PERSONAL DATA PROTECTION POLICY
FOR CUSTOMERS
(Issued in accordance with Decision No. 01/QĐ-BANDO by Bando Manufacturing (Vietnam) Co., Ltd. dated June 1st, 2024)
Bando Manufacturing (Vietnam) Co., Ltd. (“the COMPANY“) is a business operating in the manufacturing and distribution of plastic products and belts, in accordance with Vietnamese laws. During our operations, we prioritize compliance with legal regulations, especially those regarding Personal Data Protection. Therefore, the COMPANY has developed and announced this Personal Data Protection Policy (“Policy”) to all personal data subjects who are customers of the COMPANY (“Data Subjects”).
This Policy aims to inform Data Subjects about their rights, and the manner, purpose, and duration of the COMPANY’s processing of personal data. It also explains why personal data is required to provide the COMPANY’s products or services and/or fulfill obligations under contracts with customers and/or comply with Vietnamese personal data protection laws. Furthermore, this Policy offers recommendations to customers to raise awareness and avoid undesired harm during the COMPANY’s processing of their personal data.
This Policy also serves to obtain consent from the Data Subjects who are customers of the COMPANY as per the law.
ARTICLE 1. GENERAL PROVISIONS
By registering for or using the COMPANY’s products/services, entering agreements and/or allowing the COMPANY to use and process your personal data, customers accept all provisions stated in this Personal Data Protection Policy.
The COMPANY will only collect and process customer personal data in compliance with: Legal documents (including Decree No. 13/2023/NĐ-CP dated April 17, 2023 on personal data protection and its amendments or replacements from time to time); This personal data policy; Contracts or other agreements between the customer and the COMPANY.
Note: The collection and processing of customer personal data is essential for the COMPANY to provide products and services.
ARTICLE 2. TYPES OF PERSONAL DATA PROCESSED
To fulfill customer requests (e.g., product/service provision) and/or to provide general information on COMPANY offerings, data processors engaged by the COMPANY may need to use customer personal data. This includes collection, recording, analysis, verification, storage, modification, combination, access, retrieval, encryption, decryption, copying, sharing, transmission, provision, transfer, deletion, or destruction of personal data, among other actions.
The COMPANY collects and processes the following types of customer personal data: Full name; Date of birth; Gender; Place of birth, birth registration location, permanent residence; Phone number; Bank account and card number; Email address; Personal identification number; Information on ID card/Citizen ID/Passport.
ARTICLE 3. PURPOSE OF PERSONAL DATA PROCESSING
Customers agree to the COMPANY processing their personal data for the following purposes:
- Product/Service Provision: Customer support, information updates during registration/use of COMPANY products or those from partners; verification and accurate maintenance of customer identification data; information security; legal compliance; prevention of illegal activities; contract enforcement; collection of fees, debt recovery.
- Product/Service Development: Risk assessment, trend analysis, statistics, planning; product/service quality evaluation for improvement.
- Other related purposes.
ARTICLE 4. METHODS OF PERSONAL DATA PROCESSING
Method of personal data collection
The COMPANY collects customers’ personal data through the following methods:
- Direct Collection: Through communication and interaction with customers, including in-person meetings, mail, the COMPANY’s website, telephone, and/or any other electronic means.
- Via Contracts: Personal data may be collected as part of contract execution with customers.
- Indirect Collection: By receiving necessary data from partners who have collected such data in the course of providing COMPANY products, goods, or services to the Data Subject and who have been authorized by the Data Subject to share it.
Methods of Personal Data Storage
Personal data is stored as detailed in Article 9 of this Policy.
Methods of Data Analysis
Designated COMPANY personnel manually analyze customer data to fulfill the purposes outlined in this Personal Data Protection Policy
Methods of Data Transfer/ Sharing/ Transmission
The COMPANY only transfers, shares, or transmits personal data internally (between departments and individuals assigned by the COMPANY) via its computer system to fulfill the purposes agreed upon by the customer. The COMPANY does not transfer, share, or transmit personal data to external organizations or individuals unless required by law.
Methods of Data Deletion/ Destruction
The COMPANY deletes or destroys personal data using irreversible methods. Deletion or destruction will occur upon valid request by the customer, upon the expiration of the data processing period, or in accordance with legal regulations. All personal data mentioned in this Policy will be subject to this deletion/destruction.
ARTICLE 5. INDIVIDUALS, ENTITIES INVOLVING IN PERSONAL DATA PROCESSING
To achieve the purposes stated in this Policy, the COMPANY may share customers’ personal data with the following entities:
- Individuals assigned by the COMPANY to process and protect customer personal data;
- Third-party service providers offering the following to the COMPANY, including: Information technology services; Market research services; Training services; Legal services; Auditing services; Transportation and logistic services; Good trading services; Maintenance services; Technical consulting services; IT services (virtual servers);
- Competent government authorities as required by law.
ARTICLE 6. POTENTIAL UNINTENDED CONSEQUENCES
The COMPANY employs information security methods and technologies to protect customers’ personal data from unauthorized disclosure, misuse, or unintended use or sharing. The COMPANY is committed to securing customers’ personal data to the highest extent possible.
However, certain unintended consequences or damages may still occur, including but not limited to: (a) Hardware or software failures during data processing that may result in data loss; (b) Security breaches beyond the COMPANY’s control, such as hacker attacks that lead to data leaks; (c) Customer-related incidents such as carelessness, fraud, or access to malicious websites or applications that result in personal data leakage; (d) Force majeure events, etc.
In the event of a data incident or discovery of any violation regarding customers’ personal data, the COMPANY will immediately notify the relevant State authority of the data protection breach and make every effort to implement remedial and preventive measures.
ARTICLE 7. START AND END TIME FOR PERSONAL DATA PROCESSING
Start time for personal data processing: From the moment the Customer agrees to this Personal Data Protection Policy.
End time for personal data processing: When the Customer requests the COMPANY to stop processing their personal data, or when the COMPANY no longer has any obligations to provide products or services to the Customer, or at another time as prescribed by law.
ARTICLE 8. CUSTOMER RIGHTS AND OBLIGATIONS
Customer Rights
8.1. Right to be informed: Customers have the right to be informed about the processing of their personal data, except where otherwise provided by law.
8.2. Right to consent: Customers may consent or refuse consent for the processing of their personal data, except where otherwise provided by law.
8.3. Right to access: Customers may access, view, and request corrections to their personal data, unless otherwise provided by law.
8.4. Right to withdraw consent: Customers may withdraw their consent, unless otherwise provided by law.
8.5. Right to erasure: Customers may delete or request the deletion of their personal data, unless otherwise provided by law.
8.6. Right to restrict processing: Customers may request a restriction on the processing of their personal data, unless otherwise provided by law. This restriction will be implemented within 72 hours of receiving the request, covering all relevant data unless otherwise regulated.
8.7. Right to data portability: Customers may request the COMPANY and third parties who control or process their personal data to provide it to them, unless otherwise provided by law.
8.8. Right to object to data processing: Customers may object to the COMPANY or third parties controlling or processing their data from disclosing or using it for marketing or advertising purposes, unless otherwise provided by law. The COMPANY or relevant third parties will fulfill such requests within 72 hours of receiving them, unless otherwise provided by law.
8.9. Right to complain, denounce, or file lawsuits: Customers may file complaints, denounce violations, or initiate legal proceedings as permitted by law.
8.10. Right to claim compensation for damages: Customers may claim compensation in accordance with the law if their personal data protection rights are violated, unless otherwise agreed or regulated.
8.11. Right to self-protection: Customers may protect their personal rights under the Civil Code, relevant laws, and Decree 13 on Personal Data Protection, or request competent authorities to apply civil protection measures in accordance with Article 11 of the Civil Code.
Customer Obligations:
8.12. Comply with applicable laws, this Personal Data Protection Policy, and all COMPANY guidelines related to personal data processing.
8.13. Provide complete, honest, and accurate personal data and information as required when registering and using the COMPANY’s products and services. Customers must promptly update any changes to their personal data. The COMPANY secures customer data based on registered information; therefore, any incorrect information will release the COMPANY from responsibility for any negative impacts or limitations to the Customer’s rights. If no updates are made, the Customer is liable for risks or damages arising from such inaccuracies, including losses from fraud or misuse due to their own error or failure to provide accurate updates.
8.14. Cooperate with the COMPANY, government authorities, or third parties in the event of any issues concerning the Customer’s personal data.
8.15. Take responsibility for the protection of their personal data; proactively implement measures to safeguard their data while using the COMPANY’s products and services; and promptly notify the COMPANY of any errors, inaccuracies, or suspicions of data breaches.
8.16. Take full responsibility for any information, data, or consents provided in online environments and in the event of data leakage or violation due to their own fault.
8.17. Fulfill other obligations as required by law
ARTICLE 9. STORAGE OF PERSONAL DATA
Customers’ personal data is stored as follows: Hard copies are stored at the COMPANY’s office, Electronic copies are stored on physical servers (computer systems) managed by the COMPANY. The COMPANY has implemented reasonable and appropriate security measures to protect customers’ data from loss, misuse, and unauthorized access. The COMPANY will also take reasonable steps to ensure that customer personal data is processed securely and in accordance with this Personal Data Protection Policy even when such data is processed, transferred to, and/or stored in other locations, whether within or outside the territory of Vietnam.
Personal data of customers is retained by the COMPANY for a period of 05 (five) years for electric copies, and 10 (ten) years for physical copies from the termination date of the Contract/ Agreement, unless otherwise specified in the Contract/ Agreement between the COMPANY and the Customer or required by law.
ARTICLE 10. AMENDMENTS AND SUPPLEMENTS TO THE PERSONAL DATA PROTECTION POLICY
When necessary, the COMPANY may amend, update, or adjust the contents of this Personal Data Protection Policy at any time. The COMPANY recommends that Customers regularly check the Policy on the COMPANY’s official website to stay updated on any changes and to be informed of how the COMPANY protects their personal data. Continued use of the COMPANY’s products or services by the Customer shall be deemed as acceptance of the updated Personal Data Protection Policy.
ARTICLE 11. CONTACT INFORMATION
To exercise their rights, or for any inquiries regarding this Personal Data Protection Policy, Customers may contact the COMPANY through one of the following methods: (i) Visit the COMPANY’s head office directly; or (ii) Send an email to: baovedulieucanhan@bando-vietnam.vn (Personal Data Protection Department – Bando Manufacturing (Vietnam) Company Limited).
This Personal Data Protection Policy for Customers was last updated on: June 1st, 2024.
