PERSONAL DATA PROTECTION POLICY

Chi tiết - PERSONAL DATA PROTECTION POLICY

ico flag
4 04-2024

PERSONAL DATA PROTECTION POLICY

1. Definitions and Interpretations

  • Personal Data: Information in the form of symbols, letters, numbers, images, sounds, or other similar forms on the electronic environment associated with a specific individual or helps to identify a specific individual.
  • Data Subject: The individual who owns the Personal Data, reflected in the Personal Data (hereinafter referred to as the “User”).
  • Personal Data Processing: One or more operations performed on Personal Data, such as: collection, recording, analysis, verification, storage, editing, disclosure, combination, access, retrieval, withdrawal, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, or destruction of Personal Data or other related actions.

2. Scope of Application

  • This Policy describes our practices when processing Personal Data of any User in the context of relationships with clients, candidates, suppliers, service providers, partners, competent authorities, government agencies, any third party involved in business activities / related to any product / service that we provide / participate / negotiate / discuss any transaction / service and personnel / their authorized representatives (hereinafter referred to as “Personal Data Providers”).

3. Details of Personal Data

  • Depending on the purpose of protecting the User’s Personal Data that we need to protect in each case, it may include but is not limited to the following information:

Personal Information:

  • Full name and birth name, other names (if any);
  • Date of birth;
  • Place of birth, place of registration of birth, permanent residence, temporary residence, contact address.
  • Nationality;
  • Gender;
  • Images and information of ID card/ CCCD/ passport, personal identification number;
  • Driver’s license number, vehicle license plate number;
  • Personal tax code, social insurance number, health insurance card number;
  • Marital status, information about family relationships (father, mother, children);
  • Individuals related to any adverse information, may include data on criminal records, crimes, offenses, family relationships and/or any other related information.
  • Information about qualifications (degrees, training and internship courses), documents proving identity and the right to work and any information the user lists on the application or CV;
  • Information of previous employers, personal history, including work process and past qualifications;
  • Political views, religious views;
  • Financial and banking information
  • Payments made and received;
  • Goods and services purchased / provided;
  • Account information;
  • Deposit information;
  • Asset information;
  • Transaction information;
  • Information about secured transactions;
  • Transaction information:
  • Any information obtained for the purpose related to any service/product/support received/provided/consulted by us from/to Personal Data Providers, such as: signature, fingerprint, token, facial image or other biometrics;
  • Personal images:
  • Including photos/videos taken at events/interviews/training sessions/similar programs, from security systems/from CCTV cameras/from any images in documents submitted to us/from public sources/from sources of Personal Data Providers (Users will have the right to request not to be filmed/photographed).
  • Information from website or application:
  • Recorded in our website or application logs, such as:
  • Device information;
  • Unique identifier (such as IP address or device identifier);
  • Browser information (e.g. browser type, pages visited, date/time of access);
  • Access information source;
  • Communication data:
  • Data about location
  • Data generated from operating results and user behavior on digital platforms.
  • This information may also include information recorded by any cookies and information recorded about website users;
  • Communication information:
  • Includes communication via email, phone, mobile phone, fax, mail, devices, applications, platforms, systems; any other electronic means of communication in the course of communication with Personal Data Providers and includes recordings of phone/mobile phone calls;
  • Account access information:
  • Where we provide online account access, login and similar authentication information, and information about the use of such access, personal data reflecting activity, online activity history;
  • Information about relationships:
  • Helps us understand more about how to do business, work with Personal Data Providers, their business needs and what types of products and services customers may be interested in.

4. Purposes of using Personal Data

Service provision:

  • To search for and/or facilitate the job search or find suitable candidates. This includes sending CVs to potential employers for consideration and notifying job opportunities via email, phone, mail, and/or other means of communication.
  • To conduct necessary assessments as part of the recruitment process, which may require Personal Data to be submitted, and we will include the results of that assessment in our recruitment database as part of the selection process.
  • The hiring unit may check the User’s public profile details on social media and other public information and profiles, with the sole purpose of assessing and verifying the User’s experience and professional skills, as well as to see if the User’s profile fits our culture and values.
  • To adjust anything the User may need at the workplace.

Marketing, communication, and service improvement

  • We will update the User with details about our services via email/ posts, etc. by using the Personal Data that the User has provided.
  • In any case, the User may refuse to receive marketing by notifying us according to the information provided in this Policy.
  • We will also ensure that any external company that assists us in marketing our products and services or companies with which we have marketing agreements are contractually obligated to protect the confidentiality of Personal Data and to use that data only to provide the services we have requested them to perform.

Others:

  • To comply with any legal obligations when necessary.
  • To enhance security and protect people, assets, and systems;
  • To monitor compliance with internal policies and procedures;
  • To investigate or handle incidents and complaints;
  • To participate in any potential or actual sale, or joint venture, of all or part of a business or company, that any of our members may wish to participate in.

5. How Personal Data is stored and protected:

  • We may collect some Personal Data in the course of our normal business operations and to comply with applicable regulations through any means of communication, application, cyberspace, device, electronic means or any other form.

  • We may also collect and receive this information verbally, in writing or electronically directly from Personal Data Providers directly/ indirectly through transactions carried out by Personal Data Providers or through our verification and verification processes, or from any other public or third party source, such as social media sites, public websites, newspapers, online publications, information providers, etc.

  • We may transfer, maintain, store and process User’s personal information within the scope of this Policy on servers or databases located within Vietnam.

  • We take the security of the Personal Data provided to us very seriously.

  • We regularly establish, review, implement and update safeguards, reasonable and appropriate technical and physical precautions to process Personal Data, such as:

  • Password-protected systems;

  • Multi-factor authentication;

  • Information and transmission encryption;

  • Regular security scans;

  • Anti-malware control;

  • Network monitoring;

  • Incident response management;

  • System upgrades to check, patch and enhance information security and minimize any security vulnerabilities and technical weaknesses against cyber attacks;

  • Regular training for employees on security, privacy, risk management, including handling Personal Data securely, etc.

  • Any Personal Data relating to the User or Personal Data Providers that we collect at any time is our legitimate property and/or is collected by us lawfully and has been consented to by the owner of that personal data.

  • We will keep Personal Data accurate, avoid inappropriate and inaccurate use, not stolen and not disclose unauthorized information.

  • We protect the security of Personal Data by complying with regulations/ policies/ and all relevant legal documents in the home country, and at the same time ensuring compliance of our staff with strict standards of safety and security.

  • Although we have appropriate security measures in place to protect and endeavor to take precautions to prevent and minimize risks to the User when using the website, application, and tools, the Internet is an open system and no online system is completely secure, any system can be faulty by human or activity.

  • If the User discovers any other individual who is modifying, using, disclosing or misappropriating Personal Data without permission or by a third party logging into the website, application, tool or for any other purpose, please contact us immediately for support.

6. Related Parties

We may disclose User’s Personal Data to the extent necessary and lawful for the purpose of disclosure, to the respective recipients in each case, including, but not limited to, the following:

  • To third parties, including:
    • Have/ are referring customers, suppliers or partners to us, to process data for the purposes as set out in this Policy
    • Have/ are providing services to us, such as our professional advisors (e.g. auditors and lawyers);
  • To competent authorities, including:
    • Tax authorities;
    • Court;
    • Regulatory authorities, enforcement agencies and other government agencies;
    • Security agencies, police;
    • Or any other competent authority and their representatives when required by law/ required when we deem it necessary (within the scope of the law allows);
  • To any transferee or potential transferee, in accordance with the applicable law in case we:
    • Merge;
    • Sell;
    • Transfer all or part of our assets or business;
    • Bankrupt;
    • Have other changes in the company, related to the above transactions.

If the disclosed party is located overseas, Personal Data may be transferred to another country, including countries with less restrictive privacy and personal data protection laws than Vietnam. We will not otherwise disclose to third parties unless we have the User’s consent or we have a legal or equivalent obligation.

7. Personal Data Protection Period

We begin protecting User’s Personal Data immediately after we receive it and will be retained for the duration of our relationship/relationship with the User:

  • The period required by law and regulations; and
  • For the period of time that we deem necessary and/or in accordance with our internal regulations for individuals to be able to make claims against us and we can protect ourselves against any legal claims. This retention period will generally be the duration of the relationship plus the length of any statutory limitation period under applicable law.
  • For a reasonable and necessary period of time related to our internal operational requirements, policies, management, administration and maintenance (including, but not limited to, technical, system, security, record keeping, risk management, auditing, control, protection measures and limits and/or monitoring.
  • In certain cases, Personal Data may need to be retained for a longer period of time, such as when we are in the midst of a transaction or have a complaint or investigation ongoing.

After the retention period, we may destroy, process, delete or take any appropriate action related to Personal Data in any reasonable, feasible and appropriate manner that we understand is permitted by law. We will not be obligated to return or delete the aforementioned Personal Data if it is unreasonable or impossible to do so.

8. Related Rights

Under applicable data protection laws, Users have the following rights:

  • Right to access and obtain a copy of personal information

Users have the right to request confirmation as to whether we are authorized to process their personal information. In this case, Users have the right to access certain personal information and specific information about how we process it.

In certain limited circumstances, Users also have the right to request that we provide them with an electronic copy of their personal information.

In certain limited circumstances, Users also have the right to request the portability of their personal information, which means that we will provide it to a third party at the User’s request.

  • Right to correct personal information

If Users can demonstrate that the personal information we hold is inaccurate, they may request that we update or correct it.

  • Right to have personal information blocked or deleted

In certain cases, Users have the right to request that we delete their personal information, which they may request at any time, and we will assess whether such a request should be granted; however, this right must be subject to our legal rights or obligations.

In cases where we determine, in accordance with the law, that the User’s request to delete personal information is reasonable and legitimate, we will do so without delay.

Please note that once the User’s data is deleted, the Company may no longer be able to continue providing services to the User.

If the User wishes to re-register with the Company, the User will need to re-enter their personal information.

  • Right to restrict or object to the processing of personal information

In certain cases, Users have the right to request that we restrict the processing of their personal information or to object to certain processing based on reasons related to their particular situation.

  • Right to withdraw consent

Users have the right to withdraw their consent at any time if we are relying on consent to process their personal information.

However, this will not affect the lawfulness of any processing that has already been carried out before the User withdraws their consent.

If the User withdraws their consent, we may no longer be able to continue providing certain products or services to the User, and we will inform the User if this is the case when they withdraw their consent.

We take reasonable steps to ensure that Personal Data is accurate, complete and up-to-date, however, Users have a duty to share responsibility for the accuracy of their Personal Data and should promptly update us of any changes to such data.

Since we do not control the User’s request, the User’s request may increase our risk and/or may affect our business, operations and/or transactions with the User and others, the User may be required to hold us harmless and indemnify us for any claims, losses, costs or liabilities that we may incur in connection with the User’s request.

9. Updates to the Policy

This Policy may be updated from time to time without prior notice to meet our needs and other policies. The update will comply with the current legal regulations of Vietnam at each time. All changes can be found on our website: https://www.ckhrconsulting.com/

10. How to Contact Us

If Users have any questions, requests, or concerns regarding this Policy or our data processing practices, Users may contact us at the address below or the current responsible person for the transaction related to the User.

CK HR CONSULTING CO., LTD

  • Address: Floor 2, Rosana Building, 60 Nguyen Dinh Chieu Street, District 1, Ho Chi Minh City, Vietnam
  • Phone: (+8428) 7106 8279
  • Email: info@ckhrconsulting.vn

Tag

Related Posts

View more

Contact us

Fill in the information and send us a question for a free consultation.