Privacy Policy

Last updated: 31 October 2025

This Privacy Policy explains how "TESLA KAFA" MChJ XK (“Tesla Kafa”, “we”, “us”, “our”) collects, uses and protects personal data when you visit teslakafa.com or interact with us through the Website, email or other channels.

We process personal data in accordance with applicable laws of the Republic of Uzbekistan and, where applicable, international data-protection standards such as the EU General Data Protection Regulation (GDPR) for data subjects in the European Economic Area and similar laws in other regions.

1. Data controller

The controller responsible for processing your personal data is:

"TESLA KAFA" mas'uliyati cheklangan jamiyat xorijiy korxona
Short name: "TESLA KAFA" MChJ XK
STIR: 312 477 429
Registered address: Toshkent viloyati, Toshkent tumani, Sirgʻali MFY, Xonarik ko‘chasi, 12-uy, Uzbekistan
E-mail: info@teslakafa.com

If we appoint a dedicated Data Protection Officer (DPO) in future, we will publish their contact details here.

2. Categories of personal data

Depending on how you interact with us, we may process the following categories of data:

1. Identification and contact data
   • name, surname, job title;
   • company name and role;
   • email address, phone number, country;
   • postal or billing address (for contracts and invoices).
2. Account and authentication data (where client portals or tools are used)
   • username, hashed passwords;
   • access logs, permissions, roles.
3. Communication data
   • contents of enquiries, quotation requests, support tickets, feedback and messages;
   • meeting notes and call summaries.
4. Marketing and preferences data
   • newsletter subscription status;
   • interests, industries, service preferences;
   • consent records and unsubscribe history.
5. Technical and usage data
   • IP address, device identifiers, browser type and version;
   • pages viewed, session duration, referring URLs;
   • cookies and similar tracking technologies (see Cookie Policy).
6. Contract and billing data (B2B clients)
   • contract details, services ordered;
   • invoices, payment records;
   • tax-relevant information required by law.

We do not intentionally collect sensitive categories of personal data via the Website.

3. Sources of data

We obtain personal data:

• directly from you (forms on the Website, email, phone, messaging apps, contracts, events);
• from your employer or colleagues, when they list you as a contact person;
• through cookies and analytics tools when you use the Website;
• from publicly available sources (for example, LinkedIn or official company registries) where lawful and relevant for B2B outreach.

4. Purposes and legal bases

1. Providing the Website and digital tools
   To operate, secure and maintain the Website and any client portals.
   Legal bases: performance of contract or pre-contractual steps; legitimate interest in running a secure and functional Website.
2. Responding to enquiries and quotation requests
   To respond to your messages, schedule meetings, prepare proposals and enter into or perform contracts.
   Legal bases: performance of contract or pre-contractual steps; legitimate interest in business communication.
3. Providing services to clients
   To plan and deliver digital, marketing, consulting or development services; manage projects and communicate with client teams.
   Legal bases: performance of contract; legitimate interest in fulfilling client engagements; legal obligations (accounting, taxation).
4. Marketing and newsletters
   To send you newsletters, invitations, case studies or product updates.
   Legal bases: your consent (where required) or legitimate interest in B2B marketing.
   You can withdraw consent or opt-out at any time via the unsubscribe link or by contacting us.
5. Analytics and optimisation
   To understand how our Website is used, improve content and UX, and measure campaign performance.
   Legal bases: consent (for non-essential cookies/trackers, where required); legitimate interest in improving services and marketing.
6. Compliance, security, and legal claims
   To comply with legal obligations (tax, accounting, IT Park reporting), ensure information security, prevent fraud and defend our legal rights.
   Legal bases: legal obligations; legitimate interest in protecting our business; establishment, exercise or defence of legal claims.

5. Cookies and tracking

We use cookies and similar technologies to remember your preferences, analyse traffic and usage patterns and personalise some marketing. Details are set out in our Cookie Policy. Where required by law, we obtain your consent via a cookie banner before setting non-essential cookies.

6. Data sharing and international transfers

We may share personal data with:

1. Service providers (processors) such as:
   • hosting providers and data-centre services;
   • email delivery and CRM platforms;
   • analytics and marketing tools;
   • professional advisors (lawyers, accountants, auditors) bound by confidentiality.
2. Business partners and subcontractors where necessary to deliver services defined in a contract or Statement of Work.
3. Public authorities such as tax or regulatory authorities, law-enforcement or courts, when required by applicable law or to protect our legitimate interests.

Where data is transferred outside Uzbekistan (for example, to servers or partners in the EU, UK, USA or other countries), we take appropriate safeguards required by applicable law, such as contractual clauses and technical measures, to protect your data.

7. Data retention

We retain personal data only for as long as necessary for the purposes described above:

• enquiry data: typically up to 2 years after last contact, unless it leads to a contract;
• contract and billing data: at least the period required by tax and accounting laws (often 5–10 years);
• marketing data: until you withdraw consent or object to processing;
• technical logs: usually up to 12 months, unless needed longer for investigations.

When data is no longer needed, we will delete or anonymise it in a secure manner, unless retention is required by law.

8. Your rights

Subject to conditions and limitations under applicable law, you may have the right to:

• access your personal data and obtain a copy;
• request correction of inaccurate or incomplete data;
• request deletion of your data where legal grounds exist;
• request restriction of processing in certain cases;
• object to processing based on our legitimate interests, including direct marketing;
• receive data you provided in a structured, commonly used, machine-readable format (data portability, where applicable);
• withdraw consent at any time where processing is based on consent.

To exercise your rights, contact us at [REPLACE WITH PRIVACY/CONTACT EMAIL] and clearly state your request. We may ask you to verify your identity before responding.

If you reside in a jurisdiction with a data-protection authority (for example, an EU/EEA Member State), you may have the right to lodge a complaint with that authority in addition to contacting us.

9. Children’s data

Our Website and services are not directed to children under 16, and we do not knowingly collect personal data from them. If you believe that a child has provided us with personal data, please contact us and we will promptly delete it.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure or destruction, including:

• access controls and authentication;
• encryption in transit (HTTPS) and, where appropriate, at rest;
• regular updates and security monitoring;
• internal procedures for incident response.

However, no system is completely secure; we cannot guarantee absolute security of information transmitted over the Internet.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The latest version is indicated by the “Last updated” date. Significant changes may be announced on the Website or via email where appropriate.