Privacy Policy

Basic concepts used in this Policy:

Personal data — any information relating to a directly or indirectly identified or identifiable individual (Personal Data Subject);
Operator — a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
Processing of personal data — any action (operation) or set of actions (operations) performed using automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
Automated processing of personal data — processing of personal data using computer technology;
Providing personal data — actions aimed at disclosing personal data to a certain person or a certain circle of persons;
Blocking of personal data — temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data);
Destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material media of personal data are destroyed;
Information system of personal data — a set of personal data contained in databases and information technologies and technical means that ensure their processing;
Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;
Online resource VIETAMIN (hereinafter also referred to as «VIETAMIN») — a resource on the Internet, which is a set of computer programs and databases that are hosted on the servers of the Licensor and (or) its contractors, execute the Licensor’s program code and ensure the availability of the Licensee’s data, contained in the database in order to attract customers and manage reputation on the Internet. The VIETAMIN online resource is posted on the Internet in the public domain on the domains vietamin.info, including all domains of the third and lower levels, both operating on the date of conclusion of this Agreement and those put into operation during the entire term of the Agreement;
VIETAMIN User — an individual who is not the Licensee and/or his representative or payer, who, through access to VIETAMIN, searches for organizations providing professional services.

The legal basis for the processing of personal data is a set of regulatory legal acts in accordance with which the Operator processes personal data, including:
— Constitution of the Socialist Republic of Vietnam;
— Decree 13/2023/ND-CP «On the protection of personal data».

The conditions for processing personal data are also:
— Charter of the Operator;
— agreements concluded with the Personal Data Subject or on his initiative, including agreements under which the Personal Data Subject will be a beneficiary or guarantor;
— consent of the Personal Data Subject to the processing of personal data.

Categories of Personal Data Subjects and categories of personal data processed, as well as the purposes of their processing are specified in the Appendices to this Policy regarding the processing of personal data.

Regardless of existing judicial practice and explanations of authorized bodies, the Operator classifies as personal data, including data that allows identifying the subject or its terminal equipment (cookies, web beacons, pixel tags, IP addresses, information about the browser or other program , through which accesses VIETAMIN) and other digital marking technologies. VIETAMIN may also contain links (in the form of hyperlinks, widgets, logos, images or clickable titles) to third party websites or websites designated by third parties. If you follow a link to any of these websites, please be aware that each has its own privacy policy and we do not accept any responsibility for the privacy policies of any third parties. We strongly recommend that you review the privacy policies and terms of use of such websites to understand their information collection, use and sharing practices. We are not responsible for the privacy policies or content of third party websites.

The processing of personal data may be carried out by the Operator solely for the purpose of fulfilling the rights and obligations under contracts and agreements concluded with personal data subjects, ensuring compliance with laws and other regulations, as well as for the purpose of complying with other legitimate interests of the Operator or personal data subjects.

Personal data is collected and used to the extent justified by the purpose of processing such personal data. The operator seeks ways and methods to use exclusively anonymized personal data to the extent and extent justified by the purposes of processing personal data.

The processing of personal data by the Operator is carried out on the basis of the following principles:
— legality and fair basis;
— limiting the processing of personal data to the achievement of specific, predetermined and legitimate purposes;
— preventing the merging of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
— processing only those personal data that meet the purposes of their processing;
— compliance of the content and volume of processed personal data with the stated purposes of processing;
— preventing the processing of personal data that is excessive in relation to the stated purposes of their processing;
— ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of processing personal data;
— destruction or depersonalization of personal data upon achieving the goals of their processing or in the event of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate violations of personal data, unless otherwise provided by law.

The processing and storage of personal data is carried out no longer than required by the purposes of processing personal data, unless there are legal grounds for further processing, for example, if legislation or an agreement with the subject of personal data does not establish an appropriate storage period.

The processing of personal data is subject to termination by destruction when the following conditions occur:
— achieving the purposes of processing personal data or maximum storage periods;
— loss of the need to achieve the purposes of processing personal data;
— provision by the subject of personal data or his legal representative of confirmation that the personal data was illegally obtained or is not necessary for the stated purpose of processing;
— impossibility of ensuring the legality of the processing of personal data;
— withdrawal by the subject of personal data of consent to the processing of personal data, if the storage of personal data is no longer required for the purposes of processing personal data.

The operator and other persons who have access to personal data are obliged not to disclose to third parties or distribute personal data without the consent of the subject of personal data, unless otherwise provided by law.

The operator has the right to transfer personal data to the bodies of inquiry and investigation, and other authorized bodies on the grounds provided for by the current legislation of the Socialist Republic of Vietnam.

For the purpose of information support, publicly available sources of personal data (including directories, address books) may be created. Public sources of personal data, with the written consent of the subject of personal data, may include his last name, first name, patronymic, year and place of birth, address, subscriber number and other personal data reported by the subject of personal data.

Information about the subject of personal data must be excluded at any time from publicly available sources of personal data at the request of the subject of personal data or by decision of a court or other authorized government bodies.

Special categories of personal data, as well as biometric personal data, are not processed by the Operator.

The operator has the right to entrust the processing of personal data to another person, including those located outside the Socialist Republic of Vietnam (cross-border transfer of personal data), with the consent of the subject of personal data, unless otherwise provided by law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data provided for by the Law. Cross-border transfer of personal data is carried out for the purpose of fulfilling rights and obligations under contracts or agreements concluded with subjects of personal data, as well as to ensure compliance with laws and other regulations.

A person processing personal data on behalf of the Operator is not required to obtain the consent of the subject of personal data to process his personal data.

If the Operator entrusts the processing of personal data to another person, the Operator is responsible to the subject of personal data for the actions of the specified person. The person processing personal data on behalf of the Operator is responsible to the Operator.

The subject of personal data decides to provide his personal data and consents to their processing freely, of his own free will and in his own interest. Consent to the processing of personal data must be specific, informed and conscious. Consent to the processing of personal data can be given by the subject of personal data or his representative in any form that allows confirmation of the fact of its receipt, unless otherwise provided by law.

Consent to the processing of personal data may be withdrawn by the subject of personal data.

The obligation to provide evidence of obtaining the consent of the personal data subject to the processing of his personal data rests with the Operator.

The subject of personal data has the right to withdraw consent to the processing of personal data by sending a corresponding request to the Operator.

The personal data subject has the right to receive from the Operator information regarding the processing of his personal data, unless such right is limited in accordance with the laws.

The subject of personal data has the right to demand from the Operator clarification of his personal data, blocking or destruction of it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as take measures provided by law to protect his rights.

If the subject of personal data believes that the Operator is processing his personal data in violation of the requirements of the Law or otherwise violates his rights and freedoms, the subject of personal data has the right to appeal the actions or inaction of the Operator by sending a corresponding notification to the Operator in writing, as well as contacting the authorized body to protect the rights of personal data subjects.

Confirmation of the fact of processing of personal data by the Operator, the legal grounds and purposes of processing personal data, as well as other information, is provided by the Operator to the Personal Data Subject or his representative upon application or upon receipt of a request from the Personal Data Subject or his representative within ten working days from the date of receipt of the application or receiving a request. The information provided does not include personal data relating to other Personal Data Subjects, unless there are legal grounds for disclosing such personal data.

The request must contain:
number of the main identification document of the Personal Data Subject or his representative, information about the date of issue of the specified document and the issuing authority;
information confirming the participation of the Personal Data Subject in relations with the Operator (agreement number, date of conclusion of the agreement, conventional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator;
date of the request and signature of the Personal Data Subject or his representative.

The request can be sent in the form of an electronic document or by mail to the legal address of the Operator.

If the personal data subject’s appeal (request) does not reflect all the necessary information in accordance with the requirements of the decree on personal data or the subject does not have the rights to access the requested information, then a reasoned refusal is sent to him.

When the goals of processing personal data are achieved, as well as in the event that the Personal Data Subject withdraws consent to their processing, personal data is subject to destruction if:
otherwise is not provided for in the agreement to which the Personal Data Subject is a party;
the operator does not have the right to process without the consent of the Personal Data Subject on the grounds provided for by the decree on personal data or other laws;
otherwise is not provided for in another agreement between the Operator and the Personal Data Subject.

The security of personal data processed by the operator is ensured by the implementation of legal, organizational and technical measures necessary to ensure legal requirements in the field of personal data protection.

To prevent unauthorized access to personal data, the Operator applies the following organizational, technical and legal measures:
limiting the number of persons who have access to personal data;
familiarization of personal data subjects with the requirements of the law and with this Operator’s Policy on the processing and protection of personal data;
organization of accounting, storage and circulation of information carriers;
restriction of user access to information resources and software and hardware for information processing;
registration and recording of actions of users of personal data information systems;
application, where necessary, of firewall screening tools, intrusion detection, security analysis and cryptographic information protection tools.

Other rights and obligations of the Operator as an operator of personal data are determined by the legislation of the Socialist Republic of Vietnam in the field of personal data.

Officials of the Operator guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil or criminal liability in the manner prescribed by law.

This Policy may be changed by the Operator taking into account changing legal requirements, as well as the development of organizational and technical measures to protect personal data. Changing the text of this Policy is carried out by replacing the current edition posted on the information and telecommunications network on the Internet with a new edition or publishing changes to such Policy.