This Personal Data Privacy Policy ("Policy") is implemented by FPT IS Limited Liability Company ("FIS", "Company"), describing activities related to the processing of Customer's personal data so that Customers understand more about the purpose, scope of information that FPT processes, the measures FPT applies to protect information, and the rights of Customers regarding these activities.
This Policy is an integral part of contracts, agreements, terms, and conditions binding the relationship between FIS and Customers.
This policy governs how FIS collects, processes, stores personal data of Customers using or interacting with products, electronic web pages, or services of FIS and/or related persons of Customers as required by law to collect; and/or co-own, use products, services of FIS.
To avoid confusion, this privacy policy applies only to individual Customers. FIS encourages Customers to read this Policy carefully and regularly check the website to update any changes that FIS may make to the terms of this Policy.
2.1. "Customer" is an individual who accesses, learns, registers, uses, or is involved in the process of operating, providing products, services of FIS.
2.2. "FIS" includes FPT ISLimited Liability Company and its branches, representative offices, subsidiaries of FPT Information System Limited Liability Company.
2.3. "FPT Corporation" includes FPT Joint Stock Company and its subsidiaries under the governance of FPT Corporation.
2.4. "Personal Data" or "PD" is information in the form of symbols, writing, numbers, images, sounds, or similar forms on an electronic environment associated with a specific person or helping to identify a specific person. Personal Data includes basic personal data and sensitive personal data.
2.5. Protecting Personal Data: The activity of prevention, detection, deterrence, processing acts of violation related to Personal Data as prescribed by law.
2.6. Processing Personal Data: One or more activities impacting Personal Data, such as: collecting, recording, analyzing, verifying, storing, editing, disclosing, combining, accessing, retrieving, recalling, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying Personal Data, or other related actions.
2.7. Third Party: Organizations, individuals other than FIS and Customers as explained in this Policy.
For clarity, terms not explained in this Article will be understood and applied according to Vietnamese law.
3.1. FIS may process the Personal Data of Customers for one or more of the following purposes:
To meet service requests and support needs of Customers;
To verify identity and ensure the security of Customers' personal information;
To provide requested company products or services; of partners/suppliers where FIS acts as agent/cooperates to provide products, services to Customers;
To adjust, update, secure and improve products, services, applications, devices that FIS or FPT Corporation is providing to Customers;
To notify Customers about changes to policies, promotions of products, services that FIS or FPT Corporation is providing;
To measure, analyze internal data and other processing to develop, improve, enhance the quality of services/products of FIS or FPT Corporation and carry out marketing communication activities;
To prevent and combat fraud, identity theft, and other illegal activities;
To provide a basis for establishing, exercising legal rights, or protecting legal claims of FIS, Customers, or any individuals. These purposes may include exchanging data with other companies and organizations to prevent and detect fraud, reduce credit risk;
To comply with current laws, relevant industry standards, and other current policies of the Company;
Any other purposes specific to the operation of the Company; and
3.2. FIS will request the permission of Customers before using their Personal Data for any purpose other than those mentioned in Article 3.1 at the time of collecting Personal Data of Customers or before starting related processing or as otherwise required or allowed by current laws.
4.1. Customers' Personal Data is committed to maximum confidentiality as per FIS regulations and legal provisions. The processing of each Customer's Personal Data is only performed with the consent of the Customer, except as otherwise provided by law.
4.2. FIS does not use, transfer, provide, or share to any third party about Customers' Personal Data without the consent of Customers, except as otherwise provided by law.
4.3. FIS will comply with other principles of Personal Data security as prescribed by current laws.
For FIS to provide products, services to Customers and/or process requests of Customers, FIS is entitled to collect or request to collect the following types of Personal Data:
5.1. Basic personal data of Customers and related individuals of Customers:
First, middle, and last names, other names (if any);
Date, month, year of birth; date, month, year of death or missing;
Gender;
Place of birth, place of birth registration, permanent residence, temporary residence, current residence, hometown, contact address;
Nationality;
Individual's images;
Phone numbers, ID numbers, personal identification numbers, passport numbers, driver's license numbers, vehicle registration numbers, personal tax numbers, social insurance numbers, health insurance card numbers;
Marital status;
Family relationship information (parents, children);
Information on the individual's digital account; Personal Data reflecting activities, history of activities on cyberspace;
Other information associated with a specific individual or helps to identify a specific individual not including sensitive Personal Data;
Other data as per current legal regulations.
5.2. Additional personal data related to the privacy of Customers includes:
Information on inherited or acquired genetic traits of an individual;
Information on physical attributes, unique biological characteristics of an individual;
Information on an individual's sex life, sexual orientation;
Data on crimes, criminal behaviors collected, stored by law enforcement agencies;
Customer information of credit institutions, foreign bank branches, payment intermediary service providers, other allowed organizations, including: customer identification information as per legal regulations, account information, deposit information, information on assets deposited, transaction information, information on the organization, individuals as guarantors at credit institutions, bank branches, payment intermediary service providers;
Data on the individual's location determined through location services;
Other Personal Data specified by law as specific and requiring necessary security measures.
FIS strictly does not collect Personal Data related to the religion, political views of Customers.
5.3. Data related to electronic web pages or applications: technical data (as mentioned above, including device type, operating system, browser type, browser settings, IP address, language settings, date and time of connection to the website, app usage statistics, app settings, date and time of connection to the app, location data, and other technical contact information); security login details; usage data, …
5.4. Marketing data: interests in advertising; cookie data; clickstream data; web browsing history; responses to direct marketing; and choices to opt-out of direct marketing.
FIS performs the collection of Personal Data from Customers by the following methods:
6.1. Directly from Customers by various methods:
When Customers sign contracts, purchase or use third-party services through FIS or at FIS transaction points, business establishments;
When Customers send registration requests or any other forms related to FIS products and services;
When Customers interact with the company's customer service staff, for example, through phone calls, correspondence, face-to-face meetings, sending emails, or interacting on social media;
When Customers use some services of FIS, for example, websites and apps including setting up online accounts with FIS;
When Customers are contacted and respond back to marketing representatives and customer service staff of FIS;
When Customers send their personal information to FIS for any reason, including when registering for a free trial of any product and service or when expressing interest in any product and service of FIS.
6.2. From other third parties
If Customers interact with third-party content or advertising on the website or in the app, the company may receive personal information of Customers from the related third party, according to the current legitimate privacy policy of that third party. If Customers choose direct electronic payment to FIS or through the website or app, FIS may receive Personal Data of Customers from third parties, such as payment service providers, for that payment purpose.
To comply with its obligations under current law, FIS may receive Personal Data about Customers from law enforcement agencies and public authorities as per legal regulations.
FIS may receive Personal Data about Customers from public sources (such as phone directories, advertising/flyers, publicly available information on websites, ...).
Whenever collecting such Personal Data, FIS will ensure that data is received from relevant third parties in lawful ways, simultaneously requiring those third parties to comply with legal regulations on the protection of Personal Data.
FIS applies one or more activities impacting personal data such as: collecting, recording, analyzing, verifying, storing, editing, disclosing, combining, accessing, retrieving, recalling, encrypting, decrypting, copying, sharing, transmitting, providing, transferring, deleting, destroying personal data, or other related actions.
8.1. FIS (FPT IS Limited Liability Company).
8.2. FIS will perform sharing or joint processing of Personal Data with the following organizations, individuals:
FPT Corporation and its subsidiaries under FPT Corporation.
Subsidiaries that FIS directly or indirectly owns.
Contractors, agents, partners, and operational service providers of FIS.
Branches, business units, and staff working at branches, business units, agents of FIS.
Telecommunication businesses in case Customers violate the obligation to pay service charges.
Commercial stores and retailers related to the implementation of FIS's promotion programs.
Professional advisors of FIS such as auditors, lawyers, ... as per legal regulations.
Courts, competent state agencies according to legal regulations and/or when requested and allowed by law.
8.3. FIS commits that sharing or joint processing of Personal Data will only be performed in cases necessary to execute the Processing Purposes mentioned in this Policy or as per legal regulations. Organizations, individuals receiving Personal Data of Customers will have to comply with the provisions of this Policy and legal regulations on the protection of related Personal Data.
While FIS will make every effort to ensure that Customer information is anonymized/encrypted, it cannot completely eliminate the risk of data disclosure in force majeure situations.
8.4. In case of involvement of other organizations processing Personal Data mentioned in this Article, FIS will notify Customers before implementing.
FIS ensures to perform processing of Customers' Personal Data meeting all legal requirements in the following special cases:
9.1. Surveillance camera footage (CCTV), in specific cases, may also be used for the following purposes:
for quality assurance purposes;
for public security and labor safety purposes;
to detect and prevent suspicious, inappropriate, or unauthorized use of utilities, products, services, and/or company facilities;
to detect and prevent criminal behavior; and/or
to conduct investigations into incidents.
9.2. FIS always respects and protects Personal Data of children. In addition to protective measures for Personal Data prescribed by law, before processing Personal Data of children, the Company will perform age verification of children and request consent from (i) the children and/or (ii) the parents or guardians of the children as per legal regulations.
9.3. In addition to complying with other relevant legal provisions, for processing Personal Data related to Personal Data of missing persons/deceased persons, the Company must have the consent of one of the related individuals as per current legal regulations.
10.1. Customers have the right to know about the processing of their Personal Data, except as otherwise provided by law.
Customers have the right to consent or not consent to the processing of their Personal Data, except as otherwise provided by law.
Customers have the right to access to view, edit, or request the editing of their Personal Data in writing to FIS, except as otherwise provided by law.
Customers have the right to withdraw their consent in writing to FIS, except as otherwise provided by law.
The withdrawal of consent does not affect the legality of data processing that the Customer consented to with FIS before withdrawing consent.
Customers have the right to delete or request the deletion of their Personal Data in writing to FIS, except as otherwise provided by law.
Customers have the right to request FIS to limit the processing of their Personal Data in writing to FIS, except as otherwise provided by law.
Customers have the right to request FIS to provide their Personal Data to themselves in writing to FIS, except as otherwise provided by law.
Customers have the right to object to FIS, The Organization Processing Personal Data mentioned in this Policy processing their Personal Data in writing to FIS to prevent or limit the disclosure of Personal Data or the use of Personal Data for advertising, marketing purposes, except as otherwise provided by law.
After receiving requests for: data provision; data processing limitation; request to object data processing; or delete Personal Data, FIS will execute the request of the Data Subject within 72 hours after receiving the request depending on each case as per legal regulations.
For data editing requests, if it's not possible to execute, FIS will notify the Customer within 72 hours from receiving the request.
Customers have the right to complain, denounce, or sue as per legal regulations.
Customers have the right to request compensation for actual damage as per legal regulations if FIS acts in violation of regulations on protecting their Personal Data, except in cases where the parties have a different agreement or the law provides otherwise.
Customers have the right to self-protect as per the Civil Code, other relevant laws, or request competent agencies, organizations to implement civil rights protection methods as provided in Article 11 of the Civil Code.
Other rights as per current legal regulations.
10.2. Obligations of Customers
Comply with legal regulations, rules, guidelines of FIS related to processing Customers' Personal Data.
Provide full, honest, accurate Personal Data, other information as required by FIS when registering and using FIS's services and when there are changes to this information. FIS will proceed to secure Personal Data of Customers based on the information Customers have registered, therefore if there is any incorrect information FIS will not be responsible in case that information affects or limits the rights of Customers. In case of not notifying, if any risk, loss arises, the Customer is responsible for any errors or fraudulent actions when using the service due to their fault or due to not providing correct, complete, accurate, timely information change; including financial damage, incurred costs due to wrong or inconsistent information provided.
Cooperate with FIS, competent state agencies, or third parties in case of arising issues affecting the security of Customers' Personal Data.
Self-protect Personal Data; proactively apply measures to protect Personal Data during the use of FIS services; timely notify FIS when detecting any errors, confusion about Personal Data or suspecting Personal Data is being compromised.
Responsible for the information, data, consents created, provided on the cyberspace; responsible in case Personal Data is leaked, compromised due to their fault.
Regularly update Regulations, Policies of FIS in each period notified to Customers or posted on FIS websites or other transaction channels from time to time. Perform actions according to FIS's instructions to clearly express consent or non-consent to the processing purposes of Personal Data that FIS notifies to Customers in each period.
Respect, protect Personal Data of others.
Other responsibilities as per legal regulations.
FIS commits to only store Personal Data of Customers in cases related to the purposes mentioned in this Policy. The storage time of Personal Data will be decided by FIS to ensure the execution of the purposes mentioned above.
Currently, FIS has not seen any potential unwanted consequences, damages that may occur, FIS will notify if a specific case occurs. During the processing of Personal Data, there may be leaks, loss of Personal Data due to:
12.1. From the customer's side: Customers cause the leak, loss of Personal Data due to: carelessness or being scammed; accessing websites/downloading applications containing malicious software, ….
FIS advises Customers to secure information related to login passwords to Customers' accounts, OTP codes, and not share these login passwords, OTP codes with anyone else including FIS employees.
Customers should safeguard electronic devices during use; Customers should lock, log out, or exit from the account on the website or App of FIS when not in use; and implement other security measures when using the Company's services.
12.2. From FIS side: FIS commits to using information security technologies to protect Customers' Personal Data. However, no data can be secured 100%, there might be hardware, software errors during data processing causing loss of Customer data; or security vulnerabilities beyond FIS's control, the system and related being attacked by hackers causing leaks, loss of data; …
13.1. To execute the purpose of processing Personal Data in this Policy, FIS may have to provide/share Personal Data of Customers to related third parties of FIS and these third parties may be in Vietnam or any other location outside the territory of Vietnam.
13.2. When executing the provision/sharing of Personal Data abroad, FIS will request the receiving party to ensure that Personal Data of Customers transferred to them will be secured and safe. FIS ensures compliance with legal obligations and regulations related to the transfer of Customers' Personal Data.
13.3. Customers in the European Union (EU): Personal Data of Customers may be accessed, transferred, and/or stored outside the European Economic Area (EEA), including countries that may have a lower level of data protection than EU data protection law. FIS must comply with specific rules when transferring Personal Data from within the EEA to outside the EEA. Then, FIS will use appropriate protective measures to protect any Personal Data transferred.
In case Customers have any questions related to this Policy or issues related to data subject rights or processing Customers' Personal Data, Customers can use the following contact forms:
14.1. Send letters to the Company at the address: contact@fpt.com
14.2. Send email to the email mailbox corresponding to each type of service, product as follows: Email contact point of the business unit Product/Service
14.3. Hotline: Hotline number of the business unit Product/Service
15.1. This Policy is effective from 01/07/2023. Customers understand and agree that, this Policy may be amended from time to time and will be notified to Customers through FIS's Transaction Channels before applying. Changes and effective dates will be updated and announced on the Transaction Channels and other channels of FIS. The continued use of the service after the notice period for the content of amendments, supplements in each period implies that the Customer has accepted these amendments, supplements.
15.2. Customers have been informed and agree this Policy is also the Personal Data Processing Notice prescribed in Article 13 of Decree 13/ND-CP/2023 and will be amended, supplemented from time to time before FIS proceeds to Process Personal Data. Accordingly. FIS does not need to implement any additional measures for the purpose of notifying the Processing of Personal Data to Customers.
15.3. When receiving a request to execute the rights of Customers according to Article 9.1 from the requester, FIS will perform the necessary steps to verify, identify the requester before deploying the rights that the requester wants to apply. If necessary, to verify identity and ensure the security of Customers' personal data, FIS may perform matching of Personal Data provided by the requester when sending the request to execute rights with the data that FIS has and is storing.
In case FIS performs the deletion, destruction, or restriction of use of data as requested by Customers, the rights of Customers under the contract, service agreement signed with FIS that require the use of the aforementioned personal data, may be interrupted, changed, or terminated.
15.4. Customers commit to strictly implement the regulations in this Policy. For issues not regulated, the Parties agree to implement according to legal regulations, guidance from competent state agencies and/or amendments, supplements to this Policy notified by FIS to customers from time to time.
15.5. Customers may see advertisements or other content on any website, app, or device that may link to websites or services of partners, advertisers, sponsors, or other third parties.
FIS does not control the content or links that appear on third-party websites or services and is not responsible or liable for the activities used by third-party websites or services linked to or from any website, app, or device. These websites and services may follow their own privacy policies and terms of use.
15.6. This Policy is made in good faith between FIS and Customers. During implementation if disputes arise, the Parties will actively solve through negotiation, mediation. In case mediation fails, disputes will be submitted to the competent People's Court to be resolved according to legal regulations.