Privacy Statement
VINEXT Software Technology Company's Corporate Data Protection Policy, privacy statement, and procedures layout strict requirements for processing personal data globally.
1. Introduction
1.1. Purpose
VINEXT Software Technology Company ("VINEXT" hereinafter) Corporate Data Protection Policy, privacy statement, procedures, guidelines, and templates lay out strict requirements for processing personal data pertaining to customers, business partners, employees or any other individual. It meets the requirements of the European Data Protection Regulation/Directive, PDPD13 as well as other national Data Protection Regulations and ensures compliance with the principles of national and international data protection laws in force all over the world.
The policy, privacy statement, procedures, guidelines, and templates set a globally applicable data protection and security standard for VINEXT and regulates the sharing of information between VINEXT, subsidiaries, legal entities, and partners. VINEXT have established guiding data protection principles – among them transparency, data economy and data security – as VINEXT guidelines.
The Data Protection Policy provides one of the necessary framework conditions for cross-border data transfer among VINEXT, Subsidiaries, and legal entities. It ensures the adequate level of data protection prescribed by the European Union General Data Protection Regulation, APPI, PDPA, PDPD13, draft PDPL91 or other national Personal Data Protection Regulations and the national laws for cross-border data transmission, including in countries that do not yet have adequate data protection laws.
1.2. Application Scope
All processing of personal data by VINEXT is within the scope of this procedure. Means, all VINEXT’s business processes and information systems involved in the collection, processing, use and transfer of personal data and all employees, contractors and 3rd party providers involved in the processing of personal data on behalf of VINEXT.
This policy is binding for all departments and functions globally which are involved in personal identifiable information processing. Every VINEXT department, legal entity or subsidiary must follow this procedure.
1.3. Application of national Laws
The Data Protection Policy, privacy statement, procedures, guidelines, and templates comprise the internationally accepted data privacy principles without replacing the existing national/international laws. It supplements the national data privacy laws. The relevant national law will take precedence in the event that it conflicts with the Data Protection Policy and guidelines, or it has stricter requirements than this Policy and guidelines.
Each subsidiary or legal entity of VINEXT is responsible for compliance with the Data Protection Policy, this privacy statement, guidelines, and the legal obligations. If there is reason to believe that legal obligations contradict the duties under the Data Protection Policy, privacy statement, procedures or the guidelines, the relevant subsidiary or legal entity must inform the Global Data Protection Officer.
1.4. Responsibilities
The Global Data Protection Officer is responsible for ensuring that the privacy statement is correct and that mechanisms exist such as having the privacy statement on VINEXT website to make all data subjects aware of the contents of this notice prior VINEXT commencing collection of their data.
All Employees/Staff of VINEXT who interact with data subjects are responsible for ensuring that this statement is drawn to the data subject’s attention and their consent to the processing of their data is secured.
2. Personal Information We Collect
VINEXT is the global leading technology and IT services group headquartered in Vietnam. Qualified with CMMI Level 5 & ISO 27001:2013, ISO 27701:2019, ASPICE LEVEL 3, VINEXT delivers world-class services in Smart factory, Digital platform, RPA, AI, IoT, Enterprise Mobilization, Cloud, AR/VR, Embedded System, Managed service, Testing, Platform modernization, Business Applications, Application Service, BPO and more services globally.
You can assess or visit our website at any time without informing us who you are or providing us any personal information. However, we may collect information at our websites in two ways:
For example, when you provide information, such as your name, email address, designation, company, country and telephone number, to sign up for a newsletter or register to comment on a forum website.
Through our website’s technology, we may collect certain information such as your IP address, demographics, your computers’ operating system, and browser type.
We do not attempt to track your personal information in order to identify you, but gathering these contact information in order to make up the web traffic routing, to diagnose problems with server for administration of our website, to better understand how you interact with our website and services and to re-design and upgrade the website for better use.
3. Use of Collected Information
We use personal data to provide you with information you request, process online job applications, and for other purposes which we would describe to you at the point where it is collected or which will be obvious to you. For example:
4. Consent
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified. Consent is required for VINEXT to process personal data, but it must be explicitly given. Where we are asking you for personal data, we will always tell you why and how the information will be used.
Means: VINEXT will inform you about the purpose of the processing, contact details of the Data controller or its representative, lawful basis of the processing, personal data was obtained, if not obtained directly from the data subject.
VINEXT provide updated information without any undue delay and before continuing with the processing if the purposes for the processing of the personal data are changed or extended. In this case VINEXT will ask for a new consent.
You may withdraw consent at any time by email, a written letter or telephone call to our Global Data Protection Officer or local subsidiary.
5. Data Sharing & Disclosure
We do not share your personal information with third parties without seeking your prior permission. We will seek your consent prior to using or sharing personal information for any purpose beyond the requirement for which it was originally collected. However, we may share your personal information within VINEXT or with any of its subsidiaries, business partners, service vendors, authorized third-party agents, or contractors located in any part of the world for the purposes of data processing, storage, or to provide a requested service or transaction, after ensuring that such entities are contractually bound by data privacy obligations.
When required, we may disclose personal information to external law enforcement bodies or regulatory authorities, in order to comply with legal obligations to support our marketing effectiveness. VINEXT integrates with the LinkedIn Conversion API, allowing us to analyze opportunities and improve campaign performance. In this context, certain pseudonymized personal data (e.g., hashed email) may be shared with LinkedIn Corporation.
Children's Privacy
We do not intend for our websites or online services to be used by anyone under the age of 13. If you are a parent or guardian and believe we may have collected information about a child, please contact us. VINEXT considers that, as a general rule, a child of 16 and over is mature enough to understand giving of consent. Where personal data is sought in respect of a child below the age of 16, a parent or guardian must give the consent on behalf of the child.
6. Data Retention & Cookies
Retention Period
VINEXT will process personal data for one year. Retention period 2 years or based on applicable national laws/regulations.
Cookies Policy
Like many websites, when you access to our websites, we will use “website assessment diary”- a cookie technology to collect additional website usage data. A cookie is a small data file that we transfer to your computer to facilitate your assessment to our websites. We may use information collected from our cookies to identify user behavior and to serve content and offers based on your profile.
By using our site, you agree that we can place cookies on your device. If you want to remove existing cookies from your device, you can do this using your browser options. Most Internet browsers automatically accept cookies.
7. Data Security
VINEXT commits to secure your personal information with securities measures in place. The measures will help protecting data from the misuse, loss, leakage and/or alteration of information. Your personal information is access restricted to authorize VINEXT’s personnel for the sake of providing service at your requirements and/or for VINEXT’s audit, internal audit and for the purpose of law obligation.
Regarding your use of our websites, you should understand that the open nature of the Internet is such that information and personal data may flow over networks connecting you to our systems without security measures and may be accessed and used by people other than those for whom the data is intended.
8. Your Rights as a Data Subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
You have the right to request information what kind of your personal data are collect, use, processed, for what purpose, from which source, lawful basis of processing, and request a copy of the information that we hold about you.
You have a right to correct data that we hold about you that is inaccurate or incomplete. In certain circumstances you can ask for the data we hold about you to be erased from our records.
Where certain conditions apply, you have a right to restrict the processing, and the right to have the data we hold about you transferred to another organisation.
You have the right to object to certain types of processing such as direct marketing, and the right to be subject to the legal effects of automated processing or profiling.
If VINEXT refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain and claim damages as prescribed by law when there are violations against regulations on protection of your personal data.
9. Complaints & Contact Details
If you wish to make a complaint about how your personal data is being processed by VINEXT or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and VINEXT’s data protection representatives Global Data Protection Officer.
Our team is happy to assist with any concern related to your personal data, service records, or communication preferences.
10. Appendix (Vietnam Law Overview)
There is no single data protection law in Vietnam. Regulations on data protection and privacy can be found in various legal instruments. The right of privacy and right of reputation, dignity and honour and fundamental principles of such rights are currently provided for in Constitution 2013 and Civil Code 2015 as inviolable and protected by law.
The guiding principles on collection, storage, use, process, disclosure or transfer of personal information are specified in the following main laws and documents: