This Privacy Policy of SB TELECOM VIETNAM COMPANY LIMITED (“Privacy Policy”) regulates how the Company protects personal data of Individual Customers, personnel appointed by the Corporate Customers to work with the Company, Individual Service Providers, Personnel sent by partners to the Company to perform tasks according to the contract/agreement with the Company, Candidates, Website Users, and other individuals contacting to liaise with the Company (“Data Subjects”) in accordance with the Company’s policies, the provisions of Vietnamese laws on the protection of personal data, and all applicable laws relating to privacy and personal data protection of Vietnam (“Privacy Laws”).
In compliance with Decree No. 13/2023/ND-CP of the Government on the Protection of personal data, effective from 01 July 2023, the Company would like to inform Data Subjects of the Privacy Policy. This Privacy Policy covers what Personal Data the Company collects about Data Subjects, how the Personal Data will be used and shared (if at all), how the Personal Data will be stored, and Data Subjects’ rights in relation to the collection of their Personal Data. This Privacy Policy also describes how Data Subjects can access, modify, and if necessary, request deletion of their Personal Data.
2.1.“Personal Data” refers to information in the form of symbols, letters, numbers, images, sounds, or in a similar form in the electronic environment which is associated with an individual or used to identify an individual. Personal Data includes Basic Personal Data and Sensitive Personal Data.
2.2.“Basic Personal Data” includes: a) Last name, middle name and first name as stated in the birth certificate, other names (if any); b) Date of birth; date of death or missing; c) Gender; d) Place of birth, place of birth registration; place of permanent residence; place of temporary residence; current place of residence; hometown; contact address; dd) Nationality; e) Personal image; g) Phone number; ID Card number, personal identification number, passport number, driver’s license number, license plate number, taxpayer identification number, social insurance number and health insurance card number; h) Marital status; i) Information about the individual’s family relationship (parents, children); k) Digital account information; personal data that reflects activities and activity history in cyberspace; l) Information associated with a specific individual or helping identify a specific individual other than Sensitive Personal Data.
2.3.“Sensitive Personal Data” refers to personal data in association with an individual’s privacy which, when being infringed, shall cause a direct effect on the legitimate rights and interests of such individual, including: a) Political and religious views; b) Health status and privacy stated in medical records, excluding information on blood type; c) Information about racial or ethnic origin; d) Information related to an individual's inherited or acquired genetic characteristics; dd) Information about an individual’s physical attributes and biological characteristics; e) Information about an individual’s sex life or sexual orientation; g) Data on crimes and criminal acts collected and stored by law enforcement agencies; h) Information on clients of credit institutions, foreign bank branches, intermediary payment service providers and other licensed institutions, including: information on client identification as prescribed by law, information on accounts, information on deposits, information on deposited assets, information on transactions, information on organizations and individuals that are securing parties at credit institutions, bank branches, and intermediary payment service providers; i) Personal position identified via positioning services; k) Other personal data defined as specific by law that requires necessary protection measures.
2.4.“Data Subject” refers to an individual identified by Personal Data.
2.5.“Personal Data Processing” or “Data Processing” refers to one or multiple activities that impact on personal data, including collection, recording, analysis, certification, storage, rectification, publicizing, combination, access, retrieval, withdrawal, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of Personal Data or other relevant activities.
2.6.“Company” or “SB Telecom” refers to SB TELECOM VIETNAM COMPANY LIMITED, incorporated under Enterprise Registration Certificate No. 0106043204 issued for the first time on 06 November 2012 by Department of Planning and Investment of Hanoi City, having its head office address at Unit 13-04, 13th floor, No. 53 Quang Trung, Nguyen Du Ward, Hai Ba Trung District, Hanoi City, Vietnam.
2.7.“Individual Customer” means individuals who approach, enquire, register, transact, use products and services of the Company, or are involved in the operation and provision of products and services of the Company.
2.8.“Corporate Customer” means an organizations, units who approach, enquire, register, transact, use products and services of the Company, or are involved in the operation and provision of products and services of the Company.
2.9.“Customer” include “Invididual Customer” and “Corporate Customer”.
2.10.“Service Provider” means organizations, units providing services for the Company under the Service contracts/Agreements with the Company.
2.11.“Individual Service Providers” means all the individuals providing services for the Company under Service contracts/Agreements. The Service contracts/Agreements shall not form an employment relationship between the Company and such individuals.
2.12.“Personnel sent by partners to the Company to perform tasks according to the contract/agreement with the Company” means an individual or group of people sent by a partner to the Company to perform specific tasks according to the contract/agreement signed with the Company.
2.13.“Candidate” means those who apply for a job position at the Company.
2.14.“Website User” means each individual accessing the website and applications of the Company.
2.15.“Data Protection Officer” means one or more individuals designated by the Company to ensure that the Company complies with Privacy Laws.
3.1.In order for the Company and/or data processor(s) authorized by the Company to provide products, services and carry out operational activities of the Company, and/or handle Data Subject’s requests, the Company and/or the data processor may need to and/or be required to collect Personal Data, including: (i) Basic Personal Data and (ii) Sensitive Personal Data relating to Data Subjects and individuals related to Data Subjects.
Personal Data that may be collected and processed include, without limitations, the types of information listed below and are subject to change from time to time depending on the Data Subject's relationship with the Company:
(a) Personal Data of Individual Customers: Full name; Date of birth; Gender; Place of permanent residence, contact address; Nationality; ID card number/Citizen identity card number, passport number, date of issuance, place of issuance, and other information shown on the identity card, citizen identification card, passport; Phone number, email; Personal image; fingerprints; Photos and other visuals, security camera footage and other information obtained through electronic means such as card swipe data; Information of bank account; Information about individual digital accounts; Personal data reflecting activities and history of activities in cyberspace; other Personal Data provided by Data Subjects and/or the employer of the Data Subjects from time to time.
(b) Personal Data provided by Website Users: Name, email address of Website Users and other contact information, content and details of the Website User's electronic conversations with the Company, such as contact forms or emails; Information that Website Users provide on the online admission system when registering for admission to the Company, participate in surveys, activities on Social Network of the Company (Facebook, Fanpage, etc.).
Information about usernames or any settings the user may have chosen, personal data reflecting activity, activity history when Website Users use the Company’s website.
(c) Personal Data in relation to Candidates, Individual Service Providers, personnel of Corporate Customers, personnel of Service Providers, visitors contacting to liaise with the Company: Full name; Date of birth; Gender; Address; nationality; number of identity card number, citizen identification card, passport, date of issuance, place of issuance, and other information shown on the identity card, citizen identification card, passport; phone number, personal email; Images of individuals, fingerprints, photographs and other visual images, security camera footage, footage, photos taken at events, other information obtained through electronic means such as data card swipe data; Bank account infomation; Information about individual digital accounts; Personal data reflecting activities and history of activities in cyberspace; other Personal Data provided by Data Subjects and/or the employer of the Data Subjects from time to time.
3.2.The Company and/or data processor(s) authorized by the Company, may collect Data Subject's Personal Data from, including without limitation, the following sources:
(a) Through the transaction between the Customer and the Company, when the Customer provides information in the transaction records and documents, creates an account to use the service, when participating in surveys, promotions for customers;
(b) When Candidates provide information in the application for job positions at the Company;
(c) When Individual Service Providers, Service Providers provide Personal Data to sign and perform service provision contracts/agreements with the Company;
(d) Information obtained from any publicly available source, or regulatory authority as prescribed by law;
(e) Through video archives from security cameras at the Company's offices, facilities and premises or video footage of events organized by the Company or a unit authorized/affiliated/coordinated by the Company, or video footage of events where the Company is a participant;
(f) From third party sources with whom Data Subjects have consented that such third party may share/provide Data Subjects’ Personal Data, or sources where collection is required or permitted by law;
(g) Information provided by Data Subjects via phone, email, correspondence between Data Subjects and the Company;
(h) When Data Subjects use the Company’s websites, applications or social media platforms, the Company can collect Personal Data declared or made public by Data Subjects. The Company may also automatically collect Personal Data through the use of cookies, and other similar technologies whenever a Data Subject’ web browser views our websites or materials provided by the Company or on behalf of the Company on another website.
4.1.Data Processing purposes
The Company collects, processes and discloses Personal Data of Data Subjects, and those for whom the Data Subjects are responsible for providing information to the Company to the extent necessary for the Company’s operational activities.
Personal Data Processing Purposes include Data Processing purposes specific to each Data Subject (set out in Section 4.2), and general Data Processing purposes applicable to all Data Subjects (set out in Section 4.3). Data Processing purposes set out in Section 4.2 and Section 4.3 shall be collectively referred to as “Purposes”.
The purposes of Processing Personal Data may vary from time to time and depending on the Data Subject's relationship with the Company.
4.2.Data Processing purposes specific to each Data Subject
(a) For Individual Customers, personnel appointed of Corporate Customers
(i) to serve the conclusion and performance of contracts and agreements/commitments (if any), including providing Customer with order status; to provide products or services that the Customer has purchased; to provide advice in relation to products and services; to process Customer’s payments, communicating and sending notices to the Customer, to answer Customer's questions or handle claims, and other activities related to conclusion and performance of contracts;
(ii) To manage our daily business needs and events related to Customer’s participation in our promotional and product testing programs; to enable Customer to participate in one of our activities or events or to send Customer samples that Customer requests;
(iii) To learn and assess consumer preferences, needs and demand changes, to improve our current products and services and/or develop new products and services;
(iv) To facilitate/perform other activities per request to fulfill our contractual obligations and deliver appropriate levels of service to the Customer.
(b) For Website Users
(i) To process and respond to Website Users' inquiries or contact Website Users to address their questions and/or requests; to provide information about products or services of interest to Website Users, to enable Website Users to participate in one of the Company's activities or events;
(ii) To develop and improve products, services, communications and website functionality of the Company; To improve the presentation, features and functionality of the service, and general administration tasks.
(c) For Candidates, Individual Service Providers, personnel of Service Providers
(i) To make hiring or other employment-related decisions (including work history, reference checks, academic history, criminal record checks, or further specific background checks as required), hiring services, or other decisions related to recruitment and hiring services;
(ii) To fulfill the Company's contractual and legal obligations to the Individual Service Providers, and Service Providers and to exercise the Company's legal rights;
(d) For visitors contacting to liaise with the Company
The Company collects Personal Data from visitors to the Company for security purposes and to provide visitors with access to the Company's premises.
(e) For other Data Subjects
The purpose of Processing Personal Data will depend on the Data Subject's relationship with the Company and the consent of the Data Subject.
4.3.General Data Processing purposes applicable to all Data Subjects
(a) To communicate with Data Subjects:
(i) To verify the identity of individuals who contact the Company by telephone, electronic means or otherwise;
(ii) To contact Data Subjects or communicate with Data Subjects by phone/voice call, text message and/or fax message, email and/or postal mail. The Data Subjects acknowledge and agree that such communications by the Company could be by way of the mailing of correspondence, documents or notices to Data Subjects, which may involve the disclosure of certain personal data about Data Subjects to bring about delivery of the same as well as on the external cover of the envelopes/mail packages;
(b) To carry out the Company's operational and other related activities:
(i) To serve accounting and financial requirements. Accordingly, the Company collects, stores and uses Data Subjects' data for internal operational purposes, such as record filing and compliance with the Company’s legal and financial obligations. These data will be stored in accordance with applicable laws;
(ii) To comply with the Company's operational, audit, administrative, security, and risk management policies, procedures, and processes including, but not limited to, CCTV monitoring, daily activity logs, authentication of individuals, storage and backup of email communications;
(iii) To facilitate asset transactions (which can extend to any acquisition, merger or sale of assets) involving any the Company’s affiliates;
(iv) Data archiving; storing, hosting, backing up (whether for disaster recovery (DR) or otherwise) of Data Subjects' Personal Data;
(v) Internal and external publications;
(vi) To protect and enforce the Company’s contractual and legal rights and obligations;
(c) To comply with legal and regulatory requirements:
(i) To comply with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to the Company, including meeting the requirements to make disclosure under any law binding on the Company and/or for the purposes of any guidelines issued by a regulatory or other competent authorities (whether of Vietnam or a country other than Vietnam), with which the Company or the Company's affiliates must comply;
(ii) To comply with or as required by any request or direction of any governmental authority (whether of Vietnam or a country other than Vietnam) which the Company is expected to comply with; or to respond to requests for information from public agencies, ministries, statutory boards or other similar authorities. For the avoidance of doubt, this means that the Company may/will disclose Data Subjects' personal data to the aforementioned parties upon their request or direction.
(d) For the purpose of introducing products and services:
Where Data Subjects agree to allow the Company to process Personal Data for the purpose of implementing announcements, and introduction programs of products and services of the Company and its partners, Data Subjects agree that the Company and/or partners of the Company have the right to introduce products, services according to the content, form and frequency as follows:
(i) Content: Introducing products, services of the Company and partners of the Company.
(ii) Method: Via messages, announcements on the Company's website and applications or other methods as prescribed by law.
(iii) Form: the Company may/will send Data Subjects via email, postal mail or other means of communication the information and materials related to the products and/or services of the Company or a partner of the Company, whether such products or services are currently available or to be created in the future.
(iv) Frequency: According to the law.
In addition to the above provisions, the Company is responsible for complying with the provisions of the law.
4.4.Methods of Processing Personal Data
From time to time and depending on each of the above Purposes, the Company and/or the data processor authorized by the Company may perform one or more activities that impact on Personal Data, including: collection, recording, analysis, certification, storage, rectification, publicizing, combination, access, retrieval, withdrawal, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of Personal Data or other relevant activities.
The Personal Data Processing activities may be performed by the Company in an automatic or non-automatic manner, by electronic means or by manual means or by any other means that the Company and/or the data processor authorized by the Company deem appropriate.
5.1.In order to carry out the purposes and personal data processing activities in accordance with this Privacy Policy, the Company may transfer and disclose Data Subjects' personal data to the following parties:
(a) Employees of the Company;
(b) Affiliated parties of the Company;
(c) The professional advisors (such as auditors and attorneys) of the Company or the professional advisors of any of the Company's affiliated parties;
(d) Individuals, authorities or regulatory bodies or third parties to whom the Company is permitted or required by law to disclose;
(e) Service providers to the Company (such as telecommunications service provider, information technology service provider, data storage, receiving, and processing unit, order processing unit, shipping unit, postal and delivery service provider, website functionality unit, email and text message delivery and monitoring service provider, related analytics service provider, customer support and call center service provider, distribution service provider, insurance service provider, travel service provider of the Company or any of the Company's affiliated parties) to which data sharing/disclosure is necessary for the Company to perform its obligations to the Data Subjects;
(f) Credit institutions, intermediary payment service providers;
(g) Any business partner, investor, assignee or transferee (actual or potential) to facilitate business asset transactions (which may extend to any acquisition, merger, or sale of assets) involving the Company or involving any of its affiliates;
(h) Any assignee or possible assignee of the rights and obligations of the Company or any of its affiliates;
(i) Other parties agreed by the Data Subjects or with whom the Company has a legal basis to share the Data Subjects' Personal Data.
5.2.When disclosing the Data Subjects' Personal Data to third parties, the Company ensures that the third parties will secure the Data Subjects' Personal Data from unauthorized access, collection, use, disclosure, processing of data information or similar risks and retain the Data Subjects' Personal Data only for the period necessary to achieve the purposes mentioned above.
6.1.Data processing’s start time:
The Company will start processing personal data from the time of receiving personal data.
6.2.Data processing’s end time:
Until the completion of the Purposes for which the data was collected or until necessary to comply with statutory obligations and to resolve any dispute or until the information provided is requested to be deleted by the Data Subject.
7.1.Data Subject’s Rights
Under Privacy Laws, as a Data Subject, the Data Subjects have the following rights:
(a) Right to be informed
The Data Subjects have the right to be informed of the processing of the Data Subjects' Personal Data, unless otherwise provided by law. The Data Subjects have the right to be informed about how the Company uses the Data Subjects' personal data and rights of the Data Subjects in a manner that is clear, transparent and simple to understand. Therefore, the Company provides the Data Subjects with the information contained in this Privacy Policy.
(b) Right to give consent
The Data Subjects have the right to consent or not to consent to the processing of the Data Subjects’ Personal Data, except as provided in Section 8 of this Privacy Policy.
(c) Right to access
The Data Subjects have the right to access their personal data in order to view, modify, or request the modification of their personal data, unless otherwise provided by law.
(d) Right to withdraw consent
The Data Subjects have the right to withdraw their consent, unless otherwise provided by law.
(e) Right to delete personal data
The Data Subjects have the right to delete or request the deletion of their personal data, unless otherwise provided by law.
(f) Right to restrict the data processing
The Data Subjects have the right to request the restriction of the processing of their personal data, unless otherwise provided by law.
The Company will implement data processing restriction within 72 hours upon receiving the Data Subjects' request, for all Personal Data that the Data Subjects request to restrict, unless otherwise provided by law.
(g) Right to obtain personal data
The Data Subjects have the right to request the Company to provide them with their Personal Data, unless otherwise provided by law.
(h) Right to object to data processing
The Data Subjects have the right to object to the Company’s processing of their Personal Data for the purpose of preventing or restricting the disclosure or use of personal data for the purpose of introducing products and services, unless otherwise provided by law.
The Company will process Data Subjects' request within 72 hours upon receiving the request, unless otherwise provided by law.
(i) Right to file complaints, denunciations and lawsuits
The Data Subjects have the right to request compensation for damages as prescribed by law when there are violations of regulations on protection of their Personal Data, unless otherwise agreed by parties or otherwise prescribed by law.
(j) Right to request compensation for damages
The Data Subjects have the right to delete or request the deletion of their personal data, unless otherwise provided by law.
(k) Right to self-protection
The Data Subjects have the right to self-protection according to regulations of the Civil Code, other relevant laws, Decree 13/2023/ND-CP, and other provisions of laws, or to request competent agencies and organizations to implement civil right protection methods.
To exercise these rights, the Data Subjects should contact the Company at the details provided below. The Data Subjects need to provide proof of their identity and state the rights to be exercised for the Company’s support.
In the event that the Data Subjects withdraw their consent, request data deletion and/or exercise other relevant rights with respect to any or all of the Data Subjects' personal data. The acts performed by the Data Subjects in accordance with these regulations may affect the Company's ability to continue to provide products, services of the Company to the Data Subjects, or the performance of the contract that the Company have signed with the Data Subjects or the employer of the Data Subjects, and the Company reserves all legal rights and remedies of the Company in such cases. Accordingly, the Company will not be held liable to Data Subjects for any loss incurred and the Company's legal rights will be expressly reserved with respect to limitation, restriction, suspension, cancelation, prevention of the processing of Data Subjects' data.
7.2.Data Subject’s Obligations
According to the Privacy Laws, as a Data Subject, the Data Subject has the following obligations:
(a) Protect his/her own Personal Data; request relevant organizations and individuals to protect his/her Personal Data;
(b) Respect and protect others’ Personal Data;
(c) Fully and accurately provide his/her Personal Data when he/she consents to the data processing;
(d) Participate in dissemination of Personal Data protection skills; and
(e) Comply with legal regulations on protection of Personal Data and participate in prevention of the violations against regulations on protection of Personal Data.
Personal Data may be processed without the consent of the Data Subject – as a Data Subject – as required by law in the following cases:
(a) In urgent cases requiring immediate processing of relevant Personal Data to protect life and heath of the Data Subject or others.
(b) When Personal Data is required to be publicly disclosed in accordance with the law.
(c) When Personal Data is processed by competent state agencies in cases of urgent situations related to national defense, national security, social order and safety, major disasters, dangerous epidemics, or when there is a risk threatening security and national defense, but the situation has not reached the level of declaring a state of emergency; to prevent and combat riots and terrorism, to prevent and combat crimes and law violations as prescribed by the law.
(d) To perform the Data Subject's contractual obligations with relevant agencies, organizations and individuals in accordance with the law.
(e) To serve the activities of state agencies as prescribed by specialized laws.
9.1.Understanding the importance of Personal Data protection, the Company will regularly review and update management and technical measures when processing Data Subject's Personal Data.
9.2.To the best of the Company’s ability, access to Data Subject's Personal Data is limited to those who need to know. Individuals with access to data are required to maintain the confidentiality of such information.
10.1.Although the Company will do its best to protect Data Subject's Personal Data, the transmission and storage of information is, however, vulnerable to unauthorized third-party activity. Some undesirable consequences and damages may include, but are not limited to:
(a) Hardware and software failures in the data processing that cause data loss of service providers;
(b) Security hole beyond our control, system attacked by a third party causing data leakage;
(c) The service provider arbitrarily discloses personal data due to: carelessness or fraud; access to websites/download apps that contain malware…
10.2.In the limited undesirable events, if an incident or violation is detected with respect to Personal Data, the Company will proceed to notify relevant parties of the incident/breach within a period as prescribed by law, and at the same time will make efforts to overcome and minimize the consequences and damage within the Company's ability and in accordance with applicable laws.
If the Data Subject wishes to exercise his/her rights, has any questions, complaints or grievances, or comments regarding this Privacy Policy and/or the Company’s processing of Data Subject's personal data, please contact the Company’s Data Protection Officer according to the following information:
Address: SB Telecom Vietnam Company Limited, Unit 13-04, 13th floor, No. 53 Quang Trung, Nguyen Du Ward, Hai Ba Trung District, Hanoi City, Vietnam
Attention: Data Protection Officer
1. The Company reserves the right to modify this Privacy Policy from time to time if necessary. Notice of any amendment, update or adjustment will be updated, posted on the website of the Company: [*] and/or sent to Data Subjects through other means of communication that the Company considers appropriate
In order to gain the public’s trust, SB Telecom Vietnam has established the following policy. Protect information assets from various threats, and properly handle and maintain information security.
We will comply with laws, guidelines and other criteria related to information security.
We will assign an information security manager and establish a system and standards necessary to our information security operations.
Identify information security risks and implement appropriate organizational, physical, human, and technical measures. In the unlikely event of an accident, we will take the utmost priority to protect customers, take prompt action to minimize damage and take measures to prevent recurrence.
We will continue to provide information security training to all employees and carry out work with information security literacy.
In order to objectively grasp the condition of our management system and information security measures, we carry out regular evaluations and continue to make improvements.