1. Data Controller
The data controller within the meaning of the Law of the Republic of Uzbekistan No. ZRU-660 'On Personal Data' (2019) and, where applicable, Article 4(7) of the GDPR (EU 2016/679), is:
- Legal name: Limited Liability Company «PHOTON MC» (PHOTON MC LLC)
- Registered address: Tashkent, Mingo'rik MFY, 13-A Amir Temur Avenue
- Registration number (TIN): 308428171
- Director: O.M. Kattakhodjaeva
- Website: photon.uz
- Contact: via the website contact form
This Privacy Policy describes how we collect, use, store and protect personal data provided by visitors when interacting with the photon.uz website.
2. Definitions
"Personal Data" - any information relating to an identified or identifiable natural person (ZRU-660 Art. 3; GDPR Art. 4(1)).
"Processing" - any operation performed on personal data: collection, recording, storage, use, disclosure, erasure (ZRU-660 Art. 3).
"Consent" - freely given, specific, informed and unambiguous indication of the data subject's agreement (ZRU-660 Art. 10).
"Cookie" - small text file stored on a device that enables the website to remember user preferences and behaviour.
"Company", "we" - the data controller identified in Section 1.
"Data Subject", "you" - natural person providing personal data through the website.
3. Personal Data We Collect
Photon collects a minimal amount of personal data required to respond to website visitor enquiries. We do NOT collect payment data, biometric data or special categories of personal data.
| Category | Data Types | Source |
|---|---|---|
| Contact details | First name, last name, email, phone number | Contact form (user input) |
| Professional data | Company name, position, role (startup / investor / partner / university) | Contact form |
| Enquiry content | Message text, project description, links to materials (pitch deck, etc.) | Contact form |
| Technical data | IP address, browser type, operating system, pages visited | Automatic (web analytics) |
4. Legal Bases for Processing
| Legal Basis | ZRU-660 | GDPR | Processing Activities |
|---|---|---|---|
| Consent | Art. 10 | Art. 6(1)(a) | Submission of the contact form constitutes voluntary consent to processing of the specified data |
| Legitimate Interest | Art. 10 | Art. 6(1)(f) | Web analytics, website security, user experience improvement |
| Legal Obligation | Art. 10 | Art. 6(1)(c) | Compliance with the laws of the Republic of Uzbekistan |
5. Purposes of Processing
5.1 Enquiry handling. Responding to requests submitted via the contact form; communication regarding investments, partnerships or participation in Photon programmes.
5.2 Operational management of funds. Initial assessment of startup and investor applications for subsequent review by fund governance bodies (Investment Committee / Supervisory Board). Photon does not make final investment decisions on its own.
5.3 Analytics and website improvement. Analysis of anonymised traffic to improve site structure, content and UX. Where possible, data is aggregated and anonymised.
5.4 Security. Detection and prevention of unauthorised access attempts, spam and abuse.
5.5 Legal compliance. Fulfilment of applicable legal obligations under the laws of the Republic of Uzbekistan.
6. Data Sharing with Third Parties
Photon does not sell personal data to third parties for their marketing purposes. Data may be shared with a limited number of recipients for the following purposes:
| Recipient | Purpose | Legal Basis |
|---|---|---|
| Fund governance bodies (Investment Committee, Supervisory Board) | Review of startup and investor applications | Consent / Legitimate interest |
| Hosting providers and IT contractors | Technical operation of the website, backups | Legitimate interest (under data processing agreements) |
| Regulatory and law enforcement authorities | Upon lawful request or court order | Legal obligation |
| Professional advisors (legal, audit, tax) | Legal, tax and audit services | Legitimate interest |
Personal data of citizens of the Republic of Uzbekistan is stored on servers physically located in the Republic of Uzbekistan in accordance with Art. 9 of ZRU-660.
7. Data Retention
| Category | Retention Period | Legal Basis |
|---|---|---|
| Contact form submissions | 12 months from last interaction | Legitimate interest |
| Startup / investor applications | 3 years from submission | Legitimate interest / Contract |
| Technical logs / analytics | 12 months | Legitimate interest |
| Marketing consent records | Until consent is withdrawn | ZRU-660 Art. 10 |
After the applicable retention period, data will be securely deleted or anonymised.
8. Data Subject Rights
Under ZRU-660 and GDPR (where applicable), you have the following rights in relation to your personal data:
- Access (ZRU-660 Art. 14; GDPR Art. 15) - obtain confirmation of processing and a copy of your data
- Rectification (ZRU-660 Art. 15; GDPR Art. 16) - request correction of inaccurate or incomplete data
- Erasure (ZRU-660 Art. 16; GDPR Art. 17) - request deletion ('right to be forgotten') where no legal basis exists for further processing
- Restriction (GDPR Art. 18) - request restriction of processing in certain circumstances
- Objection (GDPR Art. 21) - object to processing based on legitimate interest
- Withdraw consent (ZRU-660 Art. 10) - at any time without affecting the lawfulness of prior processing
- Complaint (ZRU-660 Art. 22) - lodge a complaint with the authorised personal data protection authority
To exercise your rights, submit a request via the contact form on the website specifying the nature of the request. We will respond within 30 calendar days (ZRU-660 Art. 14).
9. Cookies
Our website uses a minimal number of cookies necessary for the proper functioning of the site and for collecting anonymised analytical information.
| Type | Purpose | Consent required |
|---|---|---|
| Strictly necessary | Sessions, security, basic site functionality | No |
| Analytics | Google Analytics / Yandex Metrica for anonymised visit statistics | Yes |
Cookies are not used to identify individual users. You may disable cookies in your browser settings; however, this may affect the functionality of the website.
10. Children's Privacy
Our website is not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided personal data without appropriate parental consent, we will delete such data promptly.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us via the contact form on the website.
11. Data Security
We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration or destruction, including:
- HTTPS (TLS 1.2+) encryption for data in transit
- Restricted access to personal data, limited to authorised personnel
- Regular audit and update of security systems
- Use of trusted hosting providers with security certifications
In the event of a personal data breach that is likely to result in high risk to data subjects, we will notify the authorised data protection authority within 72 hours and affected data subjects without undue delay (ZRU-660 Art. 22; GDPR Art. 33-34).
12. Changes to This Policy and Contact
12.1 Updates. We may update this Privacy Policy periodically. Material changes will be published on this page along with a new effective date. We recommend checking this page periodically.
12.2 Contact. For any privacy-related questions, requests or complaints, you may contact us via the contact form on the website or by postal mail at: Tashkent, Mingo'rik MFY, 13-A Amir Temur Avenue.
12.3 Supervisory Authority. You have the right to lodge a complaint with the authorised personal data protection authority of the Republic of Uzbekistan: State Inspection for Control in the Field of Informatization and Telecommunications of the Republic of Uzbekistan.