EN
EN
VN
EN
EN
VN
NOTIFICATION OF PERSONAL DATA PROCESSING
According to Decision No.26022024.01/2024/QĐ-MKG dated February 26th, 2024
I - INTRODUCTION
During its operations, the MK Group Joint Stock Company (hereinafter referred to as, "MK Group" or "We") always complies with the provisions of Vietnamese law on personal data protection and commits to respecting the privacy rights of all customers, partners, and employees during our operations and operations.
This Notification of Personal Data Processing (“Notice”) complies with the provisions of Decree 13/2023/ND-CP on personal data protection issued by the Government on April 17th, 2023 (hereinafter referred to as "Decree 13/2023/ND-CP").
This Notice takes effect from the date of issuance. This Notice is sent to Data Subjects who provide Personal Data to MK Group including but not limited to candidates, employees of MK Group, Data Subjects in the relationship between MK Group and our customers, partners, agents, suppliers, contractors, credit institutions and any individuals and organizations related to MK Group's production and business activities. The purpose is to inform and obtain the consent of the Data Subjects as stipulated in Decree 13/2023/ND-CP. By providing information to us, the Data Subjects fully understand and agree to all the contents specified in this Notice.
This Notice is made in bilingual Vietnamese-English and may be translated into other languages. In all cases, if there are conflicts in contents between languages, Vietnamese will always prevail.
II - DEFINITIONS
Within the scope of this Notice, the following terms are understood and explained as follows:
1. “Personal Data” is information in the form of symbols, letters, numbers, images, sounds or similar forms in the electronic environment that is associated with a specific person or helps identify a specific person. Information that helps identify a specific person is information formed from an individual's activities that, when combined with other data and stored information, can identify a specific person. Personal Data includes basic Personal Data and sensitive Personal Data. In which:
(a) - Basic Personal Data includes:
(i) Surname, middle name, birth name, other names (if any);
(ii) Date of birth; day, month, year of death or disappearance;
(iii) Gender;
(iv) Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
(v) Nationality;
(vi) Images of individuals;
(vii) Phone number, ID card number, personal identification number, passport number, driver's license number, license plate number, personal tax code number, social insurance number, health insurance card number;
(viii) Marital status;
(ix) Information about family relationships (parents, children);
(x) Information about individual digital accounts; Personal Data reflects activities and history of activities in cyberspace;
(xi) Other information that pertains to a specific person or helps identify a specific person that is not covered by Section III.1.(b) below.
(b) - Sensitive Personal Data is Personal Data associated with an individual's privacy rights that, when violated, will directly affect the individual's legitimate rights and interests, including:
(i) Political views, religious views;
(ii) Health status and personal life are recorded in medical records, excluding information about blood type;
(iii) Information related to racial and ethnic origin;
(iv) Information about inherited/acquired genetic characteristics of the individual;
(v) Information about physical attributes and biological characteristics of individuals;
(vi) Information about the individual's sex life and sexual orientation;
(vii) Data on crimes and criminal acts collected and stored by law enforcement agencies;
(viii) Customer information of credit institutions, foreign bank branches, payment intermediary service providers, and other authorized organizations, including: customer identification information according to regulations of the law, account information, deposit information, deposited asset information, transaction information, information about organizations and individuals who are guarantors at credit institutions and bank branches, an organization providing intermediary payment services;
(ix) Data on the location of individuals determined through location services
(x) Other Personal Data defined by law as special and requiring necessary security measures.
2. “Personal Data Protection” is the activity of preventing, detecting, stopping, and handling violations related to Personal Data in accordance with the provisions of law.
3. “Data Subject” is the individual to whom the personal data reflect.
4. “Personal Data Processing” means one or more activities affecting Personal Data, such as: collection, recording, analysis, confirmation, storage, edit, disclose, combine, access, retrieve, retrieve, encode, decrypt, copy, share, transmit, make available, transfer, delete, destroy personal data or otherwise other relevant.
5. “Data subject's Consent” is the clear, voluntary, affirmative expression of the Data Subject's permission to process data subjects.
6. “Personal Data Controller” is the organization or individual that decides the purpose and means of Data Processing.
7. “Personal Data Processor” is an organization or individual that performs Personal Data Processing on behalf of the Data Control Party, through a contract or agreement with the Data Control Party.
8. “Personal Data Controller and Processor” is the organization or individual that simultaneously decides the purpose, means and directly processes data.
9. “Third Party” is an organization or individual other than the Data Subject, Personal Data Controller, Personal Data Processor, and Personal Data Controller and Processor that is authorized to process data.
10. Automatic Personal Data processing is a form of Personal Data Processing carried out by electronic means to evaluate, analyze and predict the activities of a specific person, such as: habits, preferences, trust level, behavior, location, trends, capacity and other circumstances.
11. Transferring Personal Data abroad is the activity of using cyberspace, devices, electronic means or other forms to transfer personal data of Vietnamese citizens to a location outside the territory of the Socialist Republic of Vietnam or use a location outside the territory of the Socialist Republic of Vietnam to process foreign nationals of Vietnamese citizens, including:
(a) Organizations, businesses, and individuals transfer Personal Data of Vietnamese citizens to organizations, businesses, and management departments abroad for processing in accordance with the purposes agreed upon by the data subject;
(b) Processing of Personal Data of Vietnamese citizens by automated systems located outside the territory of the Socialist Republic of Vietnam by the Personal Data Controller, Personal Data Controller and Processor, the Personal Data Processor in accordance with the purpose agreed to by the Data Subject.
III - PURPOSE OF PROCESSING PERSONAL DATA
1. We process the Personal Data of Data Subjects for:
(c) Appraise, identify and verify customers;
(b) Enter into and execute contracts, agreements and documents;
(c) Providing products or services to customers;
(d) Serve, care and enhance customer experience;
(e) Information disclosure, advertising, product/service introduction;
(f) Improve and develop products and services;
(g) Statistics, management, reporting;
(h) Preventing money laundering, preventing terrorist financing, and compliance with embargoes;
(i) Respond to inquiries, handle requests, resolve complaints, resolve disputes;
(j) For the management and administration activities of MK Group;
(k) Serving the recruitment process, entering into probationary contracts, labor contracts and other documents and materials related to the recruitment and use of our employees;
(l) Personnel and administrative management;
(m) Serving tax, accounting, auditing, risk control, and internal control requirements;
(n) Providing information to Data Processors and/or Third Parties;
(o) Submit reports according to regulations to competent state management agencies;
(p) Comply with the provisions of law (including Vietnamese law, foreign law, international treaties, international agreements) and decisions of competent state agencies;
(q) To integrate and connect with software systems that contain personal information of partners and customers in order to provide services;
(r) Other related tasks during MK Group's production and business activities.
(hereinafter collectively referred to as “Purpose”)
2. In case where there are purposes for processing Personal Data not listed in Clause 1 above, We will notify the Data Subject of such purpose at the time of requesting Data subject’s Consent, unless the Personal Data Processing without the Data subject's Consent is permitted under personal data protection laws or other legal provisions, including but not limited to:
(a) In case of emergency, it is necessary to immediately process relevant Personal Data to protect the life and health of the Data Subject or others.
(b) Disclosure of Personal Data as required by law.
(c) Data processing by competent state agencies in the event of an emergency regarding national defense, national security, social order and safety, major disasters, and dangerous epidemics; when there is a threat to security and national defense but not to the extent of declaring a state of emergency; prevent and combat riots, terrorism, prevent and combat crimes and violations of the law according to the provisions of law.
(d) To perform the Data Subject's contractual obligations with relevant agencies, organizations and individuals according to the provisions of law.
(e) Serving the activities of state agencies as prescribed by specialized laws.
IV - TYPES OF PERSONAL DATA USED RELATE TO THE PURPOSE OF PROCESSING
1. Depending on the scope of product/service provision and whether the Personal Data collector is MK Group or MK Group's member company/subsidiary/affiliated company, We will collect and process (a) basic Personal Data and/or (b) sensitive Personal Data relevant to the purposes of processing.
2. In the course of providing products/services, We may collect Personal Data from other sources, including publicly available sources (referred to as sources not bound by any warranty obligation). any secret), advertising programs or product introductions. Where we collect Personal Data from these sources, We ensure that such data is transmitted to us in accordance with applicable laws.
V - FORMS OF PERSONAL DATA THAT MAY BE COLLECTED
Personal Data is collected directly from Data Subjects in the following cases:
1. From Websites: We may collect Personal Data when Data Subjects access any of our websites (collectively, “Websites”). or use any features or resources available on or through the Websites. When Data Subjects access the Websites, We collect information about the Data Subject's device and browser (such as device type, operating system, browser type, browser settings, IP address, language settings, date and time of connection to the Website and other technical communications);
2. From Products, goods and services: We may collect Personal Data when Data Subjects search for, access, purchase, register to use, or use any Products or goods, any service through any form; Our trading channel, cyberspace; and/or other methods as prescribed by law;
3. From exchanges and communications with Data Subjects: We may collect Personal Data through interactions between us and Data Subjects (in person, by mail, by phone, online, switchboard systems, electronic communications or any other means) including customer surveys;
4. From social networks: Are our social networks and/or social networks that we cooperate with partners
5. From audio and video recording devices located at stores, places of business or places where part or all of our business activities are carried out that Data Subjects meet, appear or interact with us. The placement of audio and video recording devices is intended to contribute to protecting social order and safety, protecting the legitimate rights and interests of Data Subjects and us in accordance with the law;
6. From interactions or automatic data collection technologies: We may collect information including IP address, referring URL, operating system, email browser and any other information else is logged automatically from the connection:
(a) Cookies, flash cookies, plug-ins, pixel tags, electronic beacons, third-party social network connectors or other tracking technologies;
(b) Any technology capable of tracking individual activities across devices or Websites;
(c) Other data information provided by a device.
7. Other means: We may collect Personal Data when Data Subjects interact with us through any other means. We may also collect Personal Data indirectly from Data Subjects through public, official information sources; or through receiving and sharing necessary data from subsidiaries and partners that they collect in the process of cooperating with us to provide products, goods, and services to Data Subjects and received by the Data Subjects allows sharing.
VI - METHODS OF PROCESSING PERSONAL DATA
1. We are always aware of the importance of securing the Personal Data that We collect in the process of providing our products/services. Therefore, We have been applying various security measures and always trying to update the most modern and advanced security measures to ensure the safety of stored Personal Data on our system.
2. Only our authorized personnel and Third Parties (if any, depending on the case) are allowed to access and perform Personal Data Processing of the Data Subject to for the Purposes. In addition to the Purposes agreed to by the Data Subjects, we prohibit access and use of Personal Data for any other purpose.
3. The Personal Data Processing will begin from the moment We receive the Data subject's Consent. We will maintain the Personal Data Processing of the Data Subject for the period the Data Subject enters into contracts, agreements, and documents with us. We may also retain Personal Data of Data Subjects for a period of time as required by law.
4. Transfer of Personal Data abroad must meet the conditions and regulations of Decree 13/2023/ND-CP and other provisions of law
5. We have issued MK Group's regulations/policy on Personal Data Protection and applied them widely and synchronously throughout the Company to ensure the protection of personal data complies with the provisions of law.
VII - NFORMATION ABOUT OTHER ORGANIZATIONS AND INDIVIDUALS RELATED TO THE PURPOSE OF PERSONAL DATA PROCESSING
In addition to MK, other organizations and individuals related to the Personal Data Processing purposes specified in Section III of this Notice, including:
1. Companies with shares and capital contributions of MK Group;
2. Parties participate directly and indirectly in operating, controlling, and contributing capital to MK Group
3. MK Group's partners, organizations and individuals that have contractual relationships, agreements and cooperation with MK Group;
4. Officers, employees, and workers at MK Group, including branches, representative offices, business locations of MK Group, companies with shares and capital contributions of MK Group;
5. Competent state agencies;
6. Any organization or individual to whom the Data Subject requests MK Group to provide Personal Data
7. Any organization or individual not listed in this Section VII that MK Group considers necessary for the Personal Data Processing Purposes specified in Section III of this Notice, provided that MK Group will notify reasonably in advance to the Data Subject.
VIII - UNWANTED CONSEQUENCES AND DAMAGES ARE POSSIBLE TO OCCUR
We commit to, with all necessary and reasonable efforts, process the Personal Data of Data Subjects safely and securely and ensure the rights of Data Subjects in accordance with the law. However, the Internet and electronic information networks and information technology environment are increasingly developing and may create potential risks beyond our control, so We cannot guarantee that your Personal Data is kept absolutely confidential at all times. However, in all cases, WE COMMIT NOT TO:
(a) Perform the Personal Data Processing contrary to the provisions of laws.
(b) Perform the Personal Data Processing to create information and data aimed against the State of the Socialist Republic of Vietnam.
(c) Perform the Personal Data Processing to create information and data that affects national security, social order and safety, and the legitimate rights and interests of other organizations and individuals.
(d) Obstructing Personal Data Protection activities of competent authorities.
(e) Taking advantage of Personal Data Protection activities to violate the law.
IX - START TIME AND END TIME OF DATA PROCESSING
The Personal Data Processing of Data Subject begins from the moment Data Subject agrees to process Personal Data and ends as soon as MK completes the purpose of Personal Data Processing specified in Section III of this Notice.
X - CONTACT INFORMATION, NOTICES AND MODIFICATIONS
1. Our business activities are constantly changing and this Notice will always be updated to meet legal conditions and be consistent with our business activities. We reserve all rights to proactively amend and update this Notice.
2. If Data Subjects have any questions regarding this Notice, please contact us via:
MK Group Joint Stock Company
Tel: (+84-24) 7100 6781
Email: contact@mkgroup.com.vn