fbpx

PERSONAL DATA PROTECTION POLICY

PERSONAL DATA PROTECTION POLICY

OF VINSCHOOL JOINT STOCK COMPANY

This Personal Data Protection Policy outlines how Vinschool Joint Stock Company (hereinafter referred to as “Vinschool”) collects, uses, and processes personal data generated during its operations and business activities. Vinschool is headquartered at No. 7 Bang Lang 1 Street, Vinhomes Riverside Eco-Urban Area, Viet Hung Ward, Long Bien District, Hanoi, Vietnam, and its official website is https://vinschool.edu.vn/.

1. GENERAL PROVISIONS

1.1. Personal data: any information in the form of symbols, text, numbers, images, sounds, or similar formats within an electronic environment, which is linked to or identifies a specific individual. personal data includes Basic personal data and Sensitive personal data.

1.2. Data subject: any individual whose personal data is being processed, including all individual customers using Vinschool’s products and services, Vinschool’s employees, shareholders, and/or any other individuals who have a legal relationship with Vinschool.

1.3. Processing of personal data: one or more activities that affect personal data, such as collection, recording, analysis, verification, storage, modification, disclosure, combination, access, retrieval, withdrawal, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of personal data, or other related actions.

1.4. When the personal data of individuals related to data subjects (including but not limited to information about dependents, legally related persons, spouses, children, and/or parents, guardians, friends, beneficiaries, authorized persons, partners, emergency contacts, or other individuals connected to data subjects) is provided to Vinschool, both data subjects and related individuals represent, warrant, and are responsible for ensuring that the information has been fully provided and that data subjects have legally consented to the processing of such data for the purposes outlined in this Policy. data subjects and their related individuals agree that Vinschool is not responsible for verifying the legality or validity of this consent, and the responsibility for maintaining evidence of such consent lies with the related individuals and data subjects. Vinschool is indemnified and entitled to compensation for any damages or costs incurred as a result of data subjects and/or their related individuals failing to comply with the provisions set forth herein.

1.5. By registering for Vinschool’s products or services, entering into contracts, and/or consenting to the processing of personal data by Vinschool, data subjects fully and unconditionally agrees to the policies set forth herein, including any future amendments (if applicable), from time to time.

1.6. This policy may be updated, amended, supplemented, or replaced by Vinschool periodically. Any changes shall be posted on Vinschool’s official website. Vinschool encourages data subjects to regularly check the website to stay informed of any updates.

1.7. Vinschool is committed to the following principles when processing personal data:

    • Processing and safeguarding personal data in compliance with Vietnamese law, while fully adhering to all contracts, agreements, or documents established with data subjects;
    • Collecting personal data for specific, clear, and lawful purposes, within the scope of the objectives outlined in Section 3 of this Policy, and in accordance with Vietnamese regulations;
    • Implementing and regularly updating appropriate technical measures as required by law to ensure personal data security, including protection against unauthorized access, destruction, loss, or damage;
    • Storing personal data appropriately and only to the extent necessary for processing, in compliance with legal requirements;
    • Adhering to all relevant regulations regarding the protection of children’s data.

2. PERSONAL DATA TO BE PROCESSED

  1. Vinschool may process the following categories of personal data to fulfill the purposes described in Section 3 of this Policy:

2.1. Basic personal data, including:

    • Surname, middle name and birth name, other names (if any);
    • Date of birth; date of death or disappearance;
    • Gender;
    • Place of birth, registered birth address, permanent address, temporary address, current residence, place of origin, and contact address;
    • Nationality;
    • Personal images and information obtained from security systems, including CCTV footage of data subjects captured at Vinschool’s business or transaction locations;
    • Phone number, ID card number, personal identification number, passport number, driver’s license number, vehicle registration number, tax identification number, social security number, and health insurance card number;
    • Occupation and workplace
    • Marital status;
    • Family relationships (e.g., parents, children);
    • Digital account information; personal data reflecting preferences and online activity history;
    • Other information pertaining to or identifying a specific individual, which does not fall under the category of sensitive personal data as defined in Section 2.2 below.

2.2. Sensitive personal data, including:

      • Political opinions and religious beliefs;
      • Health status and personal information documented in medical records, excluding blood type;
      • Information concerning racial or ethnic origin;
      • Genetic data, including both inherited and acquired genetic traits;
      • Unique physical characteristics and biological attributes;
      • Criminal data and details of offenses collected and maintained by law enforcement agencies;
      • Bank account details of data subjects;
      • Geolocation data of data subjects, obtained through location-based services;
      • Other types of personal data stipulated as sensitive by law and requiring appropriate security measures.

3. PURPOSES OF PERSONAL DATA PROCESSING

Personal data may be processed for one or more of the following purposes:

3.1. Assessing the feasibility of providing products, services, and/or entering into contracts with data subjects, including but not limited to:

    • Identifying and verifying information about data subjects;
    • Evaluating, reviewing, and approving the provision of products and services based on the registration forms, proposals, or contracts of data subjects and/or their related parties;
    • Determining whether to provide or continue providing any products or services to data subjects;

3.2. Fulfilling obligations in contracts, agreements, terms, conditions, and other arrangements between Vinschool and data subjects, and to provide customer support, including but not limited to:

    • Meeting obligations under contracts and agreements, and delivering products and services to data subjects;
    • Updating and processing information about data subjects;
    • Managing customer care, handling complaints, and resolving disputes involving data subjects;
    • Using or sharing personal data and related information with partners to identify and resolve product or service issues, or to facilitate product repairs;
    • Contacting and providing notifications to data subjects;
    • Administering promotional, gift exchange, reward, and gift delivery programs;
    • Offering other customer care and support services.

3.3. Improving the quality of Vinschool’s products and services, including but not limited to:

    • Providing information requested by customers or deemed useful by Vinschool for customers.
    • Innovating technology and improving the interfaces of digital platforms, social media channels, and applications to ensure a seamless and convenient customer experience.
    • Managing customer accounts and loyalty programs implemented by Vingroup and its P&Ls.
    • Compiling and analyzing data to research, develop, and improve products and services, and to enhance customer experience.
    • Developing and offering new, personalized products and services based on customer needs and situations.
    • Introducing and offering promotional programs and discounts for Vinschool’s products and services, as well as those in collaboration with partners.
    • Recommending products and services based on customer preferences.

3.4. Supporting Vinschool’s business and operations, including but not limited to fulfilling reporting, financial, accounting, and tax obligations, as well as activities related to audits, compliance, and other activities that support Vinschool’s legitimate business operations as deemed necessary by Vinschool.

3.5. Restructuring or transferring projects/businesses:

In the course of its business, Vinschool may buy or sell businesses, restructure its operations, or transfer projects or services in accordance with applicable laws. In such cases, personal data, along with general rights to use information, may be considered transferable assets. All data transfers and processing shall be carried out in compliance with legal requirements and this Policy.

3.6. Conducting marketing activities: Developing marketing campaigns and promoting products and services, including creating campaigns based on customer preferences.

3.7. Preventing, combating, investigating, and detecting criminal activities.

3.8. Safeguarding social order and safety, protecting the legitimate rights and interests of data subjects, Vinschool, and other relevant parties.

3.9. Adhering to laws and international agreements to which Vietnam is a party, including but not limited to:

    • Providing information to authorized state agencies as required by law;
    • Fulfilling legal obligations and international treaties that Vinschool must follow (if applicable).

3.10. Achieving any other objectives with the consent of data subjects.

4. PERSONAL DATA PROCESSING METHODS

4.1. Data collection

Vinschool may collect personal data as follows:

    • From Vinschool’s websites: when individuals fill out forms on Vinschool’s websites.
    • From the provision of products, services, and the fulfillment of Vinschool’s contractual obligations or agreements: when individuals purchase, register for, use any products or services, or sign contracts with Vinschool.
    • From interactions and communications with individuals: Through interactions between Vinschool and data subjects, whether in person, by mail, phone, online, through call centers, electronic communication, or other channels, including surveys.
    • From social networks: Via Vinschool’s social media platforms and/or those operated in partnership with third parties.
    • From audio and video recording devices: Through devices installed in stores, business locations, or other areas where Vinschool conducts part or all of its business, and where data subjects interact with, meet, or appear in connection with Vinschool.
    • From interactions or automatic data collection technologies:
      • Cookies, pixel tags, and similar technologies;
      • Any technology that can track individual activity on devices or websites;
      • Other data provided by a device.
    • From other sources

Through publicly available and official sources, or from Vinschool’s parent company, subsidiaries, affiliates, or business partners, in accordance with applicable legal requirements.

4.2. Data storage

Personal data is stored in Vietnam on Vinschool’s database system or at any location where Vinschool’s affiliates, subsidiaries, partners, or vendors operate.

The retention period for personal data is determined by its intended use, as outlined in this Policy, and in accordance with legal requirements.

4.3. Data transfer/sharing

Vinschool shall not sell personal data to any third party and shall ensure its safe transfer and sharing through appropriate security measures. personal data may be shared with (i) Vinschool’s parent entity, subsidiaries, or affiliates; (ii) individuals or organizations involved in the processing of personal data as specified in this Policy; or (iii) competent government authorities, or as otherwise required by law.

In instances where personal data is transferred to recipients located outside the territory of Vietnam (including but not limited to transfers via cyberspace, electronic devices, or other means), Vinschool shall require the recipients to ensure the protection and confidentiality of the personal data. Vinschool is committed to full compliance with all applicable laws and regulations of Vietnam to safeguard personal data.

4.4. Data analysis

Personal data is analyzed following Vinschool’s internal procedures, data protection principles, and IT security measures.

4.5. Data encryption

When necessary, collected personal data is encrypted according to relevant encryption standards during storage, transfer, or processing to ensure it is always protected.

4.6. Data deletion

Vinschool shall delete stored personal data when a contract expires, when products or services are no longer in use, or upon a valid request from data subjects, except in the following circumstances:

    • When the law prohibits data deletion or mandates its retention;
    • When the personal data is being processed by a competent government authority for the purposes of fulfilling its official functions in accordance with the law;
    • When the personal data has been publicly disclosed as required by law;
    • When the personal data is processed for legal, scientific research, or statistical purposes in compliance with legal requirements;
    • In cases of emergencies related to national defense, national security, public order and safety, major disasters, or dangerous epidemics; when there is a potential threat to national security or defense that has not yet warranted a declaration of a state of emergency; or in efforts to prevent riots, terrorism, crime, and other legal violations;
    • In response to emergency situations that threaten the life, health, or safety of data subjects or others.

During personal data processing, Vinschool gives top priority to security and implements appropriate technical measures to prevent unauthorized access to and use of personal data. It also regularly collaborates with security experts to stay updated on the latest cybersecurity techniques, ensuring the safety of personal data. Payment card information issued by financial organizations is protected by Vinschool under the principle of not storing critical payment card data (such as card numbers, cardholder names, or CVV codes) in Vinschool’s system. Payment transactions are processed through relevant banks’ systems.

5. PROCESSING OF CHILDREN’S PERSONAL DATA

5.1. Vinschool shall process children’s personal data in accordance with the principle of safeguarding their rights and acting in their best interests, while fully complying with applicable legal regulations.

5.2. Vinschool shall only process the personal data of children and provide products or services to them if their parent or guardian consents to their use of Vinschool’s offerings, agrees to the processing of their personal data, and complies with this Policy and relevant legal requirements. For children aged 7 and older, Vinschool shall also require their explicit consent before processing their personal data, in addition to the aforementioned conditions. Parents or guardians are responsible for obtaining the children’s consent prior to submitting their personal data to Vinschool.

6. POTENTIAL CONSEQUENCES AND DAMAGE

6.1. Vinschool employs various information security technologies, such as firewalls, access controls, and encryption, to protect personal data from unauthorized access, use, or sharing. However, Vinschool cannot guarantee absolute security in certain situations, including:

    • Hardware or software malfunctions during data processing that could lead to the loss of personal data;
    • Security vulnerabilities outside Vinschool’s control, which may result in system breaches due to hacking incidents that expose data.

6.2. Vinschool recommends that data subjects keep their account login details and OTP codes secure and refrain from sharing them with anyone.

6.3. Data subjects should be aware that once they disclose or publicly share their personal data, it may be collected and used by third parties for purposes beyond the control of both data subjects and Vinschool.

6.4. Vinschool encourages data subjects to take appropriate precautions to secure their personal devices (e.g., smartphones, tablets, laptops) during use and to log out of their accounts when not in use.

6.5. In the case of a server attack resulting in the loss or exposure of personal data, Vinschool shall promptly notify the relevant authorities for investigation and handling, and inform affected data subjects in accordance with legal requirements.

6.6. The online environment is inherently insecure. Vinschool cannot guarantee that personal data shared online shall always remain protected. When transmitting personal data, data subjects should use secure systems to access websites, applications, or devices. data subjects are responsible for ensuring that their access credentials for each website, application, or device are kept secure and confidential.

7. TIMING OF PERSONAL DATA PROCESSING

7.1. Personal data shall be processed from the moment Vinschool lawfully receives it and has a valid legal basis for processing in accordance with applicable laws.

7.2. Processing shall continue until the intended purposes are fulfilled.

7.3. Vinschool may retain personal data even after the termination of any contract between the parties to comply with legal obligations and/or requests from relevant authorities

8. ENTITIES INVOLVED IN PERSONAL DATA PROCESSING

8.1. Vinschool may act as either the controller or both the controller and processor of personal data, depending on the specific case.

8.2. In accordance with applicable laws, data subjects understand that Vinschool may share personal data for the purposes outlined in this Policy with the following entities:

(i)      Vinschool’s parent company, subsidiaries, and affiliated entities;

(ii)     Organizations and individuals providing services and/or collaborating with Vinschool, including but not limited to agents, auditors, lawyers, business partners, and providers of IT solutions, software, applications, operational management, troubleshooting, and infrastructure development services.

(iii)    Any individuals or organizations acting as representatives or authorized agents of data subjects.

Data sharing shall be carried out in compliance with the applicable procedures and legal regulations. Recipients of personal data are required to maintain confidentiality in accordance with this Policy, Vinschool’s internal rules, data protection standards, and relevant legal obligations.

8.3. Vinschool may also be required to share personal data with competent government authorities as stipulated by law.

9. RIGHTS OF DATA SUBJECTS

Data subjects have the right to:

9.1. Be informed about the processing of their personal data, except as otherwise provided by law.

9.2. Provide or withhold consent for the processing of their personal data, except as otherwise stipulated by law.

9.3. Access, review, and request modifications to their personal data, except as otherwise required by law.

9.4. Withdraw consent.

9.5. Delete their personal data.

9.6. Limit the processing of their personal data in accordance with applicable laws.

9.7. Request a copy of their personal data, except as otherwise provided by law.

9.8. Object to the processing of their personal data.

9.9. File complaints, report violations, or initiate legal proceedings.

9.10. Seek compensation for any damages incurred.

9.11. Take measures for self-protection.

Data subjects may exercise these rights by submitting a request to Vinschool. The request must include essential information such as the requester’s details, a description of the request [e.g., the type of data to be provided or deleted, the title of the document or record (if applicable), the reason and purpose for the request, and any relevant information specifics (e.g., preference for digital format or paper, and the delivery address). Any costs incurred in fulfilling the requests outlined above, including but not limited to printing, copying, postage, and express delivery fees, shall be borne by the requester. These costs must be paid upon receipt of the data or within a timeframe specified by Vinschool.

Vinschool shall handle requests from data subjects in line with legal requirements while taking their legitimate rights into account. However, if data subjects withdraw their consent, request data deletion, or exercise other related rights that impact Vinschool’s ability to provide or maintain its products and services or uphold contractual obligations, Vinschool may decide to discontinue offering its products and services to data subjects or to terminate the contractual relationship with data subjects, depending on the specifics of the request. Actions taken by data subjects in accordance with this Policy shall be regarded as a unilateral termination of any relationship with Vinschool. Such actions may result in a breach of contractual obligations or commitments, and Vinschool reserves its rights and legal remedies in these circumstances. Accordingly, Vinschool shall not be liable to data subjects for any losses incurred. Its legal rights shall be fully reserved. With reasonable effort, Vinschool shall fulfill legal and valid requests from data subjects within the time frame prescribed by law. However, for security purposes, it may require data subjects to verify their identity before processing such requests.

Vinschool reserves the right to deny data subjects’ requests under certain circumstances, including but not limited to the following: (i) data subjects do not follow the procedures outlined by Vinschool, resulting in incomplete or invalid requests; (ii) data subjects fail to provide any documentation or provides insufficient documentation to verify their identity; (iii) Vinschool detects potential signs of fraud or violations concerning personal data protection; or (iv) Applicable laws prohibit the fulfillment of the requests.

10. OBLIGATIONS OF DATA SUBJECTS

10.1. Protect personal data and request relevant organizations or individuals to safeguard it. Notify Vinschool promptly about any errors or leaks regarding personal data, or if there are suspicions that personal data may have been compromised.

10.2. Respect and protect others’ personal data.

10.3. Provide complete and accurate personal data when consenting to its processing. If any inaccuracies arise, data subjects shall be responsible for any costs incurred that may affect their rights.

10.4. Comply with legal regulations concerning personal data protection and actively participate in efforts to prevent violations of these regulations.

10.5. Fulfill any other responsibilities as required by law.

11. OTHER PROVISIONS

11.1. By accepting this Policy, data subjects consent to the processing of their personal data by Vinschool and any organizations or individuals involved in the personal data Processing as outlined in this Policy. They understand the types of data being processed, the purposes of such processing, the parties involved, and their rights and obligations concerning their personal data. data subjects confirm that they have been informed by Vinschool and are aware of and agree to all necessary disclosures prior to the processing of their personal data by Vinschool and any organizations/individuals involved in this process. data subjects agree that Vinschool and any organizations/individuals participating in the personal data processing are not required to provide additional notifications before proceeding with the processing of their personal data.

11.2. For questions about Vinschool’s data protection practices, please reach out to us. We will make every effort to respond promptly at the following:

– Address: No. 7, Bang Lang 1 Street, Vinhomes Riverside Eco-Urban Area, Phuc Loi Ward, Hanoi, Vietnam

–  Email:  18006511

–  Tel:  [email protected]

11.3. This policy, effective July 1, 2023, is the Personal Information Rights Protection Policy updated in compliance with the applicable regulations on personal data protection. The rights and obligations of data subjects are upheld in accordance with the laws in force at any given time.