Raqamli Nazorat Tashkiloti Boshqaruv Tizimi uchun Maxfiylik siyosati
1. Umumiy qoidalar
Tizim tashkilotning ichki jarayonlarini, loyiha boshqaruvini, xodimlar unumdorligini, tasklarni, moliyaviy so‘rovlarni, oylik hisob-kitoblarni va audit jarayonlarini avtomatlashtirish uchun mo‘ljallangan.
2. Qanday ma’lumotlar yig‘iladi?
| Ma’lumot turi | Misollar | Foydalanish maqsadi |
|---|---|---|
| Foydalanuvchi ma’lumotlari | Ism-familiya, login, rol, lavozim, tashkilot, bo‘lim, telefon raqam | Foydalanuvchini identifikatsiya qilish va RBAC asosida ruxsat berish |
| Autentifikatsiya ma’lumotlari | Parol, PIN-kod, JWT access/refresh tokenlari | Tizimga xavfsiz kirish va sessiyani boshqarish |
| Loyiha va task ma’lumotlari | Loyiha nomi, tavsifi, deadline, status, task sarlavhasi, priority, type, commentlar | Loyihalar va vazifalarni boshqarish, monitoring va hisobotlar |
| Task fayllari | Rasm, PDF, DOC, video, texnik hujjatlar, xodim yuklagan fayllar | Task bo‘yicha bajarilgan ishni tasdiqlash va tekshirish |
| Moliyaviy ma’lumotlar | Xarajat so‘rovi, summa, sabab, karta, xarajat turi, paid/confirmed statuslari | Xarajatlar, payroll, ledger va buxgalteriya nazoratini yuritish |
| Audit loglar | Kim, qachon, qayerdan, eski qiymat, yangi qiymat, IP-manzil | Moliyaviy shaffoflik, xavfsizlik va tekshiruvlar |
| Nomzod ariza ma’lumotlari | F.I.O., tug‘ilgan sana, telefon, Telegram, talabalik holati, universitet, resume, portfolio | Ishga qabul qilish jarayonini yuritish va nomzodlarni saralash |
3. Ma’lumotlardan foydalanish maqsadlari
- foydalanuvchini tizimga kiritish va roliga mos huquqlarni berish;
- loyihalar, sprintlar, tasklar va deadline jarayonlarini boshqarish;
- xodimlarning task bajarish samaradorligi va KPI ko‘rsatkichlarini hisoblash;
- xarajat so‘rovlari, oylik to‘lovlari va moliyaviy registrlarni yuritish;
- buxgalteriya va auditorlik nazoratini ta’minlash;
- nomzodlar arizalarini qabul qilish, ko‘rib chiqish va xulosa kiritish;
- hisobotlar, dashboard va analitika shakllantirish;
- xavfsizlik, audit va noqonuniy harakatlarni aniqlash.
4. Rollar va kirish huquqlari
Tizimda kirish huquqlari RBAC prinsipi asosida boshqariladi. Har bir foydalanuvchi faqat o‘z roliga tegishli bo‘lgan ma’lumot va funksiyalarni ko‘radi.
- Superadmin: global sozlamalar va barcha foydalanuvchilar ustidan nazorat.
- Admin: loyiha yaratish va jamoani biriktirish.
- Manager: tasklarni boshqarish va xodimlarni tasklarga biriktirish.
- Xodim: o‘z tasklarini bajarish, status o‘zgartirish, xarajat so‘rovi yuborish.
- Nazoratchi: jarayonlar va moliya tarixini kuzatish, audit xulosasi yozish.
- Buxgalter: moliyaviy xarajatlar registrini ko‘rish va tasdiqlash.
5. Moliyaviy ma’lumotlar va payroll
Tizimda xarajatlar, oyliklar, balanslar va moliyaviy registrlar alohida himoyalangan holda yuritiladi. Moliyaviy yozuvlarni o‘chirishga ruxsat berilmaydi. Xatoliklar faqat korreksiya yoki reverse transaction orqali tuzatiladi.
6. Nomzodlar arizasi bo‘yicha ma’lumotlar
Tizim ishga qabul qilish jarayonida nomzodlardan F.I.O., tug‘ilgan sana, telefon raqam, Telegram profili, talabalik holati, universitet, region, yo‘nalish, resume, portfolio va qo‘shimcha ma’lumotlarni qabul qilishi mumkin.
7. Audit va tarixiylik
Tizimdagi har bir muhim o‘zgarish audit logga yoziladi: foydalanuvchi, sana-vaqt, IP-manzil, eski qiymat va yangi qiymat saqlanishi mumkin.
8. Ma’lumotlarni himoya qilish
- JWT access va refresh tokenlar;
- parol va PIN-kod orqali autentifikatsiya;
- RBAC asosida kirish huquqlarini cheklash;
- moliyaviy amallarda atomic transactions;
- audit log va transaction traceability;
- Sentry orqali xatoliklarni kuzatish;
- S3 Storage yoki mos fayl saqlash xizmati.
9. Uchinchi tomon xizmatlari
Tizim FCM Push Notifications, Sentry Error Tracking, S3 Storage, Zoom yoki Google Meet havolalari, CI/CD va deployment xizmatlaridan foydalanishi mumkin.
10. Foydalanuvchi huquqlari
- o‘ziga tegishli ma’lumotlarni ko‘rish;
- noto‘g‘ri ma’lumotlarni tuzatishni so‘rash;
- o‘z tasklari, xarajat so‘rovlari va payroll tarixini ko‘rish;
- ariza holatini bilish;
- ma’lumotlar qanday maqsadda ishlatilayotganini bilish.
11. Aloqa ma’lumotlari
Tashkilot: "Raqamli Nazorat" MCHJ
Telefon: +998 50 200 21 22
Email: raqamlinazorat3@gmail.com
Privacy Policy for the Digital Control Organization Management System
1. General Provisions
The system is intended to automate internal organizational processes, project management, employee productivity tracking, tasks, financial requests, payroll calculations, and audit processes.
2. What Data Is Collected?
| Data Type | Examples | Purpose of Use |
|---|---|---|
| User data | Full name, login, role, position, organization, department, phone number | Identifying users and granting permissions based on RBAC |
| Authentication data | Password, PIN code, JWT access and refresh tokens | Secure login and session management |
| Project and task data | Project name, description, deadline, status, task title, priority, type, comments | Managing projects, tasks, monitoring, and reports |
| Task files | Images, PDF, DOC, video, technical documents, employee-uploaded files | Confirming and reviewing completed task work |
| Financial data | Expense request, amount, reason, card, expense type, paid/confirmed statuses | Managing expenses, payroll, ledger, and accounting control |
| Audit logs | Who, when, from where, old value, new value, IP address | Financial transparency, security, and inspections |
| Candidate application data | Full name, birth date, phone, Telegram, student status, university, resume, portfolio | Managing recruitment and candidate selection |
3. Purposes of Data Use
- to authenticate users and assign permissions according to their roles;
- to manage projects, sprints, tasks, and deadlines;
- to calculate employee performance and KPI indicators;
- to manage expense requests, salary payments, and financial registers;
- to support accounting and audit control;
- to receive, review, and process candidate applications;
- to generate reports, dashboards, and analytics;
- to ensure security, auditing, and detection of suspicious activity.
4. Roles and Access Rights
Access rights are managed according to the RBAC principle. Each user can only access the data and features allowed for their role.
- Superadmin: controls global settings and all users.
- Admin: creates projects and assigns teams.
- Manager: manages tasks and assigns employees to tasks.
- Employee: completes assigned tasks, changes statuses, and sends expense requests.
- Auditor: reviews processes and financial history, and writes audit conclusions.
- Accountant: reviews and approves financial expense records.
5. Financial Data and Payroll
Expenses, salaries, balances, and financial registers are processed with additional protection. Financial records cannot be deleted. Errors may only be corrected through correction or reverse transactions.
6. Candidate Application Data
During recruitment, the system may collect candidate data such as full name, birth date, phone number, Telegram profile, student status, university, region, direction, resume, portfolio, and additional information.
7. Audit and Traceability
Every important system change is recorded in audit logs. These records may include the user, date and time, IP address, old value, and new value.
8. Data Protection
- JWT access and refresh tokens;
- authentication by password and PIN code;
- RBAC-based access restrictions;
- atomic transactions for financial operations;
- audit logs and transaction traceability;
- error tracking through Sentry;
- S3 Storage or an equivalent secure file storage service.
9. Third-Party Services
The system may use FCM Push Notifications, Sentry Error Tracking, S3 Storage, Zoom or Google Meet links, CI/CD, and deployment services.
10. User Rights
- to view their own data;
- to request correction of inaccurate data;
- to view their tasks, expense requests, and payroll history;
- to check application status;
- to know why their data is being used.
11. Contact Information
Organization: "Raqamli Nazorat" LLC
Phone: +998 50 200 21 22
Email: raqamlinazorat3@gmail.com