Personal Data Protection Policy
OVUI VIETNAM
This Personal Data Protection Policy describes how we collect, use, and process personal data arising during Ovuigo.com’s operations and business activities.
ARTICLE 1. GENERAL PROVISIONS
1.1 Personal Data: Information in the form of symbols, letters, digits, images, sounds, or similar forms in electronic environments that are associated with or help identify a specific person. Personal Data includes Basic Personal Data and Sensitive Personal Data.
1.2 Data Subject: The individual reflected by the Personal Data, including all individual customers using the Company’s products and services, employees, shareholders, and other individuals with a legal relationship to the Company.
1.3 Process, Processing or Processed: One or more activities affecting Personal Data, including: collection, recording, analysis, confirmation, storage, correction, disclosure, combination, access, retrieval, recalling, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, destruction, or other related actions.
1.4 Personal Data Protection Policy or “this policy”: The entire content of this policy drafted and issued by the Company, consisting of 11 articles and 61 clauses in full.
1.5 When Personal Data of any relevant person of the Data Subject (including but not limited to information of dependents, related persons, spouse, children, parents, guardians, friends, beneficiaries, authorized persons, partners, emergency contacts, or other individuals) is provided to the Company, the Data Subject and relevant persons warrant that the information has been fully provided and lawfully agreed/approved for processing according to this policy. The Data Subject and relevant persons agree that the Company is not responsible for due diligence on the legality and validity of this consent or for storing evidence, as this is the responsibility of the Data Subject and relevant persons. The Company is exempt from liability and compensation for related damages when the Data Subject or relevant persons don’t comply with these provisions.
1.6 By registering, using the Company’s products and services, entering into contracts, and/or allowing the Company to Process Personal Data, the Data Subject fully and unconditionally accepts this policy and any changes from time to time.
1.7 This Policy may be updated, modified, supplemented, or replaced by the Company and posted on the Company’s official website. Please visit our official website regularly for the latest changes.
1.8 The Company undertakes to comply with the following principles when Processing Personal Data:
a) Process and protect Personal Data in accordance with Vietnamese laws and fully comply with contracts, agreements, and other documents established with the Data Subject;
b) Collect Personal Data for specific, explicit, and lawful purposes within the scope stated in Article 3 of this policy and in accordance with Vietnamese laws;
c) Apply and update technical measures in accordance with Vietnamese laws to ensure Personal Data safety, including protection from unauthorized access, destruction, loss, or damage;
d) Store Personal Data appropriately and only to the extent necessary for processing in accordance with Vietnamese laws;
e) Comply with regulations related to the protection of children’s data.
ARTICLE 2. PROCESSED PERSONAL DATA
To Process Personal Data for the purposes set out in Article 3, the Company may process the following types of Personal Data:
2.1 Basic Personal Data includes:
a) Original family name, middle name, last name, and other names (if any);
b) Date of birth, date of death, or disappearance;
c) Gender;
d) Place of birth, birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
e) Nationality;
f) Individual image and information from security systems, including recordings from camera systems and surveillance cameras at the Company’s business/transaction locations;
g) Telephone number, identity card number, citizen identification number, personal identification number, passport number, driver’s license number, license plate number, personal tax identification number, social insurance number, health insurance card number;
h) Occupation and workplace;
i) Marital status;
j) Information about family relationships (parents, children);
k) Information about digital accounts and Personal Data reflecting interests and activity history in cyberspace;
l) Other information associated with or helping identify a specific person that doesn’t fall within Sensitive Personal Data as set out in Article 2.2.
2.2 Sensitive Personal Data includes:
a) Political and religious views;
b) Health status and private life recorded in medical records, excluding blood type information;
c) Information related to racial or ethnic origin;
d) Information about inherited or acquired genetic traits;
e) Information about physical attributes and unique biological characteristics;
f) Data on crimes and criminal acts collected and stored by law enforcement agencies;
g) Information about bank accounts;
h) Data about customer location determined through location services;
i) Other Personal Data specified by law as specific and requiring necessary security measures.
ARTICLE 3. PURPOSES OF PERSONAL DATA PROCESSING
Personal Data may be processed for one or more of the following purposes:
3.1 Evaluating capability to provide products, services, and/or enter contractual commitments:
a) Identifying and verifying Data Subject information;
b) Evaluating, reviewing, and approving provision of products and services according to registration documents, applications, and contracts;
c) Considering provision or continued provision of Company products and services.
3.2 Fulfilling contractual obligations and providing customer support:
a) Performing obligations under contracts and agreements and providing products and services;
b) Updating and processing Data Subject information;
c) Handling complaints and lawsuits;
d) Using and transferring Personal Data to partners to identify and fix product and service issues;
e) Contacting and notifying the Data Subject;
f) Implementing promotional programs, gift exchanges, awards, and deliveries;
g) Performing other customer care and support activities.
3.3 Improving product and service quality:
a) Providing requested or useful information;
b) Improving technology and interfaces of websites, social networks, and applications;
c) Managing customer accounts and loyalty programs;
d) Conducting statistics and data analysis for research and product/service development;
e) Developing personalized products and services based on customer needs;
f) Introducing promotions and incentives for products and services;
g) Proposing products and services that may interest customers by identifying their interests.
3.4 Serving business and operational activities, including fulfilling reporting, financial, accounting, tax obligations, auditing, compliance activities, and other activities serving the Company’s legitimate business needs.
3.5 Restructuring and transferring projects/enterprises:
During business operations, the Company may sell or buy businesses, restructure, or transfer projects or services. Accordingly, Personal Data and information usage rights are among the transferred assets. In all cases, data transfer and processing will comply with legal provisions and this policy.
3.6 Marketing: Building marketing campaigns and promoting products and services, including campaigns based on customer preferences.
3.7 Prevention, caution, investigation, and detection of crimes.
3.8 Protecting social order and safety and the legitimate rights and interests of Data Subjects, the Company, and related parties.
3.9 Compliance with legal provisions and international treaties:
a) Providing information to competent state agencies as required by law;
b) Fulfilling obligations under legal provisions and international treaties.
3.10 Other purposes with the consent of the Data Subject.
ARTICLE 4. HOW PERSONAL DATA IS PROCESSED
4.1 Data Collection Methods:
a) From Company websites and applications when Data Subjects complete forms;
b) From product and service provision and contract performance;
c) From exchanges and communications with Data Subjects (in person, mail, telephone, online, call center, electronic communication, surveys);
d) From social networks operated by or in cooperation with the Company;
e) From audio and video recording devices at stores, business points, or Company business locations;
f) From automated data collection technologies:
- Cookies, pixel tags, and similar technologies
- Technologies tracking personal activity on devices or websites
- Device-provided data information
g) Other sources including public/official information sources or from parent companies, subsidiaries, affiliates, and partners.
4.2 Data Storage:
Personal Data is stored in Vietnam in the Company’s database system or wherever we or our affiliates, subsidiaries, or service providers have facilities. Storage periods are determined based on usage purposes stated in this policy and applicable regulations.
4.3 Data Transfer/Sharing:
a) The Company will not sell Personal Data. We use necessary security measures to ensure secure transfer/sharing. Personal Data may be shared with:
- The Company’s parent company, subsidiaries, and affiliates
- Individuals/organizations involved in Personal Data Processing
- Competent state agencies or other cases in accordance with applicable regulations
b) When providing/transferring Personal Data abroad, the Company will require receiving parties to ensure data safety and security, fully complying with Vietnamese legal requirements.
4.4 Data Analysis:
Personal Data is analyzed based on the Company’s internal processes and data and information security principles for IT systems.
4.5 Data Encryption:
When necessary, Personal Data is encrypted according to appropriate standards during storage, transfer, and processing to ensure continuous protection.
4.6 Data Deletion:
The Company will delete stored Personal Data upon valid request from the Data Subject or as required by regulations, except when:
a) The law prohibits deletion or requires mandatory storage;
b) The data is processed by state agencies for official activities;
c) The data has been legally disclosed;
d) The data is processed for legal requirements, scientific research, or statistics;
e) In cases of national defense and security emergencies, social order and safety threats, disasters, epidemics, riots, terrorism, crime, or law violations;
f) Responding to emergencies threatening life, health, or safety.
Security is the Company’s highest priority throughout Personal Data Processing. We implement appropriate technical measures to prevent unauthorized access and use of Personal Data, regularly collaborating with security experts to update cybersecurity techniques. Payment card data is protected by not recording important payment information (card number, name, CVV) on our system, with transactions occurring on the relevant bank’s system.
ARTICLE 5. PROCESSING OF CHILDREN’S PERSONAL DATA
5.1 The Company will Process Children’s Personal Data in accordance with the principle of protecting children’s rights and best interests and legal provisions.
5.2 The Company processes children’s Personal Data and provides services to children only with parent or guardian consent to use products and services, process the child’s Personal Data, and accept this policy. For children aged 7 years or older, the Company will additionally require the child’s consent. Parents or guardians are responsible for obtaining the child’s consent before providing Personal Data to the Company.
ARTICLE 6. POTENTIAL CONSEQUENCES AND UNEXPECTED DAMAGE
6.1 The Company uses various information security technologies (firewalls, access controls, encryption) to protect against unauthorized access, use, or sharing of Personal Data. However, absolute security cannot be guaranteed in cases such as:
a) Hardware and software errors causing data loss;
b) Security vulnerabilities beyond Company control, including hacker attacks causing data exposure.
6.2 Data Subjects should keep account login passwords and OTP codes confidential and not share them with others.
6.3 Data Subjects should be aware that when Personal Data is disclosed publicly, it may be collected and used by others for purposes beyond the control of both the Data Subject and the Company.
6.4 The Company recommends securing personal devices during use and logging out of accounts when not in use.
6.5 In case of server attacks leading to Personal Data loss or leakage, the Company will notify investigating authorities and inform Data Subjects as required by law.
6.6 Cyberspace is not secure, and the Company cannot guarantee that shared Personal Data will always remain secure. When transmitting Personal Data online, Data Subjects should use secure systems and are responsible for keeping access credentials secure and confidential.
ARTICLE 7. DURATION OF PERSONAL DATA PROCESSING
7.1 Personal Data processing begins when the Company lawfully receives the data and has an appropriate legal basis for processing.
7.2 Processing continues until the purposes of data processing have been completed.
7.3 The Company may store Personal Data even after contract termination to fulfill legal obligations or requirements from competent authorities.
ARTICLE 8. ORGANIZATIONS AND INDIVIDUALS PARTICIPATING IN PERSONAL DATA PROCESSING
8.1 Depending on circumstances, the Company may be the controller of personal data or both controller and processor.
8.2 To the extent permitted by law, the Company may share Personal Data for stated purposes with:
a) Parent companies, subsidiaries, and associated companies;
b) Service providers and cooperating organizations, including agents, auditors, lawyers, business partners, IT solution providers, and infrastructure developers;
c) Representatives, authorized parties, or anyone acting on behalf of the Data Subject.
Data sharing will comply with legal regulations. Recipients must maintain confidentiality according to this Policy, Company regulations, Personal Data protection standards, and applicable laws.
8.3 The Company may be required to share Personal Data with competent state authorities as required by law.
ARTICLE 9. RIGHTS OF DATA SUBJECTS
9.1 Right to know about Personal Data Processing activities, unless otherwise provided by law.
9.2 Right to consent or object to the Processing of Personal Data, unless otherwise required by law.
9.3 Right to view, correct, or request correction of Personal Data, unless otherwise required by law.
9.4 Right to withdraw consent.
9.5 Right to erasure data.
9.6 Right to restrict the processing of Personal Data in accordance with the law.
9.7 Right to request provision of Personal Data, unless otherwise provided by law.
9.8 Right to object to data processing.
9.9 Right to complain, denounce, and initiate lawsuits.
9.10 Right to claim damages.
9.11 Right to self-protect.
Data Subjects may exercise these rights by submitting requests to the Company including requester information, detailed content, reasons, purposes, and relevant information. Any costs arising from fulfilling these requests will be borne by the requester.
The Company will process requests according to law and consider the Data Subject’s legitimate interests. However, if a Data Subject withdraws consent, requests data deletion, or exercises other rights affecting the Company’s ability to provide services or maintain the relationship, the Company may discontinue services or terminate the relationship. Such acts may constitute unilateral termination by the Data Subject and may breach contractual commitments, with the Company reserving its legal rights in such cases.
With reasonable efforts, the Company will address valid requests within a reasonable time. For security purposes, the Company may require identity verification before processing requests. The Company may refuse requests in certain cases, including: incomplete or invalid requests, inadequate identity verification, suspected fraud or Personal Data protection violations, or when applicable regulations don’t allow implementation of the request.
ARTICLE 10. OBLIGATIONS OF THE DATA SUBJECT
10.1 Self-protect personal data and request protection from other relevant organizations and individuals. Promptly notify the Company of any errors, mistakes, leaks, or suspected breaches of Personal Data.
10.2 Respect and protect others’ personal data.
10.3 Provide complete and accurate Personal Data when consenting to Processing. The Data Subject will bear responsibility for any false information affecting their interests.
10.4 Comply with personal data protection laws and participate in preventing violations of data protection regulations.
10.5 Fulfill other responsibilities as prescribed by law.
ARTICLE 11. OTHER REGULATIONS
11.1 By accepting this policy, the Data Subject consents to Personal Data processing by the Company and participating organizations or individuals, acknowledges the types of data processed, processing purposes, processing entities, and their rights and obligations. The Data Subject has been notified about and consented to all content requiring notification before processing. The Data Subject agrees that the Company and participating entities need not notify each other before Processing Personal Data.
11.2 For questions about personal data protection, please contact us at:
Contact address: Block 09-04, Phuoc Trach, Phuoc Hai Residence, Cua Dai Ward, Hoi An City
Email: ovuivietnam@gmail.com
Phone: +84868319161
11.3 This policy is effective from November 5, 2024.