Privacy Policy

 

This Personal Data Protection Policy describes how An Thanh Bicsol Joint Stock Company (hereinafter referred to as the “Company” or “ATT”) collects, uses and processes personal data arising in the course of the Company’s business operations.

1.1. Personal data: is digital data or other forms of information that identify or help identify a specific person. Personal data includes basic personal data and sensitive personal data.

1.2. Personal data subject: means a person whose personal data is reflected, including all individual customers who are using the Company’s products and services, employees of the Company (including full-time employees, probationary employees, interns), Shareholders/managers of the Company,  related persons of shareholders/managers of the Company and/or other individuals who have legal relations with the Company.

1.3. Processing of personal data means one or more activities affecting personal data in accordance with the provisions of current law.

1.4. This Policy may be updated, amended, supplemented, or replaced by the Company from time to time to ensure compliance with current legal regulations and/or changes in the Company’s operations. Any changes will be posted by the Company on the Company’s official website and/or notified to the Data Subject in an appropriate manner.

1.5. The Company undertakes to comply with the following principles when processing personal data:

(i). The Company processes and protects personal data in accordance with the provisions of Vietnamese law;

(ii). The Company collects personal data for specific, clear and lawful purposes in accordance with the provisions of Vietnamese law;

(iii). The Company always applies and updates technical measures in accordance with the provisions of Vietnamese law to ensure the security of personal data, including protection measures from unauthorized access and/or destruction, loss or damage to personal data;

(iv). The Company stores personal data appropriately and to the extent necessary for processing in accordance with the provisions of Vietnamese law;

(v). The Company does not collect personal data of children as customers or service users, except where the data of the Employee’s child is processed for welfare purposes, or information about the relevant person of the business manager in accordance with the provisions of the Law.

2.1. Basic personal data, including:

(i). Full name, middle name and birth name, other names (if any);

(ii). Date of birth; date of death or disappearance;

(iii). Gender;

(iv). Place of birth, place of birth registration, place of permanent residence, place of temporary residence, current place of residence, hometown, contact address;

(v). Nationality;

(vi). Images of individuals: information obtained from security systems, including image recordings of personal data subjects on the system of cameras and surveillance cameras at the Company’s business/transaction locations.

(vii). Telephone number, citizen identification number, personal identification number, passport number, driver’s license number, license plate number, personal tax identification number, social insurance number, health insurance card number;

(viii). Occupation, workplace;

(ix). Marital status;

(x). Information about family relationships (parents, children);

(xi). Information about the individual’s digital account; Personal data reflects interests and history of activities in cyberspace;

(xii). Other information that is associated with a specific person or helpsto identify a particular person does not fall within the scope of sensitive personal data as set out in Section 2.2 below.

2.2. Sensitive personal data includes the following key data:

(i). Political viewpoints, religious views;

(ii). Health status and private life recorded in medical records and medical records, excluding information on blood type;

(iii). Information related to racial and ethnic origins;

(iv). Information on the physical properties and biological characteristics of individuals;

(v). Data on crimes and criminal acts collected and stored by law enforcement agencies;

(vi). Information about the bank account of the personal data subject;

(vii). Data on the location of personal data subjects determined through location services; 

(viii). Other personal data is regulated by law and requires necessary security measures.

Personal data may be processed for one or more of the following purposes:

3.1. Assessing the ability to provide goods, services or/and entering into contracts with personal data subjects, including but not limited to the following purposes: 

(i). Identify and verify information about personal data subjects;

(ii). Evaluate, appraise and approve the provision of goods and services according to registration documents, applications and contracts of personal data subjects;

(iii). Consider providing or continuing to provide any of the Company’s goods or services to the personal data subject;

3.2. Fulfilling obligations in contracts, agreements, terms, conditions and other documents between the Company and the personal data subject, customer support including but not limited to the following purposes:

(i). Fulfilling obligations under contracts, agreements and providing goods and services to personal data subjects;

(ii). Maintaining, updating and processing information of personal data subjects;

(iii). Take care of and settle complaints and lawsuits of personal data subjects;

(iv). Use and transfer to partners personal data and related information to identify and troubleshoot problems of products and services;

(v). Contact and notify the personal data subject.

3.3. Improving the quality of the Company’s goods and services including but not limited to:

i. Provide information that the client has requested, or the Company finds useful to the client;

ii. Manage customer accounts;

iii. Statistics and data analysis for research, construction, development and improvement of goods and services

iv. Introducing new products and services in the An Phat Holdings ecosystem.

3.4. Prevention, combat, investigation and detection of crimes.

3.5. Protect social order and safety, protect the legitimate rights and interests of personal data subjects, the Company, and other related parties. 

3.6.  To comply with the provisions of law and international treaties to which Vietnam is a signatory including but not limited to: To provide competent state agencies in accordance with the provisions of law; To perform obligations in accordance with the provisions of law and international treaties that the Company must comply with (if any).  

3.7. Other purposes with the consent of the personal data subject.

3.8. Data processing without the consent of the data subject The Company reserves the right to process personal data without the consent of the data subject in cases where 

(i). In case of emergency, it is necessary to immediately process the relevant personal data to protect the life and health of the data subject or other persons. 

(ii). The disclosure of personal data in accordance with the law. 

(iii). The processing of data by competent state agencies in case of emergencies on national defense, national security, social order and safety, natural disasters and dangerous disasters.

(iv). To fulfill the contractual obligations of the data subject to relevant agencies, organizations, and individuals in accordance with the law. 

(v). Serving the activities of state agencies that have been prescribed by specialized laws.

4.1. Method of collection

The personal data collected is as follows:

(i). From the Company’s websites and affiliated applications.

(ii). From the provision of products and services, the fulfillment of obligations under contracts and agreements of the Company.

(iii). From exchanges and communications with personal data subjects.

(iv). From social networks means the Company’s social networks and/or social networks that the Company cooperates with partners.

(v). From audio and video recording devices. From interactions or automated data collection technologies: The Company may collect automatically recorded information from the connection: Cookies, pixel tags and other similar technologies; Any technology capable of tracking personal activity on devices or websites; Other data information provided by a device.

(vi). Other means: The Company may collect personal data through public, official sources of information, or through the receipt of internal data sharing within the Group.

4.2. Method of data storing

Personal data is stored in Vietnam in the Company’s database system (or the Group’s shared IT infrastructure). The retention period of personal data is determined based on the purpose of use and in accordance with the law.

4.3. Method of data transfer/sharing

The Company will not sell personal data to any party. The Company uses the necessary security measures to ensure the secure transfer/sharing of personal data. Personal data is shared by the company to:

(i) In the system of An Phat Holdings Group (for internal management);

(ii) Individuals/organizations involved in the processing of personal data; or 

(iii) Competent state agencies or other cases in accordance with the provisions of law.

If the recipient of personal data is headquartered outside the territory of Vietnam, when providing/transferring personal data abroad (including but not limited to the use of cyberspace, devices, electronic means or other forms to transfer personal data outside the territory of Vietnam),  The Company will require the recipient to ensure the safety and confidentiality of the personal data provided/transferred. 

The company is committed to fully complying with the regulations and compliance requirements of Vietnamese law to protect the safety of personal data.

5.1. The Company uses various information security technologies to protect and prevent unauthorized access, use or sharing personal data. However, the Company cannot commit to ensuring the absolute security of personal data in some cases such as:

(i). Hardware and software errors in the process of data processing that cause data loss of personal data subjects;

(ii). Security vulnerabilities which are beyond the Company’s control, the system is attacked by hackers, causing data leakage and leakage.

5.2. The personal data subjects should be aware that at any time when they discloses and make their personal data public, it may be collected and used by others for purposes beyond the control of the personal data subject and the Company. 

5.3. In case the data storage server is attacked, resulting in the loss, disclosure or leakage of personal data, the Company shall be responsible for notifying the case to the investigating authorities for timely handling and notifying the subject of personal data in accordance with the law.

5.4. Disclaimer: The Company is not responsible for data security in the event that:

– Personal data subject voluntarily share the Contract, agreement or information related to the contract or agreement on social networks or to unrelated third parties.

– The leak occurs due to a security error from  the subject’s own personal device (computer virus, password leak, etc.).

6.1. Personal data is processed from the moment the Company lawfully receives the personal data and the Company has an appropriate legal basis to process the data in accordance with the law.

6.2. Personal data will be processed until when the purposes for which the data processing has been completed.

6.3. The Company may have to store personal data even if the contract between the parties has been terminated in order to fulfill its obligations in accordance with the law and/or the requirements of competent state agencies.

7.1. As the case may be, the Company may be the controller of personal data or be both the controller and processor of personal data.

7.2. To the extent permitted by law, the personal data subject understands that the Company may share personal data for the purposes specified in this policy with the following organizations and individuals: 

(i). Internally, An Phat Holdings;

(ii). Organizations and individuals providing services and/or cooperating with the Company, including but not limited to: agents, auditors, lawyers, business cooperation partners, providing information technology solutions, software, applications, operation, management, troubleshooting services, etc.  infrastructure development;

(iii). Any individual or organization that is the representative or authorized party of the personal data subject, acting on behalf of the personal data subject.

The data sharing will be carried out in accordance with the order, method and current legal regulations. Parties receiving personal data are obliged to keep personal data confidential in accordance with this Policy, the Company’s internal regulations, standards for personal data protection and applicable laws.

7.3. The Company may be required to share personal data with competent state authorities in accordance with the law.

8.1. The right to know about the processing of their personal data, unless otherwise provided for by law.

8.2. The right to consent or disagree to the processing of his/her personal data, unless otherwise provided for by law.

8.3. The right to access to view, correct or request correction of his/her personal data, unless otherwise provided for by law.

8.4. Right to withdraw consent. 

8.5. Right to erasure of data. 

8.6. The right to restrict the processing of their personal data in accordance with the law. 

8.7. The right to request the provision of his/her own personal data, unless otherwise provided for by law.

8.8. Right to object to data processing. 

8.9. The right to complain, denounce and initiate lawsuits.

8.10. Right to claim compensation for damages.

8.11. Right to Self-Defense.

The personal data subject may exercise these rights by making a request to the Company. The request form must be sent to the Company and contain basic contents such as information of the requester, detailed content of the request, reason, purpose when making the request, etc. The Company makes a lawful and valid request from the personal data subject within the time prescribed by law.

The Company reserves the right to refuse to comply with the requests of the personal data subject in certain circumstances, including but not limited to: 

(i) The personal data subject fails to comply with the order and procedures instructed by the company in which the requested content lacks information or is invalid; 

(ii) The fulfillment of the request may infringe upon the life, health or property of others; 

(iii) The data subject fails to properly implement the identity verification process;

(iv) The provisions of the law do not allow the implementation of the request of the personal data subject.

9.1. Self-protection of your personal data;

9.2. Respect and protect the personal data of others.

9.3. Fully and accurately provide personal data when consenting to the processing of personal data. If there is any false information, the personal data subject shall bear at his/her own expense in the event that such information affects or restricts the rights of the personal data subject. Note that the withdrawal of consent, the request for data deletion or the restriction of data processing may result in the Company not being able to continue to provide products and services or perform a contract with the data subject. In this case, the Company is not responsible for any losses incurred and the Company’s legal rights are reserved.

9.4.  Comply with the law on personal data protection and participate in the prevention and control of violations of regulations on personal data protection.

9.5. Other responsibilities as prescribed by law.

10.1.  The personal data subject confirms that, by accepting this policy, the personal data subject has consented to the personal data being processed by the Company, organizations and individuals participating in the processing of personal data as stated in this policy,  clearly know the type of data being processed, the purpose of data processing, organizations and individuals entitled to process personal data, and their rights and obligations related to personal data. The subject of personal data has been notified by the Company, has known and agreed to all the contents that need to be notified before personal data is processed by the Company, organizations and individuals participating in the process of processing personal data. The personal data subject agrees that the company, organization or individual participating in the process of processing personal data does not need to notify again before processing personal data.

10.2. If you have any questions about the protection of the Company’s personal data, please contact us and we will respond in accordance with the provisions of the law. You can also contact us at the address below:

Contact addressAn Thanh Bicsol Joint Stock Company

Email Address: contact@anthanhbicsol.com

Phone: +84888097576