PERSONAL DATA PROCESSING POLICY
Last updated: April 9, 2024
This Personal Data Processing Policy ("Policy") is implemented by C98 Company Limited ("Company", "we", "our"), describing activities related to the processing of personal data provided by Customers. This Policy is an integral part of the contracts, agreements, terms, and conditions applicable to transactions and relationships between the Company and Customers.
By accessing our Website (defined in Article 12 of this Policy) and/or providing data to us, Customers acknowledge and agree to the collection, use, disclosure, and processing of their personal data as described in this Policy. Please do not access our Website and do not provide any Personal Data to us if you do not agree to the terms of this Policy.
ARTICLE 1. OBJECTIVES AND SCOPE OF APPLICATION
This Policy governs how the Company processes the personal data of Customers and individuals related to Customers in accordance with legal requirements for data processing or co-users of the Company's products/services with Customers when using or interacting with the Websites and/or the Company's products/services. The Company encourages Customers to carefully read this Policy and regularly check the Websites for any changes that the Company may make in accordance with the terms of this Policy.
ARTICLE 2. DEFINITIONS
2.1. "Personal Data Protection" is the activity of preventing, detecting, stopping, and addressing violations related to Personal Data as stipulated by law.
2.2. "Third Party" is any organization, individual other than the Company, outside the Company Group, and outside the Customers as explained in this Policy.
2.3. "Affiliated Company" is any organization, business, entity directly or indirectly controlled by, controlling, or jointly controlled by a party as long as such control exists. For the purposes of this provision, the term "control" (including the terms "controlled by", "controlled by", and "jointly controlled by") means that an individual owns, directly or indirectly, the right to direct or give directions for the management or policy decisions through ownership of voting shares, through contracts, or other means.
2.4. "Company" refers to C98 Company Limited, tax code 0317526384, headquarters address: No. 2 Truong Quoc Dung, Ward 08, Phu Nhuan District, Ho Chi Minh City, Vietnam.
2.5. "Personal Data" is information in the form of symbols, writing, numbers, images, sounds, or similar forms in the electronic environment associated with a specific individual or helping to identify a specific individual. Personal data includes Basic Personal Data and Sensitive Personal Data.
2.6. "Basic Personal Data" includes:
(a) Last name, middle name, first name, other names (if any);
(b) Date of birth, date of death, or missing date;
(c) Gender;
(d) Place of birth, place of birth registration, residence, temporary residence, current address, hometown, contact address;
(e) Nationality;
(f) Image of the individual;
(g) Phone number, identity card number, personal identification number, passport number, driver's license number, vehicle registration number, individual tax identification number, social insurance number, health insurance card number;
(h) Marital status;
(i) Information about family relationships (parents, children);
(j) Information about individual account numbers; personal data reflecting activities, online activity history;
(k) Other information associated with a specific individual or helping to identify a specific individual not belonging to Sensitive Personal Data; and
(l) Other data as prescribed by current law.
2.7. "Sensitive Personal Data" may include political opinions, religious beliefs; health status and privacy recorded in medical records (excluding information about blood groups); information related to racial or ethnic origin; information about inherited or acquired genetic characteristics of individuals; information about physical attributes, personal biological characteristics; information about sexual life, sexual orientation; data on crimes, criminal behavior collected, stored by law enforcement agencies; payment data and location data.
2.8. "Customers" are organizations, individuals accessing, learning about, registering, using, conducting transactions to purchase Goods on the Website or related in the operation process, providing products, services of the Company, Company Group.
2.9. “"Company Group" specifically refers to the Company, the Company's affiliated companies, contractors, and employees of these entities or all of these entities collectively.
2.10. "Personal Data Processing" refers to one or more activities affecting Personal Data, such as: collection, recording, analysis, verification, storage, editing, disclosure, combination, access, retrieval, recovery, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of Personal Data, or other related actions.
ARTICLE 3. DATA COLLECTED BY THE COMPANY
In order for the Company to provide products, services to Customers and/or process Customer requests, the Company may need to and/or be required to collect Personal Data, including: Full name, email, contact phone number, contact address. In addition, the Company may collect other types of data as follows:
(a) Data related to Websites or applications: Technical data ("Technical data" includes device type, operating system, browser type, browser settings, IP address, language settings, date and time of connection to the Websites, application usage statistics, application settings, date and time of connection to the application, location data, and technical contact information, other information); security login details; usage data; and
(b) Marketing data: interests in advertising; cookie data; clickstream data; web browsing history; response to direct marketing; and opt-out choices for direct marketing.
ARTICLE 4. PURPOSE OF PROCESSING PERSONAL DATA PROVIDED BY CUSTOMERS
4.1. Customers agree to allow the Company Group to process the Personal Data provided by Customers for one or more of the following purposes:
(a) Providing products or services or supporting Customers in using the products/services of the Company Group through Customer-requested orders;
(b) Carrying out customer care activities and implementing after-sales programs;
(c) Adjusting, updating, securing, and improving the products, services, applications, devices provided by the Company Group to Customers;
(d) Verifying identity;
(e) Responding to service requests and support needs of Customers;
(f) Notifying Customers of changes to the policies, promotions of the products, services provided by the Company Group;
(g) Measuring, analyzing internal data, and other processing to improve, enhance the quality of services/products of the Company Group or conduct marketing communication activities;
(h) Organizing market research activities, opinion polls to improve the quality of products/services or to research and develop new products, services to better meet customer needs;
(i) Preventing and combating fraud, identity theft, and other illegal activities;
(j) Establishing, enforcing legal rights or protecting the legal claims of the Company Group, Customers, or any individual. These purposes may include exchanging data with other companies and organizations to prevent and detect fraud, reduce credit risk;
(k) Complying with current laws, relevant industry standards, and other current policies of the Company;
(l) Any other purpose specifically for the operation of the Company;
(m) Providing information to the Company Group to achieve the above purposes and subject to the recipient being bound by strict privacy terms similar to those provided in the Policy; and
(n) Any other purposes that the Company informs Customers of at the time of processing Personal Data.
4.2. The Company will request the consent of Customers before using Personal Data provided by Customers for any purpose other than those stated in Article 3.1 of this Policy.
ARTICLE 5. PROTECTION OF PERSONAL DATA
5.1. Principal of data protection:
(a) Personal data of Customers is committed to being secured in accordance with the regulations of the Company and the law. Processing of Personal Data of each Customer shall only be carried out with the consent of the Customer, except where otherwise provided by law.
(b) The Company Group shall not use, transfer, provide, or share with any third party any Personal Data of Customers without the consent of the Customer, except where otherwise provided by law.
(c) The Company shall comply with other security principles of Personal Data as required by current laws and regulations.
5.2. Unintended Consequences, Potential Damages:
The Company employs various information security technologies to protect Customers' Personal Data from unauthorized access, use, or sharing. However, no data can be completely secure. Therefore, the Company commits to maximizing the security of Customers' Personal Data to the best of its ability. Some unintended consequences, potential damages may include but are not limited to:
(a) Hardware or software errors during data processing causing loss of Customers' data;
(b) Security vulnerabilities beyond the Company's control, systems related to the Company being hacked, resulting in data breaches; and
(c) Customers inadvertently exposing their Personal Data or falling victim to fraud by accessing websites/downloading applications containing malicious software, etc.
ARTICLE 6. METHODS OF COLLECTING PERSONAL DATA
The Company collects Personal Data from Customers through the following methods:
6.1. Directly from Customers through various means:
(a) When Customers interact with representatives of the Company Group (including but not limited to phone calls, letters, face-to-face meetings, emails, or interactions on social media);
(b) When Customers access, use some services of the Company (including but not limited to accessing, using the Website);
(c) When Customers are contacted and respond to marketing representatives or employees of the Company;
(d) When Customers provide their personal information to the Company Group for any other reasons; and
(e) When Customers purchase goods or use services from third parties through the contact methods of the Company Group or at the Company's transaction points, business establishments, if any.
6.2. From third parties:
(a) If Customers interact with content or advertisements of third parties on the Websites or in applications, the Company may receive Customers' Personal Data from the relevant third party, according to the current legal privacy policy of that third party;
(b) If Customers choose to pay through payment service providers, the Company may receive Customers' Personal Data from third parties, such as payment service providers, for that payment purpose; and
(c) To comply with its obligations under current law, the Company may receive Personal Data about Customers from State agencies.
ARTICLE 7. ORGANIZATIONS AUTHORIZED TO PROCESS PERSONAL DATA
The Company Group
Customers agree that depending on the decision of the Company Group, the Company Group has the right to share or jointly process Personal Data with the following organizations, individuals:
(a) Affiliated companies of the Company Group;
(b) Contractors, agents, partners, service providers operating for the Company Group;
(c) Branches, business units, and employees working at branches, business units, agents of the Company Group;
(d) Telecommunication businesses in cases where Customers violate their obligation to pay service charges;
(e) Commercial stores and retailers related to the implementation of promotional programs of the Company Group;
(f) Professional advisors of the Company Group such as auditors, lawyers, ... as regulated by law; and
(g) Courts, competent state agencies in accordance with legal regulations and/or when required and permitted by law.
The Company Group commits to sharing or jointly processing Personal Data only when necessary to fulfill the purposes of processing Personal Data as stated in Article 3 of this Policy or as required by law. Organizations, individuals receiving Customers' Personal Data must comply with the provisions of this Policy and legal regulations on personal data protection. Although the Company will make every effort to ensure that Customer information is anonymized/encrypted, the risk of disclosure of this data cannot be completely eliminated in unavoidable circumstances.
In cases involving the participation of other organizations processing personal data as mentioned in this Article, Customers agree that the Company will notify Customers before the Company proceeds.
ARTICLE 8. PROCESS OF PERSOANL DATA IN SOME SPECIAL CIRCUMSTANCES
In the case of processing personal data related to the personal data of missing/deceased individuals, the Company shall require the consent of one of the relevant persons in accordance with the provisions of applicable law.
ARTICLE 9. RIGHTS AND OBLIGATIONS OF CUSTOMERS REGARDING PERSONAL DATA PROVIDED TO THE COMPANY
Customer’s rights:
(a) Customers have the right to be informed about the processing activities of their personal data, unless otherwise provided by law.
(b) Customers have the right to consent or refuse to allow the processing of their personal data, unless otherwise provided by law.
(c) Customers have the right to access, modify, or request modification of their personal data by submitting a written request to the Company, unless otherwise provided by law.
(d) Customers have the right to withdraw their consent in writing to the Company, unless otherwise provided by law. The withdrawal of consent shall not affect the lawfulness of the processing of data that the Customer has consented to by the Company prior to the request for withdrawal of consent received and enforced by the Company.
(e) Customers have the right to request deletion or request deletion of their personal data by sending a written request to the Company, unless otherwise provided by law.
(f) Customers have the right to request restriction of the processing of their personal data by sending a written request to the Company, unless otherwise provided by law. Requests for restriction of the processing of Customer's personal data shall be processed by the Company within 72 business hours upon receipt of the Customer's request.
(g) Customers have the right to request the Company to provide their personal data by sending a written request to the Company, unless otherwise provided by law.
(h) Customers have the right to lodge complaints, reports, or lawsuits in accordance with the provisions of the law.
(i) Customers have the right to request compensation for actual damages incurred in accordance with the law if the Company violates the provisions on the protection of the Customer's personal data, unless otherwise agreed by the parties or provided by law.
(j) Customers have the right to protect their legal rights and interests in accordance with the law, or to request competent authorities or organizations to protect their legal rights and interests.
(k) Other rights as provided by current laws and regulations.
Customer’s Obligations:
(a) Comply with the provisions of the law, regulations, and instructions of the Company regarding the processing of personal data provided by the Customer.
(b) Provide complete, truthful, and accurate personal data, and other information as requested by the Company, and update the Company immediately of any changes related to the personal data that the Customer has provided to the Company. The Company will secure the personal data provided by the Customer based on the information the Customer has registered; therefore, if there is any discrepancy, the Company shall not be liable in case that information affects or restricts the rights of the Customer. In the case of failure to notify, if there are risks, losses, or consequences arising from the failure to notify in a timely manner, the Customer shall be responsible for these errors, including financial losses, costs incurred due to inaccurate or inconsistent personal data, and the cost of rectifying the consequences.
(c) Cooperate with the Company, competent state agencies, or third parties in case of issues affecting the security of personal data provided by the Customer.
(d) Independently protect the personal data of the Customer; actively apply measures to protect personal data during the access to electronic websites, and/or use of products or services of the Company; promptly inform the Company when discovering errors or misunderstandings about their personal data or suspecting that their personal data is being compromised.
(e) Take responsibility for the information, data, approvals created or provided by themselves; take responsibility in case personal data is leaked, infringed due to their own errors.
(f) Regularly update the Regulations, Policies of the Company in each period posted on the website http://apeinstyle.vn/ at different times.
(g) Take actions as instructed by the Company to clearly demonstrate consent or refusal to consent to the purposes of processing personal data that the Company notifies to the Customer during each period.
(h) Respect and protect the personal data of others.
(i) Comply with other responsibilities as prescribed by law.
ARTICLE 10. STORAGE OF PERSONAL DATA
The Company commits to only store the personal data provided by customers for the purposes stated in this Policy. The Company may also need to store the personal data provided by customers for an appropriate period of time in accordance with legal regulations to fulfill the purposes stated in this Policy and/or as required by law.
Anonymous Data
In some cases, we may convert customer personal data into anonymous and/or aggregated form to no longer be linked or identifiable to the customer, in which case we reserve the right to retain and use that data without being bound by any restrictions.
ARTICLE 11. DATA PROCESSING METHODS
The Company applies one or more operations affecting personal data such as: collection, recording, analysis, verification, storage, modification, disclosure, combination, access, retrieval, erasure, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction of personal data or other related actions. To clarify, the Company is permitted to transfer or authorize the Group Company, third parties such as contractors, suppliers of the Company to carry out the data processing activities mentioned above.
ARTICLE 12. COOKIES
When customers use or access the Company's websites, online news pages, including the website http://apeinstyle.vn/ and other online news pages (collectively referred to as the "Website"), the Company may place one or more cookies on the customer's device. A "Cookie" is a small file placed on the customer's device when the customer accesses an electronic page, it records information about the device, the customer's browser, and in some cases, the preferences and browsing habits of the customer. The Company may use this information to identify customers when they return to the Company's Website, to provide personalized services on the Company's Website, to compile analytics to better understand the activities of the Electronic Pages, and to improve the Company's Website. Customers can use their browser settings to delete or block cookies on their device. However, if customers choose not to accept or block cookies from the Company's Website, customers may not fully utilize all the features of the Company's Website.
The Company may process personal data provided by customers through cookie technology, in accordance with the provisions of this Article. The Company may also use remarketing measures to distribute advertisements to individuals who have previously accessed the Company's Website.
Regarding third parties who have posted content on the Company's Website, these third parties may collect personal information from customers if customers choose to interact with the content of these third parties or use the services of these third parties.
ARTICLE 13. CONTACT INFORMATION FOR PERSONAL DATA PROCESSING
In case customers have any questions related to this Policy or issues related to the rights of personal data subjects or the processing of personal data of customers, customers may use one of the following contact methods:
. Send mail to the Company at the address: 2 Truong Quoc Dung Street, Ward 08, Phu Nhuan District, Ho Chi Minh City, Vietnam
. Send an email to the email address: gm@apeinstyle.com
ARTICLE 14. GENERAL PROVISIONS
This Policy is effective from the date of upload to the Website. Customers understand and agree that this Policy may be amended periodically and displayed on the website http://apeinstyle.vn/. These changes will take effect immediately after we update the revised Policy version on the website http://apeinstyle.vn/. If customers continue to access or use the Company's Electronic Pages, or do not make an objection request to the new Policy from the date the updated Policy is displayed on the website http://apeinstyle.vn/, with the note "Last updated date" at the top, it means that customers have accepted and committed to comply with the amended and supplemented contents.
Customers acknowledge and agree that this Policy is also the Personal Data Processing Notice specified in Article 13 of Decree 13/NĐ-CP/2023 on Personal Data Protection and/or other relevant regulations issued from time to time. Accordingly, the Company does not need to take any additional measures to notify the processing of personal data provided by customers, or collected from customers.
Customers commit to seriously comply with the provisions of this Policy. Issues not covered, the Parties shall comply with the provisions of the law, instructions of competent state authorities and/or amendments, supplements to this Policy notified by the Company to customers in each period.
Customers may see advertisements or other content on any Website, applications, or devices that may link to the Website or services of partners, advertisers, sponsors, or other third parties. The Company does not control the content or links appearing on the Website or services of third parties and shall not be responsible and/or legally liable for the activities used by the Website or services of third parties linked to or from any Website, applications, or devices. These Website and services may comply with their own privacy policies and terms of use of the third party.
This Policy is concluded on the basis of good faith between the Company and customers. In the process of implementation, if disputes arise, the Parties will actively resolve them through negotiation, reconciliation. In case reconciliation fails, the dispute shall be submitted to and resolved by arbitration managed by the Vietnam International Arbitration Centre ("VIAC") according to the arbitration rules of this arbitration center effective at that time, and these rules are considered to have been stipulated in this Contract through reference to this Article. The arbitration tribunal consists of one (1) arbitrator, with the language of arbitration being Vietnamese. The arbitration session to resolve disputes of the arbitration tribunal shall be conducted through online form.
Customers have carefully read, understood the rights and obligations, and agree to all the contents of this Personal Data Processing Policy.