Privacy Notice

Privacy Summary

We, Privacy Compliance Joint Stock Company publish this Privacy Notice (“Notice”) to clarify our processing of personal data collected through our websites including www.privacycompliance.vn, www.dataprotection.vn, applications, and other electronic platforms (together, our “E-Platform”) that link to this Notice.

Who Collects and Processes Your Personal Data? Privacy Compliance Joint Stock Company (hereinafter “PrivacyCompliance”, “PC”, “we”, “us” or “our) serves as a Personal Data Controller and Processor. We can be reached via the following channels:

Email: info@privacycompliance.vn
Phone: +84 (0) 964 899 109
Website: privacycompliance.vn

What Personal Data Does PC Collect? We may collect both basic and sensitive personal data about you when conducting its business, including (but not limited to):

Personal contact data
Personal data about your relationship with us
Personal data from online identifiers

Why Does PC Collect Your Personal Data? PC collects and processes your personal data mainly for the following purposes:

Providing services and products
Safety and Security
Enterprises Administration and Operations
Research and Development
Legal and Litigation

What Rights Do You Have as a Data Subject? You may have the right to be informed, give consent, withdraw consent to our processing of personal data, and request provision, access, rectification and deletion of your personal data. You also have the right to restrict or object to our processing of personal data and other statutory rights such as to file complaints, denunciations, lawsuits, claim damages and self-defense. To exercise these rights, please contact PC via mentioned channels.

Find More Details in the full Privacy Notice to achieve a more comprehensive understanding of our data processing. This summary is not intended to supersede or replace the detailed explanations provided within the Privacy Notice. In the event of any ambiguity or uncertainty, kindly refer directly to the relevant passage in the complete Notice.

Privacy Compliance Joint Stock Company publishes this Privacy Notice (“Notice”) to clarify our processing of Personal Data collected through our E-platform that links to this Notice as a Personal Data Controller and Processor. Additional or different privacy notices may apply to certain of our services and products. If a different or supplemental privacy notice applies, this will be disclosed to you.

This Notice is applicable to you when you: (i) interact or use our website, e.g. request a demo or ask us to contact you; (ii) provide us with your Personal Data for using our services, for participating in our programs, events (e.g. set up an account, etc.).

Please note that: (1) this Notice does not cover our processing of Personal Data on behalf of our clients, in such circumstances, we will typically act as a Personal Data Processor in accordance with applicable services and/or data processing agreements; and (2) Our E-platform may contain links to other sites. We do not own or manage such sites; therefore, we do not bear any responsibility if your Personal Data is not processed and protected properly.

Interpretation of Terms

“PC”, “PrivacyCompliance”, “we” “us” or “our” stands for Privacy Compliance Joint Stock Company (including legal successors), and its branches, representative offices, and business locations.
Personal Data is information in the form of symbols, letters, numbers, images, sounds, or similar forms in the electronic environment associated with a particular natural person or helps to identify a particular natural person. Personal Data includes basic Personal Data and sensitive Personal Data.
Within the scope of this Notice, “Personal Data Controller”, “Personal Data Processor”, “Personal Data Controller and Processor”, “Data Subject”, “Basic Personal Data”, “Sensitive Personal Data”, “Personal Data Processing”, “Third-party” and other terms will have the meaning set forth in Decree 13/2023/ND-CP of the Government of Vietnam on Personal Data protection and amending, supplementing and replacement documents from time to time (“PDPD”).

Personal Data Processing Purposes

PC will only process your Personal Data for the purposes below (“Purposes”) through the following specific processing activities:

Purpose	Basis	Organizations and Individuals Authorized to Process Personal Data
Providing Services and Products
Introduce and provide information about services and products to you	Consent	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as marketing services, cloud services, etc.
Verify your identity and/or legal status	To provide our services and products	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as background verification services, cloud services, etc.
Conduct due diligence checks and risk assessment/analysis, such as assessing your documents, financial capacity, etc.	To provide our services and products	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as audit services, cloud services, etc.
Enter into, perform, maintain, and manage (including modify, add, cancel or extend) agreement with you	To provide our services and products To fulfill obligations under a agreement	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as legal services, cloud services, etc. – Entities notified by you as authorized to interact with us on your behalf
Contact and correspond with you regarding services and products	To provide our services and products	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as telecommunication services, cloud services, customer-care service, etc. – Entities notified by you as authorized to interact with us on your behalf
Carry out necessary internal activities to provide services and products for you	To provide our services and products	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as cloud services, consultant services, etc.
Manage and resolve issues, reply to questions, comments and feedback related to services and products	To provide our services and products	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as telecommunication services, cloud services, etc. – Entities notified by you as authorized to interact with us on your behalf
Safety and Security
Prevent, detect and investigate (if necessary) fraud, scams, violations of law, or crimes related	To fulfill obligations under agreement	– The competent state agencies or other units to whom Personal Data must be disclosed in accordance with applicable laws – Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as investigation services, audit services, etc.
Protect our personnel, assets, and legitimate interests and relevant parties (if any)	Consent	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC
Manage compliance with our terms and conditions, notices and regulations	Consent	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC
Contact, resolve security issues related to you	To fulfill obligations under agreement	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC – Entities notified by you as authorized to interact with us on your behalf
Enterprise Administration and Operations
Prepare financial reports, synthesize and report business activities or other related reports according to our internal regulations and legal regulations	Consent	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as analysis services, cloud services, etc. – Our legal successors when we carry out the sale, total or partial division/separation, consolidation, merger and transformation of the business
Manage our activities related to the provision of services and products according to agreement with you, our notices, internal regulations and the provisions of law	Consent	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as audit services, cloud services, etc.
To carry out activities of organizing, arranging and restructuring businesses such as selling, dividing, separating all or part of the business, consolidating, merging, transforming businesses or expanding the scale of business activities, new establishments of subsidiaries, branches, representative offices, business locations of PC, etc	Consent	– Our legal successors when we carry out the sale, total or partial division/separation, consolidation, merger, and transformation of the business – Partners and suppliers of products and services for PC, such as legal services, cloud service, etc. – The competent state agencies or other units to whom Personal Data must be disclosed in accordance with applicable laws
Research and Development
Conduct market research, surveys and analyze data related to services and products	Consent	– Personal Data Processors we engage to carry out a specific Purpose (if any) – Partners and suppliers of products and services for PC, such as analysis services, cloud services, etc. – Our legal successors when we carry out the sale, total or partial division/separation, consolidation, merger and transformation of the business
Research and improve existing services and products	Consent
Research, develop, and test new services and products	Consent
Legal and Litigation
Perform the legal obligations	To fulfill obligations as prescribed by law	– The competent state agencies or other units to whom Personal Data must be disclosed in accordance with applicable laws – Partners and suppliers of products and services for PC, such as legal services, consultant services, etc. – Our legal successors when we carry out the sale, total or partial division/separation, consolidation, merger, and transformation of the business – Entities notified by you as authorized to interact with us on your behalf – Entities in connection with the exercise or maintenance of any rights of PC under the agreement between you and us
Initiate, comply, enforce or defend our rights and interests in legal disputes	To fulfill obligations as prescribed by law
Other purposes as prescribed by Vietnamese law	To fulfill obligations as prescribed by law

Types of Personal Data Processed

We may process your basic Personal Data as follows:

First name and last name.
Nationality.
Contact information (e.g. email, phone number, address, etc.).
Information to register and maintain an account.
Job title and name of the organization(s) that you belong to.
Contact history between you and PC, e.g. record of correspondence on E-platform.
Information you provide and generate when using our services, e.g. your questions for our AI chatbot service, log information, usage information, and your feedback.
Information we collect via cookies and other trackers when you use our E-platform, e.g. your device’s Internet Protocol (“IP”) address, referring website, frequency of visit.
Other data relating to the conclusion, performance, and termination of the agreement between you and us (if any).

Where and How Personal Data is Processed

1. Location of Personal Data Processing

We may process your Personal Data in Vietnam or a location outside Vietnam. The overseas transfer of data will be conducted for the Purposes outlined in this Notice.

When transferring your Personal Data to another country, we will comply with this Notice and applicable laws and will require the receiving party to process and protect your Personal Data appropriately and adequately in accordance with applicable laws through binding documents.

2. Sources of Personal Data Collection

We may collect your Personal Data from the following sources:

Directly from you when you contact us, use our E-platform, or utilise our service.
From parties related to you (such as your employer, guardian, etc.).
From competent state agencies, organizations or individuals (e.g. a judgment or decision of the Court) or where the collection is based on a legal basis (for example, collecting from state agencies to fulfill our statutory obligations) or where Personal Data is collected from publicly available sources (e.g. public databases, advertising information, data published on electronic informational sites) (if any).

In cases where we do not collect Personal Data from you, we ensure that we only collect such data lawfully from entities that have the right to share it with us based on your consent or other legal bases.

In case client or partner is an organization, to the extent that the organization has provided or will provide any Data Subjects’ Personal Data to PC (e.g. directors, shareholders, employees, authorized representatives, agents, etc.), the organization shall ensure that it (i) has informed the subject of our processing of their Personal Data in accordance with this Notice; (ii) has obtained legal consent and has evidence of such consent to provide to PC upon request; or there is another legal basis for us to process Personal Data in accordance with this Notice; and (iii) fully complies with relevant legal regulations on Personal Data protection. This also applies when you provide Personal Data of other subjects to us.

3. Methods of Processing Personal Data

In processing your Personal Data, we may use different methods, including manual processing, mechanical processing or automated processing. The aforementioned means may be used individually or together to process Personal Data.

We may process your Personal Data directly or through Personal Data Processor(s) in accordance with the applicable laws. When processing Personal Data via Personal Data Processor(s), we will establish binding agreements and select Personal Data Processors with appropriate safeguards.

Unwanted Consequences and Damage that could Occur

PC applies various necessary and appropriate safeguards to protect your Personal Data, including organizational and technical measures.

However, due to subjective and objective reasons, no data can be guaranteed to be 100% secure. Possible unwanted consequences and damage may include (i) Loss of Personal Data; (ii) Personal Data being shared illegally; (iii) Inaccurate data which leads to the provision of inappropriate products or services or the Data Subject’s requests not being met; (iv) Data Subjects can become victims of phishing attacks, identity theft, etc.

Please note that we always do our best to protect your Personal Data and the above incidents are not what we wish for. In case such incidents occur, we will resolve them according to the provisions of the law.

Retention of Personal Data

PC will only retain your Personal Data for the period necessary to fulfill the aforementioned Purposes. The commencement of data processing is when we collect your Personal Data and the end date shall be determined on a case-by-case basis, based on the following factors:

Whether the Personal Data is needed to operate or provide the services/products. For example, some Personal Data is needed to manage agreement with you.
The services/products that the Personal Data is used for, and how those services/products work. For example, data collected for a one-time product can be retained for a shorter period than data collected for ongoing services.
The period of time we are legally obligated or permitted to keep your Personal Data.

When we have no other lawful basis to retain your Personal Data or in accordance with the applicable laws or requests from competent authorities, we will delete/irrecoverably delete or destroy your Personal Data in a secure manner.

Your Rights and Obligations

1. Your Rights Regarding Personal Data

Unless otherwise provided by law, as a Data Subject, you have the following right towards your Personal Data:

Right to Access and Rectify Personal Data

You have the right to access and request the rectification of your Personal Data that we are processing. We will make all reasonable efforts to promptly implement the necessary measures to process your requests in accordance with applicable laws.
In some cases, due to technical reasons, the responsiveness of our system, infrastructure, or other reasons that may affect and limit the scope of Personal Data; the way you access, view, and rectify your Personal Data may be limited. In such cases, please contact us for support.

Right to Request Provision of Personal Data

You have the right to request in writing that we provide you with your Personal Data. Your request will be considered valid if it contains enough necessary information and is in the correct form as prescribed by applicable law.
You also have the right to request that we provide your Personal Data to other organizations or individuals, or the Personal Data of others to you. However, you must provide written consent from the Data Subject and the recipient of the data.
If your request is valid under applicable law and we are permitted to provide the Personal Data, we will notify you through appropriate means of communication about the time, place, and manner of providing the Personal Data; the cost, the method, and deadline for payment (if any), and we will provide Personal Data in accordance with this Notice and other procedures as prescribed by applicable law.

Right to Delete Personal Data

We will delete your Personal Data when we receive a valid request from you in the following cases: (i) you notice that your Personal Data is no longer serving the Purposes for which you have consented, and you accept the possible damages when requesting data deletion; (ii) you withdraw your prior provided consent; (iii) you object to the processing of your Personal Data, and we have no legal basis to continue processing; (iv) your Personal Data is processed for purposes other than those for which you have consented, or the processing of your Personal Data is in violation of applicable laws.
We also delete your Personal Data according to applicable laws.

Right to be Informed, to Consent, withdraw Consent, Restrict and Object to Personal Data Processing

You have the right to know about our processing of your Personal Data, which is exercised via this Privacy Notice. In the event of any modifications to our processing activities, we will promptly notify you.
You have the right to consent or not consent to the processing of your Personal Data for specific purposes. You may partially consent or consent with conditions. However, in many cases, we can only start processing your data when you have given your full and unconditional consent. Therefore, when we need your consent on a contract, document, voucher, or other forms in order to start processing data, it means that we need your full consent.
You have the right to withdraw your consent to the processing of your Personal Data, request that we restrict the processing of your Personal Data, and object to the processing of your Personal Data that we are storing or controlling. In such cases, we shall inform you of potential consequences that may occur before acting on your request.

Right to File Complaints, Denunciations, Lawsuits, Claim Damages and Self-defense

You have the right to complain, denounce, or sue us and request compensation for damages in accordance with the regulations of applicable law in case we violate the regulations related to the protection of your Personal Data.
You also have the right to self-defense and request competent agencies and organizations to implement civil rights protection methods in accordance with the applicable laws.

Exercise Your Right as a Data Subject

Official channels of communication, as outlined within this Notice, are available for you to submit requests to exercise your designated rights.
Upon receipt of such a request, we will employ necessary measures to verify your identity, or the identity of your authorized representative, along with the legitimacy of the submitted request. We may also ask you to provide additional information to verify your request.
In the event that the request is deemed valid, we will then proceed to fulfill your requests within a reasonable period of time, unless applicable laws require a specific deadline, from the time we receive your valid request and any applicable processing fees (if any).
In the event that we are unable to fulfill your request (unreasonable or illegal requests, etc.), we will respond to you with the reason for denying the request within a reasonable time, unless a response time period is required by applicable laws.
Risks and negative effects may arise from your act of not providing Personal Data, or the exercise of your rights, such as withdrawing consent, requesting deletion of Personal Data or restricting, or objecting to our processing of your Personal Data. In such cases, we may consider and decide to terminate the contract/agreement between us, and we reserve our rights and legal remedies.
In some cases, your rights may not be exercised or may be limited by applicable laws, in which case we reserve the right to refuse to fulfill your request and will process your Personal Data based on these grounds.

2. Your Obligations Regarding Personal Data

As a Data Subject, you are obligated to:

Provide your complete and accurate Personal Data as required by law and PC.
Ensure our right to lawful processing of other Data Subjects’ Personal Data that you provide to us.
Timely notify us of changes or errors in the Personal Data provided to us (if any) and signs, incidents, events, situations or violations related to Personal Data.
Comply with the laws on Personal Data and respect and protect the Personal Data of other Data Subjects.
Indemnify and hold us harmless from and against all losses, damages, liabilities, claims and the like arising in any form from the processing of your Personal Data that is related to us.

We would like to note that your failure to comply with the above obligations and other obligations prescribed by laws may affect the legitimate rights and interests of yours, ours and those of relevant parties. In that case, you will be responsible before the law, PC and relevant parties for non-compliance with your obligations.

Personal Data of Children or People Declared Missing or Deceased

We do not knowingly collect or solicit Personal Data from children (as prescribed by laws from time to time) and people declared missing or dead. If we learn that we have collected Personal Data from a child or a person declared missing or dead, we will delete that data as quickly as possible.

Cookies

We use cookies – small files that are placed on your computer when you access our E-Platform, for managing and customizing your experience on our E-Platform. To be more specific, we currently utilize a single cookie solely for the purpose of storing users’ language preferences, with a one-year (01) validity period. The information collected by cookies is generally non-personally identifiable information, except for some limited personally identifiable information, which shall be processed in accordance with this Notice.

The use of cookies helps us provide you with the best experience when using our E-Platform. However, you have the right to accept or refuse cookies during your use of the E-Platform. Most browsers that you use to access our E-Platform automatically accept cookies, but you can usually modify your browser setting to manage cookies control options on your browser, such as Google Chrome; Internet Explorer; Safari; etc., or on your device to withdraw your consent.

Transparent Report

We publicly disclose reports related to addressing government and law enforcement requests about clients’ Personal Data on our website. The reports are regularly updated and are part of our highest commitment to transparency and compliance with privacy standards.

Amendments and Updates

We reserve the right to amend, supplement and update this Privacy Notice from time to time. The latest version will be posted on our website.

You are advised to regularly update the latest version of this Notice and our regulations and notices sent to you or posted on our website.

Contact Us

Please contact us directly if you wish to exercise your rights set out in this Notice or have any questions about this Notice and our processing of Personal Data.

Contact Info:

Email: info@privacycompliance.vn
Phone: +84 (0) 964 899 109
Website: privacycompliance.vn

Effectiveness

This Notice takes effect from May 1^st, 2024.

To the extent permitted by applicable law, this Notice, when accepted, confirmed by you, and/or included in agreement(s) between you and us, shall also be deemed to constitute valid consent and a lawful basis for us to process your Personal Data.

Matters not specified in this Notice will be resolved in accordance with the provisions of laws, notices and other documents issued by PC or according to agreements between us and relevant parties. If any provision in this Notice is illegal or inconsistent with the law, the provisions of applicable laws will prevail.

For the Vietnamese version of this Privacy Notice, please access this link. English is the original language and shall prevail in case of any discrepancy with other language(s).

Privacy Notice

Privacy Summary

Privacy Notice

PrivacyCompliance

Services

Company

Resources

Policies