This Personal Privacy Policy (“Policy”) is implemented by FPT IS Company Limited (“FPT IS”, “Company”). It describes the activities related to the processing of customers’ personal data to help customers better understand the purposes, scope of information FPT IS processes, the measures applied by FPT IS to protect such information, and customers’ rights regarding these activities. This Policy is an inseparable part of contracts, agreements, terms, and conditions binding the relationship between FPT IS and its customers.

1. Subjects and Scope of Application

This Policy governs how FPT IS collects, processes, and stores personal data of customers using or interacting with FPT IS’s products, websites, or services, and/or those associated with customers as required by law to collect and/or jointly own and use FPT IS’s products and services. FPT IS encourages customers to read this Policy carefully and regularly check the website for any updates FPT IS may implement under its terms.

2. Definitions
  • “Customer” refers to an individual who accesses, studies, registers, uses, or is associated with FPT IS’s activities in providing products and services.
  • “FPT IS” includes FPT IS Company Limited and its branches, representative offices, and affiliated companies.
  • “FPT Corporation” refers to FPT Joint Stock Company and its member companies under corporate governance standards.
  • “Personal Data” or “PD” refers to information in symbolic, written, numeric, image, sound, or similar forms in an electronic environment linked to or identifying a specific individual. Personal Data includes both Basic and Sensitive Personal Data.
  • Personal Data Protection: Activities to prevent, detect, stop, and handle violations related to Personal Data as prescribed by law.
  • Personal Data Processing: One or more activities affecting Personal Data, such as collection, recording, analysis, verification, storage, modification, disclosure, combination, access, retrieval, withdrawal, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction, or other related actions.
  • Third Party: An organization or individual other than FPT IS and the customer as defined under this Policy.
3. Purposes of Processing Customers’ Personal Data

3.1. FPT IS may process customers’ Personal Data for one or more of the following purposes:

  • To meet customers’ service requests and support needs;
  • To verify identity and ensure the security of customers’ personal information;
  • To provide requested products or services of the Company or its partners/suppliers with which FPT IS acts as an agent or collaborates to deliver products and services to customers;
  • To modify, update, secure, and improve products, services, applications, and devices provided by FPT IS or FPT Corporation to customers;
  • To inform customers of changes in policies or promotions for products and services provided by FPT IS or FPT Corporation;
  • To measure, analyze internal data, and perform other processes to develop, improve, and enhance the quality of services/products of FPT IS or FPT Corporation, including marketing communications;
  • To prevent and combat fraud, identity theft, and other illegal activities;
  • To establish or enforce legal rights or defend against legal claims of FPT IS, customers, or any individual. These purposes may include exchanging data with other companies and organizations to prevent and detect fraud and reduce credit risks;
  • To comply with applicable laws, relevant industry standards, and the Company’s current policies;
  • For any other purpose dedicated to the Company’s operations.

3.2. FPT IS will seek customers’ consent before using their Personal Data for any purpose other than those stated in section 3.1 at the time of data collection or before initiating related processing or as otherwise permitted by law.

4. Security of Customers’ Personal Data

4.1. Customers’ Personal Data is committed to being maximally protected as prescribed by FPT IS and applicable laws. Personal Data processing for each customer is conducted only with their consent unless otherwise required by law.

4.2. FPT IS does not use, transfer, provide, or share customers’ Personal Data with any third party without their consent, except as required by law.

4.3. FPT IS shall comply with other Personal Data protection principles in accordance with current legal regulations.

5. Types of Personal Data Collected and Processed by FPT IS

To provide products and services to customers and/or process customer requests, FPT IS is entitled to collect or request the collection of the following types of Personal Data:

5.1. Basic Personal Data of customers and their related individuals:

  • Full name, aliases (if any);
  • Date of birth, date of death, or missing date;
  • Gender;
  • Contact address;
  • Nationality;
  • Personal photographs;
  • Phone numbers;
  • Marital status;
  • Other information tied to or identifying a specific individual not classified as sensitive Personal Data;
  • Other data as defined by current laws.

5.2. Additional Personal Data linked to customers’ privacy:

  • Criminal or offense data collected and stored by law enforcement agencies;
  • Location data determined through geolocation services;
  • Other Personal Data is defined by law as sensitive and requiring special security measures.

FPT IS strictly avoids collecting Personal Data related to religion or political opinions of customers.

5.3. Data related to websites or applications: technical data (e.g., device type, operating system, browser type, settings, IP address, language preferences, date and time of website connection, application usage statistics); secure login details; usage data, etc.

 6.      Methods of Collecting Personal Data

FPT IS collects personal data from customers through the following methods:

6.1. Directly from customers via various means:

  • When customers sign contracts, purchase, or use third-party services through FPT IS or at FPT IS’s business premises.
  • When customers submit registration requests or other forms related to FPT IS’s products and services.
  • When customers interact with customer service representatives via calls, emails, direct meetings, or social media interactions.
  • When customers use FPT IS services, such as websites and applications, including setting up online accounts with FPT IS.
  • When customers respond to marketing representatives or customer service staff.
  • When customers provide personal information for any other reason, such as registering for free trials or expressing interest in FPT IS’s products and services.

6.2. From Third Parties:

  • If the Customer interacts with third-party content or advertisements on electronic platforms or within applications, the Company may receive the Customer’s personal information from the relevant third party, in accordance with the applicable and lawful privacy policies of that third party.
  • If the Customer chooses to make electronic payments directly to FPT IS or through an electronic platform or application, FPT IS may receive the Customer’s Personal Data from third parties, such as payment service providers, for the purpose of processing such payments.
  • To comply with its obligations under applicable laws, FPT IS may receive the Customer’s Personal Data from legal and regulatory authorities as stipulated by law.
  • FPT IS may receive the Customer’s Personal Data from public sources (such as phone directories, advertising materials/flyers, publicly available information on electronic platforms, etc.).
  • Whenever such Personal Data is collected, FPT IS will ensure that the data is obtained from the relevant third parties in a lawful manner and will require those third parties to comply with legal regulations regarding personal data protection.
7.      Methods of Processing Data

FPT IS applies one or more activities related to Personal Data, such as collecting, recording, analyzing, verifying, storing, modifying, disclosing, combining, accessing, retrieving, withdrawing, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying, or other related actions

8.      Entities Processing Personal Data

8.1. FPT IS (FPT IS Company Limited).

8.2. FPT IS will share or jointly process Personal Data with the following organizations and individuals:

  • FPT Corporation and its member companies;
  • Member companies directly or indirectly owned by FPT IS;
  • Contractors, agents, partners, and operational service providers of FPT IS;
  • Branches, business units, and staff working at FPT IS’s branches, business units, and agents;
  • Telecommunications businesses in cases where customers violate payment obligations;
  • Commercial stores and retailers related to promotional programs by FPT IS;
  • FPT IS’s professional advisors, such as auditors and lawyers, as prescribed by law;
  • Courts and competent state authorities in accordance with the law and/or when requested and permitted by law.

8.3. FPT IS commits to sharing or jointly processing Personal Data only when necessary to achieve the Processing Purposes stated in this Policy or as required by law. Organizations or individuals receiving customers’ Personal Data must comply with this Policy and legal regulations on Personal Data protection.

Although FPT IS will make every effort to ensure that customers’ information is anonymized/encrypted, it cannot completely eliminate the risk of data disclosure in unavoidable circumstances.

8.4. In cases where other organizations process Personal Data as outlined in this section, FPT IS will notify customers before proceeding.

9.      Special Cases of Processing Personal Data

FPT IS ensures that the processing of customers’ Personal Data meets all legal requirements in the following special cases:

9.2. FPT IS respects and protects children’s Personal Data. In addition to legal Personal Data protection measures, the Company will verify children’s ages and seek consent from (i) the child and/or (ii) the child’s parent or legal guardian as required by law before processing children’s Personal Data.

9.3. In addition to complying with other relevant legal regulations, processing Personal Data related to missing persons or deceased individuals will require the consent of one of the related persons as prescribed by current law.

10.  Customers’ Rights and Obligations Regarding Personal Data Provided to FPT IS

Customers’ Rights:

  • The right to be informed about their Personal Data processing activities, except as otherwise required by law;
  • The right to agree or disagree to allow the processing of their Personal Data, except as otherwise required by law;
  • The right to access, review, or request corrections to their Personal Data by submitting a written request to FPT IS, except as otherwise required by law;
  • The right to withdraw their consent by submitting a written request to FPT IS, except as otherwise required by law. Withdrawal of consent does not affect the legality of the data processing conducted before the consent withdrawal;
  • The right to request deletion of their Personal Data by submitting a written request to FPT IS, except as otherwise required by law;
  • The right to request restrictions on the processing of their Personal Data by submitting a written request to FPT IS, except as otherwise required by law;
  • The right to request that FPT IS provide them with their Personal Data by submitting a written request to FPT IS, except as otherwise required by law;
  • The right to object to FPT IS or any Entity Processing Personal Data outlined in this Policy from processing their Personal Data to prevent or limit the disclosure or use of Personal Data for advertising or marketing purposes, except as otherwise required by law.

Upon receiving requests regarding the provision of data, restriction of data processing, objection to data processing, or deletion of Personal Data, FPT IS will fulfill the Customer’s request within 72 hours of receiving the Data Subject’s request, depending on the specific case and in accordance with applicable laws.

  • If a correction request cannot be fulfilled, FPT IS will notify the customer within 72 hours of receiving the request.
  • The right to complain, denounce, or initiate legal proceedings as prescribed by law;
  • The right to claim compensation for actual damages in accordance with the law if FPT IS violates Personal Data protection regulations, except in cases where the parties have other agreements or the law stipulates otherwise;
  • The right to self-protection under the Civil Code, other relevant laws, or by requesting competent authorities or organizations to implement civil protection measures in accordance with Article 11 of the Civil Code;
  • Other rights as prescribed by current laws.

Customers’ Obligations:

  • To comply with laws, regulations, and guidelines of FPT IS related to customers’ Personal Data processing;
  • To provide complete, truthful, and accurate Personal Data and other information as requested by FPT IS during service registration and usage, as well as promptly update any changes to this information. FPT IS will ensure the confidentiality of the Customer’s Personal Data based on the registered information provided by the Customer. Therefore, FPT IS will not be liable for any inaccuracies in the information that affect or limit the Customer’s rights. If changes are not reported, any risks or losses arising will be the Customer’s responsibility, including errors, exploitation, or fraud due to the Customer’s failure to provide accurate, complete, and timely updates. This includes financial damage and additional costs resulting from incorrect or inconsistent information provided.
  • To cooperate with FPT IS, competent authorities, or third parties in resolving issues affecting the security of customers’ Personal Data;
  • To protect your Personal Data; proactively implement measures to safeguard your Personal Data during the use of FPT IS services; promptly notify FPT IS upon detecting any errors or inaccuracies in your Personal Data or suspecting that your Personal Data has been compromised.
  • To take responsibility for the information, data, and consents you create and provide in the online environment; bear responsibility in cases where your Personal Data is leaked or compromised due to your own fault.
  • To regularly update yourself on FPT IS’s Regulations and Policies as communicated to Customers or published on FPT IS’s websites and/or other transaction channels from time to time. Take actions as instructed by FPT IS to clearly indicate your consent or non-consent regarding the purposes of Personal Data processing as notified by FPT IS during each period.
  • To respect and protect others’ Personal Data;
  • Other obligations as prescribed by law.
11.  Retention of Personal Data

FPT IS commits to retaining customers’ Personal Data only for purposes stated in this Policy. Retention periods will be determined by FPT IS to ensure these purposes are met.

12.  Potential Consequences and Risks

Currently, FPT IS has not identified any unintended consequences or damage that may occur and will notify us in case of specific instances. During the processing of Personal Data, data breaches or leaks may happen due to the following reasons:

From customers:

The Customer may cause data breaches or leaks due to negligence or scams, such as accessing malicious websites or downloading applications containing malware, etc.
(a) FPT IS advises Customers to keep their login credentials, OTP codes, and related information confidential, and to avoid sharing these with anyone, including FPT IS employees.
(b) Customers should safeguard their electronic devices during use; lock, log out, or exit their accounts on FPT IS’s website or application when not in use; and adopt other security measures while using the Company’s services.

From FPT IS:

FPT IS commits to using information security technologies to protect the Customer’s Personal Data. However, no data can be guaranteed 100% security. Potential risks include hardware or software failures during data processing that result in data loss, security vulnerabilities beyond FPT IS’s control, or system-related hacking attacks that may lead to data breaches or leaks.

13.  Cross-Border Data Processing

13.1.To fulfill processing purposes stated in this Policy, FPT IS may share or transfer customers’ Personal Data to third parties within or outside Vietnam. Recipients must ensure confidentiality and data security. FPT IS will adhere to relevant legal obligations concerning international Personal Data transfers.

13.2.When providing/sharing Personal Data internationally, FPT IS will require the recipient to ensure that the Customer’s Personal Data transferred to them is kept confidential and secure. FPT IS guarantees compliance with all legal and regulatory obligations related to the transfer of the Customer’s Personal Data.

13.3.EU Customers: Personal Data may be accessed, transferred, or stored outside the European Economic Area (EEA), including countries with potentially lower data protection levels under EU law. FPT IS will adopt appropriate safeguards to protect all transferred Personal Data.

14.  Contact Information

For any questions regarding this Policy or issues related to data subjects’ rights or customers’ Personal Data processing, customers can contact FPT IS via:

Email: [email protected]

Hotline: (+84) 976 309 459

15.  General Terms

15.1.This policy has been effective since July 1, 2023. Customers understand and agree that this policy may be amended periodically and will be notified through FPT IS’s transaction channels before implementation. Changes and their effective dates will be updated and announced via FPT IS’s transaction channels and other communication platforms. The Customer’s continued use of services after the notification period regarding amendments or additions constitutes acceptance of such changes.

15.2.Customers acknowledge and agree that this policy also serves as the Personal Data Processing Notice as stipulated in Article 13 of Decree 13/ND-CP/2023 and its amendments or supplements from time to time before FPT IS processes Personal Data. Accordingly, FPT IS is not required to take any additional measures for the purpose of notifying Customers about the Processing of Personal Data.

15.3.  Upon receiving a request to exercise the Customer’s rights under Article 9.1 from the requester, FPT IS will take the necessary steps to verify and identify the requester before implementing the requested rights. If necessary, to verify identity and ensure the security of the Customer’s personal data, FPT IS may match the personal data provided by the requester when submitting the request with the data currently stored by FPT IS.

In cases where FPT IS deletes, destroys, or restricts the use of data at the Customer’s request, the Customer’s rights under contracts or service agreements signed with FPT IS that require the use of such personal data may be interrupted, altered, or terminated.

15.4. The Customer commits to strictly complying with the provisions of this Policy. For matters not specified herein, the Parties agree to adhere to applicable laws, the guidance of competent State authorities, and/or any amendments or supplements to this Policy as notified by FPT IS to the Customer from time to time.

15.5.  Customers may encounter advertisements or other content on any website, application, or device that may link to the websites or services of partners, advertisers, sponsors, or other third parties.

FPT IS does not control the content or links appearing on third-party websites or services and is not responsible and/or liable for the activities conducted by third-party websites or services linked to or from any website, application, or device. These websites and services may be subject to their own privacy policies and terms of use.

15.6. This policy is entered into in good faith between FPT IS and the Customer. In the event of a dispute during implementation, the Parties will actively resolve it through negotiation and mediation. If mediation fails, the dispute will be submitted to the competent People’s Court for resolution in accordance with applicable laws.

Privacy Policy