GENERAL TERMS AND CONDITIONS
ON PERSONAL DATA PROTECTION AND PROCESSING
ON PERSONAL DATA PROTECTION AND PROCESSING
These General Terms and Conditions on personal data protection and processing (“General Terms”) outline the procedures followed by SSI Asset Management Company Limited in the collection, processing and protection of the personal data of Data Subjects.
Article 1. Definition of terms.
The definitions of the terms used in these General Terms are as follows (unless otherwise defined by law):
1.1 “Personal Data” refers to information presented in the form of symbols, letters, numbers, images, sounds or similar forms in the electronic environment, that is associated with an individual or aids in their identification.
Personal data includes basic personal data and sensitive personal data.
1.2 “Basic Personal Data” includes:
a) Surname, middle name, birth name, other names (if any);
b) Date of birth; date, month, year of death or disappearance;
c) Gender;
d) Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
e) Nationality;
f) Images of individuals;
g) Phone number, ID card number, personal identification number, passport number, driver's license number, license plate number, personal tax code number, social insurance number, health insurance card number;
h) Marital status;
i) Information about family relationships (parents, children);
j) Information about individual digital accounts; Personal data reflecting activities and history of activities in cyberspace.
k) Other information that pertains to a specific individual or helps identify a specific individual that does not fall under the category of sensitive personal data.
1.3 "Sensitive Personal Data" is personal data associated with an individual's privacy rights that any breach of this data can have a direct impact on the individual's lawful rights and interests, including:
a) Political views, religious views;
b) Health status and personal life are recorded in medical records, excluding information about blood type;
c) Information related to racial and ethnic origin;
d) Information about inherited or acquired genetic traits of the individual;
e) Information about physical attributes and biological characteristics of individual;
f) Information about individual's sex life and sexual orientation;
g) Data on crimes and offenses collected and stored by law enforcement agencies;
h) Customer information of credit institutions, foreign bank branches, intermediary payment service providers, other permitted organizations, including: customer identification information in accordance with the provisions of law, account information, deposit information, information about deposited assets, etc., information on transactions, information about organizations and individuals acting as guarantors at credit institutions, bank branches, intermediary payment service providers;
i) Data about the individual's location determined through location services;
j) Other personal data mandated by legislation is distinct and necessitates appropriate security measures.
1.4 “Personal Data Processing” refers to one or various activities involving personal information, such as: gathering, recording, analyzing, verifying, storing, rectifying, disclosing, merging, accessing, retrieving, recalling, encrypting, decrypting, duplicating, sharing, transmitting, providing, transferring, deleting, destroying personal data, or other relevant actions.
1.5 “Data Subject” refers to individual whose personal data is reflected by the personal data shared with SSI, including but not limited to individual who is customer of SSIAM; user on SSIAM's digital platforms, and individual affiliated with organization that has legal relationships to SSIAM; the individual is/belongs to the party providing products and services to SSIAM; collaborator, potential candidate, employee; SSIAM member or any other individuals is affiliated with or arising from the utilization, provision of products, services, labor relationships, or other legal relationships with SSIAM.
1.6 “Customer” refers to individuals and organizations that access, acquire information about, register, use, establish relationships or are associated with the products and services provided by SSI.
1.7 "Personal Data Subject" refers to the Data Subject, an individual, or an organization acting on behalf of or obtaining the consent of the Data Subject to provide and consent to the processing of their personal data to SSI.
1.8 “Company” or “SSIAM” refers to SSI Asset Management Company Limited, including the company's headquarters, branches, representative offices, and transaction offices (if any).
1.9 “Third Party” refers to organizations and individuals that are not affiliated with SSIAM, Customers and Data Subjects.
1.10 To clarify, any terms not explained in the General Terms will be explained in accordance with Vietnamese laws.
The definitions of the terms used in these General Terms are as follows (unless otherwise defined by law):
1.1 “Personal Data” refers to information presented in the form of symbols, letters, numbers, images, sounds or similar forms in the electronic environment, that is associated with an individual or aids in their identification.
Personal data includes basic personal data and sensitive personal data.
1.2 “Basic Personal Data” includes:
a) Surname, middle name, birth name, other names (if any);
b) Date of birth; date, month, year of death or disappearance;
c) Gender;
d) Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
e) Nationality;
f) Images of individuals;
g) Phone number, ID card number, personal identification number, passport number, driver's license number, license plate number, personal tax code number, social insurance number, health insurance card number;
h) Marital status;
i) Information about family relationships (parents, children);
j) Information about individual digital accounts; Personal data reflecting activities and history of activities in cyberspace.
k) Other information that pertains to a specific individual or helps identify a specific individual that does not fall under the category of sensitive personal data.
1.3 "Sensitive Personal Data" is personal data associated with an individual's privacy rights that any breach of this data can have a direct impact on the individual's lawful rights and interests, including:
a) Political views, religious views;
b) Health status and personal life are recorded in medical records, excluding information about blood type;
c) Information related to racial and ethnic origin;
d) Information about inherited or acquired genetic traits of the individual;
e) Information about physical attributes and biological characteristics of individual;
f) Information about individual's sex life and sexual orientation;
g) Data on crimes and offenses collected and stored by law enforcement agencies;
h) Customer information of credit institutions, foreign bank branches, intermediary payment service providers, other permitted organizations, including: customer identification information in accordance with the provisions of law, account information, deposit information, information about deposited assets, etc., information on transactions, information about organizations and individuals acting as guarantors at credit institutions, bank branches, intermediary payment service providers;
i) Data about the individual's location determined through location services;
j) Other personal data mandated by legislation is distinct and necessitates appropriate security measures.
1.4 “Personal Data Processing” refers to one or various activities involving personal information, such as: gathering, recording, analyzing, verifying, storing, rectifying, disclosing, merging, accessing, retrieving, recalling, encrypting, decrypting, duplicating, sharing, transmitting, providing, transferring, deleting, destroying personal data, or other relevant actions.
1.5 “Data Subject” refers to individual whose personal data is reflected by the personal data shared with SSI, including but not limited to individual who is customer of SSIAM; user on SSIAM's digital platforms, and individual affiliated with organization that has legal relationships to SSIAM; the individual is/belongs to the party providing products and services to SSIAM; collaborator, potential candidate, employee; SSIAM member or any other individuals is affiliated with or arising from the utilization, provision of products, services, labor relationships, or other legal relationships with SSIAM.
1.6 “Customer” refers to individuals and organizations that access, acquire information about, register, use, establish relationships or are associated with the products and services provided by SSI.
1.7 "Personal Data Subject" refers to the Data Subject, an individual, or an organization acting on behalf of or obtaining the consent of the Data Subject to provide and consent to the processing of their personal data to SSI.
1.8 “Company” or “SSIAM” refers to SSI Asset Management Company Limited, including the company's headquarters, branches, representative offices, and transaction offices (if any).
1.9 “Third Party” refers to organizations and individuals that are not affiliated with SSIAM, Customers and Data Subjects.
1.10 To clarify, any terms not explained in the General Terms will be explained in accordance with Vietnamese laws.
Article 2. General principles
2.1 SSIAM values and respects the right to privacy, confidentiality and security of Personal Data. Simultaneously, SSIAM consistently aims to safeguard Personal Data, the privacy of Data Subject, and adhere to laws by implementing Personal Data protection protocols in order to fulfill and adhere to enacted regulations;
2.2 SSIAM collects and processes Personal Data solely in compliance with the law and within the parameters of the documents and agreements established between SSIAM and the Customer and/or relevant party(s);
2.3 Depending on SSIAM's role in each specific situation are (i) Personal Data controller; (ii) Personal Data Processor; or (iii) the controller and processor of Personal Data, SSIAM will adhere to the rights, responsibilities as well as principles for processing Personal Data in compliance with current laws;
2.4 All rights and obligations of SSIAM, Data Subject, Personal Data Subject in these General Terms will not be substituted, terminated, or altered, but will coexist as the rights and responsibilities of SSIAM, the Data Subject, Personal Data Subject in any document and nothing in these General Terms implies the limitation or removal of any existing rights or responsibilities of the parties, unless otherwise agreed in writing;
2.5 The Data Subject/Personal Data Subject acknowledges and agrees that the Personal Data (including Basic Personal Data and Sensitive Personal Data) supplied to SSIAM will not only be restricted to the extent of Personal Data to be supplied but also encompasses Personal Data previously supplied to SSIAM. The ongoing utilization of SSIAM's services and products by the Data Subject/Personal Data Subject, as well as the continuous upholding of transactions or agreements formed with SSIAM subsequent to the acceptance of these General Terms, signifies the explicit, voluntary, and affirmative agreement of the Data Subject/Personal Data Subject to SSIAM's processing of Personal Data (comprising Basic Personal Data and Sensitive Personal Data) throughout the reception and handling of such information, commencing from the moment SSIAM acquires the data until a termination request is made by the Data Subject/ Personal Data Subject or as mandated by laws.
2.6 When disclosing Personal Data of a third party (including but not limited to Personal Data of the organization's transaction representative, dependents, legal relatives, guardians, friends, beneficiaries, authorized persons, partners, emergency contact person or other individual) to SSIAM, the Personal Data Subject affirms, guarantees, and takes responsibility for ensuring that they have provided adequate information and obtained the lawful consent of the Data Subject to collect and process their Personal Data in accordance with these General Terms. The Personal Data Subject acknowledges that SSIAM has no obligation to verify the legality and validity of the above consent and that the storage of supporting evidence is the responsibility of the Personal Data Subject. The Personal Data Subject must provide evidence of the Data Subject's consent in the requested SSIAM field. SSIAM is absolved from liability and obligated to cover expenses for damages and associated costs in cases where the Personal Data Subject does not adhere to the regulations outlined in this Section.
2.1 SSIAM values and respects the right to privacy, confidentiality and security of Personal Data. Simultaneously, SSIAM consistently aims to safeguard Personal Data, the privacy of Data Subject, and adhere to laws by implementing Personal Data protection protocols in order to fulfill and adhere to enacted regulations;
2.2 SSIAM collects and processes Personal Data solely in compliance with the law and within the parameters of the documents and agreements established between SSIAM and the Customer and/or relevant party(s);
2.3 Depending on SSIAM's role in each specific situation are (i) Personal Data controller; (ii) Personal Data Processor; or (iii) the controller and processor of Personal Data, SSIAM will adhere to the rights, responsibilities as well as principles for processing Personal Data in compliance with current laws;
2.4 All rights and obligations of SSIAM, Data Subject, Personal Data Subject in these General Terms will not be substituted, terminated, or altered, but will coexist as the rights and responsibilities of SSIAM, the Data Subject, Personal Data Subject in any document and nothing in these General Terms implies the limitation or removal of any existing rights or responsibilities of the parties, unless otherwise agreed in writing;
2.5 The Data Subject/Personal Data Subject acknowledges and agrees that the Personal Data (including Basic Personal Data and Sensitive Personal Data) supplied to SSIAM will not only be restricted to the extent of Personal Data to be supplied but also encompasses Personal Data previously supplied to SSIAM. The ongoing utilization of SSIAM's services and products by the Data Subject/Personal Data Subject, as well as the continuous upholding of transactions or agreements formed with SSIAM subsequent to the acceptance of these General Terms, signifies the explicit, voluntary, and affirmative agreement of the Data Subject/Personal Data Subject to SSIAM's processing of Personal Data (comprising Basic Personal Data and Sensitive Personal Data) throughout the reception and handling of such information, commencing from the moment SSIAM acquires the data until a termination request is made by the Data Subject/ Personal Data Subject or as mandated by laws.
2.6 When disclosing Personal Data of a third party (including but not limited to Personal Data of the organization's transaction representative, dependents, legal relatives, guardians, friends, beneficiaries, authorized persons, partners, emergency contact person or other individual) to SSIAM, the Personal Data Subject affirms, guarantees, and takes responsibility for ensuring that they have provided adequate information and obtained the lawful consent of the Data Subject to collect and process their Personal Data in accordance with these General Terms. The Personal Data Subject acknowledges that SSIAM has no obligation to verify the legality and validity of the above consent and that the storage of supporting evidence is the responsibility of the Personal Data Subject. The Personal Data Subject must provide evidence of the Data Subject's consent in the requested SSIAM field. SSIAM is absolved from liability and obligated to cover expenses for damages and associated costs in cases where the Personal Data Subject does not adhere to the regulations outlined in this Section.
Article 3. Contents of Personal Data processing
3.1 Collection of Personal Data
3.1.1 To fulfill the purposes of Article 3.2 below, SSIAM needs and/or is required to gather Personal Data of Data Subject.
3.1.2 Methods and procedures of SSIAM in gathering Personal Data
SSIAM may directly or indirectly gather collect Personal Data from one or various sources as listed below, including but not limited to:
a) From direct meetings with the Personal Data Subject: SSIAM gathers information through various means such as contacting, collaborating, offering/using services, and receiving information directly from the Personal Data Subject.
b) From exchanges and communications with the Personal Data Subject when the contact between the Personal Data Subject and SSIAM arises, such as via email, SSIAM's Call Center (Contact Center), electronic communications or any other method (including but not limited to surveys, investigations conducted or acquired by SSIAM);
c) From SSIAM's websites when the Personal Data Subject accesses and declares Personal Data;
d) From the mobile application when the Personal Data Subject downloads, uses or declares Personal Data on SSIAM's mobile application.
e) From interactions or automated data collection technologies: SSIAM may gather Personal Data of Data Subject automatically recorded from connections of Personal Data Subject or related parties such as cookies, plug-ins, Third Party social network connection sequences or any technology capable of tracking and collecting Personal Data on those devices or websites (such as facebook, tiktok, instagram...);
f) From competent state agencies such as the State Securities Commission, Vietnam Securities Depository and Clearing Corporation, Stock Exchanges or other competent authorities in Vietnam;
g) From publicly available sources such as phone books, advertising information/flyers, information publicly available online, etc.
h) From other sources where the Data Subject consents to the sharing/provision of Personal Data, or where collection is required or permitted by laws.
3.2 Purposes of Personal Data Processing
3.2.1 SSIAM may process Personal Data for one or more of the following purposes:
3.2.1.1. General purpose:
a) Review the accuracy and completeness of the Personal Data provided; verify or authenticate the identity of the Data Subject and carry out procedures for Data Subject authentication.
b) To establish the relationship between SSIAM and the Data Subject/Personal Data Subject/relevant Third Party;
c) To fulfill other objectives associated with SSIAM's business operations that SSIAM considers suitable periodically.
d) To protect the lawful interests of SSIAM and adhere to relevant laws, including but not limited to the collection fees, charges and/or the retrieval of any debts, or proceeding with lawsuits, complaints or any agreement between the Data Subject/Personal Data Subject and SSIAM;
e) To evaluate any proposals related to rights, benefits or obligations outlined in the document(s), agreement(s) between the Data Subject/Personal Data Subject and SSIAM;
f) Provide to service providers/partners of SSIAM to carry out transactions for Data Subjects/Personal Data Subjects and/or SSIAM;
g) Prevent or minimize a threat to the life, health of others and the general public;
h) To evaluate risks, analyze trends, statistics, plan, including but not limited to statistical data processing analysis, transactions, credit and anti-money laundering, terrorist financing, weapons of mass destruction financing;
i) To identify, prevent and investigate crimes, assaults, or any breaches of the law (including fraud, bribery, corruption or tax evasion);
j) To carry out transactions such as transfer, disposition, business reorganization or purchase, sale or exchange of SSIAM's activities and assets;
k) To meet and adhere to SSIAM's internal policies, procedures and any rules, regulations, instructions, directives or requirements issued by competent state agencies in accordance with the law;
3.2.1.2. In addition to the General Purpose in Article 3.2.1.1 above, SSIAM can also process Personal Data for one or various purposes corresponding to each of the following subjects:
A. For the Customer
a) Evaluate legal documents, financial capabilities and customer's circumstances for any operations, products and services offered or provided by SSIAM;
b) Providing operations, products, and services conducted by SSIAM (including but not limited to products that Third Parties cooperate with SSIAM to conduct in accordance with the provisions of law);
c) Promotion and information about products, services, promotional initiatives, research, surveys, news, updates, events, contests with prizes, relevant rewards, other relevant communication and introduction activities about SSIAM's services and products and other partners' services in cooperation with SSIAM;
d) Contact to exchange information, provide writings or other documents related to transactions and the utilization of SSIAM's products and services;
e) Notify information about obligations, rights, changes in features, improvements and enhancements of utilities and quality of products and services;
f) Prepare financial reports, activity reports or other relevant reports in accordance with the provisions of law;
g) Conduct market research, surveys and data analysis related to any products and services provided by SSIAM (whether performed by SSIAM or another Third Party with whom SSIAM cooperates) that may relate to Customers/Data Subject.
B. For product and service providers, leasing partners, property leases, and cooperation with SSI
a) To engage in and execute the objectives as outlined in the pertinent documents and agreements.
b) Contact, exchange, and verify information during the execution of tasks/services between the Personal Data Subject and SSIAM.
C. For potential candidates, collaborators, and employees
a) Review conditions for candidates and collaborators; evaluate dossiers, documents, and financial papers for the purpose of appraising and evaluate the capacity of candidates and collaborators, register candidate and collaborator profiles, and serve the recruitment process and signing service contracts;
b) Sign and manage contracts, employment and services agreements with candidates, collaborators, and employees;
c) Train, test, evaluate work quality and compliance with obligations in contracts, agreements, and commitments with SSIAM;
d) Manage personnel records and carry out procedures in accordance with the law with functional agencies and competent agencies such as agencies of labor, insurance, tax, State Securities Commission, etc.;
e) Carry out essential activities and tasks from agreements and contracts signed with Third Parties depending on the purpose and needs arising at each time such as training services, health insurance, medical examination. medical treatment, transportation, tourism, event organization, etc.;
f) Carry out other purposes related to human resource development and management.
3.2.2 SSIAM will seek consent from Data Subject prior to utilizing their Personal Data for any purposes not outlined in the General Terms.
3.3 Processing of Personal Data in certain special cases
3.3.1 SSIAM has the capability record, video and process Personal Data obtained from CCTV ("CCTV") in areas where CCTV is installed (including but not limited to office areas, corridor areas, exit areas, etc.) in accordance with SSIAM's operational security requirements and for the Customer in accordance with laws;
3.3.2 SSIAM always respects and protects children's Personal Data. In addition to the Personal Data protection measures prescribed by laws, prior to processing children's Personal Data, SSIAM will verify the child's age and request the consent of (i) the child and/or (ii) the child's father, mother or guardian as in accordance with provisions of law;
3.3.3 In addition to complying with other relevant legal regulations, for the processing of Personal Data related to Personal Data of people declared missing/deceased, SSIAM will have to obtain consent of one of the relevant individuals in accordance with the provisions of applicable laws.
3.4 Transfer and disclosure of Personal Data
3.4.1 SSIAM will not sell, exchange, or rent (term or indefinitely) the Data Subject's personal information without the Data Subject's consent in accordance with provisions of applicable law. However, in order to fulfil the purposes and activities of processing Personal Data in these General Terms, the Personal Data Subject understands and agrees that SSIAM may disclose Personal Data to one or more of the following parties:
a) SSIAM's subsidiaries, including but not limited to subsidiaries, subsidiaries, joint ventures, affiliates identified by SSIAM from time to time;
b) SSIAM's internal employees and departments for the purposes set out in these General Terms and documents and agreements entered into between Customer and SSIAM;
c) SSIAM's consultants, lawyers, advisors, accountants, auditors or Customer ;
d) The competent authorities in Vietnam or any individuals, regulator or Third Party to whom SSIAM is permitted or required to disclose under the laws of any country, or under any other documents or agreements between the Third Party and SSIAM;
e) Business partners, rewards providers, gift providers, co-branded parties, participants in or coordinating loyalty programs, advertisers, charities or not-for-profit organizations, any related organizations for operational purposes, carry out the business of SSIAM, the operator of the system, application or equipment or provide Customer with any products or services selected by the Customer or for the purposes set out in these General Terms;
f) Any person or entity involved in exercising or maintaining any rights or obligations under the Customer/Personal Data Subject(s) agreement(s) with SSIAM;
g) Parents, spouses, children and heirs of the Data Subject in case the Data Subject has died or been declared missing;
h) Third Parties to whom Customer consents or SSIAM have a legal basis for sharing Personal Data.
3.4.2 SSIAM considers Personal Data to be private and secure. Other than the parties stated above, SSIAM does not disclose Personal Data to any other party, except in the following cases:
a) The Data Subject's consent.
b) When SSIAM is required or permitted to disclose by law; or as decided by competent state agencies;
c) When SSIAM transfers rights and obligations under the agreement(s) between the parties concerned and SSIAM or performs in accordance with the law.
3.5 Overseas transfers of Personal Data
3.5.1 For the purposes of processing Personal Data in these General Terms, SSIAM may be required to provide/share Personal Data to relevant SSIAM Third Parties who may be located in Vietnam or anywhere else outside of Vietnam.
3.5.2 When providing/sharing Personal Data to foreign entities, SSIAM will mandate that the recipient guarantees the security and protection of the transferred Personal Data. SSIAM and recipient guarantee adherence to legal and regulatory requirements concerning the safeguarding of Personal Data.
3.6 Personal Data Processing methods
Depending on the purposes for which Personal Data is processed, SSIAM or SSIAM's data processors or Third Parties authorized to process Personal Data for SSIAM may adopt appropriate processing practices including but not limited to automated Personal Data processing, manual or other methods in accordance with provisions of law and SSIAM from time to time.
3.7 Personal Data Processing time
Depending on the specific activity, Personal Data may be processed by SSIAM after it has been provided, gathered, and concluded upon the fulfillment of data processing in accordance with intended objective or until the Personal Data has been deleted in accordance with regulations (whichever comes later).
3.8 Other contents
Other contents related to the Personal Data Processing not expressed in this General Terms shall apply in accordance with applicable legal documents.
3.1 Collection of Personal Data
3.1.1 To fulfill the purposes of Article 3.2 below, SSIAM needs and/or is required to gather Personal Data of Data Subject.
3.1.2 Methods and procedures of SSIAM in gathering Personal Data
SSIAM may directly or indirectly gather collect Personal Data from one or various sources as listed below, including but not limited to:
a) From direct meetings with the Personal Data Subject: SSIAM gathers information through various means such as contacting, collaborating, offering/using services, and receiving information directly from the Personal Data Subject.
b) From exchanges and communications with the Personal Data Subject when the contact between the Personal Data Subject and SSIAM arises, such as via email, SSIAM's Call Center (Contact Center), electronic communications or any other method (including but not limited to surveys, investigations conducted or acquired by SSIAM);
c) From SSIAM's websites when the Personal Data Subject accesses and declares Personal Data;
d) From the mobile application when the Personal Data Subject downloads, uses or declares Personal Data on SSIAM's mobile application.
e) From interactions or automated data collection technologies: SSIAM may gather Personal Data of Data Subject automatically recorded from connections of Personal Data Subject or related parties such as cookies, plug-ins, Third Party social network connection sequences or any technology capable of tracking and collecting Personal Data on those devices or websites (such as facebook, tiktok, instagram...);
f) From competent state agencies such as the State Securities Commission, Vietnam Securities Depository and Clearing Corporation, Stock Exchanges or other competent authorities in Vietnam;
g) From publicly available sources such as phone books, advertising information/flyers, information publicly available online, etc.
h) From other sources where the Data Subject consents to the sharing/provision of Personal Data, or where collection is required or permitted by laws.
3.2 Purposes of Personal Data Processing
3.2.1 SSIAM may process Personal Data for one or more of the following purposes:
3.2.1.1. General purpose:
a) Review the accuracy and completeness of the Personal Data provided; verify or authenticate the identity of the Data Subject and carry out procedures for Data Subject authentication.
b) To establish the relationship between SSIAM and the Data Subject/Personal Data Subject/relevant Third Party;
c) To fulfill other objectives associated with SSIAM's business operations that SSIAM considers suitable periodically.
d) To protect the lawful interests of SSIAM and adhere to relevant laws, including but not limited to the collection fees, charges and/or the retrieval of any debts, or proceeding with lawsuits, complaints or any agreement between the Data Subject/Personal Data Subject and SSIAM;
e) To evaluate any proposals related to rights, benefits or obligations outlined in the document(s), agreement(s) between the Data Subject/Personal Data Subject and SSIAM;
f) Provide to service providers/partners of SSIAM to carry out transactions for Data Subjects/Personal Data Subjects and/or SSIAM;
g) Prevent or minimize a threat to the life, health of others and the general public;
h) To evaluate risks, analyze trends, statistics, plan, including but not limited to statistical data processing analysis, transactions, credit and anti-money laundering, terrorist financing, weapons of mass destruction financing;
i) To identify, prevent and investigate crimes, assaults, or any breaches of the law (including fraud, bribery, corruption or tax evasion);
j) To carry out transactions such as transfer, disposition, business reorganization or purchase, sale or exchange of SSIAM's activities and assets;
k) To meet and adhere to SSIAM's internal policies, procedures and any rules, regulations, instructions, directives or requirements issued by competent state agencies in accordance with the law;
3.2.1.2. In addition to the General Purpose in Article 3.2.1.1 above, SSIAM can also process Personal Data for one or various purposes corresponding to each of the following subjects:
A. For the Customer
a) Evaluate legal documents, financial capabilities and customer's circumstances for any operations, products and services offered or provided by SSIAM;
b) Providing operations, products, and services conducted by SSIAM (including but not limited to products that Third Parties cooperate with SSIAM to conduct in accordance with the provisions of law);
c) Promotion and information about products, services, promotional initiatives, research, surveys, news, updates, events, contests with prizes, relevant rewards, other relevant communication and introduction activities about SSIAM's services and products and other partners' services in cooperation with SSIAM;
d) Contact to exchange information, provide writings or other documents related to transactions and the utilization of SSIAM's products and services;
e) Notify information about obligations, rights, changes in features, improvements and enhancements of utilities and quality of products and services;
f) Prepare financial reports, activity reports or other relevant reports in accordance with the provisions of law;
g) Conduct market research, surveys and data analysis related to any products and services provided by SSIAM (whether performed by SSIAM or another Third Party with whom SSIAM cooperates) that may relate to Customers/Data Subject.
B. For product and service providers, leasing partners, property leases, and cooperation with SSI
a) To engage in and execute the objectives as outlined in the pertinent documents and agreements.
b) Contact, exchange, and verify information during the execution of tasks/services between the Personal Data Subject and SSIAM.
C. For potential candidates, collaborators, and employees
a) Review conditions for candidates and collaborators; evaluate dossiers, documents, and financial papers for the purpose of appraising and evaluate the capacity of candidates and collaborators, register candidate and collaborator profiles, and serve the recruitment process and signing service contracts;
b) Sign and manage contracts, employment and services agreements with candidates, collaborators, and employees;
c) Train, test, evaluate work quality and compliance with obligations in contracts, agreements, and commitments with SSIAM;
d) Manage personnel records and carry out procedures in accordance with the law with functional agencies and competent agencies such as agencies of labor, insurance, tax, State Securities Commission, etc.;
e) Carry out essential activities and tasks from agreements and contracts signed with Third Parties depending on the purpose and needs arising at each time such as training services, health insurance, medical examination. medical treatment, transportation, tourism, event organization, etc.;
f) Carry out other purposes related to human resource development and management.
3.2.2 SSIAM will seek consent from Data Subject prior to utilizing their Personal Data for any purposes not outlined in the General Terms.
3.3 Processing of Personal Data in certain special cases
3.3.1 SSIAM has the capability record, video and process Personal Data obtained from CCTV ("CCTV") in areas where CCTV is installed (including but not limited to office areas, corridor areas, exit areas, etc.) in accordance with SSIAM's operational security requirements and for the Customer in accordance with laws;
3.3.2 SSIAM always respects and protects children's Personal Data. In addition to the Personal Data protection measures prescribed by laws, prior to processing children's Personal Data, SSIAM will verify the child's age and request the consent of (i) the child and/or (ii) the child's father, mother or guardian as in accordance with provisions of law;
3.3.3 In addition to complying with other relevant legal regulations, for the processing of Personal Data related to Personal Data of people declared missing/deceased, SSIAM will have to obtain consent of one of the relevant individuals in accordance with the provisions of applicable laws.
3.4 Transfer and disclosure of Personal Data
3.4.1 SSIAM will not sell, exchange, or rent (term or indefinitely) the Data Subject's personal information without the Data Subject's consent in accordance with provisions of applicable law. However, in order to fulfil the purposes and activities of processing Personal Data in these General Terms, the Personal Data Subject understands and agrees that SSIAM may disclose Personal Data to one or more of the following parties:
a) SSIAM's subsidiaries, including but not limited to subsidiaries, subsidiaries, joint ventures, affiliates identified by SSIAM from time to time;
b) SSIAM's internal employees and departments for the purposes set out in these General Terms and documents and agreements entered into between Customer and SSIAM;
c) SSIAM's consultants, lawyers, advisors, accountants, auditors or Customer ;
d) The competent authorities in Vietnam or any individuals, regulator or Third Party to whom SSIAM is permitted or required to disclose under the laws of any country, or under any other documents or agreements between the Third Party and SSIAM;
e) Business partners, rewards providers, gift providers, co-branded parties, participants in or coordinating loyalty programs, advertisers, charities or not-for-profit organizations, any related organizations for operational purposes, carry out the business of SSIAM, the operator of the system, application or equipment or provide Customer with any products or services selected by the Customer or for the purposes set out in these General Terms;
f) Any person or entity involved in exercising or maintaining any rights or obligations under the Customer/Personal Data Subject(s) agreement(s) with SSIAM;
g) Parents, spouses, children and heirs of the Data Subject in case the Data Subject has died or been declared missing;
h) Third Parties to whom Customer consents or SSIAM have a legal basis for sharing Personal Data.
3.4.2 SSIAM considers Personal Data to be private and secure. Other than the parties stated above, SSIAM does not disclose Personal Data to any other party, except in the following cases:
a) The Data Subject's consent.
b) When SSIAM is required or permitted to disclose by law; or as decided by competent state agencies;
c) When SSIAM transfers rights and obligations under the agreement(s) between the parties concerned and SSIAM or performs in accordance with the law.
3.5 Overseas transfers of Personal Data
3.5.1 For the purposes of processing Personal Data in these General Terms, SSIAM may be required to provide/share Personal Data to relevant SSIAM Third Parties who may be located in Vietnam or anywhere else outside of Vietnam.
3.5.2 When providing/sharing Personal Data to foreign entities, SSIAM will mandate that the recipient guarantees the security and protection of the transferred Personal Data. SSIAM and recipient guarantee adherence to legal and regulatory requirements concerning the safeguarding of Personal Data.
3.6 Personal Data Processing methods
Depending on the purposes for which Personal Data is processed, SSIAM or SSIAM's data processors or Third Parties authorized to process Personal Data for SSIAM may adopt appropriate processing practices including but not limited to automated Personal Data processing, manual or other methods in accordance with provisions of law and SSIAM from time to time.
3.7 Personal Data Processing time
Depending on the specific activity, Personal Data may be processed by SSIAM after it has been provided, gathered, and concluded upon the fulfillment of data processing in accordance with intended objective or until the Personal Data has been deleted in accordance with regulations (whichever comes later).
3.8 Other contents
Other contents related to the Personal Data Processing not expressed in this General Terms shall apply in accordance with applicable legal documents.
Article 4. Rights and obligations of Data Subject in relation to Personal Data provided to SSIAM
4.1 Data Subjects have the following rights: (i) the right to know; (ii) the right to consent; (iii) the right of access; (iv) the right to withdraw consent; (v) the right to erasure; (vi) the right to restrict Personal Data Processing; (vii) the right to Personal Data disclosure; (viii) the right to object to Personal Data Processing; (ix) the right to complain, denounce or initiate lawsuits; (x) the right to claim damages; (xi) the right to self-protection; and (xii) other relevant rights as provided by laws. The specific content of the above-mentioned rights shall comply with the provisions of current laws.
4.2 SSIAM, in reasonable endeavors, will honor a lawful and valid request from the Data Subject within the statutory time period after receipt of the complete, valid request and the relevant processing fee (if any) from the Data Subject, subject to SSIAM's right to invoke any regulatory exemptions and/or exceptions.
4.3 In the event that the Data Subject withdraws his/her consent, requests deletion, restriction of data processing and/or exercises other relevant rights with respect to any or all of his Personal Data, and depending on the nature of the Data Subject's request, SSIAM may consider and decide whether to discontinue transactions or discontinue to provide products and services related to the use of the Customer's Personal Data/Data Subjects due to the inability to ensure the standard/quality of the products, services assessed by SSIAM or as required by laws need to collect relevant Personal Data when providing products or services. Actions performed in accordance with this provision constitute unilateral termination of the transaction on the part of the Data Subject/Customer for any relationship with SSIAM and may result in a breach of obligations or commitments under the documents, agreement between the Data Subject/Customer and SSIAM. When this situation arises, SSIAM will notify the Data Subject/Customer of the termination of products and services and the Customer/Data Subject is solely responsible for any damages incurred in connection therewith.
4.4 Customer/Data Subject should be aware that, due to the peculiarities of SSIAM's operations, in cases where SSIAM is legally obligated to retain Personal Data in certain circumstances, SSIAM may be unable to fulfill the data deletion request of the relevant Data Subject if the deletion of the data results in a violation of laws;
4.5 For security purposes, the Data Subject may need to make their request in writing or use another method to prove and authenticate the identity of the Data Subject. SSIAM may require the Data Subject to verify their identity before processing the Data Subject's request;
4.6 Data Subjects are responsible for protecting their own Personal Data, requesting other relevant organizations and individuals to protect their Personal Data. Simultaneously, the Data Subject shall respect and protect the Personal Data of others;
4.7 Data Subjects fully and accurately provide Personal Data to SSIAM when entering into contracts or using services provided by SSIAM;
4.8 Data Subjects implement and comply with provisions of law on Personal Data protection and participate in preventing and combating violations of regulations on Personal Data protection;
4.9 In the event of any change or adjustment of Personal Data, the Data Subject/Personal Data Subject and/or related parties are responsible for contacting and immediately notifying SSIAM so that SSIAM can promptly update such changes and adjustments. The Data Subject/Personal Data Subject and/or related parties shall bear full responsibility for the delay in this notification; at the same time, the delay in this notification will exempt SSIAM from all damages and risks incurred (if any);
4.10 The data subject updates the information posted on SSIAM's website and complies with any changes (if any) to these General Terms;
4.11 The Data Subject shall promptly notify SSIAM if it detects or suspects that Personal Data has been exposed, which may result in risks in the use of products, services, or any breach of Personal Data protection under these General Terms that the Data Subject may be aware of;
4.12 The Data Subject understands and agrees that SSIAM reserves the right to refuse to comply with the Data Subject's requests in a number of circumstances, including but not limited to: (i) the Data Subject fails to comply with the order and procedures instructed by SSIAM; (ii) the Data Subject fails to provide or provides insufficient documents to verify his/her identity; or (iii) where SSIAM assesses there are signs of fraud or violations of Personal Data protection; or (iv) provisions of law do not permit the fulfillment of the Data Subject's request;
4.13 The Data Subject acknowledges that, by accepting these General Terms, the Data Subject has been notified by SSIAM, is aware of and agrees to all the contents to be notified before SSIAM processes the Personal Data, as detailed as set out in these General Terms. The Data Subject agrees that SSIAM does not need to give further notice before processing Personal Data.
4.1 Data Subjects have the following rights: (i) the right to know; (ii) the right to consent; (iii) the right of access; (iv) the right to withdraw consent; (v) the right to erasure; (vi) the right to restrict Personal Data Processing; (vii) the right to Personal Data disclosure; (viii) the right to object to Personal Data Processing; (ix) the right to complain, denounce or initiate lawsuits; (x) the right to claim damages; (xi) the right to self-protection; and (xii) other relevant rights as provided by laws. The specific content of the above-mentioned rights shall comply with the provisions of current laws.
4.2 SSIAM, in reasonable endeavors, will honor a lawful and valid request from the Data Subject within the statutory time period after receipt of the complete, valid request and the relevant processing fee (if any) from the Data Subject, subject to SSIAM's right to invoke any regulatory exemptions and/or exceptions.
4.3 In the event that the Data Subject withdraws his/her consent, requests deletion, restriction of data processing and/or exercises other relevant rights with respect to any or all of his Personal Data, and depending on the nature of the Data Subject's request, SSIAM may consider and decide whether to discontinue transactions or discontinue to provide products and services related to the use of the Customer's Personal Data/Data Subjects due to the inability to ensure the standard/quality of the products, services assessed by SSIAM or as required by laws need to collect relevant Personal Data when providing products or services. Actions performed in accordance with this provision constitute unilateral termination of the transaction on the part of the Data Subject/Customer for any relationship with SSIAM and may result in a breach of obligations or commitments under the documents, agreement between the Data Subject/Customer and SSIAM. When this situation arises, SSIAM will notify the Data Subject/Customer of the termination of products and services and the Customer/Data Subject is solely responsible for any damages incurred in connection therewith.
4.4 Customer/Data Subject should be aware that, due to the peculiarities of SSIAM's operations, in cases where SSIAM is legally obligated to retain Personal Data in certain circumstances, SSIAM may be unable to fulfill the data deletion request of the relevant Data Subject if the deletion of the data results in a violation of laws;
4.5 For security purposes, the Data Subject may need to make their request in writing or use another method to prove and authenticate the identity of the Data Subject. SSIAM may require the Data Subject to verify their identity before processing the Data Subject's request;
4.6 Data Subjects are responsible for protecting their own Personal Data, requesting other relevant organizations and individuals to protect their Personal Data. Simultaneously, the Data Subject shall respect and protect the Personal Data of others;
4.7 Data Subjects fully and accurately provide Personal Data to SSIAM when entering into contracts or using services provided by SSIAM;
4.8 Data Subjects implement and comply with provisions of law on Personal Data protection and participate in preventing and combating violations of regulations on Personal Data protection;
4.9 In the event of any change or adjustment of Personal Data, the Data Subject/Personal Data Subject and/or related parties are responsible for contacting and immediately notifying SSIAM so that SSIAM can promptly update such changes and adjustments. The Data Subject/Personal Data Subject and/or related parties shall bear full responsibility for the delay in this notification; at the same time, the delay in this notification will exempt SSIAM from all damages and risks incurred (if any);
4.10 The data subject updates the information posted on SSIAM's website and complies with any changes (if any) to these General Terms;
4.11 The Data Subject shall promptly notify SSIAM if it detects or suspects that Personal Data has been exposed, which may result in risks in the use of products, services, or any breach of Personal Data protection under these General Terms that the Data Subject may be aware of;
4.12 The Data Subject understands and agrees that SSIAM reserves the right to refuse to comply with the Data Subject's requests in a number of circumstances, including but not limited to: (i) the Data Subject fails to comply with the order and procedures instructed by SSIAM; (ii) the Data Subject fails to provide or provides insufficient documents to verify his/her identity; or (iii) where SSIAM assesses there are signs of fraud or violations of Personal Data protection; or (iv) provisions of law do not permit the fulfillment of the Data Subject's request;
4.13 The Data Subject acknowledges that, by accepting these General Terms, the Data Subject has been notified by SSIAM, is aware of and agrees to all the contents to be notified before SSIAM processes the Personal Data, as detailed as set out in these General Terms. The Data Subject agrees that SSIAM does not need to give further notice before processing Personal Data.
Article 5. Risks of Personal Data Disclosure and Safeguards
5.1 The Data Subject agrees that the processing of Personal Data will always involve potential risks due to system failures, transmission lines, force majeure events, viruses, network attacks or hardware and software failures, actions and actions of the Customer/Data Subject or any other Third Party affecting the provision and processing of Personal Data of the Data Subject, etc. Risks that may arise such as the Personal Data being exposed or stolen by another party result in such Personal Data being used for undesirable purposes or beyond the control of SSIAM and the Data Subject causing both material and emotional losses.
5.2 SSIAM considers Personal Data as SSIAM's most important asset and SSIAM strives to ensure confidentiality, safety, legal compliance, and limit potential unwanted consequences and damages.
5.3 The responsibility for the security of Personal Data is a mandatory requirement SSIAM imposes on all employees. SSIAM carries out its responsibility to protect Personal Data in accordance with applicable laws with the best security practices as prescribed by laws and regularly reviews and updates its management and technical measures when processing Personal Data (if any).
5.1 The Data Subject agrees that the processing of Personal Data will always involve potential risks due to system failures, transmission lines, force majeure events, viruses, network attacks or hardware and software failures, actions and actions of the Customer/Data Subject or any other Third Party affecting the provision and processing of Personal Data of the Data Subject, etc. Risks that may arise such as the Personal Data being exposed or stolen by another party result in such Personal Data being used for undesirable purposes or beyond the control of SSIAM and the Data Subject causing both material and emotional losses.
5.2 SSIAM considers Personal Data as SSIAM's most important asset and SSIAM strives to ensure confidentiality, safety, legal compliance, and limit potential unwanted consequences and damages.
5.3 The responsibility for the security of Personal Data is a mandatory requirement SSIAM imposes on all employees. SSIAM carries out its responsibility to protect Personal Data in accordance with applicable laws with the best security practices as prescribed by laws and regularly reviews and updates its management and technical measures when processing Personal Data (if any).
Article 6. Retention of Personal Data
6.1 Personal Data stored by SSIAM will be kept confidential. SSIAM will take reasonable measures to protect Personal Data when stored at SSIAM.
6.2 SSIAM retains Personal Data for as long as necessary to fulfill the purposes for which the relevant parties have signed with SSIAM and in accordance with these General Terms, unless the retention period is longer if required or permitted by the relevant party(s) and applicable laws.
6.1 Personal Data stored by SSIAM will be kept confidential. SSIAM will take reasonable measures to protect Personal Data when stored at SSIAM.
6.2 SSIAM retains Personal Data for as long as necessary to fulfill the purposes for which the relevant parties have signed with SSIAM and in accordance with these General Terms, unless the retention period is longer if required or permitted by the relevant party(s) and applicable laws.
Article 7. Amendment and supplementation of General Terms
SSIAM may amend and supplement the contents of these General Terms from time to time and ensure that such amendments and supplements are in accordance with relevant provisions of law. Notice of any amendments will be updated, posted on SSIAM's website and/or notified to Data Subjects/Customers or related parties via such means of communication as SSIAM deems appropriate.
To the extent permitted by applicable laws, the continued use of SSIAM's services and products by the Customer or related parties; or continuing to maintain transactions or agreements with SSIAM means that the Data Subject/Customer/related parties agree to the amendments and supplements of these General Terms without any conditions.
SSIAM may amend and supplement the contents of these General Terms from time to time and ensure that such amendments and supplements are in accordance with relevant provisions of law. Notice of any amendments will be updated, posted on SSIAM's website and/or notified to Data Subjects/Customers or related parties via such means of communication as SSIAM deems appropriate.
To the extent permitted by applicable laws, the continued use of SSIAM's services and products by the Customer or related parties; or continuing to maintain transactions or agreements with SSIAM means that the Data Subject/Customer/related parties agree to the amendments and supplements of these General Terms without any conditions.
Article 8. Contact information for processing Personal Data
For inquiries regarding SSIAM's processing of the Data Subject's Personal Data, please contact us using the information below:
- For Customers: SSIAM Contact Center Call Center 0979463218/0976142218
- For candidates, collaborators, employees: Human Resources Team
- For other service providers and partners: according to the contact information in relevant documents and agreements.
For inquiries regarding SSIAM's processing of the Data Subject's Personal Data, please contact us using the information below:
- For Customers: SSIAM Contact Center Call Center 0979463218/0976142218
- For candidates, collaborators, employees: Human Resources Team
- For other service providers and partners: according to the contact information in relevant documents and agreements.
Article 9. Consent Terms
9.1. When using any service, product or accessing any SSIAM website, application or device or connected to SSIAM, or establishing a transaction or authorizing SSIAM to process Personal Data (either directly or through a Third Party), the Data Subject/Customer is deemed to have accepted and without any conditions for the policies referred to in these General Terms and changes (if any) from time to time.
9.2. These General Terms are an integral part and should be read and understood in accordance with the contracts, agreements, offers, commitments, registration for products and services established between the Data Subject/Customer/Personal Data Subject and SSIAM. The General Terms shall prevail in the event of any conflict or inconsistency with the contracts, agreements, offers, undertakings, subscriptions for products or services governing the relationship of the Data Subject/Customer/Personal Data Subject with SSIAM, whether concluded before, on or after the date of these General Terms.
9.1. When using any service, product or accessing any SSIAM website, application or device or connected to SSIAM, or establishing a transaction or authorizing SSIAM to process Personal Data (either directly or through a Third Party), the Data Subject/Customer is deemed to have accepted and without any conditions for the policies referred to in these General Terms and changes (if any) from time to time.
9.2. These General Terms are an integral part and should be read and understood in accordance with the contracts, agreements, offers, commitments, registration for products and services established between the Data Subject/Customer/Personal Data Subject and SSIAM. The General Terms shall prevail in the event of any conflict or inconsistency with the contracts, agreements, offers, undertakings, subscriptions for products or services governing the relationship of the Data Subject/Customer/Personal Data Subject with SSIAM, whether concluded before, on or after the date of these General Terms.