlement Participants any information necessary to clarify the aforementioned circumstances.
8.5. Resolution on the claim must be made within 15 (fifteen) calendar days from receipt of the claim and sent to the Settlement Participant in writing.
8.6. If it is impossible to resolve disagreements in the claim procedure, the disputes shall be resolved in the competent court of the Republic of Uzbekistan.
9. Procedure for Settling and Resolving Disputes with Clients
9.1. The Settlement Participants and the Payment Organization shall maintain confidentiality of non-public information about other Settlement Participants that has become known to the Settlement Participants in connection with accessing these Rules, except for cases when such information:
- was disclosed upon the request or with the permission of the Settlement Participant who is the owner of this information;
- is subjected to provision to third parties in the amount necessary to fulfill the obligations stipulated by these Rules;
- requires disclosure on the grounds stipulated by the legislation of the Republic of Uzbekistan.
9.2. Provision of confidential information to a third party for the purpose of fulfilling the Rules and other agreements of the Settlement Participants; provision of confidential information upon the legal request of law enforcement and other authorized state bodies, as well as in other cases stipulated by the applicable legislation of the Republic of Uzbekistan shall not constitute a violation of the confidentiality and security of the Settlement Participants.
9.3. The Payment Organization shall ensure the uninterrupted functioning of the System in 24/7/365 mode (24 hours a day, 7 days a week, 365 days a year), except for the time necessary for maintenance.
9.4. The Payment Organization and the Settlement Participants shall take all necessary measures to ensure the security and protection of information and documents exchanged within the Payment Organization or which are available to the Settlement Participants in connection with the use of the system, as well as for the purpose of identifying (preventing) fraud and combating the legalization of proceeds from crime, financing of terrorism and financing of proliferation of weapons of mass destruction.
9.5. The means and measures to prevent unauthorized access to software and hardware used in the Payment Organization, including software and hardware protection tools, must ensure the level of information protection and maintenance of its privacy in accordance with the requirements established by the legislation of the Republic of Uzbekistan. The Settlement Participants shall take all necessary measures to maintain confidentiality, prevent unauthorized use and protect identification data from unauthorized access by third parties.
9.6. Fault tolerance:
The fault tolerance of the service is ensured by distributing the load between two application servers. In case of unavailability of one of the servers (communication channel drop, high current load, server failure), all requests will be without delay automatically switched to the server that remains online. Thus, a balance is achieved in the performance of the servers in the basic operating mode and ensures uninterrupted transaction processing in the event of unforeseen circumstances, when one of the servers temporarily fails for some reason. The database server operates in the Master-Slave replication mode with a backup server, and in the event of a failure of the main server, the transaction processing nodes are automatically switched to the backup one.
9.7. Backup:
The database server is backed up using built-in MySQL tools. The backup scheme is as follows: every hour + final at 1:00 with deletion of hourly copies. Backups older than one month are deleted in order to prevent the data storage from overfilling. The relevance and preservation of the transaction processing system code base is ensured by the version control system.
9.8. Use of cryptographic data protection methods:
The payment organization uses cryptographic data protection methods when storing confidential information in databases, when transmitting confidential information via communication channels, and when verifying payment transactions for integrity and authenticity.
All cryptographic protection tools are represented by built-in modules of corresponding components of the information system and repeat the life cycle of the component in full.
Key information is generated as part of the commission. Backup storage of key information, if necessary, is ensured in accordance with the instructions of the manufacturer of the cryptographic tool in compliance with the best practices in the field of cryptographic protection tools.
9.9. Server infrastructure access security:
Administrative access to any of the servers is possible only with a 2048-bit SSH2-RSA key. It is impossible to gain access to the server infrastructure by brute-forcing passwords or any other unauthorized means. Client access to the personal account, as well as access of the Payment Organization administrator to the transaction management account, is carried out only through two-factor authorization.
9.10. Anti-fraud:
All transactions with payment cards after their transfer from the System service to the bank's payment system pass through the anti-fraud filter. Based on a set of rules, such as the presence of a card mask for sale on the black market, the reliability of the IP address from which the transaction is made, the use of a TOR client, etc., the filter calculates the risk level of the transaction and assigns it a certain rating. Depending on the level of transaction reliability set by the merchant, the bank's system processes or rejects the transaction.
10. Procedure for Compliance with Information Security Measures
10.1. Changes and/or additions to the Rules may be made either by approving a new version of the Rules or by preparing the text of changes and/or additions to the Rules.
10.2. If the Participant disagrees with the changes and/or additions to the Rules, the Participant may refuse further use of the System.
10.3. Subsequent changes and/or additions to the Rules may be made in the manner prescribed in this section of the Rules.
10.4. Further use of the Payment Organization after the entry into force of any changes and/or additions to the Rules means the Participant’s consent with such changes and/or additions.
11. Payment Organization Details
FREEDOM PAYMENTS JSC
Address: Republic of Uzbekistan, Tashkent, Mirabad district, T. Shevchenko Street, Bld. 21A, Office 301.
TIN: 305614419
Bank details:
Head office of Universal Bank JSCB
Settlement account: 2020 8000 9008 9437 5001
MFO: 00973, OKED: 63110
FREEDOM PAYMENTS JSC
Address: Republic of Uzbekistan, Tashkent, Mirabad district, T. Shevchenko Street, Bld. 21A, Office 301.
TIN: 305614419
Bank details:
Head office of Universal Bank JSCB
Settlement account: 2020 8000 9008 9437 5001
MFO: 00973, OKED: 63110
Cookie files
Notification about the use of cookies
Our website, like most others, uses cookies and other similar technologies (pixel tags, etc.) to provide services that best suit your interests and needs, and to collect statistical and marketing information to analyse and improve our services and websites.
By using this site, you consent to the use of cookies and other similar technologies in accordance with this Notice.
If you do not agree to us using this type of cookie, you must adjust your browser settings accordingly or not use our website.
Please note that if you block or delete cookies, we cannot guarantee that our website will work correctly on your browser.
Cookies that are stored through the website do not contain information that can be used to identify you.
What is a cookie and other similar technologies
A cookie is a small text file stored on your computer, smartphone or other device that you use to visit websites.
Some pages you visit may also collect information using pixel tags and web beacons, which are electronic images called single-pixel (1×1) or blank GIF images.
Cookies may be placed on your device by us ("own" cookies) or by other operators ("third party" cookies).
We use two types of cookies on the website: 'session cookies' and 'persistent cookies'. Session cookies are temporary cookies that remain on your device until you leave the site. A persistent cookie stays on your device for a long time or until you manually delete it (how long a cookie stays on your device will depend on the length or "lifetime" of the particular cookie and your browser settings).
Cookies come in different types:
Necessary. These files are necessary to ensure the proper operation of the site, the use of its functions. Disabling the use of such files will lead to a drop in site performance, inability to use its components and services.
Cookies related to performance, efficiency and analytics. These cookies allow us to analyse visitors' interaction with the site, optimise the content of the site, measure the effectiveness of advertising campaigns by providing information on the number of visitors to the site, the time of use, and errors that occur.
Functional cookies remember users who have already visited our site, their individual parameters (such as language and region, for example) and preferences, and help to personalise the content of the site.
Social Media Access Buttons. These are used to allow users to share a link to a social media page or bookmark an email. These buttons are links to social media websites owned by third parties, which in turn may record information about your online activity, including on our website. Please review the respective terms of use and privacy policies of such sites to understand how they use your data and how you can opt-out or delete your data.
Third Party Web Services. We sometimes use third-party web services on this website. For example, to display certain elements (images, videos, presentations, etc.), to organise surveys, etc. As with social media buttons, we cannot prevent these sites or external domains from collecting information about how you use the content on the site.
How do I manage cookies?
Most internet browsers are initially set to automatically accept cookies.
At any time, you can change your browser settings to block cookies or to alert you when cookies are sent to your device (refer to your specific browser's usage guide). Disabling cookies may affect your browsing experience.
If you use multiple devices and/or browsers to access the Internet, the appropriate settings must be changed in each of them.
Final Terms
At our sole discretion, we may change this Notice from time to time.
If you have any questions, we can be contacted using the contacts on our website.
We are using cookie files
Okay
© 2025 Freedom Pay
Address and contacts
The company is PCI DSS compliant
Payment company license №5 23.04.2020
Payment company license №5 23.04.2020
Republic of Uzbekistan, Tashkent city, 100060, Shevchenko str., 21A, office 301
Operating hours: 10:00 - 19:00
Company
For developers
Help
Payment solutions
"FREEDOM PAYMENTS" AJ SHAXSGA DOIR MA'LUMOTLARINI ISHLOV BERISH VA XAVFSIZLIGINI TA'MINLASH SOHASIDAGI SIYOSATI
1. Umumiy qoidalar
"FREEDOM PAYMENTS" AJ (bundan buyon matnda "Operator" deb yuritiladi) o'zining asosiy faoliyatini bajarish doirasida Operatorning ushbu "Operatorning shaxsga doir ma'lumotlarini ishlov berish va xavfsizligini ta'minlash sohasidagi siyosati" (bundan buyon matnda "Siyosat" deb yuritiladi) ga havola etuvchi Operator saytlarini qo'shgan holda shaxsga doir ma'lumotlar subyektlarining turli toifalaridagi shaxsga doir ma'lumotlarini yig'ish, ishlov berish va saqlashni amalga oshiradi.
O'zbekiston Respublikasining amaldagi qonunchiligiga muvofiq Operator shaxsga doir ma'lumotlar operatori ham hisoblanadi. Shaxsga doir ma'lumotlarga ishlov berishni tashkil etish va amalga oshirishda Operator O'zbekiston Respublikasining 02.07.2019 yildagi O'RQ-547-son "Shaxsga doir ma'lumotlar to'g'risida"gi Qonuniga va unga muvofiq qabul qilingan boshqa normativ-huquqiy hujjatlarga amal qiladi. Ushbu Siyosat maqsadlari uchun shaxsga doir ma'lumotlar ostida internet-saytlar orqali Operatorga taqdim etilgan va (yoki) bunday internet-saytlar yordamida to'plangan, bevosita yoki bilvosita aniqlangan yoki aniqlanadigan shaxsga (shaxsga doir ma'lumotlar subyektiga) tegishli bo'lgan har qanday ma'lumot tushuniladi.
2. Shaxsga doir ma'lumotlarni yig'ish
Operator internet-saytlar orqali ma'lumotlarni quyidagi usullar bilan to'playdi:
1. Foydalanuvchilar tomonidan taqdim etilgan shaxsga doir ma'lumotlar:
• Operator foydalanuvchilarning o'zlari yoki ularning nomidan boshqa shaxslar tomonidan Operatorning internet-saytlaridagi ma'lumotlar maydonlariga kiritilgan shaxsga doir ma'lumotlarni yig'ishni amalga oshiradi.
2. Foydalanuvchilarning IP manzillari va cookies fayllarini yig'ish.
3. Statistik ma'lumotlar qismida joriy ulanish to'g'risidagi shaxsga doir ma'lumotlarni passiv yig'ish (Operatorning xohishiga ko'ra):
• Sayt tomonidan beriladigan foydalanuvchi identifikatori;
• tashrif buyurilgan sahifalar;
• sahifalarga tashriflar soni;
• sayt sahifalari bo'yicha o'tib yurishi haqida ma'lumot;
• foydalanuvchilik sessiyasining davomiyligi;
• kirish nuqtalari (foydalanuvchi havola orqali Saytga kiradigan chet saytlar);
• chiqish nuqtalari (foydalanuvchi chet saytlarga o'tadigan Saytdagi havolalar);
• foydalanuvchining mamlakati;
• foydalanuvchining mintaqasi;
• foydalanuvchining qurilmasiga o'rnatilgan vaqt mintaqasi;
• foydalanuvchining provayderi;
• foydalanuvchining brauzeri;
• raqamli brauzer barmoq izi (canvas fingerprint);
• foydalanish imkoni bo'lgan brauzer shriftlari;
• o'rnatilgan brauzer plaginlari;
• brauzerning WebGL parametrlari;
• brauzerda foydalanish imkoni bo'lgan media qurilmalar turi;
• ActiveX mavjudligi;
• foydalanuvchi qurilmasida qo'llab-quvvatlanadigan tillar ro'yxati;
• foydalanuvchi qurilmasining protsessor arxitekturasi;
• foydalanuvchining OS;
• ekran parametrlari (tasvirning aniqligi, ranglilik chuqurligi, sahifani ekranga joylashtirish parametrlari);
• Saytga kirishda avtomatlashtirish vositalaridan foydalanish to'g'risida ma'lumot.
Saytning ro'yxatdan o'tgan foydalanuvchilariga nisbatan Operator shubhali faollikni aniqlash va foydalanuvchilarning shaxsiy kabinetlarini himoya qilish maqsadida foydalanuvchi qurilmalarida portlardan foydalanish to'g'risidagi ma'lumotlarni to'plashi mumkin. Ma'lumotlarni turli xil usullar, masalan, cookies fayllari va veb-mayoq fayllari va boshqalar yordamida olish mumkin,
Operator statistik shaxsga doir ma'lumotlarni to'plashni tashkil qilish uchun chet internet-servislar (uchinchi shaxslarning texnologiyalari) dan foydalanishi mumkin, chet internet-servislar olingan ma'lumotlarni o'z serverlarida saqlashni ta'minlaydi.
Operator chet internet-servislarini lokalizatsiya qilish uchun javobgar emas. Bunda Saytda o'rnatilgan va Operator tomonidan ishlatiladigan bunday chet internet-servislar (uchinchi shaxslarning texnologiyalari) Saytdagi reklama faoliyati jarayonida ma'lumot to'plash uchun saytning oxirgi foydalanuvchilari brauzerlarining cookie-fayllarini o'rnatishi va solishtirib o'qishi mumkin. Bunday chet internet-servislar (uchinchi shaxslarning texnologiyalari) tomonidan to'plangan ma'lumotlarni to'plash va ulardan foydalanish tartibi ushbu chet internet-servislar tomonidan mustaqil ravishda belgilanadi va ular to'g'ridan-to'g'ri ushbu tartibga rioya qilish va to'plangan ma'lumotlardan foydalanish uchun javobgardir, shu jumladan ushbu chet internet-servislar tegishli qonunchilik, shu jumladan O'zbekiston Respublikasining shaxsga doir ma'lumotlari to'g'risida qonunchiligi talablarining bajarilishiga javob berishadi va ta'minlashadi.
Operator foydalanuvchi tomonidan mustaqil ravishda taqdim etilgan va shaxsga doir ma'lumotlarsubyektini aniqlashga imkon beradigan ma'lumotlarni bunga o'xhash passiv ma'lumotlarni to'plash usullarini qo'llash paytida olingan statistik shaxsga doir ma'lumotlar bilan taqqoslashni o'tkazmaydi.
3. Shaxsga doir ma'lumotlarga ishlov berish tamoyillari va shartlari
Operator tomonidan shaxsga doir ma'lumotlarga ishlov berish O'zbekiston Respublikasi qonun hujjatlari talablariga qat'iy muvofiqlikda amalga oshiriladi va shu jumladan "FREEDOM PAYMENTS" MChJ QK to'lov tashkiloti faoliyatini amalga oshirish qoidalariga muvofiq aniq, oldindan belgilangan va qonun bilan shartlangan, maqsadlarga erishish bilan cheklanadi.
Faqat ularga ishlov berish maqsadlariga javob beradigan shaxsga doir ma'lumotlarga ishlov berilishi lozim. Operator tomonidan ishlov beriladigan shaxsga doir ma'lumotlarning mazmuni va hajmi ma'lum qilingan ishlov berish maqsadlariga mos keladi, ishlov berilayotgan shaxsga doir ma'lumotlarning ortiqcha bo'lishiga yo'l qo'yilmaydi.
Shaxsga doir ma'lumotlarga ishlov berishda Operator shaxsga doir ma'lumotlarning aniqligi, ularning yetarliligi va zarur hollarda shaxsga doir ma'lumotlarga ishlov berish maqsadlariga nisbatan dolzarbligini ta'minlaydi. Operator to'liq bo'lmagan yoki noaniq shaxsga doir ma'lumotlarni olib tashlash yoki aniqlashtirish uchun zarur choralarni ko'radi (ularning qabul qilinishini ta'minlaydi).
Operator o'z faoliyati davomida, agar O'zbekiston Respublikasining shaxsga doir ma'lumotlar to'g 'risidagi qonun hujjatlarida boshqacha tartib nazarda tutilmagan bo'lsa, shaxsga doir ma'lumotlar subyektining roziligi bilan shaxsga doir ma'lumotlarga ishlov berishni boshqa shaxsga taqdim etishi va (yoki) topshirishi mumkin. Bunda boshqa shaxsga shaxsga doir ma'lumotlarga ishlov berishni taqdim etish va (yoki) topshirishning zaruriy sharti tomonlarning maxfiylikka rioya qilish va ularni ishlov berish jarayonida shaxsga doir ma'lumotlarning xavfsizligini ta'minlash majburiyati hisoblanadi.
Shaxsga doir ma'lumotlarga ishlov berish muddati ular to'plangan maqsadlarga muvofiq belgilanadi.
4. Shaxsga doir ma'lumotlar subyektining huquqlari
Shaxsga doir ma'lumotlar subyekti quyidagi huquqlarga ega:
• agar shaxsga doir ma'lumotlar to'liq bo'lmagan, eskirgan, ishonchsiz, noqonuniy ravishda olingan yoki ma'lum qilingan ishlov berish maqsadi uchun zarur bo'lmagan hollarda o'z shaxsga doir ma'lumotlarini aniqlashtirish, ularni blokirovka qilish yoki yo'q qilishni so'rash, shuningdek o'z huquqlarini himoya qilish bo'yicha qonunda nazarda tutilgan choralarni ko'rish;
• Operator tomonidan ishlov berilgan va saqlangan o'z shaxsga doir ma'lumotlaringiz ro'yxatini va ularni olish manbasini so'rash;
• o'z shaxsga doir ma'lumotlaringizni ishlov berish muddati, shu jumladan ularni saqlash muddati haqida ma'lumot olish;
• ilgari uning shaxsga doir ma'lumotlari noto'g'ri yoki to'liq bo'lmaganligi haqida xabar berilgan barcha shaxslardan, ularda qilingan barcha istisnolar, tuzatishlar yoki qo'shimchalar to'g'risida xabar berishni talab qilish;
• shaxsga doir ma'lumotlar subyektlarining huquqlarini himoya qilish bo'yicha vakolatli organda yoki uning shaxsga doir ma'lumotlariga ishlov berishda noqonuniy xatti-harakatlari yoki harakatsizligi ustidan sud tartibida shikoyat qilish;
• o'z huquqlari va qonuniy manfaatlarini himoya qilish, shu jumladan sud tartibida ziyonni qoplash va (yoki) ma'naviy zararni qoplash.
Shaxsga doir ma'lumotlar operatori shaxsga doir ma'lumotlar subyekti tomonidan taqdim etilgan noto'g'ri ma'lumotlar uchun javobgar bo'lmaydi.
5. Shaxsga doir ma'lumotlarni himoya qilish talablarini amalga oshirish
Ishbilarmonlik obro'sini saqlab qolish va O'zbekiston Respublikasi qonun hujjatlari talablarining bajarilishini ta'minlash maqsadida Operator Operatorning biznes-jarayonlarida shaxsga doir ma'lumotlarga ishlov berishning qonuniyligini ta'minlash va Operator tomonidan ishlov beriladigan shaxsga doir ma'lumotlar xavfsizligining tegishli darajasini ta'minlashni eng muhim vazifa deb hisoblaydi.
Operator shaxsga doir ma'lumotlardan foydalanish imkoninini olgan boshqa shaxslardan, agar O'zbekiston Respublikasi qonun hujjatlarida boshqacha tartib nazarda tutilmagan bo'lsa, shaxsga doir ma'lumotlar subyektining roziligisiz shaxsga doir ma'lumotlarni uchinchi shaxslarga oshkor qilmaslikni va tarqatmaslikni talab qiladi.
Shaxsga doir ma'lumotlarga ishlov berish jarayonida xavfsizlikni ta'minlash maqsadida Operator shaxsga doir ma'lumotlarni noqonuniy yoki tasodifiy foydalanish imkonidan himoya qilish, shaxsga doir ma'lumotlarni yo'q qilish, o'zgartirish, blokirovka qilish, nusxalash, taqdim etish, tarqatish, shuningdek ularga nisbatan boshqa noqonuniy xatti-harakatlardan himoya qilish uchun zarur va yetarli huquqiy, tashkiliy va texnik choralarni ko'radi.
Operator o'zi amalga oshirayotgan shaxsga doir ma'lumotlarni tashkiliy va texnik himoya qilish bo'yicha barcha tadbirlar qonuniy asoslarda, shu jumladan shaxsga doir ma'lumotlarga ishlov berish masalalari bo'yicha O'zbekiston Respublikasi qonun hujjatlari talablariga muvofiq amalga oshirilishini ta'minlaydi.
Shaxsga doir ma'lumotlarning yetarli darajada himoya qilinishini ta'minlash maqsadida Operator shaxsga doir ma'lumotlarning xavfsizligi buzilgan taqdirda shaxsga doir ma'lumotlar subyektlariga yetkazilishi mumkin bo'lgan zararni baholashni o'tkazadi, shuningdek shaxsga doir ma'lumotlarning axborot tizimlarida ishlov berilanganda shaxsga doir ma'lumotlar xavfsizligiga dolzarb tahdidlarni aniqlaydi.
Aniqlangan dolzarb tahdidlarga muvofiq Operator axborotni himoya qilish vositalaridan foydalanish, shaxsga doir ma'lumotlardan ruxsatsiz foydalanish faktlarini aniqlash va choralar ko'rish, shaxsga doir ma'lumotlarni tiklash, shaxsga doir ma'lumotlardan foydalanishni cheklash, shaxsga doir ma'lumotlar bilan harakatlarni ro'yxatdan o'tkazish va hisobga olish, shuningdek shaxsga doir ma'lumotlar xavfsizligini ta'minlash bo'yicha qo'llaniladigan chora-tadbirlar samaradorligini nazorat qilish va baholashni o'z ichiga oladigan shaxsga doir ma'lumotlar xavfsizligini ta'minlash uchun zarur va yetarli huquqiy, tashkiliy va texnik choralarni qo'llaydi.
Operator rahbariyati shaxsga doir ma'lumotlar xavfsizligini ta'minlashning ahamiyati va zarurligini tushunadi va Operatorning asosiy faoliyati doirasida ishlov berilayotgan shaxsga doir ma'lumotlarni himoya qilish tizimini doimiy ravishda takomillashtirishni rag'batlantiradi.
Operator shaxsga doir ma'lumotlarga ishlov berishni tashkil etish va xavfsizligini ta'minlash uchun mas'ul shaxslarni tayinlaydi.
Shaxsga doir ma'lumotlarga ishlov berishni bevosita amalga oshiruvchi Operatorning har bir yangi xodimi shaxsga doir ma'lumotlarga ishlov berish va xavfsizligini ta'minlash bo'yicha O'zbekiston Respublikasi qonun hujjatlari talablari, ushbu Siyosat va Operatorning shaxsga doir ma'lumotlarga ishlov berish va xavfsizligini ta'minlash masalalari bo'yicha boshqa mahalliy hujjatlari bilan tanishib chiqadi va ularga rioya etish majburiyatini oladi.
6. Shaxsga doir ma'lumotlar subyektining roziligi
Shaxsga doir ma'lumotlar subyekti ushbu bilan Operator tomonidan xizmatlar ko'rsatish maqsadida shaxsga doir ma'lumotlarni yig'ish va ishlov berish, shuningdek tartibga soluvchi qonun hujjatlariga muvofiq shaxsga doir ma'lumotlar subyektining shaxsga doir ma'lumotlarini uzatish va transchegaraviy uzatishga rozilik beradi.
"FREEDOM PAYMENTS" AJ (bundan buyon matnda "Operator" deb yuritiladi) o'zining asosiy faoliyatini bajarish doirasida Operatorning ushbu "Operatorning shaxsga doir ma'lumotlarini ishlov berish va xavfsizligini ta'minlash sohasidagi siyosati" (bundan buyon matnda "Siyosat" deb yuritiladi) ga havola etuvchi Operator saytlarini qo'shgan holda shaxsga doir ma'lumotlar subyektlarining turli toifalaridagi shaxsga doir ma'lumotlarini yig'ish, ishlov berish va saqlashni amalga oshiradi.
O'zbekiston Respublikasining amaldagi qonunchiligiga muvofiq Operator shaxsga doir ma'lumotlar operatori ham hisoblanadi. Shaxsga doir ma'lumotlarga ishlov berishni tashkil etish va amalga oshirishda Operator O'zbekiston Respublikasining 02.07.2019 yildagi O'RQ-547-son "Shaxsga doir ma'lumotlar to'g'risida"gi Qonuniga va unga muvofiq qabul qilingan boshqa normativ-huquqiy hujjatlarga amal qiladi. Ushbu Siyosat maqsadlari uchun shaxsga doir ma'lumotlar ostida internet-saytlar orqali Operatorga taqdim etilgan va (yoki) bunday internet-saytlar yordamida to'plangan, bevosita yoki bilvosita aniqlangan yoki aniqlanadigan shaxsga (shaxsga doir ma'lumotlar subyektiga) tegishli bo'lgan har qanday ma'lumot tushuniladi.
2. Shaxsga doir ma'lumotlarni yig'ish
Operator internet-saytlar orqali ma'lumotlarni quyidagi usullar bilan to'playdi:
1. Foydalanuvchilar tomonidan taqdim etilgan shaxsga doir ma'lumotlar:
• Operator foydalanuvchilarning o'zlari yoki ularning nomidan boshqa shaxslar tomonidan Operatorning internet-saytlaridagi ma'lumotlar maydonlariga kiritilgan shaxsga doir ma'lumotlarni yig'ishni amalga oshiradi.
2. Foydalanuvchilarning IP manzillari va cookies fayllarini yig'ish.
3. Statistik ma'lumotlar qismida joriy ulanish to'g'risidagi shaxsga doir ma'lumotlarni passiv yig'ish (Operatorning xohishiga ko'ra):
• Sayt tomonidan beriladigan foydalanuvchi identifikatori;
• tashrif buyurilgan sahifalar;
• sahifalarga tashriflar soni;
• sayt sahifalari bo'yicha o'tib yurishi haqida ma'lumot;
• foydalanuvchilik sessiyasining davomiyligi;
• kirish nuqtalari (foydalanuvchi havola orqali Saytga kiradigan chet saytlar);
• chiqish nuqtalari (foydalanuvchi chet saytlarga o'tadigan Saytdagi havolalar);
• foydalanuvchining mamlakati;
• foydalanuvchining mintaqasi;
• foydalanuvchining qurilmasiga o'rnatilgan vaqt mintaqasi;
• foydalanuvchining provayderi;
• foydalanuvchining brauzeri;
• raqamli brauzer barmoq izi (canvas fingerprint);
• foydalanish imkoni bo'lgan brauzer shriftlari;
• o'rnatilgan brauzer plaginlari;
• brauzerning WebGL parametrlari;
• brauzerda foydalanish imkoni bo'lgan media qurilmalar turi;
• ActiveX mavjudligi;
• foydalanuvchi qurilmasida qo'llab-quvvatlanadigan tillar ro'yxati;
• foydalanuvchi qurilmasining protsessor arxitekturasi;
• foydalanuvchining OS;
• ekran parametrlari (tasvirning aniqligi, ranglilik chuqurligi, sahifani ekranga joylashtirish parametrlari);
• Saytga kirishda avtomatlashtirish vositalaridan foydalanish to'g'risida ma'lumot.
Saytning ro'yxatdan o'tgan foydalanuvchilariga nisbatan Operator shubhali faollikni aniqlash va foydalanuvchilarning shaxsiy kabinetlarini himoya qilish maqsadida foydalanuvchi qurilmalarida portlardan foydalanish to'g'risidagi ma'lumotlarni to'plashi mumkin. Ma'lumotlarni turli xil usullar, masalan, cookies fayllari va veb-mayoq fayllari va boshqalar yordamida olish mumkin,
Operator statistik shaxsga doir ma'lumotlarni to'plashni tashkil qilish uchun chet internet-servislar (uchinchi shaxslarning texnologiyalari) dan foydalanishi mumkin, chet internet-servislar olingan ma'lumotlarni o'z serverlarida saqlashni ta'minlaydi.
Operator chet internet-servislarini lokalizatsiya qilish uchun javobgar emas. Bunda Saytda o'rnatilgan va Operator tomonidan ishlatiladigan bunday chet internet-servislar (uchinchi shaxslarning texnologiyalari) Saytdagi reklama faoliyati jarayonida ma'lumot to'plash uchun saytning oxirgi foydalanuvchilari brauzerlarining cookie-fayllarini o'rnatishi va solishtirib o'qishi mumkin. Bunday chet internet-servislar (uchinchi shaxslarning texnologiyalari) tomonidan to'plangan ma'lumotlarni to'plash va ulardan foydalanish tartibi ushbu chet internet-servislar tomonidan mustaqil ravishda belgilanadi va ular to'g'ridan-to'g'ri ushbu tartibga rioya qilish va to'plangan ma'lumotlardan foydalanish uchun javobgardir, shu jumladan ushbu chet internet-servislar tegishli qonunchilik, shu jumladan O'zbekiston Respublikasining shaxsga doir ma'lumotlari to'g'risida qonunchiligi talablarining bajarilishiga javob berishadi va ta'minlashadi.
Operator foydalanuvchi tomonidan mustaqil ravishda taqdim etilgan va shaxsga doir ma'lumotlarsubyektini aniqlashga imkon beradigan ma'lumotlarni bunga o'xhash passiv ma'lumotlarni to'plash usullarini qo'llash paytida olingan statistik shaxsga doir ma'lumotlar bilan taqqoslashni o'tkazmaydi.
3. Shaxsga doir ma'lumotlarga ishlov berish tamoyillari va shartlari
Operator tomonidan shaxsga doir ma'lumotlarga ishlov berish O'zbekiston Respublikasi qonun hujjatlari talablariga qat'iy muvofiqlikda amalga oshiriladi va shu jumladan "FREEDOM PAYMENTS" MChJ QK to'lov tashkiloti faoliyatini amalga oshirish qoidalariga muvofiq aniq, oldindan belgilangan va qonun bilan shartlangan, maqsadlarga erishish bilan cheklanadi.
Faqat ularga ishlov berish maqsadlariga javob beradigan shaxsga doir ma'lumotlarga ishlov berilishi lozim. Operator tomonidan ishlov beriladigan shaxsga doir ma'lumotlarning mazmuni va hajmi ma'lum qilingan ishlov berish maqsadlariga mos keladi, ishlov berilayotgan shaxsga doir ma'lumotlarning ortiqcha bo'lishiga yo'l qo'yilmaydi.
Shaxsga doir ma'lumotlarga ishlov berishda Operator shaxsga doir ma'lumotlarning aniqligi, ularning yetarliligi va zarur hollarda shaxsga doir ma'lumotlarga ishlov berish maqsadlariga nisbatan dolzarbligini ta'minlaydi. Operator to'liq bo'lmagan yoki noaniq shaxsga doir ma'lumotlarni olib tashlash yoki aniqlashtirish uchun zarur choralarni ko'radi (ularning qabul qilinishini ta'minlaydi).
Operator o'z faoliyati davomida, agar O'zbekiston Respublikasining shaxsga doir ma'lumotlar to'g 'risidagi qonun hujjatlarida boshqacha tartib nazarda tutilmagan bo'lsa, shaxsga doir ma'lumotlar subyektining roziligi bilan shaxsga doir ma'lumotlarga ishlov berishni boshqa shaxsga taqdim etishi va (yoki) topshirishi mumkin. Bunda boshqa shaxsga shaxsga doir ma'lumotlarga ishlov berishni taqdim etish va (yoki) topshirishning zaruriy sharti tomonlarning maxfiylikka rioya qilish va ularni ishlov berish jarayonida shaxsga doir ma'lumotlarning xavfsizligini ta'minlash majburiyati hisoblanadi.
Shaxsga doir ma'lumotlarga ishlov berish muddati ular to'plangan maqsadlarga muvofiq belgilanadi.
4. Shaxsga doir ma'lumotlar subyektining huquqlari
Shaxsga doir ma'lumotlar subyekti quyidagi huquqlarga ega:
• agar shaxsga doir ma'lumotlar to'liq bo'lmagan, eskirgan, ishonchsiz, noqonuniy ravishda olingan yoki ma'lum qilingan ishlov berish maqsadi uchun zarur bo'lmagan hollarda o'z shaxsga doir ma'lumotlarini aniqlashtirish, ularni blokirovka qilish yoki yo'q qilishni so'rash, shuningdek o'z huquqlarini himoya qilish bo'yicha qonunda nazarda tutilgan choralarni ko'rish;
• Operator tomonidan ishlov berilgan va saqlangan o'z shaxsga doir ma'lumotlaringiz ro'yxatini va ularni olish manbasini so'rash;
• o'z shaxsga doir ma'lumotlaringizni ishlov berish muddati, shu jumladan ularni saqlash muddati haqida ma'lumot olish;
• ilgari uning shaxsga doir ma'lumotlari noto'g'ri yoki to'liq bo'lmaganligi haqida xabar berilgan barcha shaxslardan, ularda qilingan barcha istisnolar, tuzatishlar yoki qo'shimchalar to'g'risida xabar berishni talab qilish;
• shaxsga doir ma'lumotlar subyektlarining huquqlarini himoya qilish bo'yicha vakolatli organda yoki uning shaxsga doir ma'lumotlariga ishlov berishda noqonuniy xatti-harakatlari yoki harakatsizligi ustidan sud tartibida shikoyat qilish;
• o'z huquqlari va qonuniy manfaatlarini himoya qilish, shu jumladan sud tartibida ziyonni qoplash va (yoki) ma'naviy zararni qoplash.
Shaxsga doir ma'lumotlar operatori shaxsga doir ma'lumotlar subyekti tomonidan taqdim etilgan noto'g'ri ma'lumotlar uchun javobgar bo'lmaydi.
5. Shaxsga doir ma'lumotlarni himoya qilish talablarini amalga oshirish
Ishbilarmonlik obro'sini saqlab qolish va O'zbekiston Respublikasi qonun hujjatlari talablarining bajarilishini ta'minlash maqsadida Operator Operatorning biznes-jarayonlarida shaxsga doir ma'lumotlarga ishlov berishning qonuniyligini ta'minlash va Operator tomonidan ishlov beriladigan shaxsga doir ma'lumotlar xavfsizligining tegishli darajasini ta'minlashni eng muhim vazifa deb hisoblaydi.
Operator shaxsga doir ma'lumotlardan foydalanish imkoninini olgan boshqa shaxslardan, agar O'zbekiston Respublikasi qonun hujjatlarida boshqacha tartib nazarda tutilmagan bo'lsa, shaxsga doir ma'lumotlar subyektining roziligisiz shaxsga doir ma'lumotlarni uchinchi shaxslarga oshkor qilmaslikni va tarqatmaslikni talab qiladi.
Shaxsga doir ma'lumotlarga ishlov berish jarayonida xavfsizlikni ta'minlash maqsadida Operator shaxsga doir ma'lumotlarni noqonuniy yoki tasodifiy foydalanish imkonidan himoya qilish, shaxsga doir ma'lumotlarni yo'q qilish, o'zgartirish, blokirovka qilish, nusxalash, taqdim etish, tarqatish, shuningdek ularga nisbatan boshqa noqonuniy xatti-harakatlardan himoya qilish uchun zarur va yetarli huquqiy, tashkiliy va texnik choralarni ko'radi.
Operator o'zi amalga oshirayotgan shaxsga doir ma'lumotlarni tashkiliy va texnik himoya qilish bo'yicha barcha tadbirlar qonuniy asoslarda, shu jumladan shaxsga doir ma'lumotlarga ishlov berish masalalari bo'yicha O'zbekiston Respublikasi qonun hujjatlari talablariga muvofiq amalga oshirilishini ta'minlaydi.
Shaxsga doir ma'lumotlarning yetarli darajada himoya qilinishini ta'minlash maqsadida Operator shaxsga doir ma'lumotlarning xavfsizligi buzilgan taqdirda shaxsga doir ma'lumotlar subyektlariga yetkazilishi mumkin bo'lgan zararni baholashni o'tkazadi, shuningdek shaxsga doir ma'lumotlarning axborot tizimlarida ishlov berilanganda shaxsga doir ma'lumotlar xavfsizligiga dolzarb tahdidlarni aniqlaydi.
Aniqlangan dolzarb tahdidlarga muvofiq Operator axborotni himoya qilish vositalaridan foydalanish, shaxsga doir ma'lumotlardan ruxsatsiz foydalanish faktlarini aniqlash va choralar ko'rish, shaxsga doir ma'lumotlarni tiklash, shaxsga doir ma'lumotlardan foydalanishni cheklash, shaxsga doir ma'lumotlar bilan harakatlarni ro'yxatdan o'tkazish va hisobga olish, shuningdek shaxsga doir ma'lumotlar xavfsizligini ta'minlash bo'yicha qo'llaniladigan chora-tadbirlar samaradorligini nazorat qilish va baholashni o'z ichiga oladigan shaxsga doir ma'lumotlar xavfsizligini ta'minlash uchun zarur va yetarli huquqiy, tashkiliy va texnik choralarni qo'llaydi.
Operator rahbariyati shaxsga doir ma'lumotlar xavfsizligini ta'minlashning ahamiyati va zarurligini tushunadi va Operatorning asosiy faoliyati doirasida ishlov berilayotgan shaxsga doir ma'lumotlarni himoya qilish tizimini doimiy ravishda takomillashtirishni rag'batlantiradi.
Operator shaxsga doir ma'lumotlarga ishlov berishni tashkil etish va xavfsizligini ta'minlash uchun mas'ul shaxslarni tayinlaydi.
Shaxsga doir ma'lumotlarga ishlov berishni bevosita amalga oshiruvchi Operatorning har bir yangi xodimi shaxsga doir ma'lumotlarga ishlov berish va xavfsizligini ta'minlash bo'yicha O'zbekiston Respublikasi qonun hujjatlari talablari, ushbu Siyosat va Operatorning shaxsga doir ma'lumotlarga ishlov berish va xavfsizligini ta'minlash masalalari bo'yicha boshqa mahalliy hujjatlari bilan tanishib chiqadi va ularga rioya etish majburiyatini oladi.
6. Shaxsga doir ma'lumotlar subyektining roziligi
Shaxsga doir ma'lumotlar subyekti ushbu bilan Operator tomonidan xizmatlar ko'rsatish maqsadida shaxsga doir ma'lumotlarni yig'ish va ishlov berish, shuningdek tartibga soluvchi qonun hujjatlariga muvofiq shaxsga doir ma'lumotlar subyektining shaxsga doir ma'lumotlarini uzatish va transchegaraviy uzatishga rozilik beradi.
У Вас есть вопросы?
Оставьте заявку и наши менеджеры свяжутся с вами