Personal Data Privacy Policy

PERSONAL DATA PROTECTION POLICY

This Personal Data Protection Policy (“Policy”) is implemented by FPT IS Company Limited (“FPT IS”, “Company”), describing the activities related to the processing of Customer’s Personal Data, in order that the Customer can have better understanding of the purposes, scopes of information processed by FPT IS, and messures applied by FPT IS to protect Customer’s information and privacy rights regarding these activities.

This Policy is an integral part of the contracts, agreements, terms and conditions binding the relationship between FPT IS and the Customer.

Article 1. Subjects and scope of application

This Policy governs the way in which FPT IS collects, processes, and stores the Personal Data of the Customer using or interacting with FPT IS’s products, websites, or services and/or related persons of the Customer according to the relationships as required to collect by law; and/or co-own and use FPT IS’s products/services.

FPT IS encourages Customer to read this Policy carefully and regularly check the website for any changes that FPT IS may make to the terms of the Policy.

Article 2. Interpretation of terms

2.1. “Customer” means (i) an individual or his/her legal representative who uses and/or is interested in FPT IS’s products and services; (ii) an individual or his/her legal representative who has accessed and/or registered an account on websites/wapsites/applications owned and operated by FPT IS; (iii) an individual or his/her legal representative who signs or performs contracts or transactions with FPT IS, including but not limited to activities relating to business, commercial, advertising or other activities in accordance with the law, but excluding individuals who are candidates or employees of FPT IS as defined in the Personal Data protection policy for employees, candidates and related parties issued by FPT IS at any given time.

2.2. “FPT IS” includes FPT IS Company Limited and FPT IS Company Limited’s branches, representative offices, and member companies.

2.3. “FPT Corporation” includes FPT Corporation and FPT Corporation’s Affiliates in accordance with governance standards.

2.4. “Personal Data” means digital data or information in other forms that identifies or helps identify a specific person, including: basic Personal Data and sensitive Personal Data. Personal Data after being de-identified is no longer the Personal Data.

2.5. “Personal Data protection” means the use of forces, means and measures by agencies, organizations and individuals to prevent and combat infringements of the Personal Data.

2.6. “Personal Data processing” means activities that affect the Personal Data, including one or more than one of the following activities: collecting, analyzing, synthesizing, encrypting, decrypting, rectifying, deleting, destroying, de-identifying, providing, disclosing and transferring the Personal Data, and other activities that affect the Personal Data.

2.7. “Third party” means an organization or individual other than FPT IS and the Customer.

For further clarification, any terms not explained in this Article shall be construed and applied in accordance with the laws of Vietnam.

Article 3. Purpose of processing the Customer’s Personal Data

3.1. FPT IS may process the Customer’s Personal Data for one or more of the following purposes:

(a) Provide the Company’s products and services to the Customers such as:

  • Evaluate and respond to Customer’s service requests and support needs;
  • Provide the Customer with requested Company’s products or services; products and services of partners/suppliers that FPT IS acts as an agent/cooperator to provide;
  • Adjust, update, secure and improve products, services, applications and devices provided by FPT IS or FPT Corporation to the Customer;
  • To notify, introduce, and market to Customers the products, services, policies, and promotional programs offered by FPT IS or FPT Corporation, as well as any changes relating thereto;
  • Verify the identity to provide services to the Customer and ensure the confidentiality of the Customer’s personal information;

(b) Ensure compliance with the law and protecting the legitimate rights and interests of all related parties:

  • To have a basis for establishing, exercising the legal rights or defending the legal claims of FPT IS, the Customer or any individual. These purposes may include exchanging data with other companies and organizations for fraud prevention and detection, credit risk reduction;
  • Comply with applicable laws, relevant industry standards and other applicable Company’s policies;
  • Prevention and control of fraud, identity theft and other illegal activities;

(c) Other purposes for the Company’s operation activities include:

  • Measurement, analysis of internal data and other processing to develop, improve, improve the quality of services/products of FPT IS or FPT Corporation or perform other activities of marketing, communications;
  • Operational activities between the products and services that the Company provides to the Customer;
  • Other purposes as agreed upon between the Customer and the Company and/or Third parties at each time in accordance with legal regulations.

3.2. FPT IS will notify and request the Customer’s permission before using the Customer’s Personal Data for any purpose other than the purposes stated in Article 3.1 above, at the time of collecting the Customer’s Personal Data or before commencing the Personal Data processing, unless otherwise provided by the current Personal Data protection law.

Article 4. Confidentiality of the Customer’s Personal Data

4.1. The Customer’s Personal Data is committed to maximum confidentiality in accordance with FPT IS’s regulations and the law. The Personal Data processing of each Customer is carried out only with the consent of the Customer, unless otherwise provided for by law.

4.2. FPT IS shall not use, transfer, provide or share to any Third party the Customer’s Personal Data without the Customer’s consent, unless otherwise provided by law.

Article 5. Types of the Personal Data collected and processesd by FPT IS

In order for FPT IS to be able to provide products and services to the Customer and/or process Customer’s requests, FPT IS is entitled to collect and/or request to collect the following types of the Personal Data, depending on types of product or service, the way customers interact with FPT IS:

5.1. Basic Personal Data include:

  • Customer identification information: (i) Full name, middle name and birth name, other name (if any); (ii) date, month and year of birth; day, month, year of death or missing; (iii) gender; (iv) nationality; (v) image of the individual; (vi) identity card number, personal identification number, passport number, driver’s license number, license plate number, personal tax identification number, social insurance number, health insurance card number;
  • Customer’s contact information: (i) Place of birth, place of birth registration, place of permanent residence, place of temporary residence, current place of residence, hometown, contact address; (ii) phone number;
  • Customer’s relationship information: (i) Marital status; (ii) information on family relationships (parents, children);
  • Information about the individual’s digital account;
  • Other information that is tied to a particular person or helps to identify a specific person but not part of sensitive Personal Data.

5.2. Sensitive Personal Data include:

  • Data revealing racial origin or ethnic origin;
  • Political views; religious or belief-related views;
  • Information on private life, personal secrets, or family secrets;
  • Health status;
  • Customer’s identification information: (i) Biometric data and genetic characteristics; (ii) images of identity cards, citizen identity cards, or people’s identity cards;
  • Data revealing an individual’s sexual life or sexual orientation;
  • Data on crimes or violations of law collected and stored by law enforcement agencies;
  • An individual’s position determined through positioning services;
  • Information on usernames and passwords for accessing an individual’s electronic identification account;
  • Usernames and passwords for accessing bank accounts; bank card information; data on bank account transaction histories; financial and credit information and other information relating to customers’ activities and transaction histories in finance, securities, and insurance at credit institutions, foreign bank branches, intermediary payment service providers, securities companies, insurance companies, and other authorized organizations;
  • Data tracking behavior and activities in the use of telecommunications services, social networks, online communication services, and other services in cyberspace;
  • Other Personal Data that, under the law, is required to be kept confidential or subject to strict security measures.

Article 6. Personal Data collection methods

FPT IS collects the Customer’s Personal Data in the following ways:

6.1. Directly from the Customer by various means:

  • When the Customer enters into contract, purchases or uses any Third party’s services through FPT IS or FPT IS’s locations and business establishments.
  • When the Customer submits a registration request or any other form related to the products and services of FPT IS;
  • When the Customer interacts with the Company’s customer service staff, for example through phone calls, letters, face-to-face meetings, emailing or social media interactions;
  • When the Customer uses certain services of FPT IS, such as websites and applications including setting up online accounts with FPT IS;
  • When the Customer is contacted and responded to by marketing representatives and customer service personnel of FPT IS;
  • When the Customer submits his/her personal information to FPT IS for any other reasons, including when the Customer signs up for a free trial of any products and services or when the Customer shows interest in any products and services of FPT IS.

6.2. From other Third parties:

  • If the Customer interacts with Third party’s content or advertising on the website or in the application, the Company may receive the Customer’s Personal Data from the relevant Third party, according to that Third party’s legally applicable privacy policy.
  • If the Customer chooses to pay electronically and directly to FPT IS or through a website or application, FPT IS may receive the Customer’s Personal Data from Third parties, such as payment service supplier, for that purpose.
  • In order to comply with its obligations under applicable law, FPT IS may receive the Personal Data about the Customer from legal authorities and public authorities in accordance with the law.
  • FPT IS may receive the Personal Data about the Customer from public sources (such as telephone directories, advertising information/brochures, information publicly available on websites, etc.).

In the event of the Personal Data collection as stipulated in this Article 6.2, FPT IS will ensure that it receives the Personal Data from relevant Third parties in lawful ways and shall make those Third parties bear responsible for compliance with the law on the Personal Data protection.

Article 7. Personal Data processing organizations

7.1. In each case, FPT IS Company Limited may act as the Personal Data controller or the Personal Data controller and processor.

7.2. FPT IS will share or jointly process the Personal Data with the following organizations and individuals:

  • FPT Corporation and its affiliate companies that FPT Corporation directly or indirectly owns;
  • FPT IS Company Limited’s affiliate companies that FPT IS directly or indirectly owns;
  • Contractors, agents, partners, and operating service providers of FPT IS;
  • Branches, business units and employees working at branches, business units, agents of FPT IS;
  • Telecom businesses in case the Customer violates the obligation to pay service charges;
  • Commercial stores and retailers related to implementation of promotional programs of FPT IS;
  • Professional advisors of FPT IS such as auditors, lawyers, etc. in accordance with the law;
  • Courts, competent state agencies in accordance with the provisions of law and/or as required and permitted by law.

7.3. FPT IS commits that the sharing, transferring or co-processing of the Personal Data is performed only in cases where it is necessary to fulfill the processing purposes stated in this Policy or as required by law. Organizations and individuals that receive the Customer’s Personal Data will have to comply with the content specified in this Policy and relevant laws on the Personal Data protection. FPT IS commits to fully complying with Vietnamese law to ensure safety of the Customer’s Personal Data when being shared, transferred or jointly processed as stipulated in this Article.

Although FPT IS will make every effort to ensure that the Customer’s Personal Data is anonymized/encrypted, the risk that such Personal Data may be disclosed in the event of force majeure or in cases where disclosure is required by law is unable to be completely ruled out.

7.4. In the event of the participation of other Personal Data processing organizations mentioned in this Article, FPT IS will notify the Customer before implementation.

Article 8. The Personal Data processing in some special cases

FPT IS ensures that the processing of the Customer’s Personal Data fully meets the requirements of the Law in the following special cases:

8.1. FPT IS is permitted to record and process the Personal Data obtained from recording activities in public places and public events without the consent of the Personal Data subject in the following cases:

  • To perform tasks related to ensuring social order and safety, and protecting the legitimate rights and interests of FPT IS, agencies, organizations, and individuals as prescribed by law;
  • Audio, images, and other identifying information obtained from public events including conferences, seminars, sports competitions, artistic performances, and other public events without harming the honor, dignity, reputation of the Personal Data subject;
  • Other cases as provided by law.

8.2. FPT IS always respects and protects children’s Personal Data. In addition to the Personal Data protection measures prescribed by law, before processing children’s Personal Data, the Company will verify the children’s age and require the consent of (i) children and/or (ii) their legal representatives or guardians as required by law.

8.3. In addition to complying with other relevant legal regulations, for the Personal Data processing related to the Personal Data of the person who is declared missing/deceased, the Company will have to obtain the consent of one of the relevant persons in accordance with current law.

Article 9. Rights and obligations of the Customer related to the Personal Data provided to FPT IS

9.1. Customer’s rights

  • The Customer has the right to know about their Personal Data processing activities, unless otherwise provided by law.
  • The Customer has the right to agree or disagree with his/her Personal Data processing, unless otherwise provided by law.
  • The Customer has other rights as provided by law to protect his/her Personal Data.

9.2. Customer’s obligations

  • Complying with the laws, regulations and instructions of FPT IS regarding the Customer’s Personal Data processing.
  • Providing fully, honestly and accurately the Personal Data and other information as required by FPT IS when registering and using FPT IS’s services and when there is a change in these information. FPT IS will proceed to secure the Customer’s Personal Data based on Customer’s registered information, so if there is any false information FPT IS will not be responsible in case such information affects or restrict the rights of the Customer. In case of failure to notify, if there is a risk or loss, the Customer is responsible for errors or acts of abuse or fraud when using the service due to its fault or failure to provide correct and complete, sufficient, accurate and timely information changes; including financial losses, costs incurred due to incorrect or inconsistent information.
  • Coordinating with FPT IS, a competent state agency or a Third party in case of problems affecting the security of the Customer’s Personal Data.
  • Protecting Customer’s own Personal Data; proactively applying measures to protect their Personal Data in the process of using FPT IS’s services; promptly notifying FPT IS when detecting errors, mistakes in their Personal Data or suspecting that their Personal Data is being infringed.
  • Being solely responsible for the information, data and consents that they create and provide in the network environment; self-responsible in case the Personal Data is leaked or infringed due to their fault.
  • Regularly updating FPT IS’s Regulations and Policies from time to time, which are notified to the Customer or posted on FPT IS’s websites and or other transaction channels from time to time. Taking actions according to FPT IS’s instructions to clearly indicate approval or disapproval for the purposes of the Personal Data processing that FPT IS informs the Customer from time to time.
  • Complying with the law on the Personal Data protection and participate in the prevention and combat of infringements of the Personal Data.
  • Respecting and protecting the Personal Data of the others.
  • Other responsibilities as prescribed by law.

Article 10. Storage of the Personal Data

FPT IS commits to only storing the Customer’s Personal Data in cases related to the purposes stated in this Policy. Personal Data storage time will be decided by FPT IS to ensure the implementation of the above Personal Data processing purposes.

Article 11. Undesirable consequences and damages

Currently, FPT IS has not recorded any undesirable consequences or damages that may occur, FPT IS will make notifications when specific cases occur. During the processing of the Personal Data, the Personal Data may be exposed due to:

11.1. From the Customer’s side: The Customer reveals or leaks the Personal Data due to carelessness or fraud; the Customer visit websites/download applications containing malware, etc.

  • FPT IS recommends that the Customer should keep confidential information related to the login password to their account and OTP code and not share this login password and OTP code with anyone else, including FPT IS’s employees.
  • The Customer should preserve electronic devices during use; the Customer should lock, log out, or exit their accounts on FPT IS’s websites or applications when not in use; and implementing other security measures when using the Company’s services.

11.2. From FPT IS’s side: FPT IS commits to using information security technologies to protect the Customer’s Personal Data. However, no Personal Data can be 100% secured. Hardware and software errors may occur during the Personal Data processing, causing loss of the Customer’s Personal Data; or there are security holes beyond the control of FPT IS, the relevant system is attacked by hackers, causing data leakage; etc.

Article 12. The Personal Data processing with foreign factors

12.1. For the purposes of the Personal Data processing in this Policy, FPT IS may be required to provide/share the Customer’s Personal Data to relevant Third parties of FPT IS and these Third parties may be located in Vietnam or any other places outside the territory of Vietnam.

12.2. When providing/sharing the Personal Data outward, FPT IS will require the receiving party to ensure that the Customer’s Personal Data transferred to them will be kept confidential and secured. FPT IS ensures compliance with legal and regulatory obligations related to the transfer of the Customer’s Personal Data.

12.3. The Customer in the European Union (EU): The Customer’s Personal Data may be accessed, transferred and/or stored outside the European Economic Area (EEA), including countries which may have a lower level of data protection under EU data protection law. FPT IS must follow specific rules when transferring the Personal Data from the EEA to outside the EEA. FPT IS will then use appropriate safeguards to protect any Personal Data transferred.

Article 13. Personal Data processing contact information

In case the Customer has any questions regarding this Policy or issues related to the data subject’s rights or the processing of the Customer’s Personal Data, the Customer may use the following forms of contact as listed below:

13.1. Sending an email to the Company at the address: [email protected]

13.2. Sending an email to the email box corresponding to each type of service or product listed below: [email protected]

13.4. Hotline: +84 24 7300 7373

Article 14. General terms

14.1. This Policy is effective from 01/01/2026. The Customer understands and agrees that this Policy may be amended from time to time and notified to the Customer through FPT IS’s transactional channels before application. Changes and effective time will be updated and announced at FPT IS’s transaction channels and other channels. The Customer’s continued use of services after notice period on the revised and supplemented contents from time to time means that the Customer has accepted such modified and supplemented contents.

14.2. The Customer has fully understood and agreed that this Policy is also the notice of the Personal Data processing as provided by current laws on the Personal Data protection and is amended and supplemented from time to time before FPT IS’s Personal Data processing.

14.3. The Customer understands and accepts that disagreeing with or withdrawing his/her consent for FPT IS to perform the Personal Data process for any purpose under this Policy or under FPT IS’s notices from time to time may restrict or limit FPT IS’s provision of services and products to the Customer.

14.4. Upon receiving a request to exercise the Customer’s rights under Article 9.1 from the Customer, FPT IS will take the necessary steps to confirm and identify the Customer before implementing the rights that the Customer wants to apply. If neccessary to verify the identity and ensure the confidentiality of the Customer’s Personal Data, FPT IS may match the Personal Data provided by the Customer when submitting a request to exercise rights with the Personal Data that FPT IS has been storing.

In case FPT IS deletes, destroys, or limits the use of the Personal Data at the request of the Customer, the Customer’s rights under the contract or service agreement signed with FPT IS requiring the use of the abovementioned Personal Data may be interrupted, changed, or terminated.

14.5. The Customer commits to strictly complying with the provisions of this Policy. The issues have not been regulated, the Parties agree to comply with the provisions of the law, the guidance of the competent State agency and/or the amendments and supplements to this Policy notified by FPT IS to the Customer from time to time.

14.6. The Customer may see advertising or other content on any website, application or device that may link to the websites or services of partners, advertisers, sponsors or other Third parties.

FPT IS has no control over the content or links appearing on Third party’s websites or services and is not responsible and/or liable for the activities used by such Third party’s websites or service linked to or from any website, application, or device. These websites and services may be subject to the privacy policies and terms of use of the Third party.

14.7. This Policy is entered into based on goodwill between FPT IS and the Customer. During the implementation process, if any disputes arise, the Parties will actively resolve it through negotiation and conciliation. In case of unsuccessful conciliation, the disputes will be brought to the competent People’s Court for settlement in accordance with the law.

14.8. The Customer has carefully read, understand the rights and obligations, and agree with the entire content of this Policy.

Share:
Bot Avatar