Entrance

PRIVACY POLICY

of the mobile application "OSON" 
(for IOS, Android platforms and the web version at oson.com)

1. General Provisions

1.1. This Privacy Policy (hereinafter referred to as the “Policy”) establishes the procedure for the collection, processing, storage, use, and protection of information, including personal data, of individuals who use the "OSON" mobile application (hereinafter referred to as the “Application”), available for iOS, Android platforms and in the web version at https://oson.com.

1.2. The operator of personal data under this Policy is Joint Stock Company "BRIO GROUP" (hereinafter referred to as the “Operator” or “OSON™”), which processes personal data in accordance with the Law of the Republic of Uzbekistan dated July 2, 2019, No. ZRU-547 “On Personal Data” and other applicable regulatory legal acts.

1.3. The use of the Application by the User, including its installation, registration, and access to its functionality, constitutes the User’s voluntary, specific, informed, and conscious consent to the processing of their personal data in accordance with this Policy.

2. Categories of Personal Data Subject to Processing

The Operator processes the following categories of personal data of the User:

Full name (surname, first name, patronymic);

Contact information (phone number, email address);

Taxpayer Identification Number (TIN), company name (in the case of registration as a legal entity or individual entrepreneur);

Information about payment transactions (date, time, amount, method of payment, recipient details);

Technical information about the device used (model, operating system, IP address, MAC address, unique device identifiers);

Geolocation data (subject to the User’s prior permission);

Data transmitted via API interfaces during registration, identification, authorization, and interaction with the Application’s functionality;

Contact list information from the User’s address book (subject to the User’s explicit consent).

3. Purposes of Processing Personal Data

The processing of personal data is carried out exclusively for the following purposes:

Registration and identification of the User in the Application;

Provision of access to the Application’s functionality and API interfaces;

Ensuring the execution of payment transactions, including refunds and confirmations;

Compliance with the legislation of the Republic of Uzbekistan, including measures in the field of combating the legalization of proceeds of crime and the financing of terrorism (AML/CFT);

Provision of informational and technical notifications to the User, including transaction notifications;

Handling inquiries, claims, requests, and providing technical support;

Conducting internal analytics, statistical processing, and improving the quality of services provided;

Displaying advertising and informational materials of the Operator’s Partners — subject to the User’s separate consent.

4. Transfer of Personal Data to Third Parties

4.1. General Provisions

The Operator does not transfer Users’ personal data to third parties, except in cases expressly provided for by the legislation of the Republic of Uzbekistan or where such transfer is necessary to achieve the purposes of processing set out in this Policy.

The transfer of data is carried out solely on the basis of valid legal grounds and subject to the mandatory maintenance of confidentiality.

4.2. Categories of Recipients

Personal data may be transferred to the following categories of recipients:

Payment service providers — for the execution of payment transactions, refunds, and transaction verification;

Authorized governmental bodies of the Republic of Uzbekistan — upon an official request and in accordance with the law;

Technical contractors and providers of cloud and infrastructure solutions — subject to confidentiality agreements and only to the extent necessary for the provision of the Application and its services;

Affiliated legal entities of the Operator, including subsidiaries and controlled companies — provided that confidentiality and applicable legal requirements are observed.

4.3. Cross-Border Transfer of Personal Data

Cross-border transfer of personal data is permitted in cases where such transfer is necessary for the performance of a contract with the User or a contract with third-party service providers engaged by the Operator (including hosting services, cloud infrastructure, notification processing, and other technological solutions), to the extent required for the proper operation of the Application and the provision of related services.

5. Storage and Protection of Personal Data

5.1. Personal data shall be stored in a form that allows identification of the data subject, for no longer than is necessary to achieve the purposes of processing or for the period established by the legislation of the Republic of Uzbekistan.

5.2. The Operator implements a comprehensive set of legal, organizational, and technical measures to ensure the security of personal data, including:

Use of certified information protection tools;

Role-based access control and authorization procedures;

Encryption and logging of operations;

Regular audits and monitoring of information systems;

Physical access restrictions to servers and data processing infrastructure.

6. Rights of the Personal Data Subject

The User, as the subject of personal data, is entitled to:

Request information on the processing of their personal data;

Request clarification, blocking, or deletion of personal data if such data is incomplete, outdated, inaccurate, or processed in violation of the law;

Withdraw previously granted consent to the processing of personal data;

Restrict or prohibit the transfer of personal data to third parties, except where such transfer is required by law;

Appeal the actions or inaction of the Operator to a court or to the authorized personal data protection body.

Requests may be submitted via email to: info@oson.com.

7. Withdrawal of Consent and Termination of Processing

7.1. The User may withdraw their consent to the processing of personal data at any time by sending a written notice to the following email address: info@oson.com..

7.2. Upon receipt of such notice by the Operator, the processing of personal data shall cease, unless otherwise provided for by the applicable legislation.

7.3. The Operator retains the right to continue storing personal data for the period necessary to fulfill obligations arising from contracts concluded with the User or as required by applicable law.

8. Final Provisions

8.1. The Operator reserves the right to make changes and additions to this Policy. The updated version of the Policy enters into force upon its publication on the official website of the Operator at: https://oson.com/privacy-policy, unless otherwise provided for in the new version.

8.2. All inquiries, suggestions, and complaints regarding the processing of personal data may be submitted via email to: info@oson.com