← Back to site
Privacy Policy
Updated: June 13, 2026
This Policy describes what data FaceID — a face-recognition time & attendance system (the “Service”), operated by Khizmatrasonii Nav LLC, Dushanbe, Republic of Tajikistan (the “Company”, “we”) — processes, for what purpose and on what legal basis, and the rights of data subjects. Processing is carried out in accordance with the Law of the Republic of Tajikistan “On Personal Data Protection” No. 1537 of 3 August 2018 and other regulations of the Republic of Tajikistan. By using the Service you confirm that you have read this Policy.
1. Data controller and contact
The personal-data operator is Khizmatrasonii Nav LLC, Dushanbe, Republic of Tajikistan.
For data-processing questions and to exercise your rights, contact info@hizmatrason.tj or Telegram: https://t.me/hizmatrason_bot.
For employees' biometric and HR data, the employing organisation (the Service's client) acts as the operator determining processing purposes, and the Company acts as the processor following the employer's instructions. For account, billing and Service-operation data the Company is the operator.
2. Data we process
We process the minimum necessary data:
- Biometric data: a mathematical face descriptor (a 128-dimension numeric vector) generated at employee enrolment. The Service stores a numeric template, not photos or face images; the image cannot be reconstructed from the descriptor.
- Working-time data: check-in/out events, location and time of the event, links to organisation, department, schedule and role.
- Account data: name, position, phone number, email, password hash, organisation.
- Technical data: device model, app version, IP address, access logs, session cookies (see the Cookie Policy).
- Enquiry data: information you provide in the contact form or when requesting a demo.
3. Purposes and legal bases
- Time tracking and face identification of the employee — performance of the contract with the employer and the data subject's consent to biometric processing (Arts. 5, 9 of the RT Law on Personal Data Protection).
- Providing and supporting the Service, notifications (incl. via Telegram) — performance of the contract.
- Security, prevention of abuse and spoofed check-ins — legitimate interest and legal requirements.
- Accounting/tax records and lawful requests by authorities — compliance with law.
Biometric data is processed only with the voluntary consent of the subject. Consent may be withdrawn; face identification then stops and the descriptor is deleted.
4. Sharing with third parties
We do not sell personal data. Disclosure is limited to:
- the employing organisation, to the extent of working-time records;
- infrastructure providers (hosting, notification delivery) bound by contract and confidentiality;
- authorised state bodies, upon a lawful and justified request under the legislation of the Republic of Tajikistan.
5. Retention
Data is kept no longer than necessary for the purposes or the periods set by law. The biometric descriptor is kept until the employee leaves or consent is withdrawn, then deleted within a reasonable time. Working-time logs are kept for the period required by labour and accounting law.
6. Security
We apply organisational and technical safeguards: channel encryption (TLS), role-based access control, password hashing, action logging and backups. Biometrics are stored as an irreversible numeric template.
7. Your rights
Under the legislation of the Republic of Tajikistan you may:
- obtain information about the processing of your data;
- request rectification, blocking or erasure of inaccurate or unlawfully processed data;
- withdraw consent to biometric processing;
- appeal the operator's actions to the authorised body or a court.
To exercise your rights, send a request to info@hizmatrason.tj. We respond within the time limits set by law.
8. Minors
The Service is intended for organisations and their employees and is not directed at persons below the age at which employment is permitted under the Labour Code of the Republic of Tajikistan.
9. Governing law
This Policy is governed by the law of the Republic of Tajikistan, including:
- the Constitution of the Republic of Tajikistan (Art. 23 — privacy of personal life and correspondence);
- the Law of the RT “On Personal Data Protection” No. 1537 of 3 August 2018;
- the Law of the RT “On Information” No. 55 of 10 May 2002;
- the Law of the RT “On Electronic Document” and the Law of the RT “On Electronic Digital Signature”;
- the Labour Code of the Republic of Tajikistan (regarding employee working-time records);
- the Civil Code of the Republic of Tajikistan and the Law of the RT “On Consumer Protection Rights”.
10. Changes
We may update this Policy. The current version is published on this page with the update date.