ARTICLE 1. GENERAL PRINCIPLES
1.1. This Personal Data Protection Policy described how Personal Data of Members participating in WAON POINT Program is collected and used within the scope of this Program in order to respect the privacy and security of the Members’ Personal Data. Unless otherwise defined herein, the capitalized terms shall have the meaning given to it in the Agreement and the Policy, Terms and Conditions.
1.2. The roles and identities of parties involved in processing Members’ Personal Data within the scope of the WAON POINT Program:
1.2.1. Each Participating Partner acts as a Data Controller and Processor in relation to the Member’s Personal Data collected by that Participating Partner via its Mobile Application and/or other methods described in Article 2 of this Personal Data Protection Policy. Specifically, a Participating Partner will determine the purposes and methods of processing the Member’s Personal Data collected by itself in order to serve the implementation of WAON POINT Program jointly held by all Participating Partners.
The list and details of Participating Partners are announced time by time in accordance with current regulations.
1.2.2. ACSTV acts as a Data Controller and Data Processor. Specifically, ACSTV, on behalf of Participating Partners, will process Members’ Personal Data in order to implement and operate WAON POINT Program in accordance with the signed Agreements between ACSTV and the Participating Partners.
1.3. This Personal Data Protection Policy describes the following:
1.3.1. What kind of Personal Data We collect and how We collect such information;
1.3.2. Storage of Personal Data;
1.3.3. The purposes for which We collect and use Personal Data;
1.3.4. The parties to whom We disclose Personal Data;
1.3.5. The choices that We offer, including how to access and update the Personal Data;
1.3.6. Members’ rights and obligations regarding their Personal Data.
1.4. Before participating in the WAON POINT Program, Members must acknowledge thorough reading and agreement to the content of this Personal Data Protection Policy. By signing up for an account to participate in the WAON POINT Program on the Mobile Application, the Members confirm that they have been clearly and fully informed of and agree with all terms and conditions of this Personal Data Protection Policy of WAON POINT Program.
1.5. Members who connect with Us by the Mobile Applications on smartphone, will be required to give Personal Data. In addition, Members may also provide their Personal Data to Us via the methods described in Article 2 of this Personal Data Protection Policy.
1.6. We will verify the age of Members before collecting their Personal Data. Members agree to be responsible for the accuracy and truthfulness of the age information they provide. If you are a Child, you are requested to obtain consent from your parents or legal guardians before signing up for an account to participate in the WAON POINT Program on the Mobile Applications and submit any Personal Data to Us. If the parents and legal guardians become aware that their Child has provided his/her Personal Data to Us without their prior valid consent, they may contact Us to cease processing and/or irretrievably delete or destroy the provided Personal Data.
1.7. Members guarantee that all Personal Data submitted to Us is up-to-date, complete and accurate. Failure on your part to do so may result in our inability to provide Members with the products and/or promotion campaigns according to Program.
If Members believe that any of your Personal Data We are holding and/or processing is out of date, incorrect or incompleted, please notify Us at the contact details specified in Article 10 hereunder.
1.8. Members are responsible for promptly notifying Us of any third party’s unauthorized usage, abuse, and security violations of Personal Data in order to respond appropriately.
1.9. This Personal Data Protection Policy is governed by and construed in accordance with the laws of the Socialist Republic of Vietnam. In case of raising any problem related to this Personal Data Protection Policy requires legal intervention, We will rely on this Personal Data Protection Policy to protect Our and/or the Members’ benefits.
1.10. This Personal Data Protection Policy is available in both English and Vietnamese. However, if there is any discrepancy between the English and Vietnamese versions, the Vietnamese version shall prevail.
ARTICLE 2. SCOPE OF INFORMATION COLLECTION
2.1.The Personal Data that We collect about Members includes:
Basic Personal Data: Members’ name, date of birth, gender, nationality, legal identification information (such as personal identification/ identity card/ citizen card/ passport number), address, phone number, details of account(s) registered on the Mobile Application, type of goods and/or services that the Members are interested in and such other necessary information in connection with the Members and Members’ transaction(s) with the Participating Partners and/or ACSTV that does not fall under the statutory categories of Sensitive Personal Data.
2.2. The Personal Data that We DO NOT collect about Members includes:
Sensitive Personal Data: means any information associated with an individual’s privacy and, if compromised, will directly affect such individual’s legitimate rights and interests, including information about Members’ location that has been obtained through location services upon Members’ access to and use of the Mobile Application.
2.3. We may obtain Personal Data of the Members from themselves through a variety of sources including but not limited to:
2.3.1. Information provided in application forms when the Members use the goods or services of Our Shopping Stores, when the Members take part in Our customer surveys and other promotional programs;
2.3.2. Through the Members’ communications with Us in verbal, written forms or via e-mail;
2.3.3. From an analysis of the Members’ habits of using and managing the Members’ account(s) with Us, from the transactions, payments of the Members with Us;
2.3.4. From other sources that the Members agreed on the disclosure of their Personal Data for Us.
ARTICLE 3. STORAGE OF MEMBERS’ PERSONAL DATA
3.1. Storing and updating correct Personal Data is very important to Us. We retain the Members’ Personal Data during the implementation and after the expiration of the WAON POINT Program, for such a period as we deem appropriate, by maintaining physical, and digital protection methods in compliance with this Personal Data Protection Policy and/or the provisions of laws.
3.2. Unless otherwise provided by Vietnamese laws, at the end of the retention period or appropriate time or upon our receipt of the Members’ request for deletion of their Personal Data in accordance with the applicable laws, We shall take steps to permanently destroy or irretrievably delete information subject to such request or store such information anonymously or in a de-identified manner in accordance with the laws.
ARTICLE 4. PURPOSE OF COLLECTING, USING AND METHOD OF HANDLING MEMBERS’ PERSONAL DATA
4.1. This Personal Data that the Members provide is used to support Us in communication and contacting with the Members in order to provide goods/services and privilege to the Members within the framework of the WAON POINT Program.
4.2. In particular, We collect, store, use and/or process Members’ Personal Data for the following purposes:
4.2.1. To provide goods/deliver services to the Members;
4.2.2. To send notifications and conduct other information exchange activities between Us and the Members;
4.2.3. To notify the Members about important changes/developments to Our Mobile Application and/ or System in order to proceed our Program;
4.2.4. To organize, coordinate, and manage the WAON POINT Program; establish, develop, manage, and process a database of information on the Members, WAON Points, and other information related to the WAON POINT Program;
4.2.5. To communicate with the Members including responding to the Members’ enquiries and/or complaints and resolving disputes;
4.2.6. For the activities of strategic alliances, purchase, marketing, promotions and providing services by Our other units/departments/entities within the WAON POINT Program for the purpose of developing Our business activities and for the Members’ benefits;
4.2.7. To improve and develop Our services and assure the Members’ benefits;
4.2.8. Research and develop new goods and/or services;
4.2.9. To manage goods and services provided to Members and implement Our rights and obligations;
4.2.10. To comply with regulatory requirements and provide assistance to enforceable organizations;
4.2.11. To prevent, detect or denounce cases of fraud/crime in compliance with legal and regulatory regulations;
4.2.12. To process related agreements;
4.2.13. To comply with the legal obligations that We must follow;
4.2.14. Perform responsibilities for the common benefits of the parties involved in the WAON POINT Program;
4.2.15. For other legal purposes to the extent permissible by the Members and the applicable laws.
4.3. We apply several measures to protect Members’ data and information as follows:
4.3.1. The database with its own access password is placed on DB server and is applied with measures such as FireWall, IP WhiteList and other methods guaranteed by DB server.
4.3.2. Assign specific departments and individuals to be in charge at connection points to access Member Information.
4.3.3. For internal actors: Develop a strict internal management policy on protecting Member Information, periodically check access permissions and extracted data.
4.4. Method of handling personal data’s member.
4.4.1. From time to time and for each of the above purposes, We will perform one or more activities affecting Personal Data, such as: collect, record, analyze, confirm, store, rectify, disclose, combine, access, trace, retrieve, encrypt, decrypt, copy, share, transmit, provide, transfer, delete, destruct or other relevant activities.
4.4.2. Personal Data Processing activities may be performed by us in an automatic or non-automatic manner, by electronic devices or by manual means or by any other means as we deemed appropriate. We thoroughly applies protection and security measures throughout the process of Personal Data Processing as mentioned in item 4.3 above.
ARTICLE 5. RETENTION PERIOD, START TIME, AND END TIME OF DATA PROCESSING
5.1. ACSTV will commence the storage and processing of Personal Data upon receipt of the Personal Data and the data subject’s agreement to this Personal Data Protection Policy.
5.2. Personal Data will be stored and processed for the purposes and within the scope outlined in Article 4 of this Policy until the Personal Data is deleted or destroyed in accordance with legal regulations and/or the provisions and decisions of ACSTV and the Participating Partners at any given time.
ARTICLE 6. SCOPE OF HANDLING AND SHARING THE MEMBERS’ PERSONAL DATA
6.1. By participating in the Program, the Members acknowledge and agree that:
6.2. Each Participating Partner may provide and share the Members’ Personal Data they collected under this Personal Data Protection Policy with other Participating Partners and ACSTV for the receiving parties to process for the purposes specified in Article 4.
6.3. We may provide or share the Members’ Personal Data with Our group companies, business partners, and other service providers within the framework of the WAON POINT Program on a need-to-know basis so that the receiving parties can process it for the purposes set out in Article 4. In case that any third parties are granted access to the database of the Members’ Personal Data, they will have to strictly comply with the rules described in this Personal Data Protection Policy, the regulations concerning the Personal Data and privacy protection.
6.4. For the purposes specified in Article 4, We may transfer Personal Data to third-party server providers who are based and/or locate their server systems outside the territory of Vietnam in order to centralize the Personal Data for universal, secure, and effective data management. With online access to the server system, We shall continue to be the party that directly processes Members’ Personal Data for the purposes specified in Article 4.
6.5. When transferring Personal Data outside of Vietnam (including to via cyberspace, electronic devices, electronic means, or other modes of transfer), we will request that the receiving third party ensure the safety and security of the transferred Personal Data
6.6. We are responsible for cooperating with competent authorities to provide the Members’ Personal Data as legally required to do so.
6.7. We shall provide and share the Members’ Personal Data in such cases as regulated by laws to protect Our legitimate rights and interests.
ARTICLE 7. MEANS AND TOOLS FOR MEMBERS TO ACCESS AND EDIT THEIR PERSONAL DATA
7.1. Members have the rights to view, update and erase some certain Personal Data from the Mobile Application and/or to request Us to update the Personal Data from the PMS.
7.2. We may update and change data as requested and/or shall request the Members to provide supporting documents for verification.
ARTICLE 8. MEMBERS’ RIGHTS TO THEIR PERSONAL DATA
Members shall have the following rights in relation to their Personal Data as prescribed by the laws of Vietnam:
8.1. The right to be informed and right to know: In order to ensure the transparency of Member’s Personal Data collection according to Article 3 of this Personal Data Protection Policy, the collected information and the purposes of information collection will be published on the Mobile Applications or disclosed through supporting channels of the WAON POINT Program. Member have right to know about his/her Personal Data Processing, unless otherwise provided for by law, Member have right to give consent or not give consent or withdraw the consent about processing of his/her Personal Data, except as required by law.
8.2. The right of access, and request to provide Personal Data: Members have the right to access Mobile Application to check information on Member’s Accounts and ask Us to provide the Members’ Personal Data by sending the request to Our supporting departments.
8.3. The right to rectification: Members have the right to ask Us to update Members’ Personal Data or request Us to edit Personal Data that We collect incorrectly.
8.4. The right to erasure: Members have the right to ask Us to delete all Members’ Personal Data that We are storing.
8.5. The right to data handling: In case some of Members’ Personal Data cannot be deleted, including for the purposes of doing the legal requirements, Members have the right to request Us to restrict processing of data, using of this information unless otherwise required by law.
8.6. The right to data portability: Members have the right to transfer Members’ Personal Data from one service to another with Us within the framework of the Program.
8.7. The right to objection: If We collect and use the Personal Data not for the purposes specified in this Personal Data Protection Policy without Members’ agreement, Members have the right to ask Us to stop using Members’ Personal Data until We have justified reasons for doing so, except at the request of the competent authority.
8.8. The rights in relation to automated decision making and profiling: Members may object or ask to explain Our automated decisions that affect Members or Members’ Personal Data.
8.9. The right to stop receiving newsletters from the Program: Members can choose to stop receiving marketing emails from the Program by unchecking "I would like to receive news" on Mobile Application.
8.10. The right to stop receiving notifications on the Mobile Applications from the setting on mobile device: Members can choose to stop receiving notifications on the Mobile Applications by customizing the permissions in the mobile device according to the rules of the platform such as iOS or Android.
8.11. Right to complain, denounce, sue: right to claim damages in accordance with law when a violation of his/her Personal Data protection regulations occurs, unless otherwise agreed by parties or otherwise required by law; right to self-protection in accordance with relevant laws, or to request competent agencies and organizations to implement methods to protect civil rights in accordance with relevant laws; Other rights of personal data subjects under the laws.
ARTICLE 9. OUR COMMITMENT AND MEMBERS’ OBLIGATION TO INFORMATION SECURITY AND PROTECTION OF PERSONAL DATA
9.1. Members’ Personal Data in the Program is ensured secure in accordance with this Personal Data Protection Policy. We only collect and use Members’ Personal Data whenever having Members’ agreement unless otherwise specified by laws. We implement technical, physical and organizational measures to prevent unauthorized access to Personal Data and loss, destruction, falsification, divulgence, and the like of Personal Data and endeavors to protect Members’ Personal Data through the establishment of a safety management system.
9.2. Potential unintended consequences and damage: Processing the Personal Data always carries the risk of data breaches or inappropriate data processing. We recognize the importance and responsibility of protecting Personal Data, making maximum efforts to prevent risks and limit any unintended consequences and damage to protect the Members’ and Our legitimate rights and interests. In case Mobile Applications and/or the PMS is hacked by hackers, resulting in the loss of Personal Data, We have the responsibility for investigation and giving prompt notice to the Members of process of resolving the incident.
9.3. Members are responsible for (a) ensuring that Personal Data that Members provide to Us is accurate, complete, not misleading and frequently updated; (b) do not provide any information related to account, password to the third party; (c) promptly notifying Us if Members discover or suspect that their Personal Data has been exposed, leading to risks in the use of Our Program or any violations of Personal Data protection according to this Personal Data Protection Policy that Members can identify; (d) regularly checking Participating Partners’ Mobile Applications for updates and compliance with any changes (if any) related to this Personal Data Protection Policy; and (e) Respect and protect the Personal Data of others; Participate in propaganda and dissemination of Personal Data protection skills; Comply with the provisions of law on the protection of Personal Data and participate in the prevention and combat of violations of regulations on the protection of Personal Data; Other obligations as stipulated in current laws and regulations.
9.4. We are not responsible for as well as will not settle all complaints relating to Members’ benefits in case the Personal Data provided by the Members is incorrect of incomplete or in case the incident occurred due to Members’ fault.
ARTICLE 10. REVISIONS TO PERSONAL DATA PROTECTION POLICY
We reserve the right to revise this Personal Data Protection Policy to ensure the appropriateness with the Program and compliance with the applicable laws; however, We will not reduce Members’ rights under this Personal Data Protection Policy without their explicit consent. From time to time, We reserves the right to amend, adjust the content of this Policy and such modifications will take effect immediately at the time of posting on the Website/Mobile Application or related channels other official information/system of us. If the Data Subject does not agree with any part of such modified contents, please cease accessing, participating in, submitting Personal Data to us and/or exercising its rights Data Subject in accordance with this Policy and relevant laws.
ARTICLE 11. INFORMATION OF THE PERSONAL DATA COLLECTION AND MANAGEMENT UNIT
11.1 Should you wish to request for access to your Personal Data, request for amendment/correction of such Personal Data, request for exercise of any rights to your Personal Data, or provide any feedback to Us on this Personal Data Protection Policy, you may contact Us at the following address, phone number and/or e-mail:
ACS TRADING VIETNAM COMPANY LTD.
Address: 246 Cong Quynh Street, Pham Ngu Lao Ward, District 1, Ho Chi Minh City
- Hotline: 19005150, ext 2
- Email: waonpoint.support@acsvietnam.com.vn
