Personal data protection policy for customers of VNPT and its subsidiaries
Personal data protection policy for customers of Vietnam Posts and Telecommunications Group and Subsidiaries of Vietnam Posts and Telecommunications Group (hereinafter referred to as "Policy") is for information purposes. Notify Customer of Customer's Personal Data collected by Vietnam Posts and Telecommunications Group (“VNPT”) and/or by Subsidiaries with 100% charter capital of VNPT (“VNPT Subsidiaries” ) processing, processing purpose, processing method, storage period, Customer's rights and obligations regarding his/her Personal Data according to the provisions of Vietnamese law on personal data protection, etc. This Policy also provides recommendations to help Customers increase awareness of Personal Data protection.
This policy is an inseparable part of the Contracts, General Transaction Conditions, Terms and Conditions of using products and services of VNPT/VNPT Subsidiaries. This policy applies to all platforms including but not limited to: electronic information pages, interface channels, means, tools on websites/wapsite/applications of VNPT/Subsidiaries of VNPT. VNPT, consulting and signing service provision contracts at telecommunications service provision points of VNPT/VNPT Subsidiaries, at the address designated by the Customer and/or at another location designated by the Customer. selected by the customer or VNPT/VNPT Subsidiary.
To the extent permitted by law, VNPT/VNPT's Subsidiaries may adjust this Policy at any time and publicly post the adjusted Policy on VNPT's/Company's official information channels. subsidiary of VNPT.
By checking the box "I have read and accepted" or "I agree with the Policies and Terms of Use of VNPT/VNPT Subsidiary" or by signing a contract with VNPT/VNPT Subsidiary with reference to this Policy (and amendments thereto), or by continuing to register, log in, use the website/wapsite/application of VNPT/VNPT Subsidiary or use the product, services of VNPT/VNPT Subsidiaries without any complaints regarding this Policy (and its accompanying amendments), Customer confirms that he has carefully read, understood and accepted all of its contents. VNPT's Personal Data Protection Policy.
Within the scope of this Policy, the following terms are understood and explained as follows:
1.1. VNPT is the Vietnam Posts and Telecommunications Group and its affiliated units.
1.2. VNPT's subsidiaries are businesses whose charter capital is 100% owned by VNPT. VNPT's subsidiaries include Telecommunications Services Corporation (VNPT VinaPhone) and Media Corporation (VNPT Media).
1.3. Customers are:
- Individuals or legal representatives of individuals who use and/or are interested in products and services of VNPT/VNPT Subsidiaries;
- The individual or the legal representative of the individual has accessed and/or registered an account at websites/wapsite/applications owned by VNPT/Subsidiary of VNPT.
1.4. Products and services of VNPT/VNPT Subsidiaries are:
- Products and services directly researched, developed and provided to Customers by VNPT or its Subsidiaries;
- Products and services provided by VNPT/VNPT Subsidiaries in cooperation with partners to provide to Customers.
1. VNPT/VNPT Subsidiary processes Personal Data in the following cases including but not limited to:
a) When the Customer or the Customer's legal representative contacts VNPT/VNPT's Subsidiary to request advice on products and services of VNPT/VNPT's Subsidiary or express interest in products and services of VNPT/VNPT Subsidiaries;
b) When the Customer signs a contract, registers, uses products and services of VNPT/VNPT Subsidiaries;
c) When Customers access and/or register accounts at websites/wapsite/applications for products and services of VNPT/VNPT Subsidiaries;
d) When the Customer agrees to provide personal data to VNPT/VNPT's Subsidiary through public sources, including but not limited to: website/wapsite/product and service application of VNPT/Company VNPT's children; meetings, events, seminars, conferences, social networks, or dialogue and discussion programs organized, sponsored or attended by VNPT/VNPT Subsidiaries and/or from archived files ( cookies) recorded on the website of VNPT/Subsidiary of VNPT;
e) When a customer of an organization or business allows that organization or business to share the customer's personal data with VNPT/VNPT Subsidiary;
g) Being a customer of an organization or business to which VNPT/VNPT's Subsidiary contributes capital and purchases shares; or are a customer of an organization or business that cooperates in providing products and services with VNPT/VNPT Subsidiary.
h) When requested by competent state agencies.
i) When VNPT/VNPT Subsidiary conducts work according to the purpose of processing Personal Data specified in Article 3 of this Policy.
2. Customer's personal data processed by VNPT/VNPT Subsidiary (hereinafter referred to as "Personal Data") includes but is not limited to the information below and is subject to change. Depending on the type of product or service, how the Customer interacts with VNPT/VNPT Subsidiary:
2.1. Basic personal data
a) Surname, middle name, birth name, other names (if any);
b) Date, month and year of birth; date, month, year of death or disappearance;
c) Gender;
d) Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
đ) Nationality;
e) Image of the individual;
g) Phone number, ID card number, personal identification number, passport number, driver's license number, license plate number, personal tax code number, social insurance number, insurance card number medical;
h) Marital status;
i) Information about family relationships (parents, children);
k) Information about individuals' digital accounts; Personal data reflecting activities and history of activities in cyberspace;
2.2. Sensitive personal data
a) Data on crimes and criminal acts are collected and stored by law enforcement agencies;
b) Customer information of credit institutions, foreign bank branches, payment intermediary service providers, and other authorized organizations, including: Customer identification information according to the provisions of law law, account information, deposit information, deposited asset information, transaction information, information about organizations and individuals that are guarantors at credit institutions, bank branches, organizations providing intermediary payment services;
c) Data about the individual's location determined through location services.
2.3. Other personal data does not belong to the groups of Basic Personal Data and Sensitive Personal Data specified in Clause 2.1 and Clause 2.2 of this Article.
a) Derivative personal data: Telecommunications credit score is expressed in the form of scores, which is rating information from the synthesis and analysis of customers' telecommunications service usage data to evaluate customers. , analyze and predict customers' habits, preferences, trust levels, credibility, behavior, trends... and other information, supporting the provision of products and services of customers. VNPT/VNPT Subsidiaries in the most appropriate and best way.
b) Other personal data arising during the process of VNPT/VNPT Subsidiaries providing products and services and during the process of Customers using products and services, interacting with product suppliers, service.
2.4. VNPT/VNPT's Subsidiary will notify the Customer of the Personal Data required to be provided and/or optionally provided at the time the Customer contacts, exchanges, registers, or signs a contract with VNPT. /Subsidiary of VNPT. If the required Personal Data is not provided as requested, the Customer will not be able to use some products and services of VNPT/VNPT Subsidiaries. In this case, VNPT/VNPT's Subsidiary may refuse to provide products and services to the Customer without incurring any compensation and/or penalty.
2.5. From time to time, Customers may voluntarily provide VNPT/VNPT's Subsidiaries with Personal Data beyond the request of VNPT/VNPT's Subsidiaries. When the Customer provides Personal Data beyond the request of VNPT/VNPT's Subsidiary, it means that the Customer allows VNPT/VNPT's Subsidiary to process the Customer's Personal Data for the stated Purposes. in this Policy or for the purposes stated at the time Customer provided such Personal Data. In addition, when Customers proactively provide information beyond the requirements of VNPT/VNPT Subsidiaries, Customers please do not provide sensitive personal data as prescribed by law from time to time. VNPT/VNPT's Subsidiaries will not process and bear no legal responsibility for sensitive Personal Data voluntarily provided by Customers beyond the request of VNPT/VNPT's Subsidiaries. VNPT.
VNPT/VNPT Subsidiaries may process Customer Personal Data for one or more of the following listed purposes (“Purposes”):
1. Verify the accuracy and completeness of the information provided by the Customer; determine or authenticate the identity of the Customer or verify the identity of users of the services provided by the Customer and carry out the Customer authentication process; Handling registration to use VNPT Products and Services;
2. Evaluate Customer's profile and eligibility to use VNPT Products and Services. VNPT can use scoring methods, assign hot charge thresholds, check Customer history of using VNPT Products and Services to evaluate and manage credit risk, ensure solvency for customers. Payment obligations and other related obligations during the process of providing VNPT Products and Services to Customers;
3. Manage and evaluate business activities including designing, improving and enhancing the quality of VNPT Products and Services or performing marketing communication activities; Carry out market research, surveys and data analysis related to VNPT Products and Services; Research and develop new products, services, new supply models, etc. meet customers' needs;
4. Providing services to Customers, contacting Customers to advise, exchange information, resolve requests, complaints, deliver invoices, statements, reports or other documents related to VNPT Products and Services through different channels (for example: email, chat) and to respond to Customer requests. Contact Customer (or other necessary parties) to notify Customer of information related to the use of VNPT Products and Services;
5. Advertising and marketing based on Customers' interests and service usage habits: VNPT may use Personal Data to advertise and market to Customers about VNPT's Products, Services, and programs. promotions, research, surveys, news, updated information, events, contests with prizes, awarding of relevant prizes, advertisements and related content about our Products and Services. VNPT or of partners cooperating with VNPT.
In case the Customer does not want to receive periodic emails, text messages and/or newsletters for advertising and marketing purposes from VNPT, the frequency depends on VNPT's policies from time to time and in accordance with the law. , Customers can refuse in the manner instructed by VNPT on channels and means such as SMS, calls, traces on website/wapsite/application, etc. or contact VNPT's Customer Care hotline;
6. Prepare financial reports, activity reports or other related reports as prescribed by law;
7. Comply with legal obligations as prescribed by law;
8. Prevent fraud or minimize threats to the lives, health of others and public interests: VNPT may use Customer's personal information to prevent and detect fraud and abuse to protect Customers, VNPT and related entities;
9. Internal administration;
10. Other purposes related to those mentioned above.
VNPT/VNPT Subsidiary applies one or more activities affecting Personal Data such as: collection, recording, analysis, confirmation, storage, editing, disclosure, combination, access, retrieval export, retrieve, encrypt, decrypt, copy, share, transmit, provide, transfer, delete, destroy Personal Data or other related actions.
1. Time to start data processing
From the time the Purposes specified in Article 3 of this Policy arise.
2. End time of data processing
VNPT/VNPT's Subsidiaries terminate the processing of Personal Data when the Purposes specified in this Policy have been completed, unless otherwise provided by law or the Customer withdraws consent to the processing of Personal Data. personal data or when requested in writing by a competent state agency.
By accepting this Policy, Customers understand and agree that VNPT/VNPT's Subsidiaries may share Customer's Personal Data with the following organizations and individuals to carry out the specified Purposes. at Policy, specifically:
1. VNPT, affiliated company of VNPT, affiliated company of Subsidiary of VNPT;
2. Third parties providing services or partners in business cooperation contracts (with or without profit sharing): VNPT/VNPT's Subsidiaries uses and/or cooperates with other companies and individuals to carry out a number of tasks and programs such as advertising and promotion programs for Customers, market research, product analysis and development, strategic consulting, providing freight collection services, etc. These Third Party service providers and/or partners have the right to access, collect, use and process Customer Personal Data to the extent permitted by VNPT/VNPT's Subsidiaries to perform their functions and must comply with personal Data protection laws as a Data Processor;
3. Enterprise restructuring: During the business development process, VNPT/VNPT's Subsidiaries can sell or buy businesses or restructure businesses in accordance with legal regulations and production and business needs. In such transactions, Personal Data will be transferred and the transferee will remain subject to the provisions of this Policy;
4. VNPT/VNPT's Subsidiaries is allowed to disclose Personal Data as required by law or by competent state management agencies;
5. VNPT/VNPT's Subsidiaries is allowed to disclose Personal Data to other telecommunications businesses to serve the purpose of calculating rates, billing and preventing the Customer's evasion of contractual obligations.
1. Right to Know and Right to Consent
By this Policy, VNPT/VNPT Subsidiary notifies Customers about the processing of Personal Data before processing Personal Data. At the same time, Customers have the right to agree or disagree with the terms and conditions of this Policy in the manner instructed by VNPT/VNPT's Subsidiaries on channels and means such as SMS, phone calls, etc. call, traces on website/wapsite/application etc. or contact the customer care hotline of VNPT/Subsidiary of VNPT;
2. Right to access and request provision of Personal Data
Customers have the right to access applications/websites/wapsite of VNPT/VNPT Subsidiaries and/or contact VNPT/VNPT Subsidiaries directly to view and extract Personal Data that Customers provided to VNPT/VNPT Subsidiary for the Purposes specified in this Policy.
In case the Customer cannot access, extract or has difficulty accessing or extracting Personal Data, the Customer can contact VNPT/VNPT's Subsidiary for support.
3. Editing rights
Customers have the right to edit their Personal Data provided that this correction does not violate the provisions of law. In case the Customer cannot edit or has difficulty editing Personal Data, the Customer can contact VNPT/VNPT Subsidiary for support.
4. Right to object, restrict, withdraw consent to data processing
a) The Customer has the right to object, restrict or withdraw consent to the processing of the Customer's Personal Data. However, objecting, restricting or withdrawing consent to process Customer's Personal Data in some cases may result in VNPT/VNPT Subsidiaries being unable to provide Products and services. for the Customer, this means that VNPT/VNPT's Subsidiary can unilaterally terminate the contract without having to compensate the Customer because the conditions for performing the contract have changed. Therefore, VNPT/VNPT Subsidiary recommends that Customers consider carefully before objecting, restricting or withdrawing consent to process Customer's Personal Data.
b) In case the Customer wants to limit receiving marketing, advertising and promotional content from VNPT/VNPT Subsidiaries and wants to withdraw previous consent (if any) and/or object to continued use Your personal information for the purposes specified in Clause 5, Article 3 of this Policy, Customers please follow the instructions of VNPT/VNPT's Subsidiary at the time VNPT/VNPT's Subsidiary collects information. Personal data or contact VNPT/VNPT Subsidiaries according to the information provided in this Policy. If the Customer does not want to receive notifications from VNPT/VNPT Subsidiary's application, please adjust the notification settings in your application or device.
5. Right to erasure of Personal Data
Customers have the right to request VNPT/VNPT Subsidiaries to delete Customer's Personal Data provided that the Customer's request must comply with the provisions of law. However, the request to delete Customer's Personal Data in some cases may result in VNPT/VNPT Subsidiaries being unable to provide Products and services to Customers, which means that VNPT /VNPT's subsidiary can unilaterally terminate the contract without having to compensate the Customer because the conditions for performing the contract have changed. Therefore, VNPT/VNPT's Subsidiary recommends that Customers consider carefully before requesting VNPT/VNPT's Subsidiary to delete Personal Data.
6. Right to complain, denounce and sue
Customers have the right to complain, denounce or sue according to the provisions of law.
7. Right to claim compensation for damages
Customers have the right to request VNPT/VNPT Subsidiaries to compensate for damages according to the provisions of law when violations of regulations on personal data protection occur when the following conditions are simultaneously satisfied:
- There are acts of violating legal regulations on personal data protection of VNPT/VNPT Subsidiaries;
- The above violations lead to actual damages incurred for the Customer;
- The Customer has fully fulfilled its obligations to protect its Personal Data in accordance with the law, this Policy and other agreements between VNPT/VNPT Subsidiaríe and the Customer.
8. Right to self-defense
Customers have the right to protect themselves according to the provisions of the Civil Code, other relevant laws and Decree 13/2023/ND-CP on the protection of Personal Data (and accompanying amendments), or request Request competent agencies and organizations to implement methods to protect civil rights as prescribed in Article 11 of the Civil Code.
Customers are responsible for protecting their Personal Data as follows:
1. Proactively take measures to protect, manage and safely use your accounts and mobile devices (including but not limited to smartphones, computers, tablets, laptops) by Log out of your account after use, set a strong and hard-to-guess password and keep your login information and password secret. The above measures to protect and manage the safe use of accounts and mobile devices help prevent unauthorized access to Customer accounts. VNPT is excluded from liability for the Customer's damages in case the Customer's password is revealed/lost or stolen, leading to unauthorized access to the account, or any activity on the account. of the Customer using the mobile device is lost or misplaced, leading to unauthorized people using the service arbitrarily or VNPT's system being illegally violated by a third party even though VNPT has fully implemented enough measures to protect the system;
2. Customers are responsible for updating documents adjusting this Policy (if any) on VNPT/VNPT Subsidiaries's official information channels;
3. Once you have accepted all the terms and conditions of this Policy, the Customer is responsible for providing accurate and complete Personal Data as requested by VNPT/VNPT Subsidiaries and is responsible for notifying VNPT/VNPT Subsidiaries immediately upon discovery. has violated regulations on personal data protection. Customer can proactively provide Personal Data beyond VNPT/VNPT Subsidiaries's request provided that Customer must comply with the provisions of Article 2.5, Article 2 of this Policy;
4. Customers are responsible for respecting the Personal Data of other subjects and implementing legal regulations on personal data protection, participating in preventing and combating violations of regulations on personal data protection.
1. Customer's personal data stored by VNPT/VNPT Subsidiaries will be kept confidential. VNPT/VNPT Subsidiaries, within its capabilities, will endeavor to take reasonable measures to protect Customer Personal Data.
2. Location of Personal Data Storage
To the extent permitted by law, VNPT/VNPT Subsidiaries may store Customer Personal Data in Vietnam and abroad, including on cloud computing storage solutions. VNPT/VNPT Subsidiaries applies data security standards in accordance with current legal regulations
3. Storage period of Personal Data
VNPT/VNPT Subsidiaries only stores Customer Personal Data for a period of time necessary and reasonable to fulfill the Purposes specified in this Policy. However, in case current law has different regulations on the period of storing Personal Data, VNPT/VNPT Subsidiaries is obliged to comply with the provisions of law.
1. Customer's personal data is committed to confidentiality in accordance with the law and the Personal Data Protection Policy of VNPT/VNPT Subsidiaries.
2. VNPT/VNPT Subsidiaries strives to ensure that Customer Personal Data is protected from violations of regulations on personal data protection. VNPT/VNPT Subsidiaries maintains its commitment to protecting Personal Data by applying physical, electronic and management measures to protect Personal Data, including:
a) Within the scope of law, VNPT's official electronic information page servers and information systems containing VNPT's personal data are protected by security measures and technologies such as firewalls, encryption, anti-virus protection. illegal intrusion etc; promulgate human control measures, develop inspection, evaluation and review processes to prevent violations of regulations on personal data protection.
b) VNPT will take all appropriate measures to ensure that Customer Personal Data is processed in accordance with the notified Purposes. VNPT/VNPT Subsidiaries will always comply with legal requirements related to the storage of Personal Data.
3. Carry out Customer's requests related to Customer's personal data provided that Customer's requests are in accordance with the provisions of law.
4. Other obligations as prescribed by law and this Policy.
1. VNPT/VNPT Subsidiaries uses many different information security measures and technologies to protect Customer's personal data from being used or shared unintentionally. VNPT commits to maximum security of Customer's personal data. Some unwanted consequences and damages that may occur include but are not limited to:
a) Hardware and software errors during the processing of Personal Data cause unwanted effects (error, damage, loss, etc.) of Customer's Personal Data;
b) The security hole is beyond VNPT's control, the system was attacked by hackers, revealing the Customer's personal data;
c) Customers self-disclose Personal Data due to: carelessness or fraud; accessing websites/downloading applications containing malware; voluntarily share information with others, etc.
2. VNPT/VNPT Subsidiaries recommends that Customers strictly implement their personal data protection responsibilities as prescribed in Article 8 of this Policy and according to the provisions of law.
3. In case the data storage server is attacked by hackers resulting in the loss of the Customer's personal data, VNPT/VNPT Subsidiaries is responsible for reporting the incident to the competent authority for timely investigation and handling and notification to the Customer. known goods.
1. Cookies can be used on VNPT/VNPT Subsidiaries website. “Cookies” are small text files stored on the Customer's computer hard drive to help customize the website experience for users. VNPT/VNPT Subsidiaries uses cookies to make website navigation easier and facilitate the login process. VNPT/VNPT Subsidiaries's website statistical data may be processed by third parties, and therefore, the IP address of the Customer when accessing the website will be transmitted to third parties for statistical reporting purposes only.
2. When collecting information through the VNPT/VNPT Subsidiaries website, VNPT/VNPT Subsidiaries automatically collects non-personal, non-identifiable information but related to the use of the website including but not limited to: address. IP address of the personal computer, IP address of the Internet service provider, date and time of website access, operating system, items accessed on the website, content downloaded from the website and page address The website has directly led you to the VNPT/VNPT Subsidiaries website. VNPT may use this information to provide statistical reports on website visitor traffic and website usage behavior.
3. In case the Customer does not want to use cookies, the Customer can refuse by changing the privacy settings on the web browser. Refusing to allow the use of cookies has virtually no effect on website navigation. However, some website functions may be affected. After completing the website visit, the Customer can still delete cookies from the system if desired.
Websites/wapsites/applications of VNPT/VNPT Subsidiaries may include third-party advertisements and links to other websites/wapsites/applications. Third-party advertising partners may collect information about Customers when Customers interact with their content, advertising or services. Any access to and use of third party links or websites is not governed by this Policy, but instead is governed by the Privacy Policies of those third parties. VNPT/VNPT Subsidiaries are not responsible for the information regulations of third parties.
VNPT/VNPT Subsidiaries may process Personal Data without the consent of the data subject in the following cases:
1. In case of emergency, it is necessary to immediately process relevant Personal Data to protect the life and health of the data subject or other people;
2. Disclosure of Personal Data as prescribed by law;
3. Data processing by competent state agencies in case of emergency situations related to national defense, national security, social order and safety, major disasters, dangerous epidemics; when there is a threat to security and national defense but not to the extent of declaring a state of emergency; prevent and combat riots, terrorism, prevent and combat crimes and violations of the law according to the provisions of law;
4. To perform the data subject's contractual obligations with relevant agencies, organizations and individuals according to the provisions of law;
5. Serving the activities of state agencies as prescribed by specialized laws.
In case the Customer has any questions about this Policy or wants to exercise the Customer's rights related to Personal Data, please contact VNPT/VNPT Subsidiary according to the methods and information. down here:
1. Contact the switchboard according to the information on the official websites/wapsite/applications of VNPT/VNPT Subsidiaries from time to time.
2. Send official dispatches to the following addresses:
a) Telecommunications Services Corporation (VNPT VinaPhone): at VinaPhone Building, Xuan Tao Street, Xuan La Ward, Tay Ho District, Hanoi.
b) Media Corporation (VNPT Media): at VNPT Building, 57 Huynh Thuc Khang, Lang Ha Ward, Dong Da District, Hanoi.
c) VNPT Information Technology Company (VNPT IT): at VNPT Building, 57 Huynh Thuc Khang, Lang Ha Ward, Dong Da District, Hanoi.
3. Contact directly at transaction points of VNPT/VNPT Subsidiaries nationwide.
4. Other contact methods such as Livechat, contact via the official fanpage of VNPT/VNPT Subsidiary, Customer care email are provided to Customers at all times.