ALMIBIZ CO. LTD

Address:

Vinhomes Central Park L3-45.OT06
70000 Ho-Chi Minh City
Ho Chi Minh City
Vietnam

Contact:

Phone: +84 38 60 51 689
Email: contact@almibiz.com

PRIVACY POLICY FOR PERSONAL DATA PROTECTION

This Privacy Policy describes the methods of collection, use, and processing of personal data generated during the operations and business activities of ALMIBIZ CO., LTD (hereinafter “the Company”), located at L3-45.OT06, Vinhomes Central Park, 720A Dien Bien Phu Street, Ward 22, Binh Thanh District, Ho Chi Minh City, Vietnam, and whose official website is https://almibiz.com.

1.GENERAL PROVISIONS

1.1 Personal Data:
Personal Data means information in the form of symbols, written characters, numbers, images, sounds, or similar forms in an electronic environment that is associated with or helps to identify a specific person. Personal Data includes both basic Personal Data and sensitive Personal Data.

1.2 Data Subject:
Data Subject refers to the individual to whom the Personal Data relates, including all individual customers using the Company’s products or services, employees of the Company, shareholders, and/or any other individuals with whom the Company has established a legal relationship.

1.3 Processing of Personal Data:
Processing of Personal Data means one or more operations affecting Personal Data, such as collecting, recording, analyzing, verifying, storing, modifying, disclosing, combining, accessing, retrieving, recovering, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, or destroying Personal Data, or any other related actions.

1.4 Consent and Responsibility of the Data Subject:
When Personal Data of any person related to the Data Subject (including but not limited to information regarding dependents, those defined by law as related persons, spouse, child and/or parent and/or guardian, friends, beneficiaries, authorized persons, business partners, emergency contacts, or any other persons associated with the Data Subject) is provided to the Company, the Data Subject and such related persons represent, warrant, and accept responsibility that the information has been provided completely and that the Data Subject has lawfully consented/approved for such processing for the purposes stated in this Policy. The Data Subject and related persons agree that the Company is not responsible for verifying the legality or validity of such consent, and that the responsibility for storing any proof lies with the Data Subject and the related persons. The Company shall be indemnified and may claim compensation for any damages or costs incurred if the Data Subject or their related persons fail to comply with the provisions herein.

1.5 Acceptance of the Policy:
By registering for or using the Company’s products or services, entering into a contract, and/or permitting the Company to process Personal Data, the Data Subject accepts without reservation all of the policies referenced herein and any changes (if any) made from time to time.

1.6 Policy Updates:
This Policy may be updated, amended, supplemented, or replaced from time to time by the Company and will be posted on the Company’s official website (https://almibiz.com). You should visit our website regularly to review the latest updates.

1.7 Company Commitment:
The Company commits to processing Personal Data in accordance with the following principles:

  • (i) Process and protect Personal Data in accordance with Vietnamese law; fully comply with all contracts, agreements, and documents established with the Data Subject;
  • (ii) Collect Personal Data for specific, clear, and lawful purposes, within the scope stated in Section 3 of this Policy and in accordance with Vietnamese law;
  • (iii) Always apply and update technical measures as required by Vietnamese law to ensure the security of Personal Data, including measures to protect against unauthorized access and/or destruction, loss, or damage of the Personal Data;
  • (iv) Store Personal Data appropriately and only as long as necessary for processing in accordance with Vietnamese law;
  • (v) Comply with the provisions relating to the protection of children’s data.

2. PERSONAL DATA THAT MAY BE PROCESSED

To enable the Company to process Personal Data for the purposes set out in Section 3, the Company may process the following types of Personal Data:

2.1 Basic Personal Data includes:

  • (i) Surname, middle name, and given name (or any other names, if applicable);
  • (ii) Date of birth; date of death or disappearance;
  • (iii) Gender;
  • (iv) Place of birth, place of birth registration, permanent address, temporary address, current address, hometown, and contact address;
  • (v) Nationality;
  • (vi) Personal images; information obtained from security systems, including recordings from surveillance cameras at the Company’s business/transaction locations;
  • (vii) Telephone number; identity card number; citizen identification number; personal identification number; passport number; driver’s license number; vehicle license plate number; personal tax code; social insurance number; health insurance card number;
  • (viii) Occupation and workplace;
  • (ix) Marital status;
  • (x) Information on family relationships (parents, children);
  • (xi) Information regarding the individual’s bank account; Personal Data reflecting preferences and online activity history;
  • (xii) Any other information associated with or used to identify a specific person that does not fall under sensitive Personal Data as defined in Section 2.2.

2.2 Sensitive Personal Data includes the following:

  • (i) Political opinions and religious beliefs;
  • (ii) Health status and private details recorded in medical records (excluding blood type information);
  • (iii) Information regarding racial or ethnic origin;
  • (iv) Information on genetic characteristics inherited or obtained by the individual;
  • (v) Information regarding unique physical attributes or biological characteristics of the individual;
  • (vi) Data on criminal records or criminal behavior collected and stored by law enforcement agencies;
  • (vii) Information regarding the Data Subject’s bank account;
  • (viii) Data concerning the customer’s location as determined by location services;
  • (ix) Any other Personal Data that is specified by law as particular and requiring special security measures.

3. PURPOSES FOR PROCESSING PERSONAL DATA

Personal Data may be processed for one or more of the following purposes:

3.1 Evaluating the Feasibility of Providing Products/Services or Entering into Contracts with the Data Subject, including but not limited to:

  • (i) Identifying and verifying information about the Data Subject;
  • (ii) Evaluating, assessing, and approving the provision of products or services based on registration documents, application forms, or contracts entered into by the Data Subject and/or their related persons;
  • (iii) Considering whether to provide or continue to provide any products or services of the Company to the Data Subject.

3.2 Fulfilling Contractual and Legal Obligations and Providing Customer Support, including but not limited to:

  • (i) Fulfilling contractual obligations and providing products or services to the Data Subject;
  • (ii) Updating and processing the Data Subject’s information;
  • (iii) Handling customer care, complaints, or disputes;
  • (iv) Using and transferring Personal Data to the Data Subject’s partners and related parties for troubleshooting product/service issues or product repairs;
  • (v) Contacting or notifying the Data Subject;
  • (vi) Implementing promotional, gift exchange, reward, or incentive programs;
  • (vii) Carrying out other customer care and support activities.

3.3 Enhancing the Quality of the Company’s Products and Services, including but not limited to:

  • (i) Providing information requested by the customer or deemed useful by the Company;
  • (ii) Improving technology, the website interface, social media, or applications to ensure customer convenience;
  • (iii) Managing customer accounts and loyalty programs;
  • (iv) Collecting and analyzing data to research, develop, and improve products or services and enhance customer experience;
  • (v) Developing and providing new products or services personalized to customers’ needs and actual conditions;
  • (vi) Introducing and providing promotional programs or special offers for the Company’s products or services and those of its partners;
  • (vii) Proposing products or services that the customer might be interested in based on their preferences.

3.4 Supporting the Business Operations and Management of the Company, including but not limited to fulfilling reporting, financial, accounting, and tax obligations, conducting audits and compliance activities, and performing any other business-related functions as deemed necessary by the Company.

3.5 Restructuring, Project/Business Transfer:
During its business operations, the Company may sell or acquire businesses, restructure the company, or transfer projects or services in accordance with applicable law. In such cases, Personal Data and the rights to use such data are considered assets to be transferred. In every instance, the transfer and processing of data shall be carried out in compliance with the law and this Policy.

3.6 Marketing:
Developing marketing campaigns and promoting products or services, including campaigns based on customer preferences.

3.7 Crime Prevention and Investigation.

3.8 Safeguarding Social Order and Protecting the Legitimate Rights and Interests of the Data Subject, the Company, and other related parties.

3.9 Compliance with Law and International Conventions:
Including, but not limited to:

  • (i) Providing Personal Data to state agencies with jurisdiction as required by law;
  • (ii) Fulfilling obligations under applicable law and any international conventions to which Vietnam is a party.

3.10 Other Purposes if the Data Subject consents.

4. METHODS OF PROCESSING PERSONAL DATA

4.1 Collection Methods:
Personal Data is collected as follows:

  • (i) From the Company’s websites and applications: Personal Data is collected when the Data Subject fills in forms on the Company’s websites or applications.
  • (ii) From the provision of products, services, and the fulfillment of contractual or agreed obligations: Personal Data is collected when the Data Subject purchases, registers for, uses any product or service, or signs a contract with the Company.
  • (iii) From communications with the Data Subject: Personal Data is collected through interactions between the Company and the Data Subject (in person, via mail, telephone, online, call center, electronic communication, or any other means), including surveys.
  • (iv) From social media: From the Company’s social media pages and/or those operated in partnership with other parties.
  • (v) From audio or video recording devices: Installed at stores, business locations, or places where part or all of the Company’s business activities occur, where the Data Subject is present, appears, or interacts with the Company.
  • (vi) From automatic data collection technologies: The Company may automatically collect information from connections, including:
    • Cookies, pixel tags, and similar technologies;
    • Any technology capable of tracking individual activity on devices or websites;
    • Other data provided by a device.
  • (vii) Other sources: The Company may collect Personal Data from publicly available or authoritative sources or through the sharing of necessary data from its parent company, subsidiaries, affiliated companies, or partners in accordance with legal requirements.

4.2 Storage Methods:
Personal Data is stored in Vietnam on the Company’s database systems or at any location where the Company or its branches, subsidiaries, affiliated companies, partners, or service providers are present. The retention period is determined based on the purpose of use as stated in this Policy and in accordance with applicable law.

4.3 Transfer/Sharing Methods:
The Company will not sell Personal Data to any party. It uses the necessary security measures to ensure that the transfer/sharing of Personal Data is conducted safely. Personal Data may be shared with:

  • (i) The parent company, subsidiaries, or affiliated companies of the Company;
  • (ii) Individuals or organizations involved in the processing of Personal Data as provided in this Policy;
  • (iii) State agencies with jurisdiction or other cases permitted by law. If a recipient of Personal Data is located outside Vietnam, when transferring data abroad (including but not limited to using networks, devices, electronic means, or other methods), the Company will require the recipient to ensure the safety and security of the Personal Data. The Company commits to fully comply with Vietnamese law in protecting Personal Data.

4.4 Analysis Methods:
Personal Data is analyzed according to the Company’s internal procedures, following data security principles and ensuring information security within its IT systems.

4.5 Encryption Methods:
When necessary, Personal Data is encrypted using appropriate encryption standards during storage or transfer to ensure continuous protection.

4.6 Data Deletion Methods:
In accordance with the law or upon a valid request from the Data Subject, the Company will delete stored Personal Data except in the following cases:

  • (i) The law prohibits deletion or mandates retention;
  • (ii) Personal Data is processed by a state agency for its operations as required by law;
  • (iii) Personal Data has been made public according to legal requirements;
  • (iv) Personal Data is processed for legal, scientific research, or statistical purposes as prescribed by law;
  • (v) In cases of national defense, national security, social order and safety, major disasters, or dangerous epidemics; or when there is a threat to security or national defense but not at the level of a declared emergency; to prevent riots, terrorism, crime, or other law violations;
  • (vi) To respond to emergencies that threaten the life, health, or safety of the Data Subject or others. Throughout the processing, ensuring data security is the Company’s highest priority. The Company applies appropriate technical measures to prevent unauthorized access, use, or sharing of Personal Data and regularly collaborates with security experts to update its cybersecurity techniques. Payment card data issued by financial institutions is protected by the Company under the principle of not storing sensitive card information (card number, cardholder’s name, CVV) on our systems. Payment transactions are processed via the relevant bank’s system.

5. PROCESSING OF CHILDREN’S PERSONAL DATA

5.1 The Company will process the Personal Data of children in accordance with the principles of protecting children’s rights and for the best interests of the child, in accordance with applicable law.
5.2 The Company will only process children’s Personal Data and provide products or services for children if the child’s parent or guardian consents to the child’s use of the Company’s products or services, agrees to the processing of the child’s Personal Data, accepts this Policy, and complies with the relevant legal requirements. In cases where children aged 7 or above use the Company’s products or services, in addition to the requirements stated herein, the Company will process the child’s Personal Data only if the child has provided consent. The parent, guardian, or caregiver is responsible for obtaining the child’s consent before providing the child’s Personal Data to the Company.

6. POTENTIAL UNDESIRABLE CONSEQUENCES AND DAMAGES

6.1 The Company employs various information security technologies (e.g., firewalls, access control measures, encryption, etc.) to protect and prevent unauthorized access, use, or sharing of Personal Data. However, the Company cannot guarantee absolute security of Personal Data in cases such as:

  • (i) Hardware or software failures during processing that result in data loss;
  • (ii) Security vulnerabilities beyond the Company’s control or if the system is attacked by hackers causing data exposure. 6.2 The Company recommends that Data Subjects keep confidential any information related to account passwords and OTP codes and not share such information with anyone. 6.3 Data Subjects should understand that whenever they disclose or make their Personal Data public, such information may be collected and used by others beyond the Data Subject’s and the Company’s control. 6.4 The Company advises Data Subjects to safeguard their personal devices (e.g., mobile phones, tablets, personal computers) during use and to log out of their accounts when not in use. 6.5 In the event that the data storage server is attacked, resulting in loss, exposure, or unauthorized access to Personal Data, the Company will notify the relevant authorities and inform the affected Data Subjects as required by law. 6.6 The internet is not an absolutely safe environment; therefore, when transmitting Personal Data online, Data Subjects should use only secure systems and keep their authentication information confidential.

7. START AND END OF PERSONAL DATA PROCESSING

7.1 Personal Data is processed from the time the Company lawfully receives it and has a proper legal basis to do so in accordance with applicable law.
7.2 Personal Data will be processed until the purposes for which it was collected have been fulfilled.
7.3 The Company may continue to store Personal Data even after the termination of any contract between the parties in order to fulfill legal obligations or as required by state agencies.

8. ORGANIZATIONS AND INDIVIDUALS INVOLVED IN THE PROCESSING OF PERSONAL DATA

8.1 Depending on the case, the Company may act as the data controller or as both the data controller and data processor.
8.2 Within the limits allowed by law, the Data Subject understands that the Company may share Personal Data for the purposes set out in this Policy with the following organizations or individuals:

  • (i) The parent company, subsidiaries, or affiliated companies of the Company;
  • (ii) Individuals or organizations that provide services and/or cooperate with the Company, including but not limited to agents, auditors, lawyers, business partners, IT solution providers, software and application vendors, and service providers for operations, management, incident handling, and infrastructure development;
  • (iii) Any individual or organization representing or authorized by the Data Subject to act on their behalf. Such sharing shall be carried out in accordance with the applicable procedures, methods, and legal requirements. The recipients of the Personal Data are obligated to maintain its confidentiality in accordance with this Policy, the Company’s internal regulations, and applicable data protection standards and laws. 8.3 The Company may also be required to share Personal Data with state agencies having jurisdiction as provided by law.

9. RIGHTS OF THE DATA SUBJECT

The Data Subject has the following rights: 9.1 The right to be informed about the processing of their Personal Data, except where otherwise provided by law. 9.2 The right to consent or withhold consent for the processing of their Personal Data, except as otherwise provided by law. 9.3 The right to access, view, or request modifications to their Personal Data, except where otherwise provided by law. 9.4 The right to withdraw their consent. 9.5 The right to request deletion of their data. 9.6 The right to restrict the processing of their Personal Data as provided by law. 9.7 The right to request a copy of their Personal Data, except where otherwise provided by law. 9.8 The right to object to the processing of their data. 9.9 The right to lodge a complaint, report, or take legal action. 9.10 The right to request compensation for any damages. 9.11 The right to self-protection.

Data Subjects may exercise these rights by submitting a request to the Company. Such a request must include the basic details of the requester, the detailed content of the request (e.g., which data to provide or delete, document or file names if applicable), the reasons and purpose for the request, and any other relevant information (for example, whether the requested data should be provided in electronic or paper format, the delivery address, etc.). Any costs incurred (if any) in fulfilling these requests (e.g., printing, copying, postal or courier fees) shall be borne by the requester and must be paid by the latest when the data is received or within a period determined by the Company.

The Company will process Data Subject requests in accordance with applicable law and with due regard to the legitimate rights of the Data Subject. However, if the Data Subject withdraws their consent, requests deletion of data, or exercises any other related rights in a way that affects the Company’s ability to provide or maintain its products or services for the Data Subject or to maintain contractual relationships, the Company may decide to cease providing products/services or terminate the contract with the Data Subject. Such actions will be considered a unilateral termination of the relationship between the Data Subject and the Company, potentially leading to a breach of contractual obligations, and the Company reserves all legal rights and remedies. The Company will endeavor to process legitimate requests within the legally prescribed timeframe. For security reasons, the Company may require the Data Subject to verify their identity before processing the request.

The Company reserves the right to refuse Data Subject requests in the following (but not limited to) cases:

  • (i) The Data Subject does not follow the procedures or provide complete or valid information as guided by the Company;
  • (ii) The Data Subject does not provide sufficient documents or information to verify their identity;
  • (iii) The Company determines there is evidence of fraud or violations in data protection;
  • (iv) The law does not permit the request to be fulfilled.

10. DUTIES OF THE DATA SUBJECT

10.1 The Data Subject must protect their own Personal Data; request that other related organizations or individuals protect their Personal Data; and promptly notify the Company if any error, confusion, leakage, or suspected compromise of Personal Data is detected.
10.2 The Data Subject must respect and protect the Personal Data of others.
10.3 The Data Subject must provide complete and accurate Personal Data when consenting to its processing. Should any inaccuracies occur, the Data Subject shall bear any resulting costs if such inaccuracies affect or restrict their rights.
10.4 The Data Subject must comply with applicable data protection laws and participate in preventing violations thereof.
10.5 The Data Subject shall fulfill any other responsibilities as provided by law.

11. MISCELLANEOUS PROVISIONS

11.1 The Data Subject acknowledges that by accepting this Policy, they have agreed to allow ALMIBIZ CO., LTD (and any organizations or individuals involved in processing) to process their Personal Data; that they understand the type of data processed, the purposes of processing, the parties involved, and their related rights and obligations. The Data Subject confirms that they have been informed and agree to all the necessary disclosures prior to the processing of their Personal Data and agree that the Company need not provide further notice before each subsequent processing.

11.2 If you have any questions about the protection of Personal Data by the Company, please contact us and we will endeavor to answer your questions as soon as possible. You may also contact us at the following address:

Contact address: L3-45.OT06, Vinhomes Central Park, 720A Dien Bien Phu Street, 22 Ward, Binh Thanh District, HCM City, Vietnam

11.3 This Policy is effective from 01/03/2025.